SVF Commands
- Command Support
- arp anti-attack check user-bind enable (network enhanced profile
view)
- as-admin-profile (AS group view)
- as-admin-profile name
- as-auth
- as-group name
- as access dtls psk
- as access manage-mac
- as auto-replace enable
- as-mode disable
- as all (AS group view)
- as name (AS group view)
- as name interface (port group view)
- as name (uni-mng view)
- as reset
- as service-vlan igmp-snooping
- as service-vlan authorization
- as type
- attach as
- authentication access-user maximum (user access profile view)
- auth-mode none
- authentication-profile (user access profile view)
- blacklist mac-address
- broadcast-suppression (network enhanced profile view)
- clear direct-command
- commit as
- confirm
- description (Fabric port view)
- description (port group view)
- dhcp snooping enable (network enhanced profile view)
- direct-command
- display as
- display as access configuration
- display as blacklist
- display as run-info
- display as unauthorized record
- display as whitelist
- display snmp-agent trap feature-name asmngtrap all
- display snmp-agent trap feature-name unimbrtrap all
- display snmp-agent trap feature-name uni-topomng all
- display snmp-agent trap feature-name uni-tplm all
- display snmp-agent trap feature-name uni-vermng all
- display uni-mng as-discover packet statistics
- display uni-mng as-group
- display uni-mng as index
- display uni-mng as interface brief
- display uni-mng as interface eth-trunk
- display uni-mng commit-result
- display uni-mng global
- display uni-mng indirect configuration
- display uni-mng execute-failed-record
- display uni-mng interface fabric-port configuration
- display uni-mng interface fabric-port state
- display uni-mng patch-delete info
- display uni-mng port-group
- display uni-mng profile
- display uni-mng profile as
- display uni-mng topology configuration
- display uni-mng topology information
- display uni-mng unauthen-user
- display uni-mng unauthen-user offline-record
- display uni-mng upgrade-info
- display uni-mng up-direction fabric-port
- down-direction fabric-port
- down-direction fabric-port connect independent-as
- forward-mode centralized
- independent-as-admin
- interface fabric-port
- ip source check user-bind enable (network enhanced profile
view)
- mac-address flapping action (network enhanced profile view)
- mac-address trap notification (network enhanced profile view)
- mac-limit (user access profile view)
- multicast-suppression (network enhanced profile view)
- network-basic-profile name
- network-basic-profile (port group view)
- network-enhanced-profile name
- network-enhanced-profile (port group view)
- network-qos-profile name
- network-qos-profile (port group view)
- pass-vlan (network basic profile view)
- patch delete as
- port connect independent-as
- port connect-type indirect
- port-group name
- port eth-trunk trunkmember
- port member-group interface
- portal url-encode disable
- qos { pq | wrr | drr } (network QoS profile view)
- qos queue (network QoS profile view)
- rate-limit (network enhanced profile view)
- reboot uni-mng
- reset uni-mng as-discover packet statistics
- shutdown interface
- slot
- snmp-agent trap enable feature-name asmngtrap
- snmp-agent trap enable feature-name unimbrtrap
- snmp-agent trap enable feature-name uni-topomng
- snmp-agent trap enable feature-name uni-tplm
- snmp-agent trap enable feature-name uni-vermng
- stp bpdu-protection (AS administrator profile)
- traffic-limit inbound (user access profile view)
- traffic-limit outbound (AS administrator profile view)
- trust dscp (network QoS profile view)
- topology explore
- undo uni-mng enable
- uni eth-trunk
- uni eth-trunk lacp timeout
- uni-mng
- uni-mng indirect fabric-port
- uni-mng indirect mng-vlan
- uni-mng up-direction fabric-port
- unicast-suppression (network enhanced profile view)
- upgrade as
- upgrade { local-ftp-server | local-sftp-server }
- upload config
- user-access-port enable (network enhanced profile view)
- user-access-profile name
- user-access-profile (port group view)
- user-vlan (network basic profile view)
- user password (AS administrator profile view)
- voice-vlan (network basic profile view)
- whitelist mac-address
arp anti-attack check user-bind enable (network enhanced profile view)
Function
The arp anti-attack check user-bind enable command configures dynamic ARP inspection (DAI) in a network enhanced profile.
The undo arp anti-attack check user-bind enable command disables DAI in a network enhanced profile.
By default, DAI is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
# arp anti-attack rate-limit enable arp anti-attack rate-limit packet 5 interval 1 arp anti-attack check user-bind enable arp anti-attack check user-bind alarm enable #
You can configure DAI to prevent Man in The Middle (MITM) attacks and theft on authorized user information. When a device receives an ARP packet, it compares the source IP address, source MAC address, interface number, and VLAN ID of the ARP packet with DHCP snooping binding entries. If the ARP packet matches a binding entry, the device allows the packet to pass through. If the ARP packet does not match any binding entry, the device discards the packet.
Prerequisites
DHCP snooping has been enabled in the network enhanced profile using the dhcp snooping enable command.
as-admin-profile (AS group view)
Function
The as-admin-profile command binds an AS administrator profile to an AS group.
The undo as-admin-profile command unbinds an AS administrator profile from an AS group.
By default, no AS administrator profile is bound to an AS group.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of an AS administrator profile. |
The value must have an existing AS administrator profile name. |
Usage Guidelines
Usage Scenario
You can bind an AS administrator profile to an AS group to deliver the configurations in the profile to all the member ASs in the AS group.
Prerequisites
The AS administrator profile has been created.
Precautions
AS groups can only be bound to AS administrator profiles. Each AS group can be bound to only one AS administrator profile.
as-admin-profile name
Function
The as-admin-profile name command creates an AS administrator profile.
The undo as-admin-profile name command deletes an AS administrator profile.
By default, no AS administrator profile is configured.
NOTE: This command can only be executed on a parent switch.
as-auth
as-group name
Function
The as-group name command creates an AS group or displays the AS group view.
The undo as-group name command deletes an AS group.
By default, no AS group is created.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
An AS group contains one or more ASs, which facilitates AS batch configuration.
Follow-up Procedure
Run the as name as-name or as name-include string command to add ASs to an AS group.
Precautions
You can create a maximum of 16 AS groups.
AS groups can only be bound to AS administrator profiles. Each AS group can be bound to only one AS administrator profile.
as access dtls psk
Function
The as access dtls psk command configures a pre-shared key for Datagram Transport Layer Security (DTLS) encryption on an access switch (AS).
The undo as access dtls psk command deletes a pre-shared key used for DTLS encryption.
The default pre-shared key for DTLS encryption is huawei_seccwp.
NOTE: This command can only be executed on an AS.
Usage Guidelines
Usage Scenario
To encrypt CAPWAP-encapsulated packets between the parent and an AS, configure the same pre-shared key on the parent and AS. You can run the as access dtls psk command to configure a pre-shared key for DTLS encryption on the AS.
Precautions
- The default pre-shared key has security risks. You are advised to change the pre-shared key.
- After an AS has connected to an SVF system, configuring or deleting the pre-shared key for DTLS encryption is not allowed on the AS.
as access manage-mac
Function
The as access manage-mac command configures the management MAC address of an AS.
The undo as access manage-mac command restores the default management MAC address of an AS.
By default, an AS uses the system MAC address as the management MAC address.
NOTE: This command can only be executed on an AS.
Usage Guidelines
Usage Scenario
In a Super Virtual Fabric (SVF) system, each AS has a unique management MAC address to identify itself. By default, an AS uses its system MAC address as the management MAC address to connect to an SVF system. When the management MAC address of an AS conflicts with that of another AS, you can run the as access manage-mac command to change the management MAC address so as to prevent MAC address conflicts.
Precautions
Use of this command is not recommended when no MAC address conflict occurs, as an improper management MAC address may affect service operations.
This command can be used only before an AS connects an SVF system. If an AS has connected to an SVF system, use of this command is not allowed.
Before using this command to change the management MAC address of an AS, you must run the undo as access manage-mac command to delete the existing management MAC address.
as auto-replace enable
Function
The as auto-replace enable command enables AS automatic replacement.
The undo as auto-replace enable command disables AS automatic replacement.
By default, AS automatic replacement is disabled.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
In an SVF system, each AS is identified by its MAC address by default. When a new device is used to replace an AS, the SVF system considers the new device as a new AS because their MAC addresses are different. As a result, the new AS does not inherit services on the previous AS.
You can enable AS automatic replacement to solve this problem. When an AS is replaced by a new device connected to the same fabric port, the SVF system replaces the AS MAC address with the MAC address of the new device in the configuration. Consequently, the new device can inherit services on the AS.
Precautions
An AS can only be replaced by a device of the same model. If the new device is a different model, the SVF system considers it as a new AS, which then cannot inherit services on the previous AS.
Only a standalone AS can be replaced, and a stacked AS cannot be replaced.
AS automatic replacement is not supported when an AS connects to the parent through a network.
To ensure that a replacement AS can be successfully authenticated, run the auth-mode none command to set the AS authentication mode to none, or run the whitelist mac-address command to add the management MAC address of the replacement AS to the whitelist. If the replacement AS has no management MAC address configured, its system MAC address is used as the management MAC address.
as-mode disable
Function
The as-mode disable command changes the switch working mode to the parent mode.
The undo as-mode disable command restores the switch working mode to the AS mode.
By default, S5730HI works in parent mode, and other switches work in AS mode.
as all (AS group view)
Function
The as all command adds all ASs to an AS group.
The undo as all command deletes all ASs from an AS group.
By default, no AS is added to an AS group.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After creating an AS group, you need to add the ASs that require the same configuration to the AS group. This command adds all ASs to the same AS group.
Precautions
An AS can be added to only one AS group. For example, if you run the as all command in group_1 and then in group_2, the system displays a message, saying that the ASs need to be deleted from the previous AS group before they can be added to the new AS group.
as name (AS group view)
Function
The as name command adds an AS with a specified name to an AS group.
The as name-include command adds an AS of which the name contains a specified string to an AS group.
The undo as name command deletes an AS with a specified name from an AS group.
The undo as name-include command deletes an AS of which the name contains a specified string from an AS group.
By default, no AS is added to an AS group.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After creating an AS group, add the ASs that need to be configured in a batch to the AS group. You can only add created ASs to an AS group.
Precautions
An AS can be added to only one AS group.
After an AS is added to an AS group, to change the AS group, run the as name command to add the AS to another AS group.
as name interface (port group view)
Function
The as name interface command adds ports on the AS with a specified name to a port group.
The as name-include interface command adds ports on the AS of which the name contains a specified string to a port group.
The undo as name interface command deletes ports on the AS with a specified name from a port group.
The undo as name-include interface command deletes ports on the AS of which the name contains a specified string from a port group.
By default, no ports on an AS are added to a port group.
NOTE: This command can only be executed on a parent switch.
Format
as name as-name interface { { interface-type interface-number1 [ to interface-number2 ] } &<1-10> | all }
as name-include string interface all
undo as name as-name interface { { interface-type interface-number1 [ to interface-number2 ] } &<1-10> | all }
undo as name-include string interface all
Parameters
| Parameter | Description | Value |
|---|---|---|
| as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| string | Specifies the string contained in an AS name. |
The value is a string of 1 to 31 case-insensitive characters without spaces. |
| interface-type interface-number1 [ to interface-number2 ] | Specifies the type and number of AS interfaces.
|
- |
| all | Indicates all downlink service ports on an AS. |
- |
Usage Guidelines
Usage Scenario
After creating a port group, add the AS ports that need to be configured in a batch to the port group.
Precautions
A port can be added to only one port group.
After ports on an AS are added to a port group, to change the port group, run the as name interface command to add the ports to another port group.
A fabric port in a port group takes effect only for a network QoS profile but not for any network basic profile, network enhanced profile, or user access profile.
as name (uni-mng view)
Function
The as name command configures an AS name or displays the AS view.
The undo as name command deletes an AS.
By default, system default name-device MAC address is used as the AS name, for example, huawei-000a-123d-2200.
NOTE: This command can only be executed on a parent switch.
Parameters
Usage Guidelines
Usage Scenario
You can configure a name for an AS and use the name to uniquely identify the AS. This configuration facilitates AS identification and management.
If no AS name is configured, system default name-device MAC address is used as the AS name after the AS connects to an SVF system.
- The AS is not bound to any service profile.
- The AS is not added to any AS group.
- Ports of the AS are not added to any port group.
Precautions
If the model as-model mac-address mac-address parameter is not specified, the AS view is displayed. You can enter the view of an AS only when the AS has been created.
If an AS has connected to an SVF system, the AS leaves the SVF system and restarts after being deleted.
- If the message "A port instance in the AS (xxx) has been added to the PM. Please delete the configuration first." is displayed when you delete an AS, run the undo binding command in the PM statistics task view to delete the configuration. This command ensures that the AS can be deleted successfully.
as reset
Function
The as reset command restarts an AS.
NOTE: This command can only be executed on a parent switch.
as service-vlan igmp-snooping
Function
The as service-vlan igmp-snooping command enables IGMP snooping for a service VLAN on an AS.
The undo as service-vlan igmp-snooping command disables IGMP snooping for a service VLAN on an AS.
By default, IGMP snooping is disabled for service VLANs on an AS.
NOTE: This command can only be executed on a parent switch.
Format
as service-vlan igmp-snooping { vlan-id1 [ to vlan-id2 ] } &<1-16>
undo as service-vlan igmp-snooping { vlan-id1 [ to vlan-id2 ] } &<1-16>
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan-id1 [ to vlan-id2 ] | Specifies range of service VLANs:
|
The vlan-id1 and vlan-id2 are integers ranging from 1 to 4094. |
Usage Guidelines
Usage Scenario
By default, IGMP snooping is disabled for service VLANs on an AS. If IGMP snooping needs to be enabled on an AS, run the as service-vlan igmp-snooping command to deliver the configuration to the AS. After the configuration is delivered successfully, the igmp-snooping enable configuration will be generated in the corresponding VLAN view of the AS.
Precautions
This VLAN cannot be a stack reserved VLAN, SVF management VLAN, super VLAN, or RRPP/SEP/ERPS control VLAN.
as service-vlan authorization
Function
The as service-vlan authorization command creates service VLANs on ASs.
The undo as service-vlan authorization command deletes service VLANs on ASs.
By default, all interfaces on an AS belong to the default VLAN, that is, VLAN 1.
NOTE: This command can only be executed on a parent switch.
Format
as service-vlan authorization { vlan-id1 [ to vlan-id2 ] } &<1-16>
undo as service-vlan authorization { vlan-id1 [ to vlan-id2 ] } &<1-16>
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan-id1 [ to vlan-id2 ] | Specifies service VLAN IDs in a batch:
|
Values of vlan-id1 and vlan-id2 are integers in a range of 1 to 4094. |
as type
Function
The as type command specifies the file to be loaded during the upgrade of an AS of a specified device type.
The undo as type command deletes the file to be loaded during the upgrade of an AS of a specified device type.
By default, the file to be loaded is not specified during the upgrade of an AS of a specified device type.
NOTE: This command can only be executed on a parent switch.
Format
as type as-type { system-software system-software | patch patch } *
undo as type as-type [ system-software | patch ]
Parameters
Usage Guidelines
Usage Scenario
When an AS is automatically upgraded after going online, the AS is upgraded using the file specified by the as type command.
Precautions
You can run the as type command multiple times to specify different files for different types of ASs.
If the system software file is not specified and only the patch file is specified during a patch upgrade, the patch upgrade fails if the patch file does not match the system software.
Follow-up Procedure
Run the upgrade as command to upgrade the AS.
attach as
Function
The attach as command allows you to log in to an AS from the parent.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Specifies the name of an AS for login. |
The value must have an existing AS name. |
Usage Guidelines
Usage Scenario
In addition to local login through a console port, you can log in to an AS from the parent. This login mode is supported in two service configuration modes: centralized mode and independent mode.
