No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Command Reference

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic IPv6 Configuration Commands

Basic IPv6 Configuration Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

display default-parameter tcp6

Function

The display default-parameter tcp6 command displays the default values of all configurable parameters on the TCP6 module.

Format

display default-parameter tcp6

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display default-parameter tcp6 command displays the default values of all configurable parameters on the TCP6 module.

Example

# Display the default values of all configurable parameters on the TCP6 module.

<HUAWEI> display default-parameter tcp6
---------------------------------
  SYN Timeout Value(sec) : 75
  FIN Timeout Value(sec) : 600
  Window Size(KBytes)    : 8
---------------------------------
Table 6-62  Description of the display default-parameter tcp6 command output

Item

Description

SYN Timeout Value(sec)

TCP SYN-Wait timer value.

To configure this parameter, run the tcp ipv6 timer syn-timeout command.

FIN Timeout Value(sec)

TCP FIN-Wait timer value.

To configure this parameter, run the tcp ipv6 timer fin-timeout command.

Window Size(KBytes)

TCP6 slide window size.

To configure this parameter, run the tcp ipv6 window command.

display icmpv6 statistics

Function

The display icmpv6 statistics command displays ICMPv6 traffic statistics.

Format

display icmpv6 statistics [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Indicates the ICMPv6 traffic statistics on the specified interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display icmpv6 statistics command to view ICMPv6 packet statistics, including statistics about received and sent ICMPv6 error packets and statistics about four types of ICMPv6 packets (RS, RA, NS, and NA packets) used in the neighbor discovery mechanism.

When you ping an IPv6 address from a device, run the display icmpv6 statistics command on the device to check whether the total number of sent and received packets is correct.

Precautions

The total number of packets received by the device includes the number of packets forwarded, number of packets delivered to upper-layer network devices, and number of packets discarded.

Example

# Display ICMPv6 traffic statistics on the device.

<HUAWEI> display icmpv6 statistics interface vlanif 100
ICMPv6 protocol:                                                                
                                                                                
  Sent packets:                                                                 
    Total              : 2                                                      
    Unreached          : 0          Prohibited         : 0                      
    Hop count exceeded : 0          Parameter problem  : 0                      
    Too big            : 0          Echoed             : 0                      
    Echo replied       : 0          Router solicit     : 0                      
    Router advert      : 0          Neighbor solicit   : 1                      
    Neighbor advert    : 1          Redirected         : 0                      
    Rate limited       : 0          Cert path advert   : 0                      
                                                                                
  Received packets:                                                             
    Total              : 0          Format error       : 0                      
    Checksum error     : 0          Too short          : 0                      
    Bad code           : 0          Bad length         : 0                      
    Unknown info type  : 0          Unknown error type : 0                      
    Unreached          : 0          Prohibited         : 0                      
    Hop count exceeded : 0          Parameter problem  : 0                      
    Too big            : 0          Echoed             : 0                      
    Echo replied       : 0          Router solicit     : 0                      
    Router advert      : 0          Neighbor solicit   : 0                      
    Neighbor advert    : 0          Redirected         : 0                      
    Rate limited       : 0          Cert path solicit  : 0                   
Table 6-63  Description of the display icmpv6 statistics command output
Item Description

ICMPv6 protocol

ICMPv6 packet statistics.

Sent packets

Statistics about sent ICMPv6 packets.

Total

Total number of sent packets.

Unreached

Total number of sent ICMPv6 Destination Unreachable packets.

Prohibited

Total number of sent ICMPv6 Administratively Prohibited Unreachable packets.

Hop count exceeded

Total number of sent ICMPv6 packets whose hops exceed the limit.

Parameter problem

Total number of sent ICMPv6 Parameter Problem packets.

Too big

Total number of sent ICMPv6 Packet Too Big packets.

Echoed

Total number of sent ICMPv6 Echo Request packets.

Echo replied

Total number of sent ICMPv6 Echo Reply packets.

Router solicit

Total number of sent Router Solicitation (RS) packets.

Router advert

Total number of sent Router Advertisement (RA) packets.

Neighbor solicit

Total number of sent Neighbor Solicitation (NS) packets.

Neighbor advert

Total number of sent Neighbor Advertisement (NA) packets.

Redirected

Total number of sent ICMPv6 Redirect packets.

Rate limited

Total number of ICMPv6 packets that fail to be sent because of the rate limit.

Cert path advert

Total number of sent CPS packets. This parameter is not supported currently and displayed as 0.

Received packets

Statistics about received ICMPv6 packets.

Total

Total number of received packets.

Format error

Total number of received ICMPv6 packets with format errors.

Checksum error

Total number of received ICMPv6 packets with checksum errors.

Too short

Total number of received ICMPv6 packets that are too short.

Bad code

Total number of received ICMPv6 packets with code errors.

Bad length

Total number of received ICMPv6 packets with packet length errors.

Unknown info type

Total number of received ICMPv6 packets with an unknown information type.

Unknown error type

Total number of received ICMPv6 packets with an unknown error type.

Unreached

Total number of received ICMPv6 Destination Unreachable packets.

Prohibited

Total number of received ICMPv6 Administratively Prohibited Unreachable packets.

Hop count exceeded

Total number of received ICMPv6 packets whose hops exceed the limit.

Parameter problem

Total number of received ICMPv6 Parameter Problem packets.

Too big

Total number of received ICMPv6 packets that are oversized.

Echoed

Total number of received ICMPv6 Echo Request packets.

Echo replied

Total number of received ICMPv6 Echo Reply packets.

Router solicit

Total number of received RS packets.

Router advert

Total number of received RA packets.

Neighbor solicit

Total number of received NS packets.

Neighbor advert

Total number of received NA packets.

Redirected

Total number of received ICMPv6 Redirect packets.

Rate limited

Total number of ICMPv6 packets that fail to be received because of the rate limit.

Cert path solicit

Total number of received CPA packets. This parameter is not supported currently and displayed as 0.

display ipv6 attack-source overlapping-fragment

Function

The display ipv6 attack-source overlapping-fragment displays source information about overlapping fragment attacks.

Format

display ipv6 attack-source overlapping-fragment

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When the device suffers from overlapping fragment attacks, the administrator can run this command to view source information about attack packets. Source information includes the source and destination IP addresses of the packets, interface receiving the packets, source VLAN, source CE VLAN, and VPN to which the packets belongs. The administrator can take proper actions on the attack source.

Example

# Display source information about overlapping fragment attacks.
<HUAWEI> display ipv6 attack-source overlapping-fragment
Attack-source overlapping fragment table:

-----------------------------------------------------------------------------
  Source IP           : FC00::1
  Destination IP      : FC00::2
  Interface name      : Eth0/0/0
  VPN name            :
  VLAN                : 0                                CEVLAN: 0
  Attacked time       : 2011-09-29 01:01:28
-----------------------------------------------------------------------------

Total: 1
Table 6-64  Description of the display ipv6 attack-source overlapping-fragment command output

Item

Description

Source IP

Source IPv6 address of an overlapping fragment attack packet.

Destination IP

Destination IPv6 address of the overlapping fragment attack packet.

Interface name

Interface that receives the overlapping fragment attack packet.

VPN name

Name of the VPN to which the overlapping fragment attack packet belongs.

VLAN

VLAN to which the overlapping fragment attack packet belongs.

CEVLAN

CE VLAN to which the overlapping fragment attack packet belongs.

Attacked time

Duration of the overlapping fragment attack.

Total

Number of pieces of source information about overlapping fragment attacks.

display ipv6 interface

Function

The display ipv6 interface command displays IPv6 information on an interface.

Format

display ipv6 interface [ interface-type interface-number | brief ]

Parameters

Parameter Description Value
interface-type interface-number Displays IPv6 information on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.

If no interface is specified, IPv6 information on all interfaces configured with IPv6 addresses is displayed.

-
brief Displays brief information about the interface. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Before running this command, ensure that the interface is configured with an IPv6 address. If no IPv6 address is assigned to the interface, no interface information is displayed.

Example

# Display IPv6 information on VLANIF 2.

<HUAWEI> display ipv6 interface vlanif 2
Vlanif2 current state : DOWN
IPv6 protocol current state : DOWN
IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00 [TENTATIVE]
  Global unicast address(es):
    FC00::1, subnet is FC00::/64 [TENTATIVE]
  Joined group address(es):
    FF02::1:FF00:1
    FF02::1:FF04:5D00
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  ND stale time is 1200 seconds
  ND advertised reachable time is 0 milliseconds                                
  ND advertised retransmit interval is 0 milliseconds                           
  ND router advertisement max interval 600 seconds, min interval 200 seconds    
  ND router advertisements live for 1800 seconds                                
  ND router advertisements hop-limit 64                                         
  ND default router preference medium                                           
  Hosts use stateless autoconfig for addresses 
Table 6-65  Description of the display ipv6 interface command output

Item

Description

Vlanif2 current state

Current physical status of VLANIF 2.

  • UP: enabled

  • DOWN: disabled

IPv6 protocol current state

Current protocol status of the interface.

  • UP: enabled

  • DOWN: disabled

IPv6 is enabled

IPv6 is enabled.

link-local address

Link-local address on the interface.

After an IPv6 address is configured on the interface, the system automatically assigns a link-local address for the interface. To manually configure a link-local address for an interface, run the ipv6 address link-local command.

Global unicast address(es)

Global unicast address configured on the interface.

To configure a global unicast address for an interface, run the ipv6 address command.

Joined group address(es)

Addresses of all multicast groups that the interface joins.

TENTATIVE

When the interface is in DOWN state, the IPv6 address is TENTATIVE.

MTU

MTU of the interface.

To configure the MTU for an interface, run the ipv6 mtu command.

ND DAD is enabled

NS packets are sent when the system performs Duplicate Address Detection (DAD).

number of DAD attempts

Number of times duplicate address detection is performed.

ND reachable time

Neighbor reachable time.

ND retransmit interval

Retransmission interval of NS packets.

ND stale time

Aging time of ND entries in STALE state.

ND advertised reachable time

Reachable time of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND advertised retransmit interval

Retransmission interval of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisement max interval 600 seconds, min interval 200 seconds

Maximum and minimum interval of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements live for

Router lifetime in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements hop-limit

Hop limit of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND default router preference

Default route priority in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

Hosts use stateless autoconfig for addresses

Hosts obtain IPv6 addresses by means of stateless auto-configuration.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

# Display brief IPv6 information about all interfaces.

<HUAWEI> display ipv6 interface brief
*down: administratively down
!down: FIB overload down
(l): loopback
(s): spoofing
(d): Dampening Suppressed
Interface                    Physical              Protocol
LoopBack0                    up                    up(s)
[IPv6 Address] Unassigned
Vlanif2                      down                  down
[IPv6 Address] 2001::1 [TENTATIVE]
Table 6-66  Description of the display ipv6 interface brief command output

Item

Description

*down

Reason that interface is physically Down. administratively down indicates that the network administrator has executed the shutdown (interface view) command on the interface.

!down

The interface goes Down because the number of route prefixes in the FIB exceeds the upper limit.

(l)

This interface is enabled with the loopback function.

(s)

This interface is enabled with the spoofing function.

(d): Dampening Suppressed

The interface protocol is in the suppressed state.

Interface

Name of an interface.

Physical

Physical status of the interface.

Protocol

Link layer protocol status of the interface.

IPv6 Address

IPv6 address configured for the interface. If no IPv6 address is assigned to the interface, this field displays Unassigned.

TENTATIVE

When the interface is in Down state, the IPv6 address is TENTATIVE.

Related Topics

display ipv6 interface tunnel

Function

The display ipv6 interface tunnel command displays IPv6 information on a tunnel interface.

Format

display ipv6 interface tunnel interface-number

Parameters

Parameter Description Value
interface-number Displays the tunnel interface number. -

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display ipv6 interface tunnel command displays IPv6 information on a tunnel interface.

Example

# Display IPv6 information on Tunnel1.

<HUAWEI> display ipv6 interface tunnel 1
Tunnel1 current state : UP
IPv6 protocol current state : DOWN
IPv6 is enabled, link-local address is FE80::2E0:9FF:FE87:7890 [TENTATIVE]
  Global unicast address(es):
    FC00:1::1, subnet is FC00:1::/64 [TENTATIVE]
  Joined group address(es):
    FF02::1:FF87:7890
    FF02::1:FF00:1
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  ND stale time is 1200 seconds 
  ND advertised reachable time is 0 milliseconds                                
  ND advertised retransmit interval is 0 milliseconds                           
  ND router advertisement max interval 600 seconds, min interval 200 seconds    
  ND router advertisements live for 1800 seconds                                
  ND router advertisements hop-limit 64                                         
  ND default router preference medium                                           
  Hosts use stateless autoconfig for addresses
Table 6-67  Description of the display ipv6 interface tunnel command output

Item

Description

Tunnel1 current state

Current status of the tunnel interface:
  • UP: enabled

  • DOWN: disabled

When working properly, an IPv6 over IPv4 tunnel is in Up state.

IPv6 protocol current state

Current status of the link layer protocol:
  • UP: enabled

  • DOWN: disabled

When working properly, an IPv6 over IPv4 tunnel is in Up state.

IPv6 is enabled

IPv6 is enabled.

link-local address

Link-local address on the interface.

After an IPv6 address is configured on the interface, the system automatically assigns a link-local address for the interface. To manually configure a link-local address for an interface, run the ipv6 address link-local command.

Global unicast address(es)

IPv6 global unicast address.

To configure an IPv6 global unicast address, run the ipv6 address command.

Joined group address(es)

Addresses of multicast groups that the interface joins.

TENTATIVE

When the interface is in DOWN state, the IPv6 address is TENTATIVE.

MTU

MTU of the interface.

To configure the MTU of the interface, run the ipv6 mtu command.

ND reachable time

Reachable time of ND packets.

ND retransmit interval

Interval for retransmitting ND packets.

ND stale time

Time period for the neighbor to keep the STALE state.

ND advertised reachable time

Reachable time of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND advertised retransmit interval

Retransmission interval of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisement max interval 600 seconds, min interval 200 seconds

Maximum and minimum interval of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements live for

Router lifetime in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements hop-limit

Hop limit of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND default router preference

Default route priority in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

Hosts use stateless autoconfig for addresses

Hosts obtain IPv6 addresses by means of stateless auto-configuration.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

display ipv6 nd track

Function

The display ipv6 nd track command displays information about the changes in the outbound interfaces of ND entries on VLANIF interfaces.

Format

display ipv6 nd track

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

If the outbound interfaces of ND entries learned by a VLANIF interface change, traffic is intermittently interrupted. To keep track of the outbound interface changes, run the display ipv6 nd track command to display the change time.

Prerequisites

A VLANIF interface has ND entries, and their outbound interfaces have changed.

Precautions

After the display ipv6 nd track command is run, the following types of changes are displayed:
  • The outbound interface of a dynamic ND entry learned by the VLANIF interface changes to another interface.

  • The outbound interface of a static ND entry configured on the VLANIF interface is changed to another interface.

  • A dynamic or static ND entry on the VLANIF interface is deleted.

The following types of changes are not displayed:
  • ND entries on a non-VLANIF interface change.

  • A new ND entry is learned.

  • A new static ND entry is configured.

Example

# Display information about the changes in the outbound interfaces of ND entries on VLANIF interfaces.

<HUAWEI> display ipv6 nd track
Operate Flag : Modify
IPv6-Address : 2001:db8::1
MAC-Address  : 0001-0001-0001
VLAN         : 1000
Old-Port     : GE1/0/1
New-Port     : GE1/0/11
System-Time  : 2017-10-19 12:10:12

Operate Flag : Modify
IPv6-Address : 1000::1
MAC-Address  : 0001-0001-0001
VLAN         : 1000
Old-Port     : GE1/0/1
New-Port     : GE1/0/11
System-Time  : 2017-09-19 12:13:12

Operate Flag : Delete
IPv6-Address : 2000::11
MAC-Address  : 0001-0001-0001
VLAN         : 300
Old-Port     : GE1/0/2
New-Port     :
System-Time  : 2017-08-19 12:12:12
Table 6-68  Description of the display ipv6 nd track command output

Item

Description

Operate Flag

Operation flag.
  • Modify: indicates that the outbound interface changes.

  • Delete: indicates that the ND entry is deleted.

IPv6-Address

IPv6 address of the ND entry.

MAC-Address

MAC address of the ND entry.

VLAN

VLAN ID of the VLANIF interface.

Old-Port

Original outbound interface of the ND entry.

New-Port

New outbound interface of the ND entry.

System-Time

Time when the outbound interface changed.

display ipv6 neighbors

Function

The display ipv6 neighbors command displays information about neighbor entries.

Format

display ipv6 neighbors [ ipv6-address | [ vid vid ] interface-type interface-number | vpn-instance vpn-instance-name ]

display ipv6 neighbors [ interface-type interface-number [ vid vid [ cevid cevid ] ] ]

Parameters

Parameter Description Value
ipv6-address Displays neighbor entries of a specified IPv6 address. The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.
vid vid Displays neighbor entries of a specified VLAN. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Displays neighbor entries on a specified interface. -
vpn-instance vpn-instance-name

Displays neighbor entries of a specified VPN instance.