After you log in to an AS in centralized mode, you can configure only commands related to file management and service diagnosis for fault location.
After you log in to an AS in independent mode, you can use more commands to configure services on the AS.
Prerequisites
In centralized mode, an AS administrator profile has been bound to the AS, and an AS user name and password have been configured.
In independent mode, an AS user name and password have been configured in the uni-mng view using the independent-as-admin command.
Precautions
After an AS user name and password are configured, you need to enter the correct user name and password when logging in to an AS through the console port. When you log in to an AS from the parent using the attach as command, you can log in to the AS without entering the user name or password.
In versions earlier than V200R011C10, at most one VTY user can log in to an AS at a time. In V200R011C10 and later versions, at most four VTY users can log in to an AS at a time.
Example
# In centralized mode, log in to the AS as1 from the parent.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as-admin-profile name profile_1 [HUAWEI-um-as-admin-profile_1] user asuser password Pwd@123456 [HUAWEI-um-as-admin-profile_1] quit [HUAWEI-um] as-group name group_1 [HUAWEI-um-as-group-group_1] as name as1 [HUAWEI-um-as-group-group_1] as-admin-profile profile_1 [HUAWEI-um-as-group-group_1] quit [HUAWEI-um] commit as all Info: Commiting the configuration will take a long time. Are you sure you want to commit the configuration? [Y/N]: y [HUAWEI-um] attach as name as1
# In independent mode, log in to the AS as1 from the parent. Before the login, the independent mode needs to be enabled on the fabric-port connected to the AS as1. The following uses a level-1 AS as the AS as1.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] independent-as-admin user asuser password Pwd@123456 [HUAWEI-um] interface fabric-port 1 [HUAWEI-um-fabric-port-1] port connect independent-as [HUAWEI-um-fabric-port-1] quit [HUAWEI-um] attach as name as1
authentication access-user maximum (user access profile view)
Function
The authentication access-user maximum command configures the maximum number of access users in a user access profile.
The undo authentication access-user maximum command deletes the maximum number of access users in a user access profile.
By default, the maximum number of access users is not configured in a user access profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| max-num | Specifies the maximum number of access users in a user access profile. |
The value is an integer that ranges from 1 to 512. After the value is delivered to an AS, the effective value depends on the AS specifications. For details, see authentication access-point max-user. |
Usage Guidelines
Usage Scenario
#
authentication access-point max-user max-num
#
Precautions
The authentication access-user maximum command configuration takes effect only for new users.
auth-mode none
Function
The auth-mode none command sets the AS authentication mode to no authentication.
The undo auth-mode command restores the default AS authentication mode.
By default, authentication is required when an AS connects to an SVF system.
NOTE: This command can only be executed on a parent switch.
authentication-profile (user access profile view)
Function
The authentication-profile command binds an authentication profile to a user access profile.
The undo authentication-profile command deletes the authentication profile bound to a user access profile.
By default, no authentication profile is bound to a user access profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| authentication-profile-name | Specifies the name of an authentication profile. |
The value is a string of 1-31 case-sensitive characters, which cannot be configured to - and --. It cannot contain spaces and the following symbols: / \ : * ? " < > | @ ' %. |
Usage Guidelines
Usage Scenario
After creating a user access profile, you can bind an authentication profile to the user access profile. When the user access profile is bound to an AS port, the user access authentication mode specified in the authentication profile is automatically configured on the AS port.
NAC provides three user authentication modes: 802.1X authentication, MAC address authentication, and Portal authentication. To implement user access authentication, run the dot1x-access-profile name access-profile-name, mac-access-profile name access-profile-name, and portal-access-profile name access-profile-name commands in the system view to create an access profile, bind one or multiple of the three user authentication modes to the authentication profile, and then bind the authentication profile to the user access profile in an SVF system.
Precautions
If Portal authentication is deployed in an SVF system, you must run the web-auth-server server-name command to specify the Portal server profile used in Portal authentication in the Portal access profile view. Additionally, only one Portal server profile can be configured in a Portal access profile.
If the Portal authentication mode has been set to layer3 in the portal-access-profile bound to the authentication profile, it is not allowed to bind this authentication profile to the user access profile. If an authentication profile has been bound to the user access profile, it is now allowed to set the Portal authentication mode to layer3.
Different user access profiles must be bound to the same authentication profile.
The authentication-profile and mac-limit maximum max-num as well as authentication-profile and traffic-limit inbound { arp | dhcp } cir cir-value commands are mutually exclusive and cannot be configured together in a user access profile.
If many users are connected to the port to which a user access profile is bound, the authentication configuration in the profile may need to take a certain period of time to complete.
Before changing the authentication profile on the parent, run the undo authentication-profile command to delete the existing authentication profile and then run the commit as { name as-name | all } command to commit the configuration. You can then create a new authentication profile on the parent.
- After bidirectional flow control is configured in an authentication profile using the authentication control-direction all command, this authentication profile cannot be bound to a user access profile.
- SVF does not support access authentication of IPv6 users.
Example
# Bind an authentication profile to the user access profile.
<HUAWEI> system-view [HUAWEI] mac-access-profile name 1 [HUAWEI-mac-access-profile-1] quit [HUAWEI] authentication-profile name test [HUAWEI-authen-profile-test] mac-access-profile 1 [HUAWEI-authen-profile-test] quit [HUAWEI] uni-mng [HUAWEI-um] user-access-profile name huawei [HUAWEI-um-user-access-huawei] authentication-profile test
blacklist mac-address
Function
The blacklist mac-address command adds a specified MAC address to the blacklist.
The undo blacklist mac-address command deletes a MAC address from the blacklist.
By default, no MAC address is added to the blacklist. A maximum of 128 MAC addresses can be added to the blacklist.
NOTE: This command can only be executed on a parent switch.
Format
blacklist mac-address mac-address1 [ to mac-address2 ]
undo blacklist mac-address { mac-address1 [ to mac-address2 ] | all }
Parameters
| Parameter | Description | Value |
|---|---|---|
| mac-address1 [ to mac-address2 ] | Specifies the MAC address to be added to the blacklist. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
| all | Deletes all the MAC addresses in the blacklist. |
- |
Usage Guidelines
Usage Scenario
When an SVF system needs to authenticate an AS, the SVF system allows the AS to connect to if the MAC address of the AS is in the whitelist and disallows the AS to connect to if the MAC address is in the blacklist.
Precautions
A MAC address cannot exist in both the whitelist and blacklist.
By default, if the MAC address of an AS is neither in the whitelist nor in the blacklist, the AS fails the authentication. You can run the confirm { all | mac-address mac-address } command to allow all ASs or a specified AS to pass the authentication.
If the MAC address of an AS that has connected to an SVF system is added to the blacklist, the AS restarts and exits from the SVF system.
broadcast-suppression (network enhanced profile view)
Function
The broadcast-suppression command configures broadcast traffic suppression in a network enhanced profile.
The undo broadcast-suppression command cancels broadcast traffic suppression in a network enhanced profile.
By default, broadcast traffic suppression is not configured in a network enhanced profile. By default, the percentage of broadcast traffic that can pass through an AS port is 50%.
NOTE: This command can only be executed on a parent switch.
Parameters
Usage Guidelines
#
broadcast-suppression packets packets-per-second
#
To prevent broadcast storms, you can run the broadcast-suppression command to configure the maximum number of broadcast packets that can pass through a port. When the broadcast traffic rate reaches the maximum value, the system discards excess broadcast packets to control the traffic volume within a proper range.
clear direct-command
Function
The clear direct-command command deletes commands to be directly delivered to an AS from the parent.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| slot slot-id | Specifies the stack ID of a member device in an AS. |
The value is an integer that ranges from 0 to 4. |
Usage Guidelines
After you run the direct-command command to directly deliver commands to an AS, you can run the clear direct-command command to delete the commands from the parent.
You can delete directly delivered commands only when the AS is offline. Do not run the clear direct-command command when the parent is delivering the commands to an AS.
commit as
Function
The commit as command delivers the service configuration to ASs.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Delivers the service configuration to an AS with a specified name. |
The value must have an existing AS name. |
| all | Delivers the service configuration to all ASs. |
- |
confirm
Function
The confirm command confirms that unauthenticated ASs pass the authentication.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all | Confirms that all ASs pass the authentication. |
- |
| mac-address mac-address | Confirms that an AS with a specified MAC address passes the authentication. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
Usage Guidelines
When an AS needs to be authenticated before connecting to an SVF system, the AS fails the authentication if its MAC address is neither in the whitelist nor in the blacklist. You can run the confirm command to allow all ASs or a specified AS to pass the authentication.
You can run the display as unauthorized record command to check information about the ASs that fail the authentication.
description (Fabric port view)
Function
The description command configures the description of a fabric port.
The undo description command deletes the description of a fabric port.
By default, no description is configured for a fabric port.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| description | Specifies the description. |
The value is a string of 1 to 64 case-sensitive characters with spaces supported. |
description (port group view)
Function
The description command configures the description of a port group.
The undo description command deletes the description of a port group.
By default, a port group does not have a description.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| description | Specifies the description. |
The value is a string of 1 to 15 case-sensitive characters with spaces supported. |
dhcp snooping enable (network enhanced profile view)
Function
The dhcp snooping enable command configures DHCP snooping in a network enhanced profile.
The undo dhcp snooping enable command cancels DHCP snooping in a network enhanced profile.
By default, DHCP snooping is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
# dhcp enable # dhcp snooping enable # interface GigabitEthernet0/0/1 dhcp snooping enable #
In the preceding configuration, GigabitEthernet0/0/1 is used for reference only. The actual configuration depends on the profile configuration.
You can run the dhcp snooping enable command to enable DHCP snooping on a port so as to improve DHCP security.
Precautions
Before running the undo dhcp snooping enable command, ensure that the network enhanced profile view is not configured with IPSG or DAI. To disable IPSG and DAI, run the undo ip source check user-bind enable (network enhanced profile view) and undo arp anti-attack check user-bind enable (network enhanced profile view) commands respectively.
The dhcp snooping enable command configured in the network enhanced profile can only configure a DHCP dynamic binding table but not a DHCP static binding table.
direct-command
Function
The direct-command command configures ASs on the parent. The parent directly delivers the configuration to the ASs, and you do not need to run the commit as command.
The undo direct-command command cancels the configuration for ASs on the parent.
The following table lists service configurations that can be delivered using this command. If no configuration dependency and restriction are provided for a command, see the details in the command reference.
NOTE: This command can only be executed on a parent switch.
Format
direct-command view { system | interface-type interface-number | stack-port member-id/port-id } command command-text
undo direct-command view { system | interface-type interface-number | stack-port member-id/port-id } command command-text
Parameters
| Parameter | Description | Value |
|---|---|---|
| view { system | interface-type interface-number | stack-port member-id/port-id } | Specifies the view in which a command is executed.
|
- |
| command command-text | Specifies the command to be delivered to ASs. |
The value is a string of 1 to 128 characters. |
Usage Guidelines
Usage Scenario
The following lists the commands that can be directly delivered to ASs. You can run the undo direct-command view { system | interface-type interface-number } command command-text command to cancel the configuration or restore default settings. The command-text parameter specifies the commands listed in the following table.
Service Category |
Format |
View |
Function |
Configuration Dependency and Restriction |
|---|---|---|---|---|
Energy-saving management |
port-auto-sleep enable |
Interface view |
Enables the port sleeping function on an electrical interface. |
This command cannot be configured on combo interfaces. |
PoE |
poe force-power |
Interface view |
Enables forcible PoE power supply on an interface. |
- |
poe legacy enable |
Interface view |
Enables an interface to check compatibility of PDs. |
- |
|
poe priority { critical | high | low } |
Interface view |
Sets the power supply priority of a PoE interface. |
- |
|
poe af-inrush enable slot slot-id |
System view |
Configures the IEEE 802.3at-compliant device to provide power in accordance with IEEE 802.3af. |
- |
|
poe high-inrush enable slot slot-id |
System view |
Configures a device to allow high inrush current during power-on. |
- |
|
undo poe enable (supported in V200R011C10 and later versions) |
Interface view |
Disables the PoE function on an interface. |
- |
|
Ethernet interfaces |
undo negotiation auto |
Interface view |
Configures an interface to work in non-auto negotiation mode. After you run the undo direct-command command, the interface works in auto negotiation mode. |
|
speed { 10 | 100 | 1000 } |
Interface view |
Sets the rate in non-auto negotiation mode. |
|
|
speed auto-negotiation |
Interface view |
Enables auto-negotiation on a GE optical interface. |
|
|
duplex { full | half } |
Interface view |
Sets the duplex mode for an electrical interface in non-auto negotiation mode. |
|
|
loopback internal |
Interface view |
Configures a loopback detection mode on an interface. |
- |
|
description description (supported in V200R011C10 and later versions) |
Interface view |
Configures the description for an interface. |
The description contains a maximum of 52 characters in V200R011C10, and the description contains a maximum of 116 characters in V200R012C00 and later versions. |
|
Port bridge |
port bridge enable |
Interface view |
Enables the bridging function on an interface. |
- |
Voice VLAN |
voice-vlan mac-address mac-address mask mask (supported in V200R011C10 and later versions) |
System view |
Configures the OUI address of the voice VLAN. |
- |
LBDT |
loopback-detect enable |
Interface view |
Enables loopback detection on an interface. |
- |
loopback-detect packet vlan vlan-id |
Interface view |
Enables loopback detection for a specified VLAN. |
If you configure this command multiple times, loopback detection is enabled for multiple VLANs. |
|
ARP rate limiting |
arp speed-limit source-mac maximum maximum |
System view |
Configures ARP rate limiting based on source MAC addresses. |
|
arp speed-limit source-ip maximum maximum |
System view |
Configures ARP rate limiting based on source IP addresses. |
This function takes effect only for ARP packets sent to the CPU. |
|
Stack |
port interface { interface-type interface-number1 [ to interface-type interface-number2 ] } enable (supported in V200R010 and later versions) |
Stack interface view: stack-port member-id/port-id |
Configures a service interface as a stack member port and adds it to a stack port. |
Before restoring the stack member ports that are added to a stack port in direct configuration mode as common service interfaces, you do not need to run the shutdown interface command in the stack interface view. |
stack slot slot-id priority priority (supported in V200R010 and later versions) |
System view |
Sets a stack priority for a member switch in a stack. |
- |
|
stack slot slot-id renumber new-slot-id (supported in V200R011C10 and later versions) |
System view |
Changes the stack ID of a specified member switch in a stack. NOTICE:
If there are services running, delivering this
command may cause service interruptions and configuration loss. Therefore,
you are advised to deliver this command when an AS is unconfigured. |
A stack ID cannot be changed in the following situations:
|
|
User Access and Authentication (supported in V200R012C00 and later versions) |
access-user arp-detect vlan vlan-id ip-address ip-address mac-address mac-address |
System view |
Sets the source IP address and source MAC address of offline detection packets in a VLAN. |
In V200R012C00SPC710 and later versions, when vlan, ip-address, and mac-address are all different, multiple configurations of this command can be generated. If any one of vlan, ip-address, and mac-address has been configured, delete the existing configuration before reconfiguring them. In other V200R012C00 versions except V200R012C00SPC710, this command can be configured only one. If you want to modify the configuration, delete the existing configuration and then perform the configuration again. |
access-user arp-detect default ip-address ip-address |
System view |
Sets the default source IP address of offline detection packets. |
- |
|
undo user-detect |
System view |
Disables the online user detection function. |
- |
|
authentication speed-limit max-num max-num-value interval interval-value (supported in V200R013C00 and later versions) |
System view |
Configures the rate limit for an access device to send user association and disassociation request messages. |
- |
|
access-user arp-detect fallback ip-address mask-length (supported in V200R013C00 and later versions) |
System view |
Configures an IP address required for calculating the source address of offline detection packets. |
If you run this command multiple times, only the latest configuration takes effect. |
|
access-user arp-detect delay delay (supported in V200R013C00 and later versions) |
System view |
Configures the delay for sending offline detection packets. |
- |
Precautions
- When you configure a directly delivered command on the parent, enter the complete and correct command instead of the abbreviated form. No info message is displayed for confirming your input.
- A directly delivered command supports the help and typeahead functions but not real-time check during input. The system checks the input only after you complete typing a command and press Enter. No detailed description is provided in help information. If you fail to configure a command for an AS, an info message is displayed.
- When you configure a directly delivered command, the AS to which the command is to be delivered must be online. If you need to specify a port or slot-id in a command, the corresponding member device must be available. If the AS is offline, run the clear direct-command command to delete the completed configuration on the parent.
- If a port has the configuration directly delivered using commands, the port cannot be configured as a member port of the Eth-Trunk to which a fabric port is bound. If a port has been configured as a member port of the Eth-Trunk to which a fabric port is bound, the configuration cannot be directly delivered to the port using commands.
- Directly delivering configuration using commands and delivering configuration using service profiles are mutually exclusive and cannot be performed simultaneously.
Example
# Configure the parent to deliver the loopback-detect enable command to GigabitEthernet0/0/1 on as1 to enable loopback detection on GigabitEthernet0/0/1.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] direct-command view gigabitethernet 0/0/1 command loopback-detect enable
display as
Function
The display as command displays information about access switches (ASs).
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all | Displays information about all ASs. |
- |
| name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| mac-address mac-address | Specifies the MAC address of an AS. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
| vpn-instance information | Displays VPN instance information. |
The value must be an existing VPN instance name. |
Usage Guidelines
You can run the display as command to view information about ASs in an SVF system, including the AS device type, VPN instance information, and access status.
Example
# Display information about all ASs.
<HUAWEI> display as all
Total: 1, Normal: 1, Fault: 0, Idle: 0, Version mismatch: 0
--------------------------------------------------------------------------------
No. Type MAC IP State Name
--------------------------------------------------------------------------------
0 S5720-P-LI aaaa-bbbb-cc92 192.168.11.254 normal as1
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
Total |
Total number of ASs. |
Normal |
Number of ASs that are running normally. |
Fault |
Number of ASs in abnormal running status. |
Idle |
Number of ASs that have been configured but no gone online. |
Version mismatch |
Number of ASs of which the software versions do not match the software version of the parent. |
No. |
Sequence number. |
Type |
Device type of an AS. |
MAC |
Management MAC address of an AS. |
IP |
IP address of an AS. |
State |
|
Name |
Name of an AS. |
# Display information about the AS as1.
<HUAWEI> display as name as1
------------------------------------------------------------------------------
Management-mac : aaaa-bbbb-cc92
System MAC : aaaa-bbbb-cc92
ESN : 210235317310xxxxxxxx
Name : as1
Model : S5720-28P-LI-AC
Device Type : S5720-P-LI
State : normal
Mode : centralized
Slot : 0
As group : group1
Port group : group2
------------------------------------------------------------------------------
Item |
Description |
|---|---|
Management-mac |
Management MAC address of an AS. In a Super Virtual Fabric (SVF) system, each AS has a unique management MAC address to identify itself. To set a management MAC address for an AS, run the as access manage-mac command. If no management MAC address is configured for an AS, the system MAC address of the AS is used as the management MAC address. |
System MAC |
System MAC address of an AS, which is the physical MAC address of this AS. |
ESN |
Sequence number of an AS. |
Name |
Name of an AS. |
Model |
Device model of an AS. |
Device Type |
Device type of an AS. |
State |
Status of an AS:
|
Mode |
Service configuration mode of an AS:
|
Slot |
Stack ID of an AS in a stack. |
As group |
AS group to which an AS belongs. |
Port group |
Port group to which an AS port belongs. |
# Display VPN instance information of ASs.
<HUAWEI> display as vpn-instance information
Total: 5
--------------------------------------------------------------------------------
No. VPN-Instance AS Name
--------------------------------------------------------------------------------
0 VPN1 e-10005(1-1)
1 -- t-10018(2-2)
2 VPN2 s-10021(1-1)
3 -- 6-10023(2-1)
4 -- 11-t-16(x-s)
--------------------------------------------------------------------------------
display as access configuration
Function
The display as access configuration command displays the access configuration of ASs.
NOTE: Only the switches that function as ASs support this command.
Usage Guidelines
You can run the display as access configuration command on an AS to check the access configuration of the AS.
Example
# Display the access configuration of an AS.
<HUAWEI> display as access configuration
AS mode : centralized
Access interface : vlanif11
Access controller configuration : --
Current connected access controller : 192.168.11.1(dynamic)
Access management MAC : 0200-0000-0022
Access system MAC : 0200-0000-0022
Current connected state : normal
Item |
Description |
|---|---|
AS mode |
AS mode:
|
Access interface |
VLANIF interface for the management VLAN of an AS. |
Access controller configuration |
Parent IP address configured using the as access controller ip-address command. If this IP address is configured, the Current connected access controller field value contains configured. |
Current connected access controller |
IP address of the parent to which an AS is connected. If this field contains dynamic, the IP address is obtained through DHCP or in broadcast mode. If this field contains configured, the IP address is statically configured. If an AS does not go online, this field displays --. |
Access management MAC |
Configured management MAC address of an AS. |
Access system MAC |
System MAC address of an AS. |
Current connected state |
Connection status of an AS:
|
display as blacklist
Function
The display as blacklist command displays blacklist information of an AS.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display as blacklist command to check blacklist information of an AS.
Example
# Display blacklist information of an AS.
<HUAWEI> display as blacklist
------------------------------------------------------------------------------
ID MAC
------------------------------------------------------------------------------
0 0025-9e07-8281
------------------------------------------------------------------------------
Total: 1
Item |
Description |
|---|---|
ID |
ID of a blacklist. |
MAC |
MAC address added to the blacklist. To add a MAC address to a blacklist, run the blacklist mac-address command. If no MAC address is specified, no information is displayed. |
display as run-info
Function
The display as run-info command displays running status information of an AS.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| mac-address mac-address | Specifies the MAC address of an AS. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
Usage Guidelines
You can run the display as run-info command to check running status information of an AS, including the AS access status, CPU usage, and memory usage.
Example
# Display running status information of an AS.
<HUAWEI> display as name as1 run-info Info: This operation may take a few seconds. Please wait... ------------------------------------------------------------------------------ Software version : Version 5.160 V200R013C00 Hardware version : VER.A Patch version : V200R011SPH001 Patch state : running IP address : 192.168.1.154 IP mask : 255.255.255.0 Gateway : 192.168.1.1 VPN-Instance : -- State : normal Online time : 1 day, 18 hours, 40 minutes, 0 second CPU usage : 12% Memory usage : 52% Slot 0 : present ------------------------------------------------------------------------------
Item |
Description |
|---|---|
Software version |
Software version running on an AS. |
Hardware version |
Hardware version running on an AS. |
Patch version |
Patch version. This field displays-- when the patch package is not installed. |
Patch state |
Patch status.
This field displays-- when the Patch version field displays --. |
IP address |
IP address of an AS. |
IP mask |
Subnet mask. |
Gateway |
Gateway of an AS. |
VPN-Instance |
Name of a VPN instance. |
State |
Status of an AS:
|
Online time |
Online time of an AS. |
CPU usage |
CPU usage of an AS. |
Memory usage |
Memory usage of an AS. |
Slot 0 |
Whether an AS member device is present:
|
display as unauthorized record
Function
The display as unauthorized record command displays information about the ASs that fail the authentication.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display as unauthorized record command to check information about the ASs that fail the authentication.
Example
# Display information about the ASs that fail the authentication.
<HUAWEI> display as unauthorized record Unauthorized AS record: -------------------------------------------------------------------------------- AS type : S5720-SI Host name : huawei-000b-0987-d5aa AS MAC address : 000b-0987-d5aa AS IP address : 192.168.1.253 Record time : 2015-05-20 16:06:10 DST -------------------------------------------------------------------------------- Total: 1
display as whitelist
Function
The display as whitelist command displays whitelist information of an AS.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display as whitelist command to check whitelist information of an AS.
Example
# Display whitelist information of an AS.
<HUAWEI> display as whitelist
------------------------------------------------------------------------------
ID MAC
------------------------------------------------------------------------------
0 0025-9e07-8282
------------------------------------------------------------------------------
Total: 1
display snmp-agent trap feature-name asmngtrap all
Function
display snmp-agent trap feature-name asmngtrap all command displays the status of all traps for the ASMNGTRAP module.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name asmngtrap all command to check the status of all traps of the ASMNGTRAP module. You can use the snmp-agent trap enable feature-name asmngtrap command to enable the trap function of the ASMNGTRAP module.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display all the traps of the ASMNGTRAP module.
<HUAWEI>display snmp-agent trap feature-name asmngtrap all
------------------------------------------------------------------------------
Feature name: ASMNGTRAP
Trap number : 23
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
hwAsFaultNotify on on
hwAsNormalNotify on on
hwAsAddOffLineNotify on on
hwAsDelOffLineNotify on on
hwAsPortStateChangeToDownNotify
on on
hwAsPortStateChangeToUpNotify on on
hwAsModelNotMatchNotify on on
hwAsVersionNotMatchNotify on on
hwAsNameConflictNotify on on
hwAsSlotModelNotMatchNotify on on
hwAsFullNotify on on
hwUnimngModelNotMatchNotify on on
hwAsBoardAdd on on
hwAsBoardDelete on on
hwAsBoardPlugIn on on
hwAsBoardPlugOut on on
hwAsInBlacklist on on
hwAsUnconfirmed on on
hwAsComboPortTypeChange on on
hwAsOnlineFailNotify on on
hwAsSlotIdInvalidNotify on on
hwAsSysmacSwitchCfgErrNotify on on
hwAsSlotOnlineFailNotify on on
Item |
Description |
|---|---|
Feature name |
Name of the module that the trap belongs to. |
Trap number |
Number of traps. |
Trap name |
Trap name of the module:
|
Default switch status |
Default status of the trap function:
|
Current switch status |
Status of the trap function:
|
display snmp-agent trap feature-name unimbrtrap all
Function
display snmp-agent trap feature-name unimbrtrap all command displays the status of all traps on the UNIMBRTRAP module.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name unimbrtrap all command to check the status of all traps of UNIMBRTRAP. You can use the snmp-agent trap enable feature-name unimbrtrap command to enable the trap function of UNIMBRTRAP.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display all the traps of the UNIMBRTRAP module.
<HUAWEI>display snmp-agent trap feature-name unimbrtrap all
------------------------------------------------------------------------------ Feature name: UNIMBRTRAP Trap number : 30 ------------------------------------------------------------------------------ Trap name Default switch status Current switch status hwASBrdTempAlarm on on hwASBrdTempResume on on hwASBoardFail on on hwASBoardFailResume on on hwASBoardInvalid on on hwASBoardInvalidResume on on hwASOpticalInvalid on on hwASOpticalInvalidResum on on hwASPowerRemove on on hwASPowerInsert on on hwASPowerInvalid on on hwASPowerInvalidResum on on hwASFanRemove on on hwASFanInsert on on hwASFanInvalid on on hwASFanInvalidResume on on hwASCommunicateError on on hwASCommunicateResume on on hwASCPUUtilizationRising on on hwASCPUUtilizationResume on on hwASMemUtilizationRising on on hwASMemUtilizationResume on on hwASMadConflictDetect on on hwASMadConflictResume on on hwUniMbrLinkStateChange on on hwUniMbrASDiscoverAttack on on hwUniMbrConnectError on on hwUniMbrIllegalFabricConfig on on hwUniMbrFabricPortMemberDelete on on hwUniMbrAsServiceAbnormal on on
Item |
Specification |
|---|---|
Feature name |
Name of the module that the trap belongs to. |
Trap number |
Number of traps. |
Trap name |
Trap name. Traps of the UNIMBRTRAP module include:
|
Default switch status |
Default status of the trap function:
|
Current switch status |
Status of the trap function:
|
display snmp-agent trap feature-name uni-topomng all
Function
display snmp-agent trap feature-name uni-topomng all command displays the status of all traps on the UNI-TOPOMNG module.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-topomng all command to check the status of all traps of UNI-TOPOMNG. You can use the snmp-agent trap enable feature-name uni-topomng command to enable the trap function of UNI-TOPOMNG.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display all the traps of the UNI-TOPOMNG module.
<HUAWEI>display snmp-agent trap feature-name uni-topomng all
------------------------------------------------------------------------------ Feature name: uni-topomng Trap number : 2 ------------------------------------------------------------------------------ Trap name Default switch status Current switch status hwTopomngLinkNormal on on hwTopomngLinkAbnormal on on
Item |
Specification |
|---|---|
Feature name |
Name of the module that the trap belongs to. |
Trap number |
Number of traps. |
Trap name |
Trap name. Traps of the UNI-TOPOMNG module include:
|
Default switch status |
Default status of the trap function:
|
Current switch status |
Status of the trap function:
|
display snmp-agent trap feature-name uni-tplm all
Function
display snmp-agent trap feature-name uni-tplm all command displays the status of all traps on the UNI-TPLM module.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-tplm all command to check the status of all traps of UNI-TPLM. You can use the snmp-agent trap enable feature-name uni-tplm command to enable the trap function of UNI-TPLM.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display all the traps of the UNI-TPLM module.
<HUAWEI>display snmp-agent trap feature-name uni-tplm all
------------------------------------------------------------------------------
Feature name: uni-tplm
Trap number : 3
------------------------------------------------------------------------------
Trap name Default switch status Current switch status
hwTplmCmdExecuteFailedNotify on on
hwTplmCmdExecuteSuccessfulNotify
on on
hwTplmDirectCmdRecoverFail on on
Item |
Specification |
|---|---|
Feature name |
Name of the module that the trap belongs to. |
Trap number |
Number of traps. |
Trap name |
Trap name. Traps of the UNI-TPLM module include:
|
Default switch status |
Default status of the trap function:
|
Current switch status |
Status of the trap function:
|
display snmp-agent trap feature-name uni-vermng all
Function
display snmp-agent trap feature-name uni-vermng all command displays the status of all traps on the UNI-VERMNG module.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name uni-vermng all command to check the status of all traps of UNI-TPLM. You can use the snmp-agent trap enable feature-name uni-vermng command to enable the trap function of UNI-TPLM.
Prerequisites
SNMP has been enabled. For details, see snmp-agent.
Example
# Display all the traps of the UNI-VERMNG module.
<HUAWEI>display snmp-agent trap feature-name uni-vermng all
------------------------------------------------------------------------------ Feature name: uni-vermng Trap number : 1 ------------------------------------------------------------------------------ Trap name Default switch status Current switch status hwVermngUpgradeFail on on
Item |
Specification |
|---|---|
Feature name |
Name of the module that the trap belongs to. |
Trap number |
Number of traps. |
Trap name |
Trap name. Traps of the UNI-VERMNG module include:
|
Default switch status |
Default status of the trap function:
|
Current switch status |
Status of the trap function:
|
display uni-mng as-discover packet statistics
Function
The display uni-mng as-discover packet statistics command displays AS Discovery packet statistics on a fabric port.
NOTE: This command can be used on the parent or an AS. After running this command, you can check AS Discovery packet statistics on a fabric port of the local device.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface fabric-port port-id | Specifies the number of a fabric port. |
The value is an integer that ranges from 0 to 63 on an AS and from 0 to 255 on the parent. |
Usage Guidelines
You can run the display uni-mng as-discover packet statistics command to check AS Discovery packet statistics on a fabric port.