The value must be an existing VPN instance name.

cevid cevid Specifies the inner tag. The value is an integer that ranges from 1 to 4094.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display ipv6 neighbors command displays information about dynamic and static ND entries. The information helps you:

  • Check whether the local routing device has learned MAC addresses from neighbors.
  • Check the neighbor status of the local routing device, including neighbor unreachable, neighbor reachable, or unknown.

You can run one of the following commands as required:

  • To view neighbor entries based on the neighbor IPv6 address, run the display ipv6 neighbors [ ipv6-address ] command.

  • To view neighbor entries based on the neighbor interface number, run the display ipv6 neighbors interface-type interface-number command.

    To view neighbor entries on a VLANIF interface, run the display ipv6 neighbors [ [ vid vlan-id ] interface-type interface-number ] command or the display ipv6 neighbors [ interface-type interface-number [ vid vid [ cevid cevid ] ] ] command.

  • To view the neighbor entry on a sub-interface for QinQ VLAN tag termination or Dot1q VLAN tag termination, run the display ipv6 neighbors [ interface-type interface-number [ vid vid [ cevid cevid ] ] ] command.

If no parameter is specified, the display ipv6 neighbors command displays all neighbor entries.

Example

# Display neighbor entries of IPv6 address FC00::2.

<HUAWEI> display ipv6 neighbors fc00::2
-----------------------------------------------------------------------------
IPv6 Address : FC00::2
Link-layer   : 00e0-fc89-fe6e           State : STALE
Interface    : GE1/0/0                  Age   : 00h19m12s
VLAN         : -                        CEVLAN: -                     
VPN name     :                          Is Router: FALSE  
-----------------------------------------------------------------------------
Total: 1        Dynamic: 1          Static: 0

# Display neighbor entries of IPv6 VPN instance vpnA.

<HUAWEI> display ipv6 neighbors vpn-instance vpnA
-----------------------------------------------------------------------------
IPv6 Address : FE80::2E0:FCFF:FE8C:417D
Link-layer   : 00e0-fc8c-417d           State : STALE
Interface    : GE4/2/0                  Age   : 00h19m12s
VLAN         : -                        CEVLAN: -                     
VPN name     : vpnA                     Is Router: FALSE  

IPv6 Address : FE80::2E0:FCFF:FE95:DD66  
Link-layer   : 00e0-fc95-dd66           State : STALE
Interface    : GE4/2/0                  Age   : 00h19m12s
VLAN         : -                        CEVLAN: -                     
VPN name     : vpnA                     Is Router: FALSE  
-----------------------------------------------------------------------------
Total: 2        Dynamic: 2         Static: 0

# Display neighbor entries on a specified interface.

<HUAWEI> display ipv6 neighbors vlanif 11
-----------------------------------------------------------------------------
IPv6 Address : FC00::3                                              
Link-layer   : 0001-0001-0012                     State : INCMP        
Interface    : GE1/0/0                            Age   : 00h19m12s                   
VLAN         : 11                                 CEVLAN: - 
VPN name     : v1                                 Is Router: TRUE             

-----------------------------------------------------------------------------
Total: 1       Dynamic: 0       Static: 1     

# View the neighbor entries on the QinQ termination sub-interface GE1/0/0.1.

<HUAWEI> display ipv6 neighbors gigabitethernet 1/0/0.1 vid 1 cevid 1
-----------------------------------------------------------------------------
IPv6 Address : 2001:db8::2
Link-layer   : 00e0-3602-8100                     State : REACH
Interface    : GE1/0/0.1                          Age   : -
VLAN         : 1                                  CEVLAN: 1
VPN name     :                                    Is Router: TRUE
-----------------------------------------------------------------------------
Total: 1       Dynamic: 0       Static: 1
Table 6-69  Description of the display ipv6 neighbors command output

Item

Description

IPv6 Address

IPv6 address of a neighbor.

Link-layer

Link layer address (MAC address) of the neighbor.

State

Status of a neighbor entry:
  • INCMP: indicates that the neighbor is unreachable. When the address is being resolved, the link layer address of the neighbor is not detected. If resolution succeeds, the neighbor entry is in REACH state.
  • REACH: indicates that the neighbor is reachable within a specified period. By default, the neighbor is reachable within 30s. If the period expires and the entry remains unused, the neighbor entry is in STALE state.
  • STALE: indicates that whether the neighbor is reachable is unknown. The entry remains unused within a specified period. By default, the neighbor is reachable within 30s. A device does not detect neighbor reachability unless it needs to send packets to a neighbor.
  • DELAY: indicates that whether the neighbor is reachable is unknown. A device has sent a packet to a neighbor. If the device does not receive any response from the neighbor within the specified period, the neighbor entry is in PROBE state.
  • PROBE: indicates that whether the neighbor is reachable is unknown. A device has sent a packet to a neighbor to detect whether the neighbor is reachable. If the device receives a response from the neighbor within a specified period, the neighbor entry is in REACH state. Otherwise, the neighbor entry is in INCMP state.

Interface

Name of the interface to which the neighbor entry belongs.

Age

Aging time of the neighbor entry:
  • The aging time of static entries is displayed as "-".
  • The aging time of dynamic entries is the time that the reachable state lasts. "#" indicates non-reachable (only for dynamic entries).

VLAN

ID of the VLAN to which the neighbor belongs.

CEVLAN

ID of the CEVLAN to which a neighbor belongs.

VPN name

Name of a VPN instance to which the neighbor belongs.

Is Router

Whether an NA packet carries the R flag:
  • If the NA packet carries the R flag, "TRUE" is displayed.

    In this case, the neighbor is a routing device.

  • If the NA packet carries no R flag, "FALSE" is displayed.

    In this case, the neighbor may be a PC or a routing device that sends an NA packet carrying no R flag.

Total

Number of total neighbor entries.

Dynamic

Number of dynamic neighbor entries.

Static

Number of static neighbor entries.

Related Topics

display ipv6 pathmtu

Function

The display ipv6 pathmtu command displays information about PMTU entries.

Format

display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | all | dynamic | static }

Parameters

Parameter Description Value
ipv6-address Displays PMTU entries that match a specified IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
all Displays all PMTU entries. -
dynamic Displays all dynamic PMTU entries. -
static Displays all static PMTU entries. -
vpn-instance vpn-instance-name Displays PMTU entries of a specified IPv6 VPN instance.

The value must be an existing VPN instance name.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

If the MTU on the outbound interface of an intermediate routing device is smaller than the MTU of the source host, the path MTU (PMTU) discovery mechanism determines the maximum size of packets that can be transmitted on a path.

The display ipv6 pathmtu command displays information about dynamic and static PMTU entries. The device then fragments packets into a size smaller than the PMTU and forwards the fragmented packets.

Precautions

If no PMTU is set using the ipv6 pathmtu command, no static PMTU entry is displayed after the display ipv6 pathmtu command is run.

Example

# Display all PMTU entries.

<HUAWEI> display ipv6 pathmtu all
IPv6 Destination Address                ZoneID PathMTU LifeTime(M) Type    FF
FC00::2                                 0      1500    -           Static  NO
-------------------------------------------------------------------------------
Total: 1      Dynamic: 0     Static: 1   
Table 6-70  Description of the display ipv6 pathmtu command output

Item

Description

IPv6 Destination Address

Destination IPv6 address.

ZoneID

Zone ID.

PathMTU

PMTU of an IPv6 address.

To configure the PMTU for an IPv6 address, run the ipv6 pathmtu command.

LifeTime(M)

Remaining lifetime, in minutes. The update interval is 1 minute. This field displays "-" for static entries.

Type

Type of the PMTU entry:

  • Dynamic: dynamic entries
  • Static: static entries (configured through CLI)

FF

Fragmentation flag:

  • YES: Packets are fragmented, and a fragment header is added to a packet.
  • NO: Packets are not fragmented.

Total

The number of total PMTU entry.

Dynamic

The number of dynamic PMTU entry.

Static

The number of static PMTU entry.

display ipv6 socket

Function

The display ipv6 socket command displays information about IPv6 sockets.

Format

display ipv6 [ ha ] socket [ socktype socket-type | task-id task-id socket-id socket-id ]

Parameters

Parameter Description Value
ha Displays IPv6 socket information on the slave main control board. -
socktype socket-type Specifies the type of a socket. The value can be:
  • 1: indicates SOCK_STREAM, corresponding to the TCP-based socket.
  • 2: indicates SOCK_DGRAM, corresponding to the UDP-based socket.
  • 3: indicates SOCK_RAW, corresponding to the RawIP-based socket.
The value is an integer that ranges from 1 to 3.
socket-id socket-id Specifies the socket ID. The value is an integer that ranges from 1 to 131072.
task-id task-id Specifies the task ID.

The value is an integer and the range depends on the task configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

To locate a fault, you can use this command to view detailed information about sockets of all types or a specified type.

Precautions

If there is no socket information, no information is displayed.

If no parameter is specified, this command displays information about all types of sockets.

Example

# Display information about all types of sockets.

<HUAWEI> display ipv6 socket
SOCK_STREAM:
Task = VTYD(90), socketid = 2, Proto = 6,
LA = ::->23, FA = ::->0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SETACL6 SO_SENDVPNID(
23553) SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC

SOCK_DGRAM:
Task = AGT6(94), socketid = 1, Proto = 17,
LA = ::->161, FA = ::->0,
sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0,
socket option =,
socket state = SS_PRIV

Task = TRAP(93), socketid = 2, Proto = 17,
LA = ::->49152, FA = ::->0,
sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0,
socket option =,
socket state = SS_PRIV

SOCK_RAW:  

# Display information about the socket with socket type 1.

<HUAWEI> display ipv6 socket socktype 1
SOCK_STREAM:                                                                    
Task = VTYD(98), socketid = 2, Proto = 6,                                       
LA = ::->23, FA = ::->0,                                                        
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,                             
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_LINGER SO_REUSEPORT SO_SETACL6 SO_
SENDVPNID(-1) SO_SETKEEPALIVE SO_ZONEID(-1),                                    
socket state = SS_PRIV SS_ASYNC 
Table 6-71  Description of the display ipv6 socket command output

Item

Description

SOCK_STREAM

One type of socket. Sockets are classified into the following types:
  • SOCK_STREAM

  • SOCK_DGRAM

  • SOCK_RAW

Task = VTYD

Type and ID of the task that invokes the socket. For example, Task = VTYD(90) shows that the task named VTYD uses the socket, with task ID 90.

socketid

Socket ID.

Proto

Protocol ID.

LA

Local address and local port number.

FA

Remote address and remote port number.

sndbuf

Upper limit of the send buffer, in bytes.

rcvbuf

Upper limit of the receive buffer, in bytes.

sb_cc

Total number of sent bytes.

rb_cc

Total number of received bytes.

socket option

Socket option that has been set.

socket state

Socket status.

display ipv6 statistics

Function

The display ipv6 statistics command displays IPv6 traffic statistics.

Format

display ipv6 statistics [ interface interface-type interface-number ]

Parameters

Parameter Description Value
interface interface-type interface-number Displays IPv6 traffic statistics on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display ipv6 statistics command to view statistics on received and sent IPv6 packets.

During packet transmission, if the source node has fragmented packets, you can run this command to view the total number of IPv6 packets that are successfully fragmented and the total number of fragmented packets that have been sent, and then check whether the number of fragmented packets received by the destination node is correct.

Precautions

The total number of packets received by the device includes the number of forwarded packets, number of packets delivered by the routing device to the upper layer, and number of discarded packets.

Example

# Display IPv6 traffic statistics on the device.

<HUAWEI> display ipv6 statistics
IPv6 Protocol:                                                                  
                                                                                
  Sent packets:                                                                 
    Total              : 0                                                      
    Local sent out     : 0          Forwarded          : 0                      
    Raw packets        : 0          Discarded          : 0                      
    Fragmented         : 0          Fragments          : 0                      
    Fragments failed   : 0          Multicast          : 0                      
                                                                                
  Received packets:                                                             
    Total              : 0          Local host         : 0                      
    Hop count exceeded : 0          Header error       : 0                      
    Too big            : 0          Routing failed     : 0                      
    Address error      : 0          Protocol error     : 0                      
    Truncated          : 0          Option error       : 0                      
    Fragments          : 0          Reassembled        : 0                      
    Reassembly timeout : 0          Multicast          : 0                      
    Fragments overlap  : 0                                                      
    Extension header:                                                            
      Hop-by-hop options   : 0               Mobility header       : 0          
      Destination options  : 0               Routing header        : 0          
      Fragment header      : 0               Authentication header : 0          
      Encapsulation header : 0               No header             : 0          
      TLV length error     : 0               Header length error   : 0          
      Unknown header type  : 0               Unknown TLV type      : 0   
Table 6-72  Description of the display ipv6 statistics command output
Item Description

Sent packets

Statistics about sent packets.

Total

Total number of sent packets.

Local sent out

Total number of packets sent by the local device.

Forwarded

Number of forwarded packets.

Raw packets

Total number of packets sent through the raw socket, such as ping or tracert packets.

Discarded

Total number of discarded packets.

Fragmented

Total number of IPv6 packets that are successfully fragmented.

Fragments

Total number of sent fragmented packets.

Fragments failed

Total number of IPv6 packets that fail to be fragmented.

Multicast

Total number of sent multicast packets.

Received packets

Statistics about received packets.

Total

Total number of received packets.

Local host

Total number of packets received by the local device.

Hop count exceeded

Total number of packets whose hops exceed the upper limit.

Header error

Total number of packets with incorrect packet header.

Too big

Total number of received packets that fail to be forwarded because of excessive size.

Routing failed

Total number of packets that fail to be routed.

Address error

Total number of packets with incorrect IP addresses.

Protocol error

Total number of packets with the incorrect protocol.

Truncated

Total number of packets discarded because the actual packet length is shorter than that specified in the packet length field.

Option error

Total number of packets that carry incorrect options.

Fragments

Total number of received fragmented packets.

Reassembled

Total number of packets that are successfully reassembled.

Reassembly timeout

Total number of packets that fail to be reassembled due to timeout.

Multicast

Total number of received multicast packets.

Fragments overlap

Total number of received fragmented packets that are overlapped.

Extension Header

Total number of the IPv6 extension headers.

Hop-by-Hop Options

Total number of the hop-by-hop options headers.

Mobility Header

Total number of the mobility headers.

Destination Options

Total number of the destination options headers.

Routing Header

Total number of the routing options headers.

Fragment Header

Total number of the fragment headers.

Authentication Header

Total number of the authentication headers.

Encapsulation Header

Total number of the encapsulation headers.

No header

Total number of the packets without headers.

TLV Length error

Total number of the extension headers in which the TLV length field is wrong.

Header Length error

Total number of the extension headers in which the length field is wrong.

Unknown header type

Total number of the unknown extension header types.

Unknown TLV type

Total number of the unknown TLV types.

Related Topics

display nd optimized-passby status

Function

The display nd optimized-passby status command displays whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect.

Format

display nd optimized-passby status interface vlanif vlanif-id slot slot-id

NOTE:

Only X series cards support this command.

Parameters

Parameter Description Value
interface vlanif vlanif-id

Displays whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect on a specified VLANIF interface.

The value is an integer and the value range depends on the range of existing VLANIF interfaces. You can enter ? to obtain the range of VLANIF interface numbers.
slot slot-id

Displays whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect in a specified slot.

The value must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If an interface receives a large number of NS packets whose destination IPv6 addresses are different from the IPv6 address of this interface and sends these NS packets to the CPU for processing, the CPU usage is high and the CPU cannot process services properly.

To prevent this issue, you can configure the device to directly forward NS packets destined for other devices without sending them to the CPU. This improves the device's capability of defending against packet attacks.

When the device is configured not to send NS packets destined for other devices to the CPU, the configuration does not take effect if a conflict configuration exists on the device. You can use the display nd optimized-passby status command to check whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect. For details about conflict configurations, see nd optimized-passby enable.

Example

# Display whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect on VLANIF 100.

<HUAWEI> display nd optimized-passby status interface Vlanif 100 slot 0
Current configuration: Enable
Actual         status: Inactive
Inactive       Reason: The interface protocol status is down.
Table 6-73  Description of the display nd optimized-passby status command output

Item

Description

Current configuration

Whether the device is configured not to send NS packets destined for other devices to the CPU.
  • Enable: The device is configured not to send NS packets destined for other devices to the CPU.
  • Disable: The device is configured to send NS packets destined for other devices to the CPU.

Actual status

Whether the configuration of disabling the device from sending NS packets destined for other devices to the CPU takes effect.
  • Inactive
  • Active

Inactive Reason

Conflict configuration.

display nd optimized-reply statistics

Function

The display nd optimized-reply statistics command displays statistics on optimized ND Reply packets.

Format

display nd optimized-reply statistics [ slot slot-id ]

Parameters

Parameter Description Value
slot slot-id

Displays statistics on optimized ND Reply packets of a specified LPU slot. If this parameter is not specified, the command displays statistics on optimized ND Reply packets of all LPUs.

NOTE:
In a CSS, slot-id specifies the CSS ID and slot ID. For example, slot 1/2 indicates CSS ID1 and slot 2.

The value is an integer and must be set according to the device configuration.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to check statistics on optimized ND Reply packets after the optimized ND reply function is enabled on the device.

Example

# Display statistics on optimized ND Reply packets of the LPU in slot 5.
<HUAWEI> display nd optimized-reply statistics slot 5
Slot            Received           Processed             Dropped                                                                    
----------------------------------------------------------------                                                                    
5                     76                   7                   9
Table 6-74  Description of the display nd optimized-reply statistics command output

Item

Description

Slot

Slot ID of the LPU.

Received

Number of ND Request packets entering the processing procedure of the optimized ND reply function on the LPU.

Processed

Number of ND Request packets that the LPU optimized responds to.

Dropped

Number of ND Request packets discarded by the LPU.

NOTE:
When the optimized ND reply function is enabled, the LPU does not optimize the responses to the ND Request packets whose destination IPv6 address is not the IPv6 address of a local interface on the switch.

display nd optimized-reply status

Function

The display nd optimized-reply status command displays the status of the optimized ND reply function.

Format

display nd optimized-reply status

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run this command to check the status of the optimized ND reply function.

Example

# Check the status of the optimized ND reply function.
<HUAWEI> display nd optimized-reply status
Current configuration:Disable                                                   
Actual         status:Inactive                                                  
Related configuration:                                                          
   nd optimized-reply disable
Table 6-75  Description of the display nd optimized-reply status command output

Item

Description

Current configuration

Configuration of the optimized ND reply function.

  • Enable
  • Disable

To set this field, run the nd optimized-reply disable command.

Actual status

Status of the optimized ND reply function.

  • Active
  • Inactive

Related configuration

Configuration that results in the invalid optimized ND reply function.

If the optimized ND reply function has taken effect, this field is not displayed.

display rawip ipv6 statistics

Function

The display rawip ipv6 statistics command displays Raw IPv6 packet statistics.

Format

display rawip ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display rawip ipv6 statistics command to view Raw IPv6 packet statistics, including:

  • Statistics about received and sent Raw IPv6 packets

  • Statistics about discarded Raw IPv6 packets

Example

# Display Raw IPv6 packet statistics.

<HUAWEI> display rawip ipv6 statistics
 Received packets:
     total: 20
     packets sent for external pre processing: 0
     packets for which checksum has to be calculated: 0
     packets with invalid checksum : 0
     dropped packets due to socket buffer is full: 0
     dropped packets due to no matching socket: 20
     dropped multicast packets due to no matching socket: 0
 Sent packets:
     total (excluding ICMP6 packets): 0
Table 6-76  Description of the display rawip ipv6 statistics command output

Item

Description

total

Total number of received and sent packets.

packets sent for external pre processing

Number of received Raw IPv6 packets for external preprocessing.

packets for which checksum has to be calculated

Number of received Raw IPv6 packets for which checksum has been calculated.

packets with invalid checksum

Number of discarded Raw IPv6 packets with checksum errors.

dropped packets due to socket buffer is full

Number of Raw IPv6 packets that are discarded because the socket buffer is full.

dropped packets due to no matching socket

Number of discarded Raw IPv6 packets that do not match the receiving socket.

dropped multicast packets due to no matching socket

Number of discarded Raw IPv6 packets destined to a multicast address that do not match the receiving socket.

display snmp-agent trap feature-name ipv6 all

Function

The display snmp-agent trap feature-name ipv6 all command displays all trap messages of the IPv6 module.

Format

display snmp-agent trap feature-name ipv6 all

Parameters

None.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

Prerequisites

SNMP has been enabled. See snmp-agent.

Usage Scenario

After the trap function of a specified feature is enabled, you can run the display snmp-agent trap feature-name ipv6 all command to check the status of all traps of IPv6. To enable the trap function of IPv6, run the snmp-agent trap enable feature-name ipv6 command.

Example

# Display all trap messages of the IPv6 module.

<HUAWEI> display snmp-agent trap feature-name ipv6 all
------------------------------------------------------------------------------
Feature name: ipv6
Trap number : 1
------------------------------------------------------------------------------
Trap name                      Default switch status   Current switch status  
ipv6IfStateChange              on                      on
Table 6-77  Description of the display snmp-agent trap feature-name ipv6 all command output

Item

Description

Feature name

Name of the module to which a trap message belongs.

Trap number

Number of trap messages.

Trap name

Name of a trap message of the IPv6 module:

  • ipv6IfStateChange: indicates that the IPv6 protocol status on an interface is changed.

Default switch status

Status of the default trap function:

  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

Current switch status

Status of the current trap function:

  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

display tcp ipv6 authentication-statistics

Function

The display tcp ipv6 authentication-statistics command displays authentication statistics of a specified TCP6 connection.

Format

display tcp ipv6 authentication-statistics src-ip src-ip src-port src-port dest-ip dest-ip dest-port dest-port

Parameters

Parameter Description Value
src-ip src-ip Specifies the source IPv6 address. The value has 128 bits. It is represented as eight groups of four hexadecimal digits with the groups being separated by colons, in the format of X:X:X:X:X:X:X:X.
src-port src-port Specifies the source port. The value is an integer that ranges from 0 to 65535.
dest-ip dest-ip Specifies the destination IPv6 address. The value has 128 bits. It is represented as eight groups of four hexadecimal digits with the groups being separated by colons, in the format of X:X:X:X:X:X:X:X.
dest-port dest-port Specifies the destination port. The value is an integer that ranges from 0 to 65535.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display tcp ipv6 authentication-statistics command to view authentication statistics of a specified TCP6 connection, including:

  • Number of TCP6 packets with MD5 Option

  • Number of TCP6 packets with Enhanced Authentication Option

Example

# Display authentication statistics of a specified TCP6 connection.

<HUAWEI> display tcp ipv6 authentication-statistics src-ip fc00::1 src-port 3456 dest-ip fc00::5 dest-port 5678
MD5 Signature Option (MSO)is enabled |
 Enhanced Authentication Option (EAO)is enabled
Received packets:
     total: 0
     packets received with MSO: 0
     packets received with EAO: 0    
     packets dropped due to MD5 authentication failure: 0
     packets dropped due to absence of MSO: 0
     packets dropped due to presence of MSO: 0
     packets dropped due to MAC authentication failure: 0
     packets dropped due to absence of active receive key: 0
     packets dropped due to invalid receive algorithm id: 0
     packets dropped due to absence of EAO: 0
     
Sent packets:
     total: 0
     packets sent with MSO: 0
     packets sent with EAO: 0
     packets not sent due to absence of active send key: 0
Table 6-78  Description of the display tcp ipv6 authentication-statistics command output

Item

Description

total (received packets)

Total number of received and discarded TCP6 packets.

packets received with MSO

Total number of received TCP6 packets with MD5 Option.

packets received with EAO

Total number of received TCP6 packets with Enhanced Authentication Option.

packets dropped due to MD5 authentication failure

Total number of TCP6 packets discarded due to MD5 authentication failure.

packets dropped due to absence of MSO

Total number of TCP6 packets discarded due to absence of MD5 Option.

packets dropped due to presence of MSO

Total number of TCP6 packets discarded due to presence of MD5 Option.

packets dropped due to MAC authentication failure

Total number of TCP6 packets discarded due to MAC authentication failure.

packets dropped due to absence of active receive key

Total number of TCP6 packets discarded due to absence of active receive key.

packets dropped due to invalid receive algorithm id

Total number of TCP6 packets discarded due to invalid receive algorithm ID.

packets dropped due to absence of EAO

Total number of TCP6 packets discarded due to absence of Enhanced Authentication Option.

total (sent packets)

Total number of sent and unsent TCP6 packets.

packets sent with MSO

Total number of sent TCP6 packets with MD5 Option.

packets sent with EAO

Total number of sent TCP6 packets with Enhanced Authentication Option.

packets not sent due to absence of active send key

Total number of TCP6 packets discarded due to absence of active send key.

display tcp ipv6 statistics

Function

The display tcp ipv6 statistics command displays TCP6 traffic statistics.

Format

display tcp ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can check the network connection status according to the items in the command output, for example:
  • Established connections: indicates the number of established connections, helping you determine whether to continue deploying services such as BGP services or adjust the load.

  • Duplicate ACK packets: indicates whether the device is attacked by unknown ACK packets. If the device receives a large number of unknown ACK packets, the device may be attacked.

  • Out-of-order packets: allows you to check network performance. If the network is in poor condition, a lot of out-of-order packets are generated.

Precautions

  • The total number of received packets includes the number of forwarded packets, number of packets delivered to the upper layer, and number of discarded packets.

  • Before running this command to view TCP6 statistics within a specified period, run the reset tcp ipv6 statistics command to clear existing statistics.

Example

# Display TCP6 packet statistics.

<HUAWEI> display tcp ipv6 statistics
Received packets:                                                               
     total: 0                                                                   
     total(64bit high-capacity counter): 0                                      
     packets in sequence: 0 (0 bytes)                                           
     window probe packets: 0                                                    
     window update packets: 0                                                   
     checksum error: 0                                                          
     offset error: 0                                                            
     short error: 0                                                             
     duplicate packets: 0 (0 bytes)                                             
     partially duplicate packets: 0 (0 bytes)                                   
     out-of-order packets: 0 (0 bytes)                                          
     packets with data after window: 0 (0 bytes)                                
     packets after close: 0                                                     
     ACK packets: 0 (0 bytes)                                                   
     duplicate ACK packets: 0                                                   
     too much ACK packets: 0                                                    
     packets dropped due to MD5 authentication failure: 0                       
     packets dropped due to absence of MSO: 0                                   
     packets dropped due to presence of MSO: 0                                  
     packets received with MD5 Signature Option: 0                              
     packets dropped due to MAC authentication failure: 0                       
     packets dropped due to absence of active receive key: 0                    
     packets dropped due to invalid receive algorithm id: 0                     
     packets dropped due to absence of Enhanced Authentication Option: 0        
     packets received with Enhanced Authentication Option: 0                    
                                                                                
Sent packets:                                                                   
     total: 0                                                                   
     urgent packets: 0                                                          
     total(64bit high-capacity counter): 0                                      
     control packets: 0 (including 0 RST)                                       
     window probe packets: 0                                                    
     window update packets: 0                                                   
     data packets: 0 (0 bytes)                                                  
     data packets retransmitted: 0 (0 bytes)                                    
     ACK only packets: 0 (0 delayed)                                            
     packets sent with MD5 Signature Option: 0                                  
     packets sent with Enhanced Authentication Option: 0                        
     packets not sent due to absence of active send key: 0                      
                                                                                
Other Statistics:                                                               
     retransmitted timeout: 0                                                   
     connections dropped in retransmitted timeout: 0                            
     keepalive timeout: 0                                                       
     keepalive probe: 0                                                         
     keepalive timeout, so connections disconnected: 0                          
     initiated connections: 0                                                   
     accepted connections: 0                                                    
     established connections: 0                                                 
     closed connections: 0 (dropped: 0, initiated dropped: 0) 
Table 6-79  Description of the display tcp ipv6 statistics command output

Item

Description

Received packets:

total

Total number of received packets.

total(64bit high-capacity counter)

Total number of received or sent packets counted by the 64-bit high-capacity counter.

packets in sequence

Number of packets received in sequence.

window probe packets

Number of received window probe packets.

window update packets

Number of received window update packets.

checksum error

Number of received packets with invalid checksum.

offset error

Number of received packets with incorrect TCP header length.

short error

Number of received packets with total length shorter than the set value in the packet header.

duplicate packets

Number of received duplicate packets.

partially duplicate packets

Number of received partially duplicate packets.

out-of-order packets

Number of received out-of-order packets.

packets with data after window

Number of received packets exceeding the receive window.

packets after close

Number of packets received after the connection is closed.

ACK packets

Number of received ACK packets.

duplicate ACK packets

Number of received duplicate ACK packets.

too much ACK packets

Number of received ACK packets with too large ACK values.

packets dropped due to MD5 authentication failure

Number of packets discarded due to MD5 authentication failure.

packets dropped due to absence of MSO

Number of packets discarded due to absence of MD5 Signature Option.

packets dropped due to presence of MSO

Number of packets discarded due to presence of MD5 Signature Option.

packets received with MD5 Signature Option

Number of received packets with MD5 Signature Option.

packets dropped due to MAC authentication failure

Number of packets discarded due to MAC authentication failure.

packets dropped due to absence of active receive key

Number of packets discarded due to absence of active receive key.

packets dropped due to invalid receive algorithm id

Number of packets discarded due to invalid receive algorithm ID.

packets dropped due to absence of Enhanced Authentication Option

Number of packets discarded due to absence of Enhanced Authentication Option.

packets received with Enhanced Authentication Option

Number of received packets with Enhanced Authentication Option.

Sent packets:

total:

Total number of sent packets.

urgent packets

Number of sent packets with the urgent pointer.

control packets

Number of sent control packets.

window probe packets

Number of sent window probe packets.

window update packets

Number of sent window update packets.

data packets

Number of sent data packets.

data packets retransmitted

Number of retransmitted data packets.

ACK only packets

Number of sent ACK only packets.

packets sent with MD5 Signature Option

Number of sent packets with MD5 Signature Option.

Other Statistics

Other statistics.

retransmitted timeout

Number of retransmission timeout packets.

connections dropped in retransmitted timeout

Number of disconnected connections during the retransmission timeout.

keepalive timeout

Number of Keepalive timeouts.

keepalive probe

Number of Keepalive probes.

keepalive timeout, so connections disconnected

Number of connections disconnected due to Keepalive timeout.

initiated connections

Number of initiated connections.

accepted connections

Number of accepted connections.

established connections

Number of established connections.

closed connections

Number of closed connections.

dropped

Number of disconnected connections.

initiated dropped

Number of initiated and disconnected connections.

display tcp ipv6 status

Function

The display tcp ipv6 status command displays the status of all TCP6 connections.

Format

display tcp ipv6 status [ local-ip ipv6-address ] [ local-port local-port-number ] [ remote-ip ipv6-address ] [ remote-port remote-port-number ]

display tcp ipv6 status [ task-id task-id [ sock-id sock-id ] ]

Parameters

Parameter Description Value
local-ip ipv6-address Displays the TCP6 connection status of the specified IPv6 address. ipv6-address specifies the IPv6 address of the local device. The value has 128 bits. It is represented as eight groups of four hexadecimal digits with the groups being separated by colons, in the format of X:X:X:X:X:X:X:X.
remote-ip ipv6-address Displays the TCP6 connection status of the specified IPv6 address. ipv6-address specifies the IPv6 address of the remote device. The value has 128 bits. It is represented as eight groups of four hexadecimal digits with the groups being separated by colons, in the format of X:X:X:X:X:X:X:X.
local-port local-port-number Displays the TCP6 connection status of the specified port number. local-port-number specifies the port number of the local device. The value is an integer that ranges from 0 to 65535.
remote-port remote-port-number Displays the TCP6 connection status of the specified port number. remote-port-number specifies the port number of the remote device. The value is an integer that ranges from 0 to 65535.
task-id task-id Displays the status of the TCP6 connection with the specified task ID. task-id specifies the task ID. The value is an integer that ranges from 1 to 200.
sock-id sock-id Displays the TCP6 connection status with the specified socket ID. sock-id specifies the socket ID. The value is an integer that ranges from 1 to 131072.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

You can run the display tcp ipv6 status command to view all valid TCP6 control blocks, including the following information:

  • TCP6 socket ID
  • Local IPv6 address and port number
  • Remote IPv6 address and port number
  • TCP6 connection status
  • VPN ID

To view the status of all valid TCP6 connections, run the display tcp ipv6 status [ local-ip ipv6-address ] [ local-port local-port-number ] [ remote-ip ipv6-address ] [ remote-port remote-port-number ] command.

To view the status of the TCP6 connection with a specified socket ID, run the display tcp ipv6 status [ task-id task-id [ sock-id sock-id ] ] command.

Precautions

If there is no TCP connection, no information is displayed.

Example

# Display the status of TCP6 connections.

<HUAWEI> display tcp ipv6 status
* - MD5 Authentication is enabled.                                              
# - Keychain Authentication is enabled.                                         
TCP6CB   TID/SoID  Local Address        Foreign Address      State        VPNID 
0efbc5cc 98/2      ::->23               ::->0                Listening    -1 
Table 6-80  Description of the display tcp ipv6 status command output

Item

Description

TCP6CB

Address of a TCP6 control block, in hexadecimal notation.

TID/SoID

Task ID and socket ID.

Local Address

Local IPv6 address and port number.

Foreign Address

Remote IPv6 address and port number.

State

Status of a TCP6 connection:
  • Closed: indicates that the TCP connection is closed.

  • Listening: indicates that the TCP connection is being listened on.

  • Syn_Rcvd: indicates that a TCP packet with the SYN flag is received.