Example
# Display AS Discovery packet statistics on a fabric port.
<HUAWEI> display uni-mng as-discover packet statistics interface fabric-port 1
The statistics of AS Discover packet on Fabric-port1:
PortName Packet-type Receive Send
--------------------------------------------------------------------------------
GE2/0/23 AS Discover Request 0 3
AS Discover ACK 3 0
AS Discover ParaSyn Req 0 3
AS Discover ParaSyn ACK 3 0
AS Discover HeartBeat Req 0 11238
AS Discover HeartBeat ACK 11238 0
AS Discover NAK 0 0
AS Discover FabricCfg Req 0 0
AS Discover FabricCfg ACK 0 0
AS Discover NotifyOffline Req 0 0
AS Discover NotifyOffline ACK 0 0
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
PortName |
Name of a member port in a fabric port. |
Packet-type |
Packet type:
|
Receive |
Statistics about received packets. Statistics about AS Discover HeartBeat Req and AS Discover HeartBeat ACK packets will be cleared and start from 0 after an active/standby switchover is performed on the device. |
Send |
Statistics about sent packets. Statistics about AS Discover HeartBeat Req and AS Discover HeartBeat ACK packets will be cleared and start from 0 after an active/standby switchover is performed on the device. |
display uni-mng as-group
Function
The display uni-mng as-group command displays information about AS groups.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name group-name | Specifies the name of an AS group. |
The value must be an existing an AS group name. |
| verbose | Displays detailed information about an AS group. |
- |
Usage Guidelines
You can run the display uni-mng as-group command to check information about created AS groups.
Example
# Display brief information about all AS groups.
<HUAWEI> display uni-mng as-group
-------------------------------------------------------------------------------
Number AS-group Name
-------------------------------------------------------------------------------
1 asgroup
-------------------------------------------------------------------------------
Item |
Description |
|---|---|
Number |
Sequence number. |
AS-group Name |
AS group name. |
# Display detailed information about all AS groups.
<HUAWEI> display uni-mng as-group verbose
AS-group name: asgroup
-------------------------------------------------------------------------------
AS name list: (Total number = 1)
as1
-------------------------------------------------------------------------------
AS-admin profile name: admin
-------------------------------------------------------------------------------
display uni-mng as index
Function
The display uni-mng as index command displays the index of an AS.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display uni-mng as index command to check the index, management MAC address, and name of an AS.
Example
# Display the index of an AS.
<HUAWEI> display uni-mng as index
------------------------------------------------------------------------------
Index MAC-Current MAC-Saved Name
------------------------------------------------------------------------------
1 aaaa-bbbb-cc92 aaaa-bbbb-cc92 as1
------------------------------------------------------------------------------
Total: 1
Item |
Description |
|---|---|
Index |
Index of an AS. |
MAC-Current |
Management MAC address. |
| MAC-Saved | MAC address saved in the flash memory. This field indicates
the MAC address saved in the flash memory using the save command
after an AS goes online or the as name (uni-mng view) command is configured.
|
Name |
Name of an AS. |
display uni-mng as interface brief
Function
The display uni-mng as interface brief command displays brief information about AS ports.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
Usage Guidelines
You can run the display uni-mng as interface brief command to check brief information about AS ports.
When an AS is offline or its version is inconsistent with the parent version, this command displays default attributes of ports on this AS.
Example
# Display brief information about AS ports.
<HUAWEI> display uni-mng as name as1 interface brief PHY: Physical *down : administratively down *Stack Port: inactive stack port -------------------------------------------------------------------------------- Interface Type PHY Online MSTP state -------------------------------------------------------------------------------- Eth-Trunk1 Fabric Port up present forwarding Eth-Trunk40 Service Port down present discarding GigabitEthernet0/0/1 Service Port down present discarding GigabitEthernet0/0/2 Service Port up present forwarding GigabitEthernet0/0/3 Service Port down present discarding GigabitEthernet0/0/4 Service Port down present discarding GigabitEthernet0/0/5 Service Port down present discarding GigabitEthernet0/0/6 Service Port down present discarding GigabitEthernet0/0/7 Service Port down present discarding GigabitEthernet0/0/8 Service Port down present discarding GigabitEthernet0/0/9 Service Port down present discarding GigabitEthernet0/0/10 Service Port down present discarding GigabitEthernet0/0/11 Service Port down present discarding GigabitEthernet0/0/12 Service Port down present discarding GigabitEthernet0/0/13 Service Port down present discarding GigabitEthernet0/0/14 Service Port down present discarding GigabitEthernet0/0/15 Service Port down present discarding GigabitEthernet0/0/16 Service Port down present discarding GigabitEthernet0/0/17 Service Port down present discarding GigabitEthernet0/0/18 Service Port down present discarding GigabitEthernet0/0/19 Service Port down present discarding GigabitEthernet0/0/20 Service Port down present discarding GigabitEthernet0/0/21 Service Port down present discarding GigabitEthernet0/0/22 Service Port down present discarding GigabitEthernet0/0/23 Service Port down present discarding GigabitEthernet0/0/24 Service Port down present discarding GigabitEthernet0/0/25 Fabric Port down present discarding GigabitEthernet0/0/26 Fabric Port up present forwarding GigabitEthernet0/0/27 Fabric Port down present discarding GigabitEthernet0/0/28 Fabric Port up present discarding ------------------------------------------------------------------------------
Item |
Description |
|---|---|
Interface |
Interface number. |
Type |
Interface type:
|
PHY |
Interface status:
|
Online |
Whether the card where the interface resides is present:
|
MSTP state |
STP forwarding status of the interface:
If the interface is an Eth-Trunk member port, this field displays the forwarding state of the Eth-Trunk. |
display uni-mng as interface eth-trunk
Function
The display uni-mng as interface eth-trunk command displays information about an Eth-Trunk interface of an AS.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| eth-trunk-id | Specifies the ID of an Eth-Trunk. |
The value is an integer and its
range varies depending on the switch as model:
|
Usage Guidelines
After you use the uni eth-trunk command to create an Eth-Trunk on an AS, you can run the display uni-mng as interface eth-trunk command to view information including the Eth-Trunk working mode, member interface, and member interface status.
Example
# Display information about Eth-Trunk 40 on AS as1.
<HUAWEI> display uni-mng as name as1 interface eth-trunk 40 Eth-Trunk40's state information is: WorkingMode: NORMAL Operate status: down -------------------------------------------------------------------------------- PortName Status GigabitEthernet0/0/10 down GigabitEthernet0/0/11 down -------------------------------------------------------------------------------- The Number of Ports in Trunk : 2 The Number of UP Ports in Trunk : 0
Item |
Description |
|---|---|
Eth-Trunk40's state information is |
State information of Eth-Trunk 40. |
WorkingMode |
Working mode of the Eth-Trunk interface:
|
Operate status |
Status of the Eth-Trunk interface:
|
PortName |
Eth-Trunk member interface name. To add or delete an Eth-Trunk member interface, run the port eth-trunk trunkmember command. |
Status |
Eth-Trunk member interface status:
|
The Number of Ports in Trunk |
Number of Eth-Trunk member interfaces. |
The Number of UP Ports in Trunk |
Number of Eth-Trunk member interfaces in Up state. |
display uni-mng commit-result
Function
The display uni-mng commit-result command displays the configuration delivery result.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile | Displays the delivery result of the service profile configuration. |
- |
| free-rule | Displays the delivery result of user authenticate-free rules. |
- |
| as-direct-config | Displays the direct configuration recovery result after an AS goes online. |
- |
Usage Guidelines
You can run the display uni-mng commit-result command to check the result of delivering the configuration to an AS, including the service profiles configured on the parent, user authentication-free rules, and configurations directly delivered to ASs. This command displays only the latest result but not historical information.
Example
# Display the result of delivering the service profile configuration to an AS.
<HUAWEI> display uni-mng commit-result profile
Result of profile:
--------------------------------------------------------------------------------
AS Name Commit Time Commit/Execute Result
--------------------------------------------------------------------------------
as1 2014-09-16 14:38:03 Success/Success
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
AS Name |
Name of an AS. |
Commit Time |
Time when the configuration is delivered. |
Commit/Execute Result |
Commit Result indicates the configuration delivery result:
Execute Result indicates the execution result of the delivered
configuration:
|
display uni-mng global
Function
The display uni-mng global command displays the global configuration of SVF.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display uni-mng global command to view the globally configured service functions of SVF.
Example
# Display the global configuration of SVF.
<HUAWEI> display uni-mng global
Forward-mode : Centralized
Portal url encode : Disable
IGMP snooping VLAN : 10
Item |
Description |
|---|---|
Forward-mode |
SVF forwarding mode:
|
Portal url encode |
Whether URL encoding is enabled:
To disable URL encoding, run the portal url-encode disable command. |
IGMP snooping VLAN |
Service VLAN in which IGMP snooping is enabled. To configure a service VLAN in which IGMP snooping is enabled, run the as service-vlan igmp-snooping command. If no service VLAN is configured, this field is not displayed. |
display uni-mng indirect configuration
Function
The display uni-mng indirect configuration command displays the indirect connection configuration on ASs.
NOTE: This command can only be executed on an AS.
Usage Guidelines
You can run the display uni-mng indirect configuration command on an AS to check the indirect connection configuration on the AS.
Example
# Display the SVF indirect connection configuration on an AS.
<HUAWEI> display uni-mng indirect configuration
Uni-mng configuration information:
Current uni-mng status : disable
Next uni-mng status : enable
Current management VLAN : --
Next management VLAN : 100
Current fabric-port members :
Next fabric-port members :
GigabitEthernet0/0/9
Item |
Description |
|---|---|
| Current uni-mng status | Current manually configured client mode. |
| Next uni-mng status | Next startup manually configured client mode. To configure the client mode and management VLAN, run the uni-mng indirect mng-vlan command. |
| Current management VLAN | Current management VLAN. To configure the client mode and management VLAN, run the uni-mng indirect mng-vlan command. |
| Next management VLAN | Next startup management VLAN. |
| Current fabric-port members | Current member port configuration in a fabric port. To configure member ports for a fabric port, run the uni-mng indirect fabric-port command. |
| Next fabric-port members | Next startup member port configuration in a fabric port. |
display uni-mng execute-failed-record
Function
The display uni-mng execute-failed-record command displays execution failure records after the configuration is delivered to an AS.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile | Displays records of configurations delivered through profiles. | - |
| as-direct-config | Displays records of configurations directly delivered through commands. | - |
| as name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
Usage Guidelines
You can run the display uni-mng execute-failed-record command to check execution failure records after the configuration is delivered to an AS.
Example
# Display execution failure records after the configuration is delivered to an AS.
<HUAWEI> display uni-mng execute-failed-record as-direct-config as name as1
Info: This operation may take a few seconds. Please wait....done.
--------------------------------------------------------------------------------
View name : system
Command : arp speed-limit source-mac maximum 1
Execute time : 2015-01-19 15:09:23 DST
Failed reason : This device does not support this command.
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
View name |
View in which the configuration is executed. |
Command |
Command that failed to be executed. |
Execute Time |
Time the configuration is executed. |
Failed reason |
Cause of the execution failure. |
display uni-mng interface fabric-port configuration
Function
The display uni-mng interface fabric-port configuration command displays the fabric port configuration.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| parent | Display the parent-side fabric port configuration. |
- |
| as name as-name | Display the AS-side fabric port configuration. If parent and as-name are not specified, the configurations of all the fabric ports in an SVF system are displayed. |
The value must have an existing AS name. |
Usage Guidelines
You can run the display uni-mng interface fabric-port configuration command to check the fabric port configuration.
Example
# Display the fabric port configuration.
<HUAWEI> display uni-mng interface fabric-port configuration
Interface Direction Connect-type Member-name Location
-------------------------------------------------------------------------------
Fabric-port0 Down Direct Eth-Trunk0 Parent
Fabric-port1 Down Direct Eth-Trunk1 Parent
Fabric-port3 Down Direct Eth-Trunk3 Parent
Fabric-port5 Down Direct Eth-Trunk5 Parent
Fabric-port6 Down Direct Eth-Trunk6 Parent
Fabric-port7 Down Direct Eth-Trunk7 Parent
Fabric-port8 Down Direct Eth-Trunk8 Parent
Fabric-port9 Down Indirect Eth-Trunk9 Parent
Fabric-port10 Down Indirect Eth-Trunk10 Parent
Fabric-port11 Down Direct Eth-Trunk11 Parent
Fabric-port15 Down Direct Eth-Trunk15 Parent
-------------------------------------------------------------------------------
Total : 11
Item |
Description |
|---|---|
Interface |
Fabric port name. |
Direction |
Direction of a fabric port. Down indicates downlink and Up indicates uplink. |
Connect-type |
Connection mode of a fabric port. Direct indicates the direct connection mode, whereas Indirect indicates the indirect connection mode (connection through an intermediate network). |
Member-name |
Eth-Trunk to which a fabric port is bound. |
Location |
Device where a fabric port resides. |
display uni-mng interface fabric-port state
Function
The display uni-mng interface fabric-port state command displays the fabric port status.
NOTE: This command can be used on the parent or an AS. After running this command, you can check the fabric port status on the local device.
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-id | Specifies the number of a fabric port. If this parameter is not specified, the status of all fabric ports is displayed. |
The value is an integer and must be set according to the device configuration. |
Usage Guidelines
You can run the display uni-mng interface fabric-port state command to check the fabric port status.
If an AS connects to the parent through an intermediate network, peer fabric port information cannot be obtained and displays --.
If a fabric port is incorrectly connected, the system displays an error summary message to provide the cause of the error.
Example
# Display the fabric port status on the parent.
<HUAWEI> display uni-mng interface fabric-port state
--------------------------------------------------------------------------------
Fabric-port name : Fabric-port1
Fabric-port direction : Down
Fabric-port member name : Eth-Trunk1
Peer MAC : 0000-1382-4569
Peer AS name : as1
Peer fabric-port member name : Eth-Trunk0
Physical member number : 1
Local-port Peer-port State Detail Exptime(s)
XGE6/0/3 XGE0/0/1 Connected None 32
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
Fabric-port name |
Fabric port name. |
Fabric-port direction |
Direction of a fabric port. Down indicates downlink and Up indicates uplink. |
Fabric-port member name |
Eth-Trunk to which a fabric port is bound. |
Peer MAC |
MAC address of the peer device. |
Peer AS name |
Name of the peer device. |
Peer fabric-port member name |
Eth-Trunk to which the peer fabric port is bound. |
Physical member number |
Number of member ports in a fabric port. |
Local-port |
Local member port. |
Peer-port |
Peer member port. |
State |
Port connection status:
|
Detail |
Detailed information when the port connection state is Error. For error reasons and solutions, see Table 3-85. |
Exptime(s) |
Timeout period of link heartbeat packets, in seconds. |
Detail Field |
Meaning |
Solution |
|---|---|---|
Startup cfg file exists |
The AS has a startup configuration file. |
Clear the startup configuration file and restart the AS. |
Console input exists |
Input exists on the console interface of an AS. |
Restart the AS and do not log in to the console interface immediately after the AS is restarted. |
VLAN for VCMP exists |
The VLAN for VCMP exists on the AS. |
Run the reset vcmp command on the AS to restart the AS. |
Port not supported |
The AS attempts to connect to the parent through an unsupported port. |
Connect the AS to the parent through an uplink port or subcard port. |
Fabric-port linked to multi-AS |
Member ports of the same downlink fabric port connect to two ASs. |
Member ports of a downlink fabric port can connect to only one AS, and different ASs must connect to different fabric ports. |
Parent exists already |
The AS connects to two parent switches. |
Disconnect the AS from one parent switch. |
Linked to multi fabric-port |
The uplink port of the AS connects to multiple fabric ports of the parent. |
Ensure that the AS connects to only one fabric port of the parent and disconnect the AS from other fabric ports. |
Level-1 AS linked to level-1 AS |
The downlink fabric port of a level-1 AS connects to another level-1 AS. |
Disconnect the two level-1 ASs from each other. |
Parent linked to level-2 AS |
The parent directly connects to a level-2 AS. |
Disconnect the parent from the level-2 AS. |
Downstream fabric-port linked |
A downlink fabric port of an AS connects to the parent. |
Disconnect the fabric port of the AS from the parent. |
No response received |
The parent does not receive any response packet. |
|
Failed to create Eth-Trunk |
Failed to create an Eth-Trunk on an AS. |
Disconnect the AS from the parent and then reconnect them. |
Failed to bind trunk |
Failed to add ports of an AS to an Eth-Trunk. |
Disconnect the AS from the parent and then reconnect them. |
Force Uni-mng mode |
An AS has been configured to work in client mode. |
On the parent, configure the indirect connection mode for the fabric port that connects to the AS. Alternative, run the undo uni-mng enable command on the AS and restart the AS to enable it exit from the client mode. |
Parent linked to parent |
The fabric port of the parent connects to another parent. |
Disconnect the fabric port from the remote parent. |
System is busy on AS |
The system is busy on the AS. |
Wait until the AS is idle. |
Linked to AS with IPv4-hardware |
When an S5700-10P-LI, S5700-10P-PWR-LI-AC, or S2750EI functions as an AS, Layer 3 hardware forwarding for IPv4 packets has been enabled using the assign forward-mode ipv4-hardware command. |
Disable Layer 3 hardware forwarding for IPv4 packets. |
Configurations exist on port |
Configurations exist on the port of an AS. |
Delete the configurations of the port. |
Invalid stack config exists |
Downlink service port of AS is configured as a stack port. |
Clear the stack configuration of the downlink service port. |
display uni-mng patch-delete info
Function
The display uni-mng patch-delete info command displays information about the operation of deleting patches on ASs.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
After patches on a specified AS are deleted using the patch delete as command, you can use the display uni-mng patch-delete info command to view information about the operation of deleting the patches.