  • Syn_Sent: indicates that a TCP packet with the SYN flag is sent.

  • Established: indicates that the TCP connection has been set up.

  • Close_Wait: indicates that a user host sends a packet with the FIN flag to the server, requesting the server to close the TCP connection in Established state. The server then sends an ACK packet to the user host after receiving the packet and enters the Close_Wait state.

  • Fin_Wait1: indicates that a user host sends a packet with the FIN flag to the server, requesting the server to close the TCP connection and enters the Fin_Wait1 state.

  • Fin_Wait2: indicates that a user host receives an ACK packet in a response to the sent packet with the FIN flag and enters the Fin_Wait2 state.

  • Time_Wait: indicates that TCP enters this state after the TCP connection is closed. When TCP has been in Time_Wait state two times the longest packet lifetime, records about the closed connection are deleted.

  • Closing: indicates that the two ends close the TCP connection simultaneously.

  • LAST_ACK: indicates that the local end waits for acknowledging the TCP connection teardown request sent to the remote end.

VPNID

VPN ID.

display this ipv6 interface

Function

The display this ipv6 interface command displays IPv6 information on the current interface.

Format

display this ipv6 interface

Parameters

None

Views

Interface view

Default Level

1: Monitoring level

Usage Guidelines

After an IPv6 address is configured in the interface view, you can run the display this ipv6 interface command to check IPv6 information on the interface.

Example

# Display IPv6 information on VLANIF10.

<HUAWEI> system-view
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] display this ipv6 interface
Vlanif10 current state : UP
IPv6 protocol current state : UP
IPv6 is enabled, link-local address is FE80::2E0:4AFF:FE3D:9801 [TENTATIVE]
  Global unicast address(es):
    FC00::1, subnet is FC00::/64 [TENTATIVE]
  Joined group address(es):
    FF02::1:FF00:1
    FF02::1:FF3D:9801
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  ND stale time is 1200 seconds 
  ND advertised reachable time is 0 milliseconds                                
  ND advertised retransmit interval is 0 milliseconds                           
  ND router advertisement max interval 600 seconds, min interval 200 seconds    
  ND router advertisements live for 1800 seconds                                
  ND router advertisements hop-limit 64                                         
  ND default router preference medium                                           
  Hosts use stateless autoconfig for addresses 

# Display IPv6 information on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 address fc00:1::1 64
[HUAWEI-GigabitEthernet1/0/1] display this ipv6 interface
GigabitEthernet1/0/1 current state : DOWN                                                                                          
IPv6 protocol current state : DOWN                                                                                                  
IPv6 is enabled, link-local address is FE80::225:9EFF:FEF4:ABCD [TENTATIVE]                                                         
  Global unicast address(es):                                                                                                       
    FC00:1::1, subnet is FC00:1::/64 [TENTATIVE]                                                                                    
  Joined group address(es):                                                                                                         
    FF02::1:FF00:1                                                                                                                  
    FF02::1:FFF4:ABCD                                                                                                               
    FF02::2                                                                                                                         
    FF02::1                                                                                                                         
  MTU is 1500 bytes                                                                                                                 
  ND DAD is enabled, number of DAD attempts: 1                                                                                      
  ND reachable time is 30000 milliseconds                                                                                           
  ND retransmit interval is 1000 milliseconds                                                                                       
  ND stale time is 1200 seconds 
  ND advertised reachable time is 0 milliseconds                                
  ND advertised retransmit interval is 0 milliseconds                           
  ND router advertisement max interval 600 seconds, min interval 200 seconds    
  ND router advertisements live for 1800 seconds                                
  ND router advertisements hop-limit 64                                         
  ND default router preference medium                                           
  Hosts use stateless autoconfig for addresses 
Table 6-81  Description of the display this ipv6 interface command output

Item

Description

Vlanif10 current state

Current physical status of VLANIF 10.

  • UP: enabled

  • DOWN: disabled

GigabitEthernet1/0/1 current state

Current physical status of GigabitEthernet1/0/1.

  • UP: enabled

  • DOWN: disabled

IPv6 protocol current state

Current protocol status of the interface.

  • UP: enabled

  • DOWN: disabled

link-local address

Link-local address on the interface.

After an IPv6 address is configured on the interface, the system automatically assigns a link-local address for the interface. To manually configure a link-local address for an interface, run the ipv6 address link-local command.

Global unicast address(es)

Global unicast address configured on the interface.

To configure a global unicast address for an interface, run the ipv6 address command.

Joined group address(es)

Addresses of all multicast groups that the interface joins.

TENTATIVE

When the interface is in DOWN state, the IPv6 address is TENTATIVE.

MTU

MTU of the interface.

To configure the MTU for an interface, run the ipv6 mtu command.

number of DAD attempts

Number of times duplicate address detection is performed.

ND reachable time

Neighbor reachable time.

ND retransmit interval

Retransmission interval.

ND stale time

Aging time of ND entries in STALE state.

ND advertised reachable time

Reachable time of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND advertised retransmit interval

Retransmission interval of NA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisement max interval 600 seconds, min interval 200 seconds

Maximum and minimum interval of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements live for

Router lifetime in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND router advertisements hop-limit

Hop limit of RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

ND default router preference

Default route priority in RA packets.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

Hosts use stateless autoconfig for addresses

Hosts obtain IPv6 addresses by means of stateless auto-configuration.

NOTE:

This field is displayed only after the undo ipv6 nd ra halt command is executed on the interface.

display udp ipv6 statistics

Function

The display udp ipv6 statistics command displays UDP6 packet statistics.

Format

display udp ipv6 statistics

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The User Datagram Protocol (UDP) is a simple protocol that exchanges packets on the Internet. You can run the display udp ipv6 statistics command to view statistics about sent and received UDP6 packets.

Precautions

The total number of packets received by the device includes the number of forwarded packets, number of packets delivered by the device to the upper layer, and number of discarded packets.

Example

# Display UDP6 packet statistics.

<HUAWEI> display udp ipv6 statistics
Received packets:
     total: 0
     total(64bit high-capacity counter): 0
     checksum error: 0
     shorter than header: 0
     invalid message length: 0
     no socket on port: 0
     no multicast port: 0
     not delivered, input socket full: 0
     input packets missing pcb cache: 0
     packets sent for external pre processing: 1

Sent packets:
     total: 0
     total(64bit high-capacity counter): 0
Table 6-82  Description of the display udp ipv6 statistics command output

Item

Description

Received packets

Number of received packets.

total

Total number of received and sent packets.

total(64bit high-capacity counter)

Total number of packets counted by the 64-bit high-capacity counter.

checksum error

Total number of packets with invalid checksum.

shorter than header

Total number of UDP6 packets with the length shorter than the packet header.

invalid message length

Total number of packets whose data length is longer than the packet length.

no socket on port

Number of packets without corresponding sockets on the interface.

no multicast port

Number of received packets carrying nonexistent multicast interfaces.

not delivered, input socket full

Number of unprocessed packets when the buffer is full.

input packet missing pcb cache

Number of received packets failing to find the PCB cache.

packets sent for external pre processing

Number of received packets for external preprocessing.

Sent packets

Number of sent packets.

eth-trunk (tunnel interface view)

Function

The eth-trunk command associates a specified tunnel interface with an Eth-Trunk interface enabled with service loopback.

The undo eth-trunk command disassociates a specified tunnel interface from an Eth-Trunk interface enabled with service loopback.

Format

eth-trunk trunk-id

undo eth-trunk

Parameters

Parameter

Description

Value

trunk-id

Specifies the ID of an Eth-Trunk interface associated with the tunnel interface.

-

Views

Tunnel interface view

Default Level

2: Configuration level

Usage Guidelines

Before associating a specified tunnel interface with an Eth-Trunk interface, run the service type tunnel command to enable service loopback on the Eth-Trunk interface.

Example

# Associate Tunnel1 with the Eth-Trunk interface enabled with service loopback.

<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] eth-trunk 1

ipv6

Function

The ipv6 command enables the device to forward IPv6 unicast packets, including sending and receiving local IPv6 packets.

The undo ipv6 command disables the device from forwarding IPv6 unicast packets.

By default, a device is disabled from forwarding IPv6 unicast packets.

Format

ipv6

undo ipv6

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You must run the ipv6 command in the system view before performing IPv6 configurations.

NOTE:

The undo ipv6 command disables the device from forwarding IPv6 unicast packets. Therefore, confirm your action before running this command.

When system resources are insufficient, the ipv6 command does not take effect and an alarm is generated . The alarm ID is 1.3.6.1.4.1.2011.5.25.227.2.1.7.

Example

# Enable the device to forward IPv6 unicast packets.

<HUAWEI> system-view
[HUAWEI] ipv6

# Disable the device from forwarding IPv6 unicast packets.

<HUAWEI> system-view
[HUAWEI] undo ipv6
Warning: This operation will interrupt all IPv6 services. Continue?[Y/N]:y

ipv6 address

Function

The ipv6 address command configures a global unicast address for an interface.

The ipv6 address dhcpv6-prefix command configures an IPv6 address bound to the DHCPv6 PD prefix for an interface.

The undo ipv6 address command deletes a global unicast address from an interface.

The undo ipv6 address dhcpv6-prefix command deletes the IPv6 address bound to the DHCPv6 PD prefix for an interface.

By default, no global unicast address is configured for an interface.

By default, no IPv6 address bound to the DHCPv6 PD prefix is configured for an interface.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

ipv6 address dhcpv6-prefix { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]

undo ipv6 address dhcpv6-prefix

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of an interface. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length

Specifies the prefix length of an IPv6 address.

An IPv6 address with a 128-bit prefix can be configured only on a loopback interface.

The value is an integer that ranges from 1 to 128.
dhcpv6-prefix Specifies the prefix assigned to a DHCPv6 PD client. The value must be an existing prefix assigned to a DHCPv6 PD client.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A global unicast address is similar to an IPv4 public network address. Global unicast addresses are used on the links that can be summarized, and are provided for the Internet Service Providers (ISPs). These addresses allow route prefix summarization, limiting global routing entries. A global unicast address consists of a 48-bit route prefix managed by carriers, a 16-bit subnet ID managed by local nodes, and a 64-bit interface ID.

The switch is required to function as a DHCPv6 PD client and obtain an IPv6 address prefix from the DHCPv6 PD server. You can run the ipv6 address dhcpv6-prefix { ipv6-address prefix-length | ipv6-address/prefix-length } command to configure an IPv6 address is bound to the DHCPv6 PD prefix.After you run this command, the switch uses the prefix assigned to the DHCPv6 PD client and the IPv6 address to form an RA prefix for the interface only when the switch functions as a DHCPv6 PD client and obtains a prefix. The prefix must be a 64-digit number. If not, the host cannot use this prefix for automatic assignment of IPv6 addresses.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The following conditions are prohibited for different interfaces on the same switch:
  • The IPv6 addresses are the same.
  • The network prefixes of the IPv6 addresses are the same. For example, if the IPv6 address of interface A is 2001:db8::1/12 and its network prefix is 200:: and the IPv6 address of interface B is 2001:db8::1/127 and its network prefix is 2001:db8::, the configuration succeeds. If the IPv6 address of interface B is also 2002:db8::1/12 and its network prefix is also 200::, the configuration fails.

A maximum of 10 global unicast addresses can be configured for an interface.

An IPv6 address with a 128-bit prefix can be configured only on a loopback interface.

The following IPv6 addresses cannot be configured for an interface:

  • Loopback address (::1/128)

  • Unspecified address (::/128)

  • Multicast address

  • IPv4-mapped IPv6 address (0:0:0:0:0:FFFF:IPv4-address)

A 128-bit IPv6 address has two formats:
  • X:X:X:X:X:X:X:X

    In this format, a 128-bit IPv6 address is written as eight groups of four hexadecimal digits (0 to 9, A to F), where each group is separated by a colon (:). Every X represents a group of hexadecimal numbers.

  • X:X:X:X:X:X:d.d.d.d

    In this format, "X:X:X:X:X:X" represent the high-order six groups of numbers, and each X stands for 16 bits that are represented by four hexadecimal characters. "d.d.d.d" represents the low-order four groups of numbers, and each d stands for 8 bits that are represented by decimal numbers. "d.d.d.d" stands for a standard IPv4 address.

An IPv6 address has two parts:
  • Network prefix: corresponds to the network ID of an IPv4 address. It is of n bits.
  • Interface identifier: corresponds to the host ID of an IPv4 address. It is of 128-n bits.

If the ipv6 address command has been run to configure an IPv6 address for an interface, but no link-local address is configured for the interface, the system generates a link-local address for the interface.

If no parameter (IPv6 address or prefix length) is specified in the undo ipv6 address command, running the undo ipv6 address command deletes all IPv6 addresses.

Example

# Configure a global unicast address for VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 address fc00::1/64

# Configure a global unicast address for GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 address fc00::1/64

# Configure an IPv6 address bound to the DHCPv6 PD prefix for VLANIF100.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 address prefix1 ::1:0:0:0:1/64

ipv6 address anycast

Function

The ipv6 address anycast command configures an IPv6 anycast address.

The undo ipv6 address command deletes an IPv6 anycast address.

By default, no IPv6 anycast address is configured.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast

undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]

Parameters

Parameter Description Value
ipv6-address

Specifies an IPv6 address.

The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length

Specifies the prefix length of an IPv6 address.

The value is an integer that ranges from 1 to 128.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An anycast address identifies a group of interfaces, which usually belong to different nodes. Packets sent to an anycast address are delivered to the nearest interface that is identified by the anycast address, depending on the routing protocols.

To implement communication between a 6to4 network and a local (native) IPv6 network using a 6to4 tunnel, configure an anycast address with prefix fc00:c058:6301:: for the tunnel interface of a 6to4 relay agent. If an anycast address is used, you need to configure the same address for the tunnel interfaces of all devices. In this manner, the number of addresses is reduced.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If no parameter is specified in the undo ipv6 address command, all IPv6 addresses except link-local addresses are deleted.

An anycast address cannot be used as the source address of a packet. Therefore, a global unicast address must be configured when a device needs to send packets.

An IPv6 address with a 128-bit prefix can be configured only on a loopback interface.

Example

# Configure anycast address fc00:c058:6301::/48 for VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 address fc00:c058:6301:: 48 anycast

# Configure anycast address fc00:c058:6301::/48 for GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 address fc00:c058:6301:: 48 anycast

ipv6 address auto global

Function

The ipv6 address auto global command enables a device to generate an IPv6 global address through stateless autoconfiguration.

The undo ipv6 address auto global command disables a device from generating an IPv6 global address through stateless autoconfiguration.

By default, the device is disabled from generating an IPv6 global address through stateless autoconfiguration.

Format

ipv6 address auto global [ default ]

undo ipv6 address auto global

Parameters

Parameter Description Value
default

Indicates that the device learns the default route.

-

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the ipv6 address auto global command is run, a device automatically generates an IPv6 global unicast address on the interface that receives a RA packet. The generated IPv6 address contains the address prefix in the received RA packet and interface identifier of the device. If the device does not receive RA packets, the device can only automatically configure a link-local address to interconnect with local nodes.

After the ipv6 address auto global default command is run, a device generates an IPv6 address based on the received RA packet and learns the source address in the RA packet. The device then uses the source IPv6 address as the next hop address of the default IPv6 route.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 address auto global command is run, if an interface receives a new RA packet, a new IPv6 address is generated for the interface based on the received RA packet, but the default routes learned by the interface are not deleted.

If an interface has been configured with an IPv6 address, the original IPv6 address is not deleted after the interface receives an RA packet and generates a new IPv6 address. If the interface receives no RA packet and the generated IPv6 address expires, the interface deletes the generated IPv6 address and uses the original IPv6 address.

A device learns a maximum of three default routes based on RA packets. New routes cannot override the existing three routes, and extra routes will be discarded. If multiple default routes have the same priority, packets are forwarded in load balancing mode.

Example

# Enable a device to generate an IPv6 global address through stateless autoconfiguration on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 address auto global

# Enable a device to generate an IPv6 global address through stateless autoconfiguration on interface GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 address auto global

ipv6 address eui-64

Function

The ipv6 address eui-64 command configures a global unicast address in EUI-64 format for an interface.

The undo ipv6 address eui-64 command deletes a global unicast address in EUI-64 format from an interface.

By default, no global unicast address in EUI-64 format is configured for an interface.

Format

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of an interface. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 1 to 128.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In IPv6, any IPv6 unicast address needs an interface identifier. The interface identifier is globally unique, similar to a 48-bit MAC address.

The interface identifier of an IPv6 host address uses the IEEE EUI-64 format. A 64-bit interface identifier is generated based on an existing MAC address; therefore, such an interface identifier is globally unique. These 64-bit interface identifiers are globally valid for addressing and uniquely identify each network interface.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The following conditions are prohibited for different interfaces on the same switch:
  • The IPv6 addresses are the same.
  • The network prefixes of the IPv6 addresses are the same. For example, if the IPv6 address of interface A is 2001:db8::1/12 and its network prefix is 200:: and the IPv6 address of interface B is 2001:db8::1/127 and its network prefix is 2001:db8::, the configuration succeeds. If the IPv6 address of interface B is also 2002:db8::1/12 and its network prefix is also 200::, the configuration fails.