Example
<HUAWEI> display uni-mng patch-delete info
Total: 7
--------------------------------------------------------------------------------
AS Name Result Time
--------------------------------------------------------------------------------
e-10005(1-1) successful 2014-09-04 15:51:05 DST
t-10021(1-s) failed 2014-09-04 15:51:05
m-10018(x-1) deleting 2014-09-04 15:51:05
p-10017(2-2) expired 2014-09-04 15:51:05
6-10016(2-1) successful 2014-09-04 15:51:05
7-10015(2-2) successful 2014-09-04 15:51:05
2-10011(2-1) -- --
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
Total |
Number of ASs. |
AS Name |
Name of an AS. |
Result |
Result of the operation of deleting patches:
|
Time |
Time for the last operation. |
display uni-mng port-group
Function
The display uni-mng port-group command displays information about port groups.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name group-name | Specifies the name of a port group. |
The value must be an existing a port group name. |
| verbose | Displays detailed information about a port group. |
- |
Usage Guidelines
You can run the display uni-mng port-group command to check information about created port groups.
Example
# Display brief information about all port groups.
<HUAWEI> display uni-mng port-group ------------------------------------------------------------------------------- Number Port-group Name Port-group Type ------------------------------------------------------------------------------- 1 group1 Connect to user 2 ap_group1 Connect to ap -------------------------------------------------------------------------------
Item |
Description |
|---|---|
Number |
Sequence number. |
Port-group Name |
Port group name. |
Port-group Type |
Port group type:
|
# Display detailed information about all port groups.
<HUAWEI> display uni-mng port-group verbose ------------------------------------------------------------------------------- Port-group name : ap Port-group type : connect to AP Interface list : AS name as1 interface Eth-trunk 5 GigabitEthernet 0/0/2 Network-basic profile : qos Network-enhanced profile : net Network-qos profile : test User-access profile : access_profile ------------------------------------------------------------------------------- Port-group name : group_2 Port-group type : connect to user Interface list : AS name as1 interface Eth-trunk 4 GigabitEthernet 0/0/10 Network-basic profile : -- Network-enhanced profile : -- Network-qos profile : -- User-access profile : -- -------------------------------------------------------------------------------
Item |
Description |
|---|---|
Port-group name |
Port group name. |
Port-group type |
Port group type:
|
Interface list |
List of member ports added to a port group. |
Network-basic profile |
Name of the network basic profile bound to the port group. When no network basic profile is bound to the port group, this field displays --. |
Network-enhanced profile |
Name of the network enhanced profile bound to the port group. When no network enhanced profile is bound to the port group, this field displays --. |
Network-qos profile |
Name of the network qos profile bound to the port group. When no network qos profile is bound to the port group, this field displays --. |
User-access profile |
Name of the user access profile bound to the port group. When no user access profile is bound to the port group, this field displays --. |
display uni-mng profile
Function
The display uni-mng profile command displays service profile information.
NOTE: This command can only be executed on a parent switch.
Format
display uni-mng profile [ { as-admin | network-basic | network-enhanced | user-access | network-qos } [ name profile-name ] ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| as-admin | Displays information about AS administrator profiles. |
- |
| network-basic | Displays information about network basic profiles. |
- |
| network-enhanced | Displays information about network enhanced profiles. |
- |
| user-access | Displays information about user access profiles. |
- |
| network-qos | Displays information about network qos profiles. |
- |
| name profile-name | Specifies the name of a service profile. If this parameter is specified, you can check information about services configured in a specified profile. |
The profile must have an existing profile name. |
Usage Guidelines
You can run the display uni-mng profile command to check information about created service profiles.
Example
# Display brief information about all service profiles.
<HUAWEI> display uni-mng profile
AS-admin profile:
-------------------------------------------------------------------------------
Number Profile Name
-------------------------------------------------------------------------------
1 hehe
2 profile_1
-------------------------------------------------------------------------------
Network-basic profile:
-------------------------------------------------------------------------------
Number Profile Name
-------------------------------------------------------------------------------
1 b_pro
2 p
-------------------------------------------------------------------------------
Network-enhanced profile:
-------------------------------------------------------------------------------
Number Profile Name
-------------------------------------------------------------------------------
1 enp
-------------------------------------------------------------------------------
Network-qos profile:
-------------------------------------------------------------------------------
Number Profile Name
-------------------------------------------------------------------------------
1 test
-------------------------------------------------------------------------------
User-access profile:
-------------------------------------------------------------------------------
Number Profile Name
-------------------------------------------------------------------------------
1 u_pro
-------------------------------------------------------------------------------
Item |
Description |
|---|---|
Number |
Sequence number. |
Profile Name |
Name of each profile type. |
AS-admin profile |
AS administrator profile created using the as-admin-profile name command. |
Network-basic profile |
Network basic profile created using the network-basic-profile name command. |
Network-enhanced profile |
Network enhanced profile created using the network-enhanced-profile name command. |
Network-qos profile |
Network qos profile created using the network-qos-profile name command. |
User-access profile |
User access profile created using the user-access-profile name command. |
# Display information about the service profile with a specified name.
<HUAWEI> display uni-mng profile network-basic name basic
-------------------------------------------------------------------------------
Profile name: basic
User-vlan : 110
Voice-vlan : 114
Pass-vlan : 1 112 to 113
-------------------------------------------------------------------------------
Item |
Description |
|---|---|
Profile name |
Name of a service profile. |
User-vlan |
Default VLAN configured in a service profile. To configure a default VLAN, run the user-vlan command. By default, VLAN 1 is a default VLAN. |
Voice-vlan |
Voice VLAN configured in a service profile. To configure a voice VLAN, run the voice-vlan command. If no voice VLAN is configured, this field displays --. |
Pass-vlan |
Allowed VLAN configured in a service profile. To configure an allowed VLAN, run the pass-vlan command. By default, only VLAN 1 is allowed. |
display uni-mng profile as
Function
The display uni-mng profile as command displays the configuration generated after an AS is bound to service profiles.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| interface interface-type interface-number | Displays the configuration of a specified interface:
If this parameter is not specified, the configurations of all the service interfaces on an AS are displayed. |
- |
Usage Guidelines
You can run the display uni-mng profile as command to check the configuration generated after an AS is bound to service profiles.
If a fabric port is specified, this command displays only the network QoS profile configuration.
Example
# Display the configuration generated on an AS.
<HUAWEI> display uni-mng profile as name as1
Global
-------------------------------------------------------------------------------
Centralized forward mode: disable
-------------------------------------------------------------------------------
Portal url-encode: enable
-------------------------------------------------------------------------------
Igmp-vlan : --
-------------------------------------------------------------------------------
Authorization-vlan : --
-------------------------------------------------------------------------------
AS-group name: xy
Username: admin
Privilege-level : 3
Service-type : terminal ssh
Traffic-limit outbound ARP(Kbps) : 512
Traffic-limit outbound DHCP(Kbps) : 128
-------------------------------------------------------------------------------
Interface GigabitEthernet0/0/1
-------------------------------------------------------------------------------
Port-group name: --
User-vlan : --
Voice-vlan : --
Pass-vlan : --
Priority-trust : disable
User-access-port : disable
DHCP snooping : disable
IP source check : disable
ARP anti-attack check : disable
Unicast-suppression(pps) : --
Multicast-suppression(pps) : --
Broadcast-suppression(pps) : --
Rate-limit(Kbps) : --
Trust flag : dscp
Scheduling Profile : qos
Scheduling Mode : wrr
Weight of queue-index-0 : --
Weight of queue-index-1 : 6
Weight of queue-index-2 : --
Weight of queue-index-3 : --
Weight of queue-index-4 : --
Weight of queue-index-5 : --
Weight of queue-index-6 : --
Weight of queue-index-7 : --
Authentication profile : --
Authentication maximum user-num : --
MAC-limit : --
Traffic-limit inbound ARP(Kbps) : --
Traffic-limit inbound DHCP(Kbps) : --
-------------------------------------------------------------------------------
Interface GigabitEthernet0/0/2
-------------------------------------------------------------------------------
Port-group name: --
User-vlan : --
Voice-vlan : --
Pass-vlan : --
Priority-trust : disable
User-access-port : disable
DHCP snooping : disable
IP source check : disable
ARP anti-attack check : disable
Unicast-suppression(pps) : --
Multicast-suppression(pps) : --
Broadcast-suppression(pps) : --
Rate-limit(Kbps) : --
Trust flag : dscp
Scheduling Profile : qos
Scheduling Mode : wrr
Weight of queue-index-0 : --
Weight of queue-index-1 : 6
Weight of queue-index-2 : --
Weight of queue-index-3 : --
Weight of queue-index-4 : --
Weight of queue-index-5 : --
Weight of queue-index-6 : --
Weight of queue-index-7 : --
Authentication profile : --
Authentication maximum user-num : --
MAC-limit : --
Traffic-limit inbound ARP(Kbps) : --
Traffic-limit inbound DHCP(Kbps) : --
-------------------------------------------------------------------------------
......
Item |
Description |
|---|---|
Global |
Global AS configuration. |
Centralized forward mode |
Whether centralized forwarding is enabled:
To configure centralized forwarding, run the forward-mode centralized command. By default, distributed forwarding is used. |
Portal url-encode |
Whether URL encoding is enabled for an AS:
To disable URL encoding for an AS, run the portal url-encode disable command. By default, URL encoding is enabled for an AS. |
Igmp-vlan |
VLAN in which IGMP Snooping is enabled. To configure the VLAN, run the as service-vlan igmp-snooping command. |
Authorization-vlan |
Service VLAN created on an AS. To configure the service VLAN, run the as service-vlan authorization command. |
AS-group name |
Name of the AS group to which an AS belongs. |
Username |
AS administrator user name. If no AS administrator user name is configured, this field displays --. AS administrator user name configured in the AS administrator profile bound to an AS group. To configure an AS administrator user name, run the user password command. |
Privilege-level |
User level. The value is 3 and cannot be changed. |
Service-type |
User access type. The value is terminal ssh and cannot be changed. |
| Traffic-limit outbound ARP(Kbps) | Outbound ARP packet rate limit of the uplink fabric port of
an AS, in kbit/s. To set the outbound ARP packet rate limit, run the traffic-limit outbound command. |
| Traffic-limit outbound DHCP(Kbps) | Outbound DHCP packet rate limit of the uplink fabric port of
an AS, in kbit/s. To set the outbound ARP packet rate limit, run the traffic-limit outbound command. |
Interface GigabitEthernet0/0/1 Interface GigabitEthernet0/0/2 |
Interface name. |
Port-group name |
Name of the port group to which an interface belongs. If an interface is not added to any port group, this field displays -- or disable. |
User-vlan |
Default VLAN. To configure a default VLAN, run the user-vlan command. |
Voice-vlan |
Voice VLAN. To configure a voice VLAN, run the voice-vlan command. |
Pass-vlan |
Allowed VLAN. To configure an allowed VLAN, run the pass-vlan command. |
Priority-trust |
Whether the priority trust function is enabled:
|
User-access-port |
Whether the edge port function is enabled:
To enable the edge port function, run the user-access-port enable command. |
| DHCP snooping | Whether DHCP snooping is enabled:
To enable DHCP snooping, run the dhcp snooping enable command. |
| IP source check | Whether the IP packet check function is enabled:
To enable IP packet check, run the ip source check user-bind enable command. |
| ARP anti-attack check | Whether the dynamic ARP inspection function is enabled:
To enable the dynamic ARP inspection function, run the arp anti-attack check user-bind enable command. |
Unicast-suppression(pps) |
Rate limit for unknown unicast traffic, in pps. To set the rate limit for unknown unicast traffic, run the unicast-suppression command. |
Multicast-suppression(pps) |
Rate limit for multicast traffic, in pps. To set the rate limit for multicast traffic, run the multicast-suppression command. |
| Broadcast-suppression(pps) | Rate limit for broadcast traffic, in pps. To set the rate limit for broadcast traffic, run the broadcast-suppression command. |
Rate-limit(Kbps) |
Traffic rate limit, in kbit/s. To set the traffic rate limit, run the rate-limit command. |
Trust flag |
Packet priority mapping flag. To configure priority mapping, run the trust dscp command. |
Scheduling Profile |
Name of a network QoS profile. |
Scheduling Mode |
Queue scheduling mode. To configure the queue scheduling mode, run the qos { pq | wrr | drr } command. |
Weight of queue-index-0 Weight of queue-index-1 Weight of queue-index-2 Weight of queue-index-3 Weight of queue-index-4 Weight of queue-index-5 Weight of queue-index-6 |
Queue scheduling weight. To configure the queue scheduling weight, run the qos queue command. |
Authentication profile |
User authentication profile created using the authentication-profile command. |
| Authentication maximum user-num | Maximum number of access users configured in a user access
profile. To set this parameter, run the authentication access-user maximum command. |
| MAC-limit | MAC address learning limit. To set the MAC address learning limit, run the mac-limit command. |
| Traffic-limit inbound ARP(Kbps) | Inbound ARP packet rate limit of an AS port, in kbit/s. To set the inbound ARP packet rate limit, run the traffic-limit inbound command. |
| Traffic-limit inbound DHCP(Kbps) | Inbound DHCP packet rate limit of an AS port, in kbit/s. To set the inbound ARP packet rate limit, run the traffic-limit inbound command. |
display uni-mng topology configuration
Function
The display uni-mng topology configuration command displays the SVF network topology collection configuration.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
You can run the display uni-mng topology configuration command to check the SVF network topology collection configuration.