A maximum of 10 global unicast addresses can be configured for an interface.

The following IPv6 addresses in EUI-64 format cannot be configured for an interface:

  • Loopback address (::1/128)

  • Unspecified address (::/128)

  • Multicast address

  • IPv4-mapped IPv6 address (0:0:0:0:0:FFFF:IPv4-address)

The ipv6 address command is used to specify a 128–bit IPv6 address. Using the ipv6 address eui-64 command, you can specify the high-order 64 bits of an IPv6 address. The low-order 64 bits of an IPv6 address are automatically generated in the EUI-64 format. Even when the low-order 64 bits are manually specified, the automatically generated ones will override them.

Example

# Configure an IPv6 address in EUI-64 format for VLANIF 2.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 2
[HUAWEI-Vlanif2] ipv6 enable
[HUAWEI-Vlanif2] ipv6 address fc00::1/64 eui-64

# Configure an IPv6 address in EUI-64 format for GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 address fc00::1/64 eui-64

ipv6 enable (interface view)

Function

The ipv6 enable command enables the IPv6 function on an interface.

The undo ipv6 enable command disables the IPv6 function on an interface.

By default, the IPv6 function is disabled on an interface.

Format

ipv6 enable

undo ipv6 enable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

You can perform IPv6 configurations on an interface only when the interface has the IPv6 function enabled.

Prerequisites

The ipv6 command has been run in the system view.

Follow-up Procedure

Configure IPv6 addresses and ND parameters. ND parameters include the M flag, O flag, RA halt flag, interval for sending RA packets, lifetime of RA packets, interval for sending NS packets, DAD counts, period during which the IPv6 neighbor keeps reachable, prefix carried in the RA packet, and static ND entries.

Precautions

After the IPv6 function is disabled on an interface, IPv6 configurations on the interface are deleted.
  • After the IPv6 function is disabled on an interface, IPv6 addresses of the interface are deleted and IPv6 commands cannot be configured on the interface.
  • After the IPv6 function is disabled on an interface, IS-IS IPv6 and RIPng are disabled on the interface. That is, the isis ipv6 enable and ripng enable commands become ineffective.

When system resources are insufficient, the ipv6 enable command does not take effect and an alarm is generated . The alarm ID is 1.3.6.1.4.1.2011.5.25.227.2.1.22.

Example

# Enable the IPv6 function on VLANIF10.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] ipv6 enable

# Enable the IPv6 function on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
Related Topics

ipv6 icmp-error

Function

The ipv6 icmp-error command sets the rate limit for sending ICMPv6 error packets.

The undo ipv6 icmp-error command restores the default rate limit for sending ICMPv6 error packets.

By default, the size of the token buckets is 10 and the limit rate is 100 milliseconds.

Format

ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

undo ipv6 icmp-error

Parameters

Parameter Description Value
bucket bucket-size Specifies the maximum number of tokens the bucket can hold. The value is an integer that ranges from 1 to 200. The default value is 10, which is recommended.
ratelimit interval Specifies the interval for placing tokens into the bucket. The value is an integer that ranges from 0 to 2147483647, in milliseconds. The default value is 100, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a network is not attacked, a routing device can correctly send ICMPv6 error packets to notify other devices of exceptions in packet transmission. If an attacker frequently sends ICMPv6 packets to network devices, the network devices will be busy responding with ICMPv6 packets. This affects system throughput and CPU usage. To prevent the system from sending a great number of ICMPv6 packets, run the ipv6 icmp-error command to limit the rate at which ICMPv6 packets are sent.

The token bucket algorithm is used to count ICMPv6 packets. One token represents an ICMPv6 error packet. The system places tokens into the virtual bucket at a certain interval until the number of tokens in the bucket reaches the upper limit. Once the number of ICMPv6 packets exceeds the maximum number of tokens that the bucket can contain, excess packets are discarded. You can limit the rate at which ICMPv6 packets are sent by setting the bucket size and the interval for placing tokens into the bucket.

Precautions

If you run the ipv6 icmp-error command multiple times, only the latest configuration takes effect.

If the interval for placing tokens into the bucket is 0, there is no limit on the interval.

Example

# Set the rate limit for sending ICMPv6 error packets to 100.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error ratelimit 100

# Set the bucket size of ICMPv6 to 50.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error bucket 50

# Set the rate limit for sending ICMPv6 error packets to 100 and the bucket size to 50.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error bucket 50 ratelimit 100

ipv6 icmp blackhole unreachable send

Function

The ipv6 icmp blackhole unreachable send command enables the switch to send a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

The undo ipv6 icmp blackhole unreachable send command disables the switch from sending a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

By default, the switch is disabled from sending a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

Format

ipv6 icmp blackhole unreachable send

undo ipv6 icmp blackhole unreachable send

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If static IPv6 blackhole routes are configured on the switch configured with the user access and authentication function, when a user goes offline, only the IPv6 blackhole route corresponding to the user's address segment exists on the switch. When a tracert packet matches the IPv6 blackhole route, the switch discards the packet. As a result, an initiator cannot detect that the user has gone offline.

After you run the ipv6 icmp blackhole unreachable send command, the switch sends a Destination Unreachable ICMP packet to an initiator, notifying the initiator that the user has gone offline if a user goes offline and a tracert packet matches the IPv6 blackhole route.

Pre-configuration Tasks

Static IPv6 blackhole routes have been configured on the switch.

Example

# Enable the switch to send a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp blackhole unreachable send

ipv6 icmp port-unreachable send

Function

The ipv6 icmp port-unreachable send command enables an interface to send ICMPv6 Port Unreachable messages.

The undo ipv6 icmp port-unreachable send command disables the function.

By default, the enabling status of the function that the interface sends ICMPv6 Port Unreachable messages is the same as that of the function that the system sends ICMPv6 Port Unreachable messages.

Format

ipv6 icmp port-unreachable send

undo ipv6 icmp port-unreachable send

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a router receives a TCP6/UDP6 packet but cannot find the corresponding socket entry, the router replies with an ICMPv6 Port Unreachable message. This ICMPv6 error message carries the IPv6 address of the router as its source IPv6 address, which exposes the IPv6 address of the router and brings security risks. If the router is attacked by flooding packets, the router keeps replying with ICMPv6 Port Unreachable messages, causing high CPU usage and affecting device performance. To address this problem, run the undo ipv6 icmp port-unreachable send command on the inbound interface of ICMPv6 packets to disable the transmission of ICMPv6 Port Unreachable message.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Example

# Enable VLANIF100 to send ICMPv6 Port Unreachable messages.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 icmp port-unreachable send

# Enable interface GE1/0/1 to send ICMPv6 Port Unreachable messages.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 icmp port-unreachable send

ipv6 icmp hop-limit-exceeded send

Function

The ipv6 icmp hop-limit-exceeded send command enables an interface to send ICMPv6 Hop Limit Exceeded messages.

The undo ipv6 icmp hop-limit-exceeded send command disables the function.

By default, the enabling status of the function that the interface sends ICMPv6 Hop Limit Exceeded messages is the same as that of the function that the system sends ICMPv6 Hop Limit Exceeded messages.

Format

ipv6 icmp hop-limit-exceeded send

undo ipv6 icmp hop-limit-exceeded send

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

If a router receives a packet with a hop limit of 1, it replies with an ICMPv6 Hop Limit Exceeded message. This ICMPv6 error message carries the IPv6 address of the router as its source IPv6 address, which exposes the IPv6 address of the router and brings security risks. If the router is attacked by flooding packets, the router keeps replying with ICMPv6 Hop Limit Exceeded messages, causing high CPU usage and affecting device performance. To address this problem, run the undo ipv6 icmp hop-limit-exceeded send command on the inbound interface of ICMPv6 packets to disable the transmission of ICMPv6 Hop Limit Exceeded messages.

Example

# Disable VLANIF100 from sending ICMPv6 Hop Limit Exceeded messages.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] undo ipv6 icmp hop-limit-exceeded send

# Disable interface GE1/0/1 from sending ICMPv6 Hop Limit Exceeded messages.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] undo ipv6 icmp hop-limit-exceeded send

ipv6 icmp receive

Function

The ipv6 icmp receive command enables the system to receive ICMPv6 packets.

The undo ipv6 icmp receive command disables the system from receiving ICMPv6 packets.

By default, the system receives ICMPv6 packets.

Format

ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

Parameters

Parameter Description Value
icmpv6-type Specifies the type of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-code Specifies the code of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-name Specifies the name of ICMPv6 packets. ICMPv6 packets are classified into the following types:
  • echo: Echo packet
  • echo-reply: Echo Reply packet
  • err-header-field: Packet with an error header
  • frag-time-exceeded: Fragmentation Timeout packet
  • hop-limit-exceeded: Packet whose hop count exceeds the limit
  • host-admin-prohib: Packet that is rejected by a host
  • host-unreachable: ICMPv6 Host Unreachable packet
  • neighbor-advertisement: Neighbor Advertisement packet
  • neighbor-solicitation: Neighbor Solicitation packet
  • network-unreachable: ICMPv6 Network Unreachable packet
  • packet-too-big: Packet Too Big packet
  • port-unreachable: ICMPv6 Port Unreachable packet
  • redirect: Redirected packets
  • router-advertisement: Router Advertisement packet
  • router-solicitation: Router Solicitation packet
  • unknown-ipv6-opt: Error packet with unknown options
  • unknown-next-hdr: Error packet with unknown next header
all Indicates all ICMPv6 packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the network is in good performance, devices can receive a proper number of ICMPv6 packets. However, when network traffic load is heavy, host unreachable or port unreachable events frequently occur, the devices receive a large number of ICMPv6 packets, which burdens the network and degrades device performance. In addition, attackers may use ICMPv6 error packets to probe the internal network topology.

To improve network performance and security, run the undo ipv6 icmp receive command to disable the system from receiving ICMPv6 Echo Reply packets, Host Unreachable packets, and Port Unreachable packets.

Precautions

When the network is in good performance again, you can run the ipv6 icmp receive command to enable the system to receive ICMPv6 packets.

After the undo ipv6 icmp receive command is run, a main interface is disabled from processing ICMPv6 packets, and the system does not collect statistics about ICMP Echo Reply packets, Host Unreachable packets, and Port Unreachable packets. Only statistics about discarded packets are collected.

Example

# Disable the system from receiving ICMPv6 Echo packets.

<HUAWEI> system-view
[HUAWEI] undo ipv6 icmp echo receive

ipv6 icmp send

Function

The ipv6 icmp send command enables the system to send ICMPv6 packets.

The undo ipv6 icmp send command disables the system from sending ICMPv6 packets.

By default, the system is enabled to send ICMPv6 packets.

Format

ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

Parameters

Parameter Description Value
icmpv6-type Specifies the type of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-code Specifies the code of ICMPv6 packets.

The value is an integer that ranges from 0 to 255.

icmpv6-name Specifies the name of ICMPv6 packets. ICMPv6 packets are classified into the following types:
  • echo: Echo packet
  • echo-reply: Echo Reply packet
  • err-header-field: Packet with an error header
  • frag-time-exceeded: Fragmentation Timeout packet
  • hop-limit-exceeded: Packet whose hop count exceeds the limit
  • host-admin-prohib: Packet that is rejected by a host
  • host-unreachable: ICMPv6 Host Unreachable packet
  • neighbor-advertisement: Neighbor Advertisement packet
  • neighbor-solicitation: Neighbor Solicitation packet
  • network-unreachable: ICMPv6 Network Unreachable packet
  • packet-too-big: Packet Too Big packet
  • port-unreachable: ICMPv6 Port Unreachable packet
  • redirect: Redirected packets
  • router-advertisement: Router Advertisement packet
  • router-solicitation: Router Solicitation packet
  • unknown-ipv6-opt: Error packet with unknown options
  • unknown-next-hdr: Error packet with unknown next header
all Indicates all ICMPv6 packets.

-

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the network is in good performance, routing devices can send or receive ICMPv6 packets. However, when network traffic load is heavy, host unreachable or port unreachable events frequently occur, the routing devices send a large number of ICMPv6 packets, which burdens the network and degrades the performance of the routing devices. In addition, attackers may use ICMPv6 error packets to probe the internal network topology.

To improve network performance and security, run the undo ipv6 icmp send command to disable the system from sending ICMPv6 packets.

Precautions

When the network is in good performance again, you can run the ipv6 icmp send command to enable the system to send ICMPv6 packets.

Example

# Disable the system from sending all ICMPv6 packets packets.

<HUAWEI> system-view
[HUAWEI] undo ipv6 icmp all send

ipv6 icmp too-big-rate-limit

Function

The ipv6 icmp too-big-rate-limit command enables a device to limit oversized ICMPv6 error packets.

The undo ipv6 icmp too-big-rate-limit command disables a device from limiting oversized ICMPv6 error packets.

By default, a device limit oversized ICMPv6 error packets.

Format

ipv6 icmp too-big-rate-limit

undo ipv6 icmp too-big-rate-limit

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

When a host sends a large number of packets in a path with a small MTU, it may receive a large number of ICMPv6 error packets, affecting the processing of valid packets. This command limits the number of ICMPv6 error packets, ensuring host performance.

Example

# Enable the device to limit oversized ICMPv6 error packets.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp too-big-rate-limit

ipv6 mtu

Function

The ipv6 mtu command sets the MTU on the interface for sending IPv6 packets.

The undo ipv6 mtu command restores the default MTU of IPv6 packets on an interface.

By default, the MTU of IPv6 packets on an interface is 1500 bytes.

NOTE:

This command takes effect on X series cards except X1E, X5E, X5H, and X5S cards.

Format

ipv6 mtu mtu

undo ipv6 mtu

Parameters

Parameter Description Value
mtu Specifies the MTU value.
  • For GE interfaces, GE sub-interfaces, XGE interfaces, XGE sub-interfaces, tunnel interfaces, and VLANIF interfaces, the value is an integer that ranges from 1280 to 9600, in bytes.
  • For other interfaces, the value is an integer that ranges from 1280 to 1500, in bytes.

The default value is 1500.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If the traffic processing capability of a link connecting the source and destination ends changes, you can use this command to set the MTU of IPv6 packets on an interface. If the packet length is larger than the IPv6 MTU of the interface, the system fragments the packet based on the configured MTU value before forwarding the packet.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

The directly-connected interfaces must be configured with the same IPv6 MTU values.

Example

# Set the MTU of IPv6 packets on VLANIF2 to 1280 bytes.

<HUAWEI> system-view 
[HUAWEI] ipv6
[HUAWEI] interface vlanif 2 
[HUAWEI-Vlanif2] ipv6 enable 
[HUAWEI-Vlanif2] ipv6 mtu 1280

# Set the MTU of IPv6 packets on GE1/0/1 to 1280 bytes.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 mtu 1280

ipv6 nd autoconfig managed-address-flag

Function

The ipv6 nd autoconfig managed-address-flag command sets the M flag of stateful autoconfiguration in an RA packet.

The undo ipv6 nd autoconfig managed-address-flag command deletes the M flag of stateful autoconfiguration in an RA packet.

By default, the "managed address configuration" flag (M flag) is not set in the RA message.

Format

ipv6 nd autoconfig managed-address-flag

undo ipv6 nd autoconfig managed-address-flag

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • If the M flag is set, a host obtains an IPv6 address through stateful autoconfiguration.
  • If the M flag is not set, a host uses stateless autoconfiguration to obtain an IPv6 address, that is, the host generates an IPv6 address based on the prefix information in the RA packet.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 nd autoconfig managed-address-flag command is run, a host can obtain configurations (excluding an IPv6 address) such as the router lifetime, neighbor reachable time, retransmission interval, and PMTU by means of stateful autoconfiguration even if the ipv6 nd autoconfig other-flag command is not run.

After the display ipv6 interface command is run, the command output shows that the attached hosts obtain IPv6 addresses through stateful autoconfiguration or stateless autoconfiguration.

Example

# Set the M flag of stateful autoconfiguration in an RA packet on VLANIF2.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 2
[HUAWEI-Vlanif2] ipv6 enable
[HUAWEI-Vlanif2] ipv6 nd autoconfig managed-address-flag

# Set the M flag of stateful autoconfiguration in an RA packet on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd autoconfig managed-address-flag

ipv6 nd autoconfig other-flag

Function

The ipv6 nd autoconfig other-flag command sets the "other configuration" flag (O flag) of stateful autoconfiguration in an RA packet.

The undo ipv6 nd autoconfig other-flag command deletes the O flag of stateful autoconfiguration in an RA packet.

By default, the O flag is not set in the RA packet.

Format

ipv6 nd autoconfig other-flag

undo ipv6 nd autoconfig other-flag

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • If the O flag is set, a host uses stateful autoconfiguration to obtain other configuration parameters (excluding an IPv6 address), including the router lifetime, neighbor reachable time, retransmission interval, and PMTU.
  • If the O flag is not set, a host uses stateless autoconfiguration to obtain other configuration parameters, including the router lifetime, neighbor reachable time, retransmission interval, and PMTU. That is, the host obtains other configuration parameters through the RA packet advertised by routers.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After the ipv6 nd autoconfig managed-address-flag command is run, a host can obtain other configurations (excluding IPv6 addresses) using stateful autoconfiguration even if the ipv6 nd autoconfig other-flag command is not run.

Example

# Set the O flag of stateful autoconfiguration on VLANIF2.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 2
[HUAWEI-Vlanif2] ipv6 enable
[HUAWEI-Vlanif2] ipv6 nd autoconfig other-flag

# Set the O flag of stateful autoconfiguration on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd autoconfig other-flag

ipv6 nd dad attempts

Function

The ipv6 nd dad attempts command sets the number of times NS packets are sent when the system performs Duplicate Address Detection (DAD).

The undo ipv6 nd dad attempts command restores the default value.

By default, the number of times NS packets are sent when the system performs DAD is 1.

Format

ipv6 nd dad attempts value

undo ipv6 nd dad attempts

Parameters

Parameter Description Value
value Specifies the number of times NS packets are sent when the system performs DAD. The value is an integer that ranges from 0 to 600. The default value is 1, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When you configure an IPv6 address (a global unicast address or a link-local address) for an interface, check whether other interfaces connected to this interface have used the IPv6 address to be configured to prevent address conflicts. The default number of detection times is recommended. If there is a long link delay, you can increase the number of detection times. When a loopback address is configured for an interface, the loopback address may fail the address conflict detection. In this case, you can set the number of detection times to 0 to disable detection, allowing the loopback address to be used.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If the number of times NS packets are sent when the system performs DAD is set 0, DAD is prohibited.

If the physical link connected to an interface fails, DAD cannot be performed on the interface.

If the ipv6 nd dad attempts command has been run, running the ipv6 nd ra command will change the number of configured detection times.

DAD transmits node configuration variables. The system automatically determines the time to send neighbor request messages while DAD is performed to detect a tentative unicast IPv6 address.

Example

# Set the number of times NS packets are sent when the system performs DAD to 20 on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd dad attempts 20

# Set the number of times NS packets are sent when the system performs DAD to 20 on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd dad attempts 20

ipv6 nd hop-limit

Function

The ipv6 nd hop-limit command sets hop limit for IPv6 unicast packets initially sent by a device.

The undo ipv6 nd hop-limit command restores the hop limit for IPv6 unicast packets to the default value.

By default, the IPv6 unicast packets initially sent by a device can travel 64 hops.

Format

ipv6 nd hop-limit limit

undo ipv6 nd hop-limit

Parameters

Parameter Description Value
limit Specifies the hop limit. The value is an integer that ranges from 1 to 255. The default value is 64, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A hop limit on a device provides the following functions:

  • Limiting the number of hops through which IPv6 unicast packets are allowed to travel.

  • Functioning as a parameter in an RA packet to help a host automatically configure a hop limit (a limit on the number of hops through which IPv6 unicast packets initially sent by a host are allowed to travel).

Precautions

The hop limit for unicast packets is set using the ipv6 nd hop-limit command in the system view.

The hop limit for RA packets depends on the configuration of the ipv6 nd hop-limit command in the system view and the configuration of the ipv6 nd ra hop-limit command in the interface view.
  • If the hop limit for RA packets is not set in the interface view or in the system view, the hop limit for RA packets is 64 by default.
  • If the hop limit for RA packets is not set in the interface view, the value set using the ipv6 nd hop-limit command in the system view is used as the hop limit for RA packets.
  • If the ipv6 nd ra hop-limit command is run in the interface view, the configuration in the interface view takes effect, no matter whether the hop limit is set in the system view.

The hop limit set for IPv6 unicast packets is the same as that set for RA packets. In the following cases, however, the hop limit for IPv6 unicast packets is 64, while the hop limit for RA packets is 0.

  • No hop limit is set for IPv6 unicast packets. The default value takes effect.
  • The undo ipv6 nd hop-limit command is run to restore the default hop limit set for IPv6 unicast packets.

After a host receives an RA packet with the hop limit of 0, it sets its hop limit to the default value 64, consistent with the default hop limit on the device.

Example

# Set the hop limit for IPv6 unicast packets initially sent by a device to 100.

<HUAWEI> system-view
[HUAWEI] ipv6 nd hop-limit 100

ipv6 nd learning strict

Function

The ipv6 nd learning strict command enables IPv6 neighbor discovery (ND) strict learning.

The undo ipv6 nd learning strict command disables IPv6 ND strict learning.

By default, IPv6 ND strict learning is disabled.

Format

In the system view:

ipv6 nd learning strict

undo ipv6 nd learning strict

In the interface view:

ipv6 nd learning strict { force-disable | force-enable | trust }

undo ipv6 nd learning strict

Parameters

Parameter Description Value
force-disable Disables IPv6 ND strict learning forcibly. -
force-enable Enables IPv6 ND strict learning forcibly. -
trust Inherits the global setting of IPv6 ND strict learning. -

Views

VLANIF interface view, VBDIF interface view, Eth-Trunk interface view, Eth-Trunk sub-interface view, system view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Generally, a device uses neighbor advertisement (NA) packets to establish neighbor entries. Run the ipv6 nd learning strict command to enable IPv6 ND strict learning. After you enable IPv6 ND strict learning on a device, the device uses NA packets only in response to neighbor solicitation (NS) packets to establish neighbor entries.

Prerequisites

Before using the ipv6 nd learning strict command to enable IPv6 neighbor discovery (ND) strict learning on an interface, ensure that the IPv6 function has been enabled on the interface using the ipv6 enable command.

Precautions

Before running this command in an Eth-Trunk view, run the undo portswitch command to switch the Eth-Trunk to a Layer 3 interface.

After you run the ipv6 nd learning strict command on a device, the device synchronizes fake entries. Synchronizing a large number of fake entries affects device performance. Therefore, you are advised to use the command only for protocol consistency tests.

Example

# Enable IPv6 ND strict learning globally.

<HUAWEI> system-view
[HUAWEI] ipv6 nd learning strict

# Enable IPv6 ND strict learning on VLANIF 100 forcibly.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd learning strict force-enable

ipv6 nd neighbor-limit

Function

The ipv6 nd neighbor-limit command configures the maximum number of dynamic neighbor entries that can be learned by an interface.

The undo ipv6 nd neighbor-limit command restores the default maximum number of dynamic neighbor entries that can be learned by an interface.

By default, the S12700 allows an interface to learn a maximum of 128000 dynamic neighbor entries.

Format

ipv6 nd neighbor-limit limit-number

undo ipv6 nd neighbor-limit

Parameters

Parameter Description Value
limit-number Specifies the maximum number of dynamic neighbor entries that can be learned by a specified interface.
The value is an integer.
  • The value ranges from 2 to 128000 for the S12700.

Views

VLANIF interface view, VBDIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an interface learns too many neighbor entries, the processing load for the device will be increased and the performance of the device will be degraded. You can run the ipv6 nd neighbor-limit command to configure the maximum number of dynamic neighbor entries that can be learned by a specified interface.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command.

Example

# Set the maximum number of dynamic neighbor entries that can be learned by the VLANIF100 interface to 10.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd neighbor-limit 10

ipv6 nd ns multicast-enable

Function

The ipv6 nd ns multicast-enable command enables a termination sub-interface to send NS multicast packets.

The undo ipv6 nd ns multicast-enable command disables a termination sub-interface from sending NS multicast packets.

By default, a termination sub-interface is disabled from sending NS multicast packets.

Format

ipv6 nd ns multicast-enable

undo ipv6 nd ns multicast-enable

Parameters

None

Views

GE sub-interface view, XGE sub-interface view, 40GE sub-interface view, 100GE sub-interface view, Eth-Trunk sub-interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A termination sub-interface can send NS multicast packets to actively learn ND entries or respond to NS packets to passively learn ND entries.

When a termination sub-interface needs to send multicast NS packets to learn ND entries but there is no corresponding ND entry, you need to run this command to enable a termination sub-interface to send NS multicast packets.

Prerequisites

Run the ipv6 enable command in the sub-interface view to enable IPv6 on a termination sub-interface.

Run the dot1q termination vid command in the sub-interface view to set the single VLAN ID for Dot1q termination. Or run the qinq termination pe-vid ce-vid command in the sub-interface view to configure a QinQ termination sub-interface to terminate double VLAN tags.

Precautions

  • If this command is not run on the termination sub-interface, the system discards the NS multicast packets.

  • If this command is run on the termination sub-interface, the system tags an NS multicast packet and forwards it through the termination sub-interface.

Sending multicast NS packets consumes CPU resources. Therefore, when the CPU performance of the system is rather low, you are advised not to enable a termination sub-interface to send NS multicast packets to actively learn ND entries but to respond to NS packets to passively learn ND entries.

VLAN termination sub-interfaces cannot be created on a VCMP client. You can run the vcmp role command to configure the role for a switch in a VCMP domain.

Example

# Enable the Dot1q termination sub-interface GigabitEthernet1/0/1.1 to send NS multicast packets.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] port link-type hybrid
[HUAWEI-GigabitEthernet1/0/1] quit
[HUAWEI] interface gigabitethernet 1/0/1.1
[HUAWEI-GigabitEthernet1/0/1.1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1.1] dot1q termination vid 100
[HUAWEI-GigabitEthernet1/0/1.1] ipv6 nd ns multicast-enable

ipv6 nd ns retrans-timer

Function

The ipv6 nd ns retrans-timer command sets the interval for sending NS packets.

The undo ipv6 nd ns retrans-timer command restores the interval for sending NS packets to the default value.

By default, the interval for sending NS packets is 1000 ms.

Format

ipv6 nd ns retrans-timer interval

undo ipv6 nd ns retrans-timer

Parameters

Parameter Description Value
interval Specifies the interval for sending NS packets. The value is an integer that ranges from 1000 to 4294967295, in milliseconds. The default value is 1000 milliseconds, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Setting the interval for sending NS packets provides the following functions:

  • Controlling the interval at which a local routing device detects neighbor reachability.

  • Controlling the interval at which a local routing device performs DAD.

  • Functioning as a parameter in an RA packet to instruct hosts to specify this interval as their own interval for sending NS packets.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

Frequently sending NS packets causes high CPU usage, which affects the system performance. Therefore, you are advised to set the interval for sending NS packets to a larger value. The default interval, 1000 milliseconds, is recommended.

If you run the ipv6 nd ns retrans-timer command multiple times, only the latest configuration takes effect.

The interval for sending NS packets is the same as that for sending RA packets. In the following cases, however, the interval for sending NS packets is the default value1000 ms, while the interval for sending RA packets is 0 ms.

  • No interval for sending NS packets is set. The default value takes effect.
  • The undo ipv6 nd ns retrans-timer command is run to restore the interval for sending NS packets to the default value.

After a host receives an RA packet of which the sending interval is 0 ms from a device, the host sets the interval for sending NS packet to 1000 ms, the same as that on the device.

Example

# Set the interval for sending NS packets to 10000 milliseconds on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ns retrans-timer 10000

# Set the interval for sending NS packets to 10000 milliseconds on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ns retrans-timer 10000

ipv6 nd nud reachable-time

Function

The ipv6 nd nud reachable-time command sets the IPv6 neighbor reachable time.

The undo ipv6 nd nud reachable-time command restores the IPv6 neighbor reachable time to the default value.

By default, the IPv6 neighbor reachable time is 30000 ms.

Format

ipv6 nd nud reachable-time value

undo ipv6 nd nud reachable-time

Parameters

Parameter Description Value
value Specifies the IPv6 neighbor reachable time. The value is an integer that ranges from 1 to 3600000, in milliseconds. The default value is 30000 ms, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Setting the IPv6 neighbor reachable time provides the following functions:

  • Controlling the aging time of neighbor entries on a local routing device.

  • Being a parameter in an RA packet to enable a host to configure the neighbor reachable time.

Each RA packet sent by a routing device carries the neighbor reachable time. This allows all nodes along the same link to use the same neighbor reachable time.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

A shorter neighbor reachable time enables a routing device to detect neighbor reachability more quickly. However, this consumes more network bandwidth and CPU resources. Therefore, a short neighbor reachable time is not recommended on an IPv6 network. The default value, 30000 ms, is recommended.

If you run the ipv6 nd nud reachable-time command multiple times, only the latest configuration takes effect.

The neighbor reachable time set on a routing device is the same as that carried in an RA packet. In the following cases, however, the neighbor reachable time set on a routing device is the default value 30000 ms while the neighbor reachable time carried in the RA packet is 0 millisecond:

  • No neighbor reachable time is set on the routing device. The default value takes effect.
  • The undo ipv6 nd nud reachable-time command is run to restore the neighbor reachable time to the default value.

After a host receives an RA packet in which the neighbor reachable time is 0 ms, the host sets the neighbor reachable time to 30000 ms, the same as that on the device.

Example

# Set the neighbor reachable time to 10000 ms on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd nud reachable-time 10000

# Set the neighbor reachable time to 10000 ms on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd nud reachable-time 10000

ipv6 nd ra

Function

The ipv6 nd ra command sets the interval for sending Router Advertisement packets.

The undo ipv6 nd ra command restores the interval for sending RA packets to the default value.

By default, the maximum interval is 600s and the minimum interval is 200s.

NOTE:

If min-interval is not specified, the minimum interval varies depending on the maximum interval specified by max-interval (the minimum is 1/3 of the maximum). If min-interval is specified, the minimum interval is the value configured.

Format

ipv6 nd ra { max-interval maximum-interval | min-interval minimum-interval }

undo ipv6 nd ra { max-interval | min-interval }

Parameters

Parameter Description Value
max-interval maximum-interval Specifies the maximum interval for sending RA packets. The value is an integer that ranges from 4 to 1800, in seconds. The default value is 600 seconds, which is recommended. The maximum interval cannot be less than the minimum interval.
min-interval minimum-interval Specifies the minimum interval for sending RA packets. The value is an integer that ranges from 3 to 1350, in seconds.

The default value is 200 seconds, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A routing device periodically sends RA packets. An RA packet carries both the IPv6 address prefix and the flag of stateful address autoconfiguration.

You can run the ipv6 nd ra command to change the interval for sending RA packets. To reduce the number of RA messages being transmitted on a link, you can set a longer interval. To speed up router discovery, you can set a shorter interval.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

Running the ipv6 nd ra command changes the interval for sending RA packets during DAD. Therefore, you are advised to use the default interval, that is, the maximum value is 600s and the minimum value is 200s.

If the ipv6 nd ra command is run multiple times, the latest configuration takes effect.

The interval for sending RA packets cannot be longer than the lifetime of the RA packets. The default lifetime of the RA packets is 1800s and, you can run the ipv6 nd ra router-lifetime command to change the value.

The actual interval for sending RA packets is a random value between min-interval and max-interval.

Example

# Set the maximum interval for sending RA packets to 1000s on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ra max-interval 1000

# Set the maximum interval for sending RA packets to 1000s on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra max-interval 1000

# Set the minimum interval for sending RA packets to 300s on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ra min-interval 300

# Set the minimum interval for sending RA packets to 300s on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra min-interval 300

ipv6 nd ra dns-server

Function

The ipv6 nd ra dns-server command configures a DNS server address for RA packets.

The undo ipv6 nd ra dns-server command deletes the DNS server address configured for RA packets.

By default, RA packets do not contain a DNS server address.

Format

ipv6 nd ra dns-server ipv6-address [ valid-lifetime ]

undo ipv6 nd ra dns-server [ ipv6-address [ valid-lifetime ] ]

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of a DNS server.

The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.

valid-lifetime Specifies a valid lifetime. The value is an integer ranging from 1 to 4294967295, in seconds. The default value is three times the maximum interval for advertising RA packets. The maximum interval for advertising RA packets can be configured using the ipv6 nd ra max-interval maximum-interval command.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

In a scenario where IPv6 ND stateless address auto-configuration is used or DHCPv6 is not configured, run the ipv6 nd ra dns-server command to configure a DNS server address for RA packets so that the host can implement the DNS service using the DNS server address in RA packets.

Prerequisites

The IPv6 function has been enabled on an interface using the ipv6 enable command in the interface view.

Precautions

A maximum of eight DNS server addresses can be configured for the RA packets transmitted on the same interface.

Example

# Configure a DNS server address for the RA packets transmitted on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra dns-server 2001:db8:1::2 1000

ipv6 nd ra dns-suffix

Function

The ipv6 nd ra dns-suffix command sets a DNS suffix in RA packets.

The undo ipv6 nd ra dns-suffix command deletes the DNS suffix configured for RA packets.

By default, RA packets do not contain a DNS suffix.

Format

ipv6 nd ra dns-suffix domain-suffix [ valid-lifetime ]

undo ipv6 nd ra dns-suffix [ domain-suffix [ valid-lifetime ] ]

Parameters

Parameter Description Value
domain-suffix Specifies a DNS suffix.