Example
# Display the SVF network topology collection configuration.
<HUAWEI> display uni-mng topology configuration
Explore timer: 10 minutes
Last collection time: 10:03:58 UTC+00:00 2014/09/11
Total time for last collection: 9 ms
Item |
Description |
|---|---|
Explore timer |
Network topology collection interval. To set the network topology collection interval, run the topology explore command. |
Last collection time |
Last time the SVF network topology is collected. |
Total time for last collection |
Time taken to collect the SVF network topology. |
display uni-mng topology information
Function
The display uni-mng topology information command displays SVF network topology information.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| by-name | Displays SVF network topology information based on the device name. If this parameter is not specified, SVF network topology information is displayed based on the MAC address. |
- |
Usage Guidelines
You can run the display uni-mng topology information command to check SVF network topology information.
Example
# Display SVF network topology information.
<HUAWEI> display uni-mng topology information
The topology information of uni-mng network:
<-->: direct link <??>: indirect link
T: Trunk ID *: independent AS
------------------------------------------------------------------------------
Local MAC Hop Local Port T || T Peer Port Peer MAC
------------------------------------------------------------------------------
00e0-0987-7890 0 GE6/1/0 11 <-->0 GE0/0/26 00e0-0001-0008 *
00e0-0001-0008 1 GE0/0/2 -- <-->-- GE0/0/0 00e0-0001-0005
------------------------------------------------------------------------------
Total items displayed : 2
# Display SVF network topology information based on the device name.
<HUAWEI> display uni-mng topology information by-name The topology information of uni-mng network: <-->: direct link <??>: indirect link T: Trunk ID *: independent AS ---------------------------------------------------------------------------------------------------------------- Local Dev Hop Local Port T || T Peer Port Peer Dev ---------------------------------------------------------------------------------------------------------------- 100-S1 0 GE6/1/0 1 <-->0 GE0/0/26 as1 * as1 1 GE0/0/2 -- <-->-- GE0/0/0 ap-1 ---------------------------------------------------------------------------------------------------------------- Total items displayed : 2
Item |
Description |
|---|---|
Local MAC |
MAC address of the local device. If by-name is specified, this field displays Local Dev, indicating the device name. |
Hop |
Hierarchy of a device on the SVF network:
|
Local Port |
Local physical port. When two devices are indirectly connected, port information cannot be displayed because ports are not indirectly connected. |
T |
ID of the Eth-Trunk to which a physical port belongs. |
|| |
Whether two devices are directly connected:
|
Peer Port |
Peer physical port. When two devices are indirectly connected, port information cannot be displayed because ports are not indirectly connected. |
Peer MAC |
MAC address of the peer device. If by-name is specified, this field displays Peer Dev, indicating the device name. If * is displayed, the AS is configured in the independent mode. |
Local Dev |
Local device name. |
Peer Dev |
Peer device name. If * is displayed, the AS is configured in the independent mode. |
display uni-mng unauthen-user
Function
The display uni-mng unauthen-user command displays information about non-authenticated users on an AS.
NOTE: This command can be used on the parent or an AS.
Parameters
| Parameter | Description | Value |
|---|---|---|
| as name as-name | Specifies the name of an AS. NOTE:
This parameter is supported only on the parent. |
The value is a string of 1 to 31 case-insensitive characters without spaces. |
| mac-address mac-address | Specifies the MAC address of an AS. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
Usage Guidelines
To view information about non-authenticated users on an AS, run the display uni-mng unauthen-user command.
Example
# Display information about non-authenticated users on the AS test1.
<HUAWEI> display uni-mng unauthen-user as name test1
Total: 5
--------------------------------------------------------------------------------
MAC Address VLAN IP Interface AS Name
--------------------------------------------------------------------------------
0001-c002-c302 212 1.1.1.1 Ge1/0/1 test1
000b-099a-8a3d 212 1.1.1.2 Ge1/0/1 test1
0010-0020-0004 212 1.1.1.3 Ge1/0/1 test1
0200-0000-0000 212 1.1.1.4 Ge1/0/1 test1
4cb1-6c91-52a1 212 1.1.1.5 Ge1/0/1 test1
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
Total |
Number of non-authenticated users on an AS. |
MAC Address |
MAC address of a non-authenticated user. |
VLAN |
VLAN to which a non-authenticated user belongs. |
IP |
IP address of a non-authenticated user. |
Interface |
Access interface of a non-authenticated user. |
AS Name |
Name of an AS. |
display uni-mng unauthen-user offline-record
Function
The display uni-mng unauthen-user offline-record command displays offline records of non-authenticated users on an AS.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| as name as-name | Specifies the name of an AS. |
The value is a string of 1 to 31 case-insensitive characters without spaces. |
| mac-address mac-address | Specifies the MAC address of an AS. |
The value is in H-H-H format, where H is a hexadecimal number of 1 to 4 digits. The value cannot be all 0s, all Fs, or a multicast MAC address. |
Usage Guidelines
To view offline records of non-authenticated users on an AS, run the display uni-mng unauthen-user offline-record command.
Example
# Display offline records of non-authenticated users on the AS test1.
<HUAWEI> display uni-mng unauthen-user offline-record as name test1
Total: 2
--------------------------------------------------------------------------------
AS name : test1
User MAC : 0021-9746-b67c
User VLAN : 212
User access interface : Ge1/0/2
User IP address : 192.168.1.1
User offline time : 2016/01/21 04:59:43
User offline reason : As offline
--------------------------------------------------------------------------------
AS name : test1
User MAC : 0021-9746-b67d
User VLAN : 212
User access interface : Ge1/0/3
User IP address : 192.168.1.2
User offline time : 2016/01/21 05:59:43
User offline reason : User offline
--------------------------------------------------------------------------------
Item |
Description |
|---|---|
Total |
Number of offline records of non-authenticated users on an AS. |
AS name |
Name of an AS. |
User MAC |
MAC address of a non-authenticated user. |
User VLAN |
VLAN to which a non-authenticated user belongs. |
User access interface |
Access interface of a non-authenticated user. |
User IP address |
IP address of a non-authenticated user. |
User offline time |
Time when a non-authenticated user goes offline. |
User offline reason |
Reason that a non-authenticated user goes offline.
|
display uni-mng upgrade-info
Function
The display uni-mng upgrade-info command displays AS version upgrade information.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| as name as-name | Specifies the name of an AS. |
The value must have an existing AS name. |
| verbose | Displays detailed version upgrade information. |
- |
Usage Guidelines
You can run the display uni-mng upgrade-info command to check AS version upgrade information.
Example
# Display AS version upgrade information.
<HUAWEI> display uni-mng upgrade-info
The total number of AS is : 1
--------------------------------------------------------------------------------
Name Method Phase Status Result
--------------------------------------------------------------------------------
as1 -- -- NO-UPGRADE --
--------------------------------------------------------------------------------
# Display detailed AS version upgrade information.
<HUAWEI> display uni-mng upgrade-info verbose The total number of AS is : 1 ---------------------------------------------------------------------------- AS name : as1 Work status : NO-UPGRADE Startup system-software : flash:/s5720-p-li--v200r013c00.cc.cc Startup version : V200R013C00 Startup patch : -- Next startup system-software : -- Next startup patch : -- Download system-software : -- Download version : -- Download patch : -- Method : -- Upgrading phase : -- Last operation result : failed Error reason : The local file server has not been configured. Last operation time : 2016-07-04 15:51:05 ----------------------------------------------------------------------------
Item |
Description |
|---|---|
AS name |
Name of an AS. |
Work status |
Whether the AS is being upgraded:
|
Startup system-software |
Running software software. |
Startup version |
Current software version. |
Startup patch |
Running patch file. If this field displays --, no patch file is running. |
Next startup system-software |
System software that is configured for the next startup. If this field displays --, no system software is configured for the next startup. |
Next startup patch |
Patch package file that is configured for the next startup. If this field displays --, no patch package file is configured for the next startup. |
Download system-software |
Downloaded system software. If this field displays --, the upgrade task is not started. |
Download version |
Downloaded system software version. If this field displays --, the upgrade task is not started. |
Download patch |
Downloaded patch file. If this field displays --, the upgrade task is not started. |
Method |
Upgrade mode of the AS:
|
Upgrading phase |
Upgrade phase:
|
Last operation result |
Upgrade result:
|
Error reason |
Upgrade failure reason. |
Last operation time |
Last time the AS is upgraded. |
display uni-mng up-direction fabric-port
Function
The display uni-mng up-direction fabric-port command displays information about AS service ports added to an uplink fabric port.
NOTE: This command can only be executed on an AS.
Usage Guidelines
You can run the display uni-mng up-direction fabric-port command to check the current and next startup configurations of AS service ports added to an uplink fabric port.
Example
# Display information about AS service ports added to an uplink fabric port.
<HUAWEI> display uni-mng up-direction fabric-port
Uni-mng up-direction fabric-port configuration:
Current fabric-port members :
GigabitEthernet0/0/1
GigabitEthernet0/0/2
GigabitEthernet0/0/3
GigabitEthernet0/0/4
Next fabric-port members :
GigabitEthernet0/0/1
GigabitEthernet0/0/2
GigabitEthernet0/0/3
GigabitEthernet0/0/4
Item |
Description |
|---|---|
Uni-mng up-direction fabric-port configuration |
Configuration of an uplink fabric port. |
Current fabric-port members |
Effective member interfaces of the uplink fabric port. |
Next fabric-port members |
Effective member interfaces of the uplink fabric port after the device's next startup. |
down-direction fabric-port
Function
The down-direction fabric-port command configures the fabric port that connects a level-1 AS to a level-2 AS.
The undo down-direction fabric-port command deletes the fabric port that connects a level-1 AS to a level-2 AS.
By default, no fabric port that connects a level-1 AS to a level-2 AS is configured.
NOTE: This command can only be executed on a parent switch.
Format
down-direction fabric-port port-id member-group interface eth-trunk trunk-id
undo down-direction fabric-port port-id member-group
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-id | Specifies the number of a fabric port. |
The value is an integer and must be set according to the device configuration. |
| member-group interface | Specifies the Eth-Trunk to which a fabric port is bound. |
- |
| eth-trunk trunk-id | Specifies the ID of an Eth-Trunk. |
The value is an integer that ranges from 1 to 63. NOTE:
If an Eth-Trunk has been created and configured on an AS in independent mode, the eth-trunk trunk-id parameter cannot be the same as the existing Eth-Trunk ID of this AS. Otherwise, this command cannot be delivered. |
Usage Guidelines
Usage Scenario
When a level-1 AS needs to connect to a level-2 AS, you need to configure a fabric port on the level-1 AS to connect to the level-2 AS. A downlink port of a level-1 AS becomes Up only after the parent finishes delivering the configuration. A level-2 AS begins to go online only after the downlink port of the level-1 AS becomes Up.
Follow-up Procedure
Run the port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ] command to add member ports to the bound Eth-Trunk.
down-direction fabric-port connect independent-as
Function
The down-direction fabric-port connect independent-as command enables the independent mode on the fabric port that connects a level-1 AS to a level-2 AS.
The undo down-direction fabric-port command restores the default mode of the fabric port that connects a level-1 AS to a level-2 AS.
By default, the service configuration mode of the fabric port that connects a level-1 AS to a level-2 AS is centralized mode.
NOTE: This command can only be executed on a parent switch.
Format
down-direction fabric-port port-id connect independent-as
undo down-direction fabric-port port-id connect
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-id | Specifies the number of a fabric port. |
The value is an integer and must be set according to the device configuration. |
Usage Guidelines
Usage Scenario
In independent mode, you can log in to an AS to configure this AS using commands. After the independent mode is enabled on the fabric port that connects a level-1 AS to a level-2 AS, the level-2 AS can be configured independently.
Prerequisites
The fabric port used to connect a level-1 AS to a level-2 AS has been created using the down-direction fabric-port port-id member-group interface eth-trunk trunk-id command in the AS view.
Precautions
Before enabling the independent mode, run the independent-as-admin command in the uni-mng view to configure an administrator for AS login. If no administrator is created, you can only log in to an AS through a console port and need to enter the default password admin@huawei.com. The default password has security risks. You are advised to change the login password.
If service configurations have been delivered in centralized mode to a level-1 AS port before this port is changed to the independent mode, this port cannot be configured as a fabric port that connects to a level-2 AS. To do so, restore the level-1 AS to the centralized mode and cancel the service configurations of this port on the parent.
In independent mode, when an AS goes offline, traffic on the network attached to an AS port cannot be forwarded if the port has authentication configurations. To enable the traffic to be forwarded normally, manually delete the authentication configurations from the port.
Example
# Enable the independent mode on the fabric port that connects a level-1 AS to a level-2 AS.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] down-direction fabric-port 1 member-group interface eth-trunk 1 [HUAWEI-um-as-as1] down-direction fabric-port 1 connect independent-as
forward-mode centralized
Function
The forward-mode centralized command sets the forwarding mode of an SVF system to centralized forwarding.
The undo forward-mode command restores the default forwarding mode of an SVF system.
By default, the forwarding mode of an SVF system is distributed forwarding.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
In centralized forwarding mode, traffic forwarded by the local AS and forwarded between ASs is sent to the parent for forwarding.
In distributed forwarding mode, an AS directly forwards local traffic and the parent forwards traffic between ASs.
After changing the SVF forwarding mode, you must run the commit as { name as-name | all } command to commit the configuration so that the device can deliver it to ASs.
In centralized forwarding mode, ports of the ASs connected to the same fabric port of the parent are isolated and so cannot communicate at Layer 2, and need to have proxy ARP in the corresponding VLAN configured using the arp-proxy inner-sub-vlan-proxy enable command to communicate at Layer 3.
- In centralized forwarding mode, after an AS goes offline, traffic of its attached network cannot be forwarded by the parent and will be interrupted.
- In distributed forwarding mode, after an AS goes offline, in versions earlier than V200R012C00, downlink ports of the AS are automatically error down. As a result, traffic of the AS attached network will be interrupted. In V200R012C00 and later versions, downlink ports of the AS will not be error down, and traffic of the AS attached network will be forwarded as usual.
independent-as-admin
Function
The independent-as-admin command creates an administrator for AS login in independent mode.
The undo independent-as-admin command deletes the administrator for AS login in independent mode.
By default, no administrator is created for AS login in independent mode.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| user user-name | Specifies a user name. |
The value is a string of 1 to 64 characters. It cannot contain spaces, asterisk, double quotation mark and question mark.
NOTE:
During local authentication or authorization, run the authentication-mode { local | local-case } or authorization-mode { local | local-case } command to configure case sensitivity for user names. If the parameter is set to local, user names are case-insensitive. If the parameter is set to local-case, user names are case-sensitive. Note the following when configuring case sensitivity for user names:
|
| password password | Specifies the password. |
The value is a string of case-sensitive characters without spaces. A password in plain text is a string of 8 to 128 characters. A password in cipher text is a string of 48 to 188 characters and cannot be generated using the irreversible algorithm. The password is displayed in cipher text in the configuration file regardless of whether the password is input in plain or cipher text. The newly configured password cannot be the default password admin@huawei.com of local users. |
Usage Guidelines
Usage Scenario
If the AS service configuration mode is set to independent mode, you need to use this command to configure the administrator account used to log in to ASs. After the configuration is complete, the user name and password used for login are automatically configured on the AS. The following configuration is generated on the AS:
# aaa local-user user-name password irreversible-cipher password local-user user-name privilege level 3 local-user user-name service-type terminal ssh #
After an AS user name and password are configured, you need to enter the correct user name and password when logging in to an AS through the console port. When you log in to an AS from the parent using the attach as name as-name command, you can log in to the AS without entering the user name or password.
Precautions
The user name and password configured using this command take effect after the configuration is generated on ASs. It takes about 5 minutes for the configuration to take effect after you run the command. Do not log in to an AS within this period; otherwise, the configuration may take effect after a longer period of time.
interface fabric-port
Function
The interface fabric-port command creates a fabric port and displays the fabric port view.
The undo interface fabric-port command deletes a fabric port.
By default, no fabric port exists in the system.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| port-id | Specifies the number of a fabric port. |
The value is an integer that ranges from 0 to 255. |
ip source check user-bind enable (network enhanced profile view)
Function
The ip source check user-bind enable command configures IP packet checking in a network enhanced profile.
The undo ip source check user-bind enable command cancels IP packet checking in a network enhanced profile.
By default, IP packet checking is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
# ip source check user-bind enable ip source check user-bind alarm enable #
When attackers steal authorized users' IP addresses or MAC addresses to send packets to access or attack networks, authorized users cannot obtain stable and secure network services. After configuring IP packet checking on a device, the device checks received IP packets against the binding table to prevent such attacks.
Prerequisites
DHCP snooping has been enabled in the network enhanced profile using the dhcp snooping enable command.
Precautions
When an AS is an S2750EI, S5700-10P-LI, or S5700-10P-PWR-LI and works in Layer 3 hardware forwarding mode, the ip source check user-bind enable command does not take effect on the AS. Because an AS performs only Layer 2 forwarding in an SVF system, you are advised to run the undo assign forward-mode command to cancel the Layer 3 hardware forwarding mode and then connect the AS to the SVF system.
mac-address flapping action (network enhanced profile view)
Function
The mac-address flapping action command configures the action taken on an interface in case of MAC address flapping in a network enhanced profile.
The undo mac-address flapping action command deletes the action taken on an interface in case of MAC address flapping in a network enhanced profile.
By default, in a network enhanced profile, the system does not perform any action when detecting MAC address flapping on an interface.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| error-down | Configures the system to set an interface to the Error-Down state when detecting MAC address flapping on this interface. |
- |
Usage Guidelines
# interface GigabitEthernet0/0/1 mac-address flapping action error-down #In the preceding configuration, GigabitEthernet0/0/1 is used for reference only. The actual configuration is determined by the profile configuration.
mac-address trap notification (network enhanced profile view)
Function
The mac-address trap notification command configures the alarm function for MAC address learning and aging in a network enhanced profile.
The undo mac-address trap notification command deletes the alarm function of MAC address learning and aging in a network enhanced profile.
By default, the alarm function for MAC address learning and aging is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| all | Indicates the alarm function for MAC address learning and aging. |
- |
Usage Guidelines
# interface GigabitEthernet0/0/1 mac-address trap notification all #In the preceding configuration, GigabitEthernet0/0/1 is used for reference only. The actual configuration is determined by the profile configuration.
mac-limit (user access profile view)
Function
The mac-limit command configures MAC address learning limiting in a user access profile.
The undo mac-limit command cancels MAC address learning limiting in a user access profile.
By default, MAC address learning limiting is not configured in a user access profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| maximum max-num | Specifies the maximum number of MAC addresses that can be learned on an interface. |
The value is an integer that ranges from 0 to 4096. The value 0 indicates that the maximum number of MAC addresses that can be learned is not limited. |
Usage Guidelines
Usage Scenario
#
mac-limit maximum max-num
#
To control the number of access users and protect the MAC address table against attacks, you can limit the maximum number of MAC addresses that can be learned on an interface.
Precautions
The mac-limit and authentication commands are mutually exclusive and cannot be configured together in a user access profile.
multicast-suppression (network enhanced profile view)
Function
The multicast-suppression command configures multicast traffic suppression in a network enhanced profile.
The undo multicast-suppression command cancels multicast traffic suppression in a network enhanced profile.
By default, multicast traffic suppression is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| packets packets-per-second | Specifies the packet rate of an interface. |
The value is an integer that ranges from 0 to 14881000, in packets per second (PPS). If the configured packet rate on the parent switch is larger than the maximum value on the AS port, the maximum value takes effect on the AS port. |
Usage Guidelines
#
multicast-suppression packets packets-per-second
#
To prevent broadcast storms, you can run the multicast-suppression command to configure the maximum number of multicast packets that can pass through a port. When the multicast traffic rate reaches the maximum value, the system discards excess multicast packets to control the traffic volume within a proper range.
network-basic-profile name
Function
The network-basic-profile name command creates a network basic profile.
The undo network-basic-profile name command deletes a network basic profile.
By default, no network basic profile is created.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network basic profile. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_). |
Usage Guidelines
Usage Scenario
You can configure basic user services in a network basic profile, including the default VLAN, allowed VLAN, and voice VLAN of a port.
Precautions
You can create a maximum of 256 network basic profiles in a version earlier than V200R011C10.
You can create a maximum of 512 network basic profiles in V200R011C10 and later versions.
network-basic-profile (port group view)
Function
The network-basic-profile command binds a network basic profile to a port group.
The undo network-basic-profile command unbinds a network basic profile from a port group.
By default, no network basic profile is bound to a port group.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network basic profile. |
The value must have an existing network basic profile name. |
Usage Guidelines
Usage Scenario
You can bind a network basic profile to a port group to deliver the configurations in the profile to all the member ports in the port group.
Prerequisites
The network basic profile has been created.
Precautions
A port group can be bound to only one network basic profile.
network-enhanced-profile name
Function
The network-enhanced-profile name command creates a network enhanced profile.
The undo network-enhanced-profile name command deletes a network enhanced profile.
By default, no network enhanced profile is created.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network enhanced profile. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_). |
network-enhanced-profile (port group view)
Function
The network-enhanced-profile command binds a network enhanced profile to a port group.
The undo network-enhanced-profile command unbinds a network enhanced profile from a port group.
By default, no network enhanced profile is bound to a port group.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network enhanced profile. |
The value must have an existing network enhanced profile name. |
Usage Guidelines
Usage Scenario
You can bind a network enhanced profile to a port group to deliver the configurations in the profile to all the member ports in the port group.
Prerequisites
The network enhanced profile has been created.
Precautions
A network enhanced profile can be bound to only an AS port group but not an AP port group.
A port group can be bound to only one network enhanced profile.
network-qos-profile name
Function
The network-qos-profile name command creates a network QoS profile and displays the network QoS profile view.
The undo network-qos-profile name command deletes a network QoS profile.
By default, no network QoS profile is created.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network QoS profile. |
The value is a string of 1 to 31 case-sensitive characters without spaces. The value can contain letters, digits, and underscores (_). |
Usage Guidelines
Usage Scenario
A network QoS profile is used to configure QoS services for ASs on the parent, including the packet priority mapping mode, queue scheduling mode, and queue scheduling weight.
Precautions
A maximum of 32 network QoS profiles can be created on the parent.
A maximum of six network QoS profiles can be created on an AS.
network-qos-profile (port group view)
Function
The network-qos-profile command binds a network QoS profile to a port group.
The undo network-qos-profile command unbinds a network QoS profile from a port group.
By default, no network QoS profile is bound to a port group.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| profile-name | Specifies the name of a network QoS profile. |
The value must be an existing network QoS profile name. |
Usage Guidelines
Usage Scenario
You can bind a network QoS profile to a port group to deliver the configurations in the profile to all the member ports in the port group in a batch.
Prerequisites
The network QoS profile has been created before being bound to a port group.
Precautions
A network QoS profile can be bound to only an AS port group but not an AP port group.
A port group can be bound to only one network QoS profile.
pass-vlan (network basic profile view)
Function
The pass-vlan command configures allowed VLANs in a network basic profile.
The undo pass-vlan command deletes allowed VLANs in a network basic profile.
By default, no allowed VLANs are configured in a network basic profile, and downlink ports of an AS allow packets from VLAN 1 to pass through.
NOTE: This command can only be executed on a parent switch.
Format
pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
undo pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
Parameters
| Parameter | Description | Value |
|---|---|---|
| vlan-id1 [ to vlan-id2 ] | Specifies IDs of VLANs from which packets are allowed to pass through. |
The value is an integer that ranges from 1 to 4094. The value cannot be the ID of an SVF management VLAN, a stack management VLAN, an ERPS control VLAN, an RRPP control VLAN, an SEP control VLAN, or a super VLAN. |
Usage Guidelines
Usage Scenario
# port link-type hybrid port hybrid tagged vlan vlan-id1 to vlan-id2 #
Precautions
The default VLAN, allowed VLANs, and voice VLAN in a network basic profile must be different.
You can configure a maximum of 32 allowed VLANs in a network basic profile.
patch delete as
Function
The patch delete as command deletes patches on a specified online AS.
NOTE: This command can only be executed on a parent switch.
Parameters
Parameter |
Description |
Value |
|---|---|---|
| all | Indicates all online ASs. | - |
| name patch-name | Specifies the name of an AS. | The value is a string of 1 to 31 case-insensitive characters without spaces. |
| name-include string | Specifies the string contained in an AS name. | The value is a string of 1 to 31 case-insensitive characters without spaces. |
Usage Guidelines
Usage Scenario
If you find errors in the patches loaded to an AS, run this command to delete the patches to prevent system operation failures.
If non-incremental patches need to be loaded to an AS, you need to run the patch delete as command to delete the existing patches on the AS first. Otherwise, non-incremental patches will fail to be loaded.
Precautions
If the patch file to be loaded to an AS type has been specified using the as type command, patches on this AS type cannot be deleted.
port connect independent-as
Function
The port connect independent-as command enables the independent mode on the fabric port that connects the parent to a level-1 AS.
The undo port connect command restores the default mode of the fabric port that connects the parent to a level-1 AS.
By default, the service configuration mode of the fabric port that connects the parent to a level-1 AS is centralized mode.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
In independent mode, you can log in to an AS to configure this AS using commands. After the independent mode is enabled on the fabric port that connects the parent to a level-1 AS, the level-1 AS can be configured independently.
Precautions
Before enabling the independent mode, run the independent-as-admin command in the uni-mng view to configure an administrator for AS login.
If the AS connected to a fabric port is online, running the undo port connect command on the fabric port for mode switching will cause the AS to automatically restart and register with the parent again.
During mode switching on a fabric port, the parent and AS exchange packets for multiple times. In this process, if faults occur, for example, link or device faults, mode switching may fail. An error message will be displayed on the parent, indicating that mode switching fails. Additionally, the AS may restart and then registers with the parent again. In this situation, run commands on the fabric port again to change the mode after the AS has registered with the parent.
In independent mode, when an AS goes offline, traffic on the network attached to an AS port cannot be forwarded if the port has authentication configurations. To enable the traffic to be forwarded normally, manually delete the authentication configurations from the port.
When the service configuration mode of an AS is independent mode, configuring the following commands on the Eth-Trunk bound to or on the member port of a fabric port connected to the AS may cause this AS to go offline.
Table 3-99 Commands that may cause an AS to go offlineNo.
Command
1
loopback internal
2
traffic-policy
3
traffic-filter
4
speed
5
negotiation
6
port media-type
7
port split
8
training disable
9
wavelength-channel
10
undo port hybrid tagged vlan
11
undo port trunk allow-pass vlan
12
storm-control action
13
mac-address flapping action
14
port-security protect-action
If the Eth-Trunk bound to a fabric port has other configurations in addition to the following configurations, you need to manually delete the other configurations before running the undo port connect command on this fabric port for mode switching. Otherwise, an error message will be displayed to indicate that mode switching fails.
Table 3-100 Commands that do no need to be manually deleted in an Eth-TrunkNo.
Command
1
port link-type hybrid
2
port hybrid tagged vlan
3
undo port hybrid vlan
4
stp root-protection
5
stp edged-port disable
6
loop-detection disable
7
mode lacp
8
mad relay
9
trust 8021p
10
authentication-profile
11
authentication control-point
port connect-type indirect
Function
The port connect-type indirect command configures the indirect connection mode for a fabric port.
The undo port connect-type command restores the default connection mode for a fabric port.
The default connection mode of a fabric port is direct connection.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
When the parent connects to an AS across a network, you need to run the port connect-type indirect command to configure the indirect connection mode for the fabric port that connects the parent to the AS.
Prerequisites
No Eth-Trunk is bound to the fabric port.
Follow-up Procedure
Run the port member-group interface command to bind an Eth-Trunk to the fabric port.
port-group name
Function
The port-group name command creates an AS port group.
The port-group connect-ap name command creates an AP port group.
The undo port-group name command deletes an AS port group.
The undo port-group connect-ap name command deletes an AP port group.
By default, no AS port group is created.
NOTE: This command can only be executed on a parent switch.
Format
port-group name group-name
port-group connect-ap name group-name
undo port-group name group-name
undo port-group connect-ap name group-name
Usage Guidelines
Usage Scenario
A port group is a set of AS ports. The purpose of a port group is to facilitate batch configuration of AS ports.
Ports in an AS port group are used to connect an AS to a user terminal. An AS port group can be bound to four types of service profiles (network basic profile, network enhanced profile, user access profile, and network qos profile), but only one profile of the same type can be bound.
Ports in an AP port group are used to connect an AS to an AP. To connect an AP to an AS, you need to add the port that connects the AS to the AP to an AP port group. An AP port group can be bound to only a network basic profile, and only the pass-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> command configured in the profile takes effect.
Follow-up Procedure
Run the as name as-name or as name-include string interface all command to add AS ports to a port group.
Precautions
You can create a maximum of 256 AS port groups in a version earlier than V200R011C10.
You can create a maximum of 512 AS port groups in V200R011C10 and later versions.
You can create a maximum of 1 AP port groups.
port eth-trunk trunkmember
Function
The port eth-trunk trunkmember command adds member ports to the Eth-Trunk.
The undo port eth-trunk trunkmember command deletes member ports from an Eth-Trunk.
By default, no member ports are added to the Eth-Trunk.
NOTE: This command can only be executed on a parent switch.
Format
port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ]
undo port eth-trunk trunk-id trunkmember interface interface-type interface-number1 [ to interface-number2 ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| trunk-id | Specifies the ID of an Eth-Trunk. |
The value is an integer and its
range varies depending on the switch as model:
|
| interface interface-type interface-number1 [ to interface-number2 ] | Specifies the type and number of the interface added to an Eth-Trunk:
|
- |
Usage Guidelines
Usage Scenario
After a downlink fabric port of a level-1 AS is configured using the down-direction fabric-port port-id member-group interface eth-trunk trunk-id command, you need to add member ports to the Eth-Trunk to which the fabric port is bound.
When an Eth-Trunk has been created for an AS using the uni eth-trunk command, you can run the port eth-trunk trunkmember command to add member ports to this Eth-Trunk.
Precautions
AS uplink ports can be used to connect to the parent or level-1 AS or set up a stack and be configured as downlink fabric ports to connect to other ASs.
On the S6320EI, S6720EI and S6720S-EI, 40GE ports and 10GE ports split from 40GE ports cannot be configured as downlink fabric ports.
Example
# Add member ports to the Eth-Trunk to which a fabric port is bound.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] down-direction fabric-port 1 member-group interface eth-trunk 1 [HUAWEI-um-as-as1] port eth-trunk 1 trunkmember interface gigabitethernet 0/0/16
# Add member ports to the Eth-Trunk configured on the specified AS.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] uni eth-trunk 40 [HUAWEI-um-as-as1] port eth-trunk 40 trunkmember interface GigabitEthernet 0/0/10
port member-group interface
Function
The port member-group interface command binds a fabric port to an Eth-Trunk.
The undo port member-group command unbinds a fabric port from an Eth-Trunk.
By default, no fabric port is bound to an Eth-Trunk.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| eth-trunk trunk-id | Specifies the ID of the Eth-Trunk to which a fabric port is bound. |
The value is an integer that ranges from 0 to 127. |
Usage Guidelines
Usage Scenario
After creating a fabric port using the interface fabric-port port-id command, bind the fabric port to an Eth-Trunk.
Follow-up Procedure
Run the eth-trunk trunk-id command in the interface view to add interfaces to the bound Eth-Trunk.
Precautions
- After the port connect independent-as command is executed to enable the independent configuration mode, you need to run the undo port connect command to restore to the centralized configuration mode before unbinding a fabric port from an Eth-Trunk.