The value is a string of 1 to 64 characters and can contain digits, letters, hyphens (-), underscores (_), and periods (.), but not spaces.

valid-lifetime Specifies a valid lifetime. The value is an integer ranging from 1 to 4294967295, in seconds. The default value is three times the maximum interval for advertising RA packets. The maximum interval for advertising RA packets can be configured using the ipv6 nd ra max-interval maximum-interval command.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To allow a host use a DNS domain name with a suffix upon receipt of RA packets, run the ipv6 nd ra dns-suffix command to configure a DNS suffix for RA packets.

Prerequisites

The IPv6 function has been enabled on an interface using the ipv6 enable command in the interface view.

Precautions

Only one DNS suffix can be configured for the RA packets transmitted on the same interface. If the ipv6 nd ra dns-suffix command is run more than once for the same interface, the latest configuration overrides the previous one.

Example

# Configure a DNS suffix for the RA packets transmitted on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra dns-suffix huawei.com 1000

ipv6 nd ra halt

Function

The ipv6 nd ra halt command disables the system from sending RA packets.

The undo ipv6 nd ra halt command enables the system to send RA packets.

By default, the system is disabled from sending RA packets.

Format

ipv6 nd ra halt

undo ipv6 nd ra halt

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

  • When a device is connected to a host, it periodically sends RA packets to the host. An RA packet carries the IPv6 address prefix and flag information of stateful autoconfiguration. You can run the undo ipv6 nd ra halt command to enable the device to send RA packets.
  • When a device is connected to another device, that is, there is no host on the network, sending RA packets is not required. The default configuration is recommended.

Prerequisites

The IPv6 function has been enabled in the interface view using the ipv6 enable command.

Precautions

After the ipv6 nd ra halt command is run, the device does not send RA packets. In such a case, the hosts on the network cannot periodically receive information about updated IPv6 prefixes.

You can run the display icmpv6 statistics command to check whether a local device has sent RA packets.

Example

# Disable VLANIF100 from sending RA packets.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ra halt

# Disable GE1/0/1 from sending RA packets.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra halt

ipv6 nd ra hop-limit

Function

The ipv6 nd ra hop-limit command sets the hop limit for RA packets.

The undo ipv6 nd ra hop-limit command restores the hop limit for RA packets to the default value.

By default, the hop limit for RA packets is 64.

Format

ipv6 nd ra hop-limit limit

undo ipv6 nd ra hop-limit

Parameters

Parameter Description Value
limit Specifies the hop limit for RA packets. The value is an integer that ranges from 0 to 255. The default value is 64, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

As a parameter in an RA packet, the hop limit enables a host to automatically configure a hop limit (a limit on the number of hops through which IPv6 unicast packets initially sent by a host are allowed to travel).

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After this command is run on the switch, the device discards the RA packet whose hop limit is different from its configuration.

  • If the ipv6 nd ra hop-limit command is run on an interface, the hop limit for RA packets is determined by the interface configuration.

  • If the ipv6 nd ra hop-limit command is not run on an interface, the hop limit for RA packets is determined by the hop limit configured using the ipv6 nd hop-limit command.

Example

# Set the hop limit for RA packets sent by VLANIF100 to 126.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ra hop-limit 126

# Set the hop limit for RA packets sent by GE1/0/1 to 126.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra hop-limit 126

ipv6 nd ra preference

Function

The ipv6 nd ra preference command configures the default router priority value in the RA packets.

The undo ipv6 nd ra preference command restores the default router priority value in RA packets to be the default value.

By default, the router priority of RA packets is medium.

Format

ipv6 nd ra preference { high | medium | low }

undo ipv6 nd ra preference

Parameters

Parameter Description Value
high Specifies the default router priority to be high. -
medium Specifies the default router priority to be medium. -
low Specifies the default router priority to be low. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If there are multiple switches on the links connected to a host, the host needs to select suitable switches based on different destination addresses of the packets to be forwarded. Each switch advertises its default router priority and specific route information to the host so that the host can enhance its own capability of selecting suitable forwarding switches based on different IP addresses of the packets to be forwarded.

After receiving an RA message that contains the default router priority, the host updates its own default router list. If the host does not have any route to select when sending packets to other devices, the host will search the updated router list for the switch with the highest priority. If the switch with the highest priority becomes faulty, the host selects another switch in descending order of priority.

To set a default router priority in RA messages, run the ipv6 nd ra preference command. This setting allows the switch with the highest priority to function as the gateway for hosts.

Prerequisites

Before running this command, run the ipv6 enable command on the interface view to enable the IPv6 function.

By default, the switch does not advertise RA packets. Therefore, to allow the default router priority to be advertised to the host, you need to run the undo ipv6 nd ra halt command to enable the function of advertising RA packets for the device.

Precautions

If the system is deleting the binding relationship between an interface and an IPv6 address family VPN instance , you are prompted not to run the ipv6 nd ra preference command.

Example

# Configure the default router priority value in RA packets on VLANIF100 to be high.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] undo ipv6 nd ra halt
[HUAWEI-Vlanif100] ipv6 nd ra preference high

# Configure the default router priority value in RA packets on GE1/0/1 to be high.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] undo ipv6 nd ra halt
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra preference high

ipv6 nd ra prefix

Function

The ipv6 nd ra prefix command configures the prefix in an RA packet.

The undo ipv6 nd ra prefix command deletes the prefix in an RA packet.

By default, an RA packet carries only the address prefix configured using the ipv6 address command.

Format

ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig ] [ off-link ]

undo ipv6 nd ra prefix { ipv6-address prefix-length | ipv6-address/prefix-length }

ipv6 nd ra prefix default no-advertise

undo ipv6 nd ra prefix default no-advertise

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address carried in the RA packet. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 0 to 128. You can calculate the IPv6 prefix carried in the RA packet based on the IPv6 address and prefix length. When stateless autoconfiguration is used, specify the length of address prefix as 64; otherwise, the address will be invalid and RA packets are discarded.
valid-lifetime

Specifies the valid lifetime of the prefix.

The valid lifetime decides the prefix on-link status.

The value is an integer that ranges from 0 to 4294967295, in seconds.
preferred-lifetime

Specifies the preferred lifetime of the prefix.

The preferred lifetime cannot be larger than the valid lifetime.

The value is an integer that ranges from 0 to 4294967295, in seconds.
no-autoconfig

Deletes the A-Flag. If no-autoconfig is specified, a configured prefix cannot be used in stateless address allocation.

A-Flag indicates the autonomous address configuration in the prefix option of RA packet.

-
off-link Specifies the O-Flag. If off-link is specified, the prefix carried in the RA packet cannot be allocated to the local link. -
default no-advertise Specifies that RA packets do not carry the default prefix generated based on the interface IPv6 address. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a prefix has been configured using the ipv6 nd ra prefix command, the device advertises both prefixes configured using the ipv6 nd ra prefix and ipv6 address commands.

By default, RA packets carry the default prefix generated based on the interface IPv6 address. If the default setting is not required, run the ipv6 nd ra prefix default no-advertise command.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

After a host receives the RA packet with the prefix configured using the ipv6 nd ra prefix command, the host updates the local prefix information.

The prefix configured using the ipv6 nd ra prefix command cannot be fe80:: (prefix of a link-local address), ff00:: (prefix of a multicast address), :: (prefix of an unspecified address), or the prefix that has been used by another interface (including the interface address prefix and prefix carried in RA packets).

The prefix configuring using the ipv6 nd ra prefix command takes precedence over the default prefix generated based on the interface IPv6 address. An RA message can carry a maximum of 10 prefixes. If exactly 10 prefixes have been manually configured, the default prefix will not be carried.

Example

# Configure the prefix in the RA packet on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] undo ipv6 nd ra halt
[HUAWEI-Vlanif100] ipv6 nd ra prefix fc00:1::100 128 1000 400 no-autoconfig
[HUAWEI-Vlanif100] ipv6 nd ra prefix fc00:2::100 64 1000 400 off-link

# Configure the prefix in the RA packet on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] undo ipv6 nd ra halt
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra prefix fc00:1::100 128 1000 400 no-autoconfig
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra prefix fc00:2::100 64 1000 400 off-link

# Configure RA packets on VLANIF100 not to carry the default prefix.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] undo ipv6 nd ra halt
[HUAWEI-Vlanif100] ipv6 nd ra prefix default no-advertise
Related Topics

ipv6 nd ra route-information

Function

The ipv6 nd ra route-information command configures route information in RA packets.

The undo ipv6 nd ra route-information command deletes route information in RA packets.

By default, there is no route information in RA packets.

Format

ipv6 nd ra route-information ipv6-address prefix-length lifetime route-lifetime [ preference { high | medium | low } ]

undo ipv6 nd ra route-information ipv6-address prefix-length

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address. The prefix is a 32-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
prefix-length Specifies the prefix length of an IPv6 address. The value is an integer that ranges from 0 to 128.
lifetime route-lifetime Specifies the lifetime of a route. The value is an integer ranging from 0 to 4294967295, in seconds.
preference Specifies the priority of a route. -
high Specifies the route priority to be high. -
medium Specifies the route priority to be medium. -
low Specifies the route priority to be low. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An RA packet includes route information. The switch sends the specified routes to the hosts on the local network segment by using this information. The hosts can send packets by using these routes.

When receiving the RA packets carrying route information, a host updates its routing table. When sending the RA packets to another device, a host queries the routing table and selects proper route for sending packets.

Prerequisites

Before running this command, run the ipv6 enable command on the interface view to enable the IPv6 function of an interface.

By default, the switch does not send RA packets. Therefore, to send the routes to the host, you need to run the undo ipv6 nd ra halt command to enable the function of advertising RA packets for the device.

Precautions

A maximum of 17 route options are supported on each interface.

When this command is to be run, the value of ipv6-address cannot be a loopback address.

Example

# Configure the route information of RA packets on VLANIF100: The lifetime of the route with the destination address of 2001:db8::2/64 is 1550 seconds, and the priority of this route is high.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] undo ipv6 nd ra halt
[HUAWEI-Vlanif100] ipv6 nd ra route-information 2001:db8::2 64 lifetime 1550 preference high

# Configure the route information of RA packets on GE1/0/1: The lifetime of the route with the destination address of 2001:db8::2/64 is 1550 seconds, and the priority of this route is high.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] undo ipv6 nd ra halt
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra route-information 2001:db8::2 64 lifetime 1550 preference high

ipv6 nd ra router-lifetime

Function

The ipv6 nd ra router-lifetime command sets the lifetime of RA packets.

The undo ipv6 nd ra router-lifetime command restores the lifetime of RA packets to the default value.

By default, the lifetime of an RA packet is 1800s.

Format

ipv6 nd ra router-lifetime ra-lifetime

undo ipv6 nd ra router-lifetime

Parameters

Parameter Description Value
ra-lifetime Specifies the lifetime of RA packets. The value is an integer and can be 0 or ranges from 4 to 9000, in seconds. The default value is 1800 seconds, which is recommended.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A device adds the lifetime value to an RA packet before sending the RA packet to the host on the local network segment.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If a host receives an RA packet with the lifetime field being 0, the host does not add the address of the switch to its default router table.

The lifetime of the RA packets cannot be smaller than the interval for sending RA packets. By default, the maximum interval for sending RA packets is 600s and the minimum interval is 200s. You can run the ipv6 nd ra command to set the interval. If the set lifetime value of the RA packets is smaller than the set interval for sending RA packets, the system displays an error. In such a case, you need to reset the lifetime value.

Example

# Set the lifetime of the RA packets on VLANIF100 to 1000s.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd ra router-lifetime 1000

# Set the lifetime of the RA packets on GE1/0/1 to 1000s.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd ra router-lifetime 1000

ipv6 nd stale-timeout

Function

The ipv6 nd stale-timeout command sets the aging time of ND entries in STALE state.

The undo ipv6 nd stale-timeout command restores the aging time of ND entries in STALE state to the default value.

By default, the aging time of ND entries in STALE state is 1200s.

Format

ipv6 nd stale-timeout timeout-value

undo ipv6 nd stale-timeout

Parameters

Parameter Description Value
timeout-value Specifies the aging time of ND entries in STALE state. The value is an integer that ranges from 60 to 172800, in seconds. The default value is 1200s, which is recommended.

Views

System view, Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The STALE state of an ND entry indicates that whether the neighbor is reachable is unknown. A device does not detect the neighbor reachability unless packets need to be sent to a neighbor.

The aging time of ND entries in STALE state is configurable. To quickly clear invalid ND entries, set the aging time to a smaller value using the ipv6 nd stale-timeout command. This speeds up entry aging.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

If the aging time is not configured on an interface, the aging time configured in system view is used for the interface. If the aging time is configured on an interface, the interface configuration takes effect.

After the ipv6 nd stale-timeout command is run, the status of ND entries can be updated after the aging time of ND entries in STALE state expires. That is, the new aging time configuration takes effect after the last aging time expires.

The system checks the validity of ND entries after the aging time of ND entries in STALE state expires. If the neighbor is reachable, the ND entry status changes to REACH; otherwise, the ND entry is deleted.

Example

# Set the aging time of ND entries in STALE state to 3600s on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 nd stale-timeout 3600

# Set the aging time of ND entries in STALE state to 3600s on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 nd stale-timeout 3600

ipv6 neighbor

Function

The ipv6 neighbor command configures static neighbor entries.

The undo ipv6 neighbor command deletes static neighbor entries.

By default, no static neighbor entry is configured.

Format

VLANIF interface view :

ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number

undo ipv6 neighbor ipv6-address

Ethernet interface view, Eth-Trunk interface view, Ethernet sub-interface view, and Eth-Trunk sub-interface view:

ipv6 neighbor ipv6-address mac-address [ vid vlan-id [ cevid cevid ] ]

undo ipv6 neighbor ipv6-address

Parameters

Parameter Description Value
ipv6-address Specifies the IPv6 address of a static neighbor entry. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
mac-address Specifies the MAC address of a static neighbor entry. The value is in the H-H-H format. An H contains one to four hexadecimal numbers.
vid vlan-id Specifies the ID of the outer VLAN to which the interface belongs. The value is an integer that ranges from 1 to 4094.
cevid cevid Specifies the ID of the inner VLAN to which the interface belongs. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Specifies the interface type and number of a physical interface. -

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To filter invalid packets, you can create static neighbor entries, binding the destination IPv6 addresses of these packets to nonexistent MAC addresses.

Prerequisites

The IPv6 function has been enabled on the interface using the ipv6 enable command in the interface view.

Precautions

A neighbor entry enters the REACHABLE state after being created, indicating that the interface connected to this neighbor is Up.

The static neighbor entries overwrite the neighbor entries dynamically learnt by device. That is, static neighbor entries are of higher priorities than dynamically learnt neighbor entries.

If the IPv6 address or MAC address specified in the ipv6 neighbor command is incorrect, communication with this neighbor fails.

Example

# Configure static neighbor entries on VLANIF100.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ipv6 enable
[HUAWEI-Vlanif100] ipv6 neighbor fc00::1 0019-7459-3301 vid 2 gigabitethernet 1/0/1

# Configure static neighbor entries on GE1/0/1.

<HUAWEI> system-view
[HUAWEI] ipv6
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] ipv6 enable
[HUAWEI-GigabitEthernet1/0/1] ipv6 neighbor fc00::1 0019-7459-3301

ipv6 packet-too-big drop

Function

The ipv6 packet-too-big drop configures the switch to discard packets with the length larger than the IPv6 MTU of the outbound interface, and enables IPv6 PMTU discovery.

The command undo ipv6 packet-too-big drop restores the default policy for processing packets with the length larger than the IPv6 MTU of the outbound interface.

By default, the switch properly forwards packets with the length larger than the IPv6 MTU of the outbound interface and IPv6 PMTU discovery is disabled.

NOTE:

This command takes effect only on X series cards.

Format

ipv6 packet-too-big drop

undo ipv6 packet-too-big drop

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the switch functions as an intermediate node on an IPv6 network, you can configure the ipv6 packet-too-big drop command to discard packets with the length larger than the IPv6 MTU of the outbound interface and enable IPv6 PMTU discovery.

In an IPv4 network, oversized packets need to be fragmented. When a transit device receives a packet exceeding the maximum transmission unit (MTU) size of its outbound interface from a source node, the transit device fragments the packet before forwarding it to the destination node. In an IPv6 network, however, only the source node can fragment packets, which reducing pressure on transit devices. When an interface on a transit device receives a packet whose size exceeds the MTU, the transit device discards the packet and sends an ICMPv6 Packet Too Big message to the source node. The ICMPv6 Packet Too Big message contains the MTU value of the outbound interface. The source node fragments the packet based on the MTU and resends the packet, increasing traffic overhead. The Path MTU Discovery protocol dynamically discovers the MTU value of each link on the transmission path, reducing excessive traffic overhead.

The PMTU Discovery protocol is implemented through ICMPv6 Packet Too Big messages. A source node first uses the MTU of its outbound interface as the PMTU and sends a probe packet. If a smaller PMTU exists on the transmission path, the transit device sends a Packet Too Big message to the source node. The Packet Too Big message contains the MTU value of the outbound interface on the transit device. After receiving this message, the source node changes the PMTU value to the received MTU value and sends packets based on the new MTU. This process repeats until packets are sent to the destination address. The source node obtains the PMTU of the destination address.