A created Eth-Trunk cannot be bound to a fabric port. When a fabric port is bound to an Eth-Trunk, the system creates the Eth-Trunk.
- You can run the interface eth-trunk command to enter the view of the Eth-Trunk to which a fabric port is bound and configure services. Currently, the following commands can be executed in the view of the Eth-Trunk to which a fabric port is bound: authentication open ucl-policy enable, mac-address multiport, quit, and all display commands.
Running the undo port member-group command will delete the configuration in the Eth-Trunk interface view and delete the Eth-Trunk.
When a fabric port is bound to an Eth-Trunk, the system creates the Eth-Trunk and performs some service configurations on the Eth-Trunk, for example, the stp root-protection and mad relay command configurations. If the number of Eth-Trunks that have the mad relay command configured has reached the maximum value, this command cannot be configured on the Eth-Trunk to which a fabric port will be bound. Subsequently, the fabric port fails to be bound to the Eth-Trunk. To solve this problem, you need to:
- Run the undo interface eth-trunk trunk-id command to delete the automatically created Eth-Trunk.
- Delete the mad relay command configuration on other Eth-Trunks to release configuration resources.
- Bind a fabric port to the Eth-Trunk again.
portal url-encode disable
Function
The portal url-encode disable command disables the URL encoding function of ASs.
The undo portal url-encode disable command enables the URL encoding function of ASs.
By default, the URL encoding function of AS is enabled.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
To improve web application security, data from untrustworthy sources must be encoded before being sent to clients. URL encoding is most commonly used in web applications. After URL encoding is enabled for ASs, special characters in redirected URLs are converted to secure formats, preventing clients from mistaking them for syntax signs or instructions and unexpectedly modifying the original syntax. In this way, cross-site scripting attacks and injection attacks are prevented. By default, URL encoding is enabled in ASs. This function can be disabled using the portal url-encode disable command.
Precautions
If the system software is upgraded from a version earlier than V200R009C00SPC500 to V200R009C00SPC500 or a later version, the switch automatically runs the portal url-encode disable command to disable URL encoding and decoding.
qos { pq | wrr | drr } (network QoS profile view)
Function
The qos { pq | wrr | drr } command configures the queue scheduling mode for an AS port.
The undo qos { pq | wrr | drr } command restores the default queue scheduling mode of an AS port.
By default, the queue scheduling mode of an interface on an S5730HI is WDRR, and that of an interface on other switch models is WRR.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
When congestion occurs on a network, configure the interface queue scheduling mode to balance between the delay and jitter of various service packets. In this way, packets of delay-sensitive services, such as voice and video services, can be processed preferentially. Among delay-insensitive services, such as the email service, the packets with the same priority are processed equally and the packets with different priorities are processed based on their weights.
In an SVF system, to change the queue scheduling mode of an AS port, run the qos { pq | wrr | drr } command in the network QoS profile view and then bind the profile to the AS port.
Precautions
If the queue scheduling weight has been configured using the qos queue command before the queue scheduling mode is configured, delete the configured queue scheduling weight first.
qos queue (network QoS profile view)
Function
The qos queue command configures a queue scheduling weight for an AS.
The undo qos queue command restores the default queue scheduling weight of an AS.
By default, the queue scheduling weight is 1.
NOTE: This command can only be executed on a parent switch.
Parameters
Parameter |
Description |
Value |
|---|---|---|
queue-index |
Specifies the index of a queue. |
The value is an integer that ranges from 0 to 7. |
drr |
Specifies the WDRR scheduling weight. |
- |
wrr |
Specifies the WRR scheduling weight. |
- |
weight weight |
Specifies the scheduling weight. |
The value is an integer that ranges from 0 to 127. |
Usage Guidelines
Usage Sceanrio
If congestion occurs during queue scheduling, to ensure that each queue can be scheduled, configure a scheduling weight for each queue so that the device schedules each queue based on the configured scheduling weights.
In an SVF system, to change the queue scheduling weight of an AS port, run the qos queue command in the network QoS profile view and then bind the profile to the AS port.
Prerequisites
The queue scheduling mode of an AS port has been set to WRR or WDRR using the qos { pq | wrr | drr } command.
rate-limit (network enhanced profile view)
Function
The rate-limit command configures traffic rate limiting in a network enhanced profile.
The undo rate-limit command cancels traffic rate limiting in a network enhanced profile.
By default, traffic rate limiting is not configured in a network enhanced profile.
NOTE: This command can only be executed on a parent switch.
Parameters
| Parameter | Description | Value |
|---|---|---|
| cir-value | Specifies the committed information rate (CIR), which is the allowed rate at which traffic can pass through. |
The value is an integer that ranges from 64 to 1000000, in kbit/s. The packet rate range of an interface depends on
the interface bandwidth:
|
Usage Guidelines
Usage Scenario
# qos lr inbound cir cir-value cbs 125*cir-value #
If user traffic is not limited, continuous burst data from numerous users can make the network congested. You can configure traffic rate limiting in inbound direction on an interface to limit traffic entering from the interface within a specified range.
Precautions
When an AS is an S2750EI, S5700-10P-LI, or S5700-10P-PWR-LI switch and works in Layer 3 hardware forwarding mode, the rate-limit cir-value command does not take effect on the AS. Because an AS performs only Layer 2 forwarding in an SVF system, you are advised to run the undo assign forward-mode command to cancel the Layer 3 hardware forwarding mode and then connect the AS to the SVF system.
reboot uni-mng
Function
The reboot uni-mng command restarts an SVF system.
NOTE: This command can only be executed on a parent switch.
Usage Guidelines
Usage Scenario
When upgrading or troubleshooting an SVF system, you can restart the SVF system, including the parent and all ASs.
Precautions
This command can be used only after the SVF function is enabled.
The next startup software version of the AS must be V200R011C10 or later, and the next startup software version of the parent cannot be earlier than that of the AS.
Before running this command to restart an SVF system, you must save the configuration of the parent. If an AS is configured in independent mode, you also need to save the configuration of the AS.
reset uni-mng as-discover packet statistics
Function
The reset uni-mng as-discover packet statistics command clears AS Discovery packet statistics on a fabric port.
NOTE: This command can be used on the parent or an AS. After running this command, you can clear AS Discovery packet statistics on a fabric port of the local device.
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface fabric-port port-id | Specifies the number of a fabric port. |
The value is an integer that ranges from 0 to 63 on an AS and from 0 to 255 on the parent. |
shutdown interface
Function
The shutdown interface command disables an AS port.
The undo shutdown interface command enables an AS port.
By default, an interface is enabled.
NOTE: This command can only be executed on a parent switch.
Format
shutdown interface interface-type interface-number
undo shutdown interface interface-type interface-number
Parameters
| Parameter | Description | Value |
|---|---|---|
| interface-type interface-number | Specifies the interface type and number.
|
- |
Usage Guidelines
Usage Scenario
You can run the shutdown interface command to disable an AS port.
Precautions
Running this command can disable only an AS downlink port but not an AS uplink port. If an uplink port has been configured as a downlink fabric port, this port can be disabled.
If the version of an AS is inconsistent with that of the parent, the shutdown interface and undo shutdown interface commands do not take effect on the ports of this AS.
If an AS is configured in the independent mode, the shutdown interface and undo shutdown interface commands do not take effect on the ports of this AS.
slot
Function
The slot command pre-configures a stack ID or changes the pre-configured device model.
The undo slot command deletes the pre-configured stack ID or changes the pre-configured device model.
By default, the pre-configured stack ID is 0.
NOTE: This command can only be executed on a parent switch.
Format
slot slot-id1 replace-model model-name
undo slot slot-id1 replace-model
slot slot-id2 [ to slot-id3 ] [ replace-model model-name ]
undo slot slot-id2 [ to slot-id3 ] [ replace-model ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| slot-id1 | Specifies the pre-configured stack ID. |
The value is 0. |
| slot-id2 [ to slot-id3 ] | Specifies the pre-configured stack ID. slot-id3 must be larger than slot-id2. |
The value is an integer that ranging from 1 to 4. |
| replace-model model-name | Specifies the device model of which the stack ID needs to be pre-configured. |
The value range depends on the device configuration. |
Usage Guidelines
Usage Scenario
When an AS is a stack of multiple member switches, the system pre-configures only stack ID 0 by default. You can only pre-configure services for the member switch with stack ID 0. Before pre-configuring services for another member switch, pre-configure a stack ID for the member switch.
The pre-configured stack ID does not affect the actual stack ID. For example, the pre-configured stack ID is 0 (default value), but the actual stack IDs are 0 and 2. The actual stack IDs remain 0 and 2 except that no services are configured on the device with stack ID 2.
An AS can be a stack of the same device series but different device models. If the stack contains different device models, you need to specify the replace-model parameter to change the device model that is different from the other device models in the stack to the actual access device model. If you do not specify the device model of a specified member, by default, the device model of this member is consistent with the pre-configured AS type.
Precautions
If the AS does not support stacking, the slot slot-id command configuration takes effect on the parent only when slot 0 is configured as the stack ID.
Changing the device models of online devices in a stack is not allowed.
Example
# Pre-configure a stack ID.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] slot 1 to 4
# Change the device model of the switch with stack ID 2 in the AS as1 to S5720-28X-SI-AC.
<HUAWEI> system-view [HUAWEI] uni-mng [HUAWEI-um] as name as1 [HUAWEI-um-as-as1] slot 2 replace-model S5720-28X-SI-AC
snmp-agent trap enable feature-name asmngtrap
Function
snmp-agent trap enable feature-name asmngtrap command enables the trap function for the ASMNGTRAP module.
undo snmp-agent trap enable feature-name asmngtrap command disables the trap function for the ASMNGTRAP module.
By default, the trap function is enabled for the ASMNGTRAP module.
NOTE: This command can only be executed on a parent switch.
Format
snmp-agent trap enable feature-name asmngtrap [ trap-name trap-name ]
undo snmp-agent trap enable feature-name asmngtrap [ trap-name trap-name ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
trap-name |
Enables or disables the trap function for a specified event. |
|
Usage Guidelines
When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.
You can specify trap-name to enable the trap function for one or more events.
snmp-agent trap enable feature-name unimbrtrap
Function
snmp-agent trap enable feature-name unimbrtrap command enables the trap function for the UNIMBRTRAP module.
undo snmp-agent trap enable feature-name unimbrtrap command disables the trap function for the UNIMBRTRAP module.
By default, the trap function is enabled for the UNIMBRTRAP module.
NOTE: This command can only be executed on a parent switch.
Format
snmp-agent trap enable feature-name unimbrtrap [ trap-name { hwasboardfail | hwasboardfailresume | hwasboardinvalid | hwasboardinvalidresume | hwasbrdtempalarm | hwasbrdtempresume | hwascommunicateerror | hwascommunicateresume | hwascpuutilizationresume | hwascpuutilizationrising | hwasfaninsert | hwasfaninvalid | hwasfaninvalidresume | hwasfanremove | hwasmadconflictdetect | hwasmadconflictresume | hwasmemutilizationresume | hwasmemutilizationrising | hwasopticalinvalid | hwasopticalinvalidresum | hwaspowerinsert | hwaspowerinvalid | hwaspowerinvalidresum | hwaspowerremove | hwunimbrasdiscoverattack | hwunimbrconnecterror | hwunimbrfabricportmemberdelete | hwunimbrillegalfabricconfig | hwunimbrlinkstatechange | hwunimbrasserviceabnormal } ]
undo snmp-agent trap enable feature-name unimbrtrap [ trap-name { hwasboardfail | hwasboardfailresume | hwasboardinvalid | hwasboardinvalidresume | hwasbrdtempalarm | hwasbrdtempresume | hwascommunicateerror | hwascommunicateresume | hwascpuutilizationresume | hwascpuutilizationrising | hwasfaninsert | hwasfaninvalid | hwasfaninvalidresume | hwasfanremove | hwasmadconflictdetect | hwasmadconflictresume | hwasmemutilizationresume | hwasmemutilizationrising | hwasopticalinvalid | hwasopticalinvalidresum | hwaspowerinsert | hwaspowerinvalid | hwaspowerinvalidresum | hwaspowerremove | hwunimbrasdiscoverattack | hwunimbrconnecterror | hwunimbrfabricportmemberdelete | hwunimbrillegalfabricconfig | hwunimbrlinkstatechange | hwunimbrasserviceabnormal } ]
Parameters
Parameter |
Description |
Value |
|---|---|---|
trap-name |
Enables or disables the trap function for the specified event. |
- |
hwasboardfail |
Enables the trap function when an AS becomes unavailable partially. |
- |
hwasboardfailresume |
Enables the trap function when an AS becomes available. |
- |
hwasboardinvalid |
Enables the trap function when an AS is invalid. |
- |
hwasboardinvalidresume |
Enables the trap function when an AS is valid. |
- |
hwasbrdtempalarm |
Enables the trap function when the AS temperature is out of the normal range. |
- |
hwasbrdtempresume |
Enables the trap function when the AS temperature restores to the normal range. |
- |
hwascommunicateerror |
Enables the trap function when a communication fault occurs. |
- |
hwascommunicateresume |
Enables the trap function when a communication fault is rectified. |
- |
hwascpuutilizationresume |
Enables the trap function when the AS CPU usage falls below the threshold. |
- |
hwascpuutilizationrising |
Enables the trap function when the AS CPU usage exceeds the threshold. |
- |
hwasfaninsert |
Enables the trap function when an AS fan module is installed. |
- |
hwasfaninvalid |
Enables the trap function when an AS fan module becomes unavailable completely. |
- |
hwasfaninvalidresume |
Enables the trap function when an AS fan module becomes available. |
- |
hwasfanremove |
Enables the trap function when an AS fan module is removed. |
- |
hwasmadconflictdetect |
Enables the trap function when a MAD conflict is detected. |
- |
hwasmadconflictresume |
Enables the trap function when a MAD conflict is resolved. |
- |
hwasmemutilizationresume |
Enables the trap function when the AS memory usage restores to the normal range. |
- |
hwasmemutilizationrising |
Enables the trap function when the AS memory usage exceeds the threshold. |
- |
hwasopticalinvalid |
Enables the trap function when the AS optical module is invalid. |
- |
hwasopticalinvalidresum |
Enables the trap function when the AS optical module is valid. |
- |
hwaspowerinsert |
Enables the trap function when an AS power module is installed. |
- |
hwaspowerinvalid |
Enables the trap function when an AS power module is invalid. |
- |
hwaspowerinvalidresum |
Enables the trap function when an AS power module is valid. |
- |
hwaspowerremove |
Enables the trap function when an AS power module is removed. |
- |
hwunimbrasdiscoverattack |
Enables the trap function when an AS discovers attacks. |
- |
hwunimbrconnecterror |
Enables the trap function when cable connection of a fabric port is incorrect. |
- |
hwunimbrfabricportmemberdelete |
Enables the trap function when a member port of a fabric port is removed. |
- |
hwunimbrillegalfabricconfig |
Enables the trap function when the fabric port configuration is invalid. |
- |
hwunimbrlinkstatechange |
Enables the trap function when the connection status changes. |
- |
hwunimbrasserviceabnormal |
Enables the trap function when services on an AS become abnormal. |
- |
Usage Guidelines
When the trap function is enabled, the device generates traps during running and sends traps to the NMS through SNMP. When the trap function is not enabled, the device does not generate traps and the SNMP module does not send traps to the NMS.
You can specify trap-name to enable the trap function for one or more events.
snmp-agent trap enable feature-name uni-topomng
Function
snmp-agent trap enable feature-name uni-topomng command enables the trap function for the UNI-TOPOMNG module.
undo snmp-agent trap enable feature-name uni-topomng command disables the trap function for the UNI-TOPOMNG module.
By default, the trap function is enabled for the UNI-TOPOMNG module.
NOTE: This command can only be executed on a parent switch.