Precautions

The switch supports IPv6 MTU discovery, but does not support IPv6 packet fragmentation when it functions as an intermediate node. IPv6 packets can be fragmented only on source nodes.

On interfaces of X series cards except X1E, X5E, X5H, and X5S cards, the MTU value for sending IPv6 packets is set to 1500 bytes by default, and the MTU value modified through the ipv6 mtu command does not take effect. Therefore, for interfaces on these cards, the switch uses MTU values modified through the ipv6 mtu command to negotiate the PMTU with source nodes, but the effective PMTU is 1500 bytes.

Example

# Configure the switch to discard packets with the length larger than the IPv6 MTU of the interface, and enable IPv6 PMTU discovery.

<HUAWEI> system-view
[HUAWEI] ipv6 packet-too-big drop
Warning: This operation will affect IPv6 traffic forwarding. Continue? [Y/N]:y
Related Topics

ipv6 pathmtu

Function

The ipv6 pathmtu command sets the PMTU for a specified destination IPv6 address.

The undo ipv6 pathmtu command deletes the PMTU for a specified destination IPv6 address.

Format

ipv6 pathmtu ipv6-address [ vpn-instance vpn-instance-name ] [ path-mtu ]

undo ipv6 pathmtu ipv6-address [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
ipv6-address

Specifies the IPv6 address for which a PMTU is to be set.

NOTE:

The link-local address does not take effect.

The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.

vpn-instance vpn-instance-name

Specifies the name of an IPv6 VPN instance for which a PMTU is to be set.

The value must be an existing VPN instance name.

path-mtu

Specifies the path MTU, that is, the maximum size of IPv6 packets allowed to be sent along the path.

The value is an integer that ranges from 1280 to 10000, in bytes. The default value is 1500, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A PMTU is used to determine the proper size of packets to be transmitted along the path from a source to a destination. Usually, a device fragments and forwards packets based on the dynamically learnt PMTU. Packets that are sent using this PMTU do not need to be fragmented during transmission. This reduces pressure on routing devices and optimizes network resource utilization to obtain the maximum throughput.

In some special cases, however, to protect devices on the network and avoid large-size packet attacks, you can run the ipv6 pathmtu command to set a static PMTU for the specified destination IPv6 address to control the maximum size of packets that can be transmitted between the source and the destination.

Precautions

On the path along which packets are transmitted, a node discards the received packets if its MTU is smaller than the PMTU of the received packets. Therefore, in most cases, dynamic PMTU learning is recommend unless there are security vulnerabilities on the network. You can use the default PMTU value instead of running the ipv6 pathmtu command to set a static PMTU.

Example

# Set the PMTU of a specified IPv6 destination address to 1300 bytes.

<HUAWEI> system-view
[HUAWEI] ipv6 pathmtu fc00::12 1300

# Set the PMTU of the address fc00::1 of the IPv6 VPN instance to 1600 bytes.

<HUAWEI> system-view
[HUAWEI] ipv6 pathmtu fc00::1 vpn-instance vpn6 1600

ipv6 pathmtu age

Function

The ipv6 pathmtu age command sets the aging time of dynamic PMTU entries.

The undo ipv6 pathmtu age command restores the aging time of dynamic PMTU entries to the default value.

By default, the aging time of dynamic PMTU entries is 10 minutes.

Format

ipv6 pathmtu age age-time

undo ipv6 pathmtu age

Parameters

Parameter Description Value
age-time Specifies the aging time of dynamic specified PMTU entries. The value is an integer that ranges from 10 to 100, in minutes. The default value is 10 minutes, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The lifetime of a dynamic PMTU entry can be changed by setting an aging time for dynamic PMTU entries.

To slow down PMTU aging, run the ipv6 pathmtu age command to set the aging time of dynamic PMTU entries to a larger value.

Precautions

This command changes only the aging time of dynamic PMTUs but not static PMTUs because static PMTU entries never age.

The priority of a static PMTU is higher than that of a dynamic PMTU. If the static PMTU exists, the dynamic PMTU does not take effect.

The aging time for the PMTU is valid only for the dynamic PMTU entries generated after this configuration, instead of the PMTU entries generated before this configuration.

Example

# Set the aging time of dynamic PMTU entries to 40 minutes.

<HUAWEI> system-view
[HUAWEI] ipv6 pathmtu age 40

nd message-cache disable

Function

The nd message-cache disable command disables the device from packetizing ND packets.

The undo nd message-cache disable command enables the device to packetize ND packets.

By default, the device is enabled to packetize ND packets.

Format

nd message-cache disable

undo nd message-cache disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, after receiving ND packets, the device packetizes and sends them to the CPU, improving the efficiency in processing ND packets. However, the packing process causes a delay and affects the services with high real-timeness requirements. You can run the nd message-cache disable command to disable the device from packetizing ND packets.

Example

# Disable the device from packetizing ND packets.

<HUAWEI> system-view
[HUAWEI] nd message-cache disable

nd optimized-passby enable

Function

The nd optimized-passby enable command configures the device not to send NS packets destined for other devices to the CPU.

The undo nd optimized-passby enable command configures the device to send NS packets destined for other devices to the CPU.

By default, a device does not send NS packets destined for other devices to the CPU.

Format

nd optimized-passby enable

undo nd optimized-passby enable

NOTE:

Only X series cards support this command.

Parameters

None

Views

VLANIF interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If an interface receives a large number of NS packets whose destination IPv6 addresses are different from the IPv6 address of this interface and sends these NS packets to the CPU for processing, the CPU usage is high and the CPU cannot process services properly.

To prevent this issue, you can configure the device to directly forward NS packets destined for other devices without sending them to the CPU. This improves the device's capability of defending against packet attacks.

Precautions

If the nd snooping enable is executed in system view, or if IPv6 protocol is Down on the VLANIF interface, the configuration of disabling the device from sending NS packets destined for other devices to the CPU does not take effect on the VLANIF interface.

Example

# Configure the device to send NS packets destined for other devices to the CPU.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] undo nd optimized-passby enable

nd optimized-reply disable

Function

The nd optimized-reply disable command disables the optimized ND reply function.

The undo nd optimized-reply disable command enables the optimized ND reply function.

By default, the optimized ND reply function is enabled.

Format

nd optimized-reply disable

undo nd optimized-reply disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a switch functions as an access gateway, it receives a large number of ND Request packets that request the switch to reply with its local interface MAC address. If all these ND Request packets are sent to the CPU, the CPU usage of the MPU increases, and other services are affected.

The optimized ND reply function addresses this issue. After this function is enabled, the LPU receiving an ND Request packet returns an ND Reply packet if the ND Request packet is destined for a local interface on the switch, and discards the ND Request packet if the packet is not destined for a local interface on the switch. The optimized ND reply function is applicable to the switch with multiple LPUs configured.

By default, the optimized ND reply function is enabled. After receiving an ND Request packet, the switch checks whether an ND entry corresponding to the source IPv6 address of the ND Request packet exists.
  • If the corresponding ND entry exists and the packet information is the same as the saved ND entry information, the LPU receiving the ND Request packet performs optimized ND reply to this ND Request packet.
  • If the corresponding ND entry exists but the packet information differs from the saved ND entry information, the LPU receiving the ND Request packet does not perform optimized ND reply to this ND Request packet.
  • If the corresponding ND entry does not exist, the LPU receiving the ND Request packet does not perform optimized ND reply to this ND Request packet.

Precautions

  • The optimized ND reply function takes effect for ND Request packets sent by wireless users.
  • The optimized ND reply function takes effect for ND Request packets received on VLANIF interfaces and VBDIF interfaces enabled with IPv6. VLANIF interfaces of Group VLANs and Separate VLANs in MUX VLANs and VLANIF interfaces of super-VLANs do not perform optimized ND reply.
  • If the number of global unicast IPv6 addresses on a VLANIF interface or VBDIF interface enabled with IPv6 exceeds 1, the switch does not perform optimized ND reply for NS packets received on this interface.
  • If the ND snooping function is enabled on a switch, the switch does not perform optimized ND reply to received ND Request packets on the corresponding LPU.
  • The switch does not perform optimized ND reply to the following received packets:
    • NS packets with the source IPv6 address :: (that is, Duplicate Address Detection packets)
    • Packets with IPv6 extension headers

Example

# Disable the optimized ND reply function.

<HUAWEI> system-view
[HUAWEI] nd optimized-reply disable

nd trap hash-conflict enable

Function

The nd trap hash-conflict enable command enables the trap function for hash conflicts of ND entries.

The undo nd trap hash-conflict enable command disables the trap function for hash conflicts of ND entries.

By default, the trap function for hash conflicts of ND entries is enabled.

Format

nd trap hash-conflict enable

undo nd trap hash-conflict enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

After the trap function for hash conflicts of ND entries is configured, the switch sends traps when a hash conflict of ND entries occurs so that you can obtain the status of ND entries promptly. ND entry resources are key resources on the switch. Monitoring the ND entry status effectively ensures proper running of the switch.

To improve the IPv6 forwarding performance, the switch saves ND entries using hash links. When multiple ND entries obtain the same key based on the hash algorithm, the ND entries cannot be saved. This is a hash conflict of ND entries.

When a hash conflict of ND entries occurs, the switch has available ND entry space but cannot save ND entries. The switch cannot forward IPv6 traffic matching the ND entries with a hash conflict.

You can enable the trap function for hash conflicts of ND entries to detect hash conflicts of ND entries promptly.

Example

# Enable the trap function for hash conflicts of ND entries.

<HUAWEI> system-view
[HUAWEI] nd trap hash-conflict enable

nd trap hash-conflict history

Function

The nd trap hash-conflict history command sets the number of traps reported within each interval when a hash conflict of ND entries occurs.

The undo nd trap hash-conflict history command restores the default number of traps reported within each interval when a hash conflict of ND entries occurs.

By default, a switch reports a maximum of 10 traps within each interval when a hash conflict of ND entries occurs.

Format

nd trap hash-conflict history history-number

undo nd trap hash-conflict history

Parameters

Parameter

Description

Value

history-number

Specifies the number of traps reported within each interval when a hash conflict of ND entries occurs.

The value is an integer that ranges from 10 to 30. The default value is 10.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the trap function for hash conflicts of ND entries is enabled, the switch reports a maximum of 10 traps within 60 seconds by default. Each trap contains an IPv6 address that has a hash conflict.

If hash conflicts of more than 10 ND entries occur within an interval, traps for the eleventh and following ND entries that have hash conflicts cannot be reported. To solve this problem, you can run the nd trap hash-conflict history command to set the number of traps reported within each interval when a hash conflict of ND entries occurs.

Precautions

If you run this command multiple times, only the latest configuration takes effect.

Example

# Configure the switch to report a maximum of 15 traps within each interval when a hash conflict of ND entries occurs.

<HUAWEI> system-view
[HUAWEI] nd trap hash-conflict history 15

nd trap hash-conflict interval

Function

The nd trap hash-conflict interval command sets the interval at which the switch reports traps when a hash conflict of ND entries occurs.

The undo nd trap hash-conflict interval command restores the default interval at which the switch reports traps when a hash conflict of ND entries occurs.

By default, a switch reports traps at an interval of 60 seconds when a hash conflict of ND entries occurs.

Format

nd trap hash-conflict interval interval-time

undo nd trap hash-conflict interval

Parameters

Parameter

Description

Value

interval-time

Specifies the interval at which the switch reports traps when a hash conflict of ND entries occurs.

The value is an integer that ranges from 30 to 3600, in seconds. The default value is 60.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After the trap function for hash conflicts of ND entries is enabled, the switch reports a maximum of 10 traps within 60 seconds by default. Each trap contains an IPv6 address that has a hash conflict.

If the trap report interval is set to a small value, the switch reports traps for hash conflicts of ND entries more promptly. When many hash conflicts of ND entries occur, the switch reports a lot of traps.

If the trap report interval is set to a large value, the switch reports traps for hash conflicts of ND entries less promptly. When many hash conflicts of ND entries occur, the switch suppresses traps to be reported.

You can run the nd trap hash-conflict interval command to adjust the trap report interval based on actual requirements.

Precautions

If you run this command multiple times, only the latest configuration takes effect.

Example

# Configure the switch to report traps at an interval of 90 seconds when a hash conflict of ND entries occurs.

<HUAWEI> system-view
[HUAWEI] nd trap hash-conflict interval 90

nd-miss message-cache disable

Function

The nd-miss message-cache disable command disables the ND Miss message packetizing function.

The undo nd-miss message-cache disable command enables the ND Miss message packetizing function.

By default, the ND Miss message packetizing function is enabled.

NOTE:

This command only takes effect on X series cards.

Format

nd-miss message-cache disable

undo nd-miss message-cache disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If a user sends an IPv6 packet with an irresolvable destination IPv6 address to the device (that is, if the device has a route to the destination IPv6 address of the IPv6 packet but has no ND entry matching the next hop of the route), the device generates an ND Miss message. By default,the device packs ND Miss messages and sends the package to the CPU. This improves the efficiency of processing the ND Miss messages.

When the ND Miss message packetizing function is enabled, the X series cards cannot reply to ICMPv6 host unreachable packets. To enable these cards to reply to ICMPv6 host unreachable packets, you can run the nd-miss message-cache disable command to disable the ND Miss message packetizing function.

Example

# Disable the ND Miss message packetizing function.

<HUAWEI> system-view
[HUAWEI] nd-miss message-cache disable

reset ipv6 attack-source overlapping-fragment

Function

The reset ipv6 attack-source overlapping-fragment command clears statistics on overlapping fragment attack packets.

Format

reset ipv6 attack-source overlapping-fragment

Parameters

None

Views

User view

Default Level

2: Configuration level

Usage Guidelines

After overlapping fragment attack packets are processed manually, run the reset ipv6 attack-source overlapping-fragment command to clear statistics on overlapping fragment attack packets.

Example

# Clear statistics on IPv6 overlapping fragment attack packets.

<HUAWEI> reset ipv6 attack-source overlapping-fragment

reset ipv6 neighbors

Function

The reset ipv6 neighbors command clears neighbor entries.

Format

reset ipv6 neighbors { all | dynamic | static | vid vlan-id [ interface-type interface-number ] | interface-type interface-number [ dynamic | static ] }

Parameters

Parameter Description Value
all Clears neighbor entries on all interfaces. -
dynamic

The first dynamic indicates that dynamic neighbor entries on all interfaces are cleared.

The second dynamic indicates that dynamic neighbor entries on the current interface are cleared.

-
static

The first static indicates that static neighbor entries on all interfaces are cleared.

The second static indicates that static neighbor entries on the current interface are deleted.

-
vid vlan-id Clears neighbor entries of a specified VLAN. The value is an integer that ranges from 1 to 4094.
interface-type interface-number Clears all neighbor entries on a specified interface.
  • interface-type specifies the interface type.
  • interface-number specifies the interface number.
-

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the number of neighbor entries exceeds the upper limit, run the reset ipv6 neighbors command to clear excessive neighbor entries.

Precautions

The reset ipv6 neighbors command clears specified neighbor entries, which affects IPv6 packet forwarding. Therefore, confirm your action before running this command.

Example

# Clear all neighbor entries on all interfaces.

<HUAWEI> reset ipv6 neighbors all
Warning: This operation will delete all static and dynamic IPv6 ND entries and the configurations of all static IPv6 ND. Continue?[Y/N]:y

# Clear all neighbor entries on the specified interface VlANIF 10.

<HUAWEI> reset ipv6 neighbors vlanif 10

reset ipv6 pathmtu

Function

The reset ipv6 pathmtu command clears PMTU entries.

Format

reset ipv6 pathmtu [ vpn-instance vpn-instance-name ] { all | dynamic | static }

Parameters

Parameter Description Value
all Clears all PMTU entries in the cache. -
dynamic Clears all dynamic PMTU entries in the cache. -
static Clears all static PMTU entries in the cache. -
vpn-instance vpn-instance-name Clears all PMTU entries of a specified IPv6 VPN instance.

The value must be an existing VPN instance name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To collect statistics on PMTU entries within a specified period, use the reset ipv6 pathmtu command to clear the existing statistics on PMTU entries before running the display ipv6 pathmtu command to check information about PMTU entries.

Precautions

The reset ipv6 pathmtu all command clears all PMTU entries. Therefore, confirm your action before running this command.

Example

# Clear all PMTU entries.

<HUAWEI> reset ipv6 pathmtu all
Warning: This operation will reset all static and dynamic IPv6 PMTU entries, and clear the configurations of all static IPv6 PMTU, continue?[Y/N]:y
Related Topics

reset ipv6 socket pktsort

Function

The reset ipv6 socket pktsort command clears statistics on the dual receive buffer of an IPv6 socket.

Format

reset ipv6 socket pktsort task-id task-id socket-id socket-id

Parameters

Parameter Description Value
task-id task-id Specifies the ID of a task.

The value is an integer and the range depends on the task configuration.

socket-id socket-id Specifies the ID of a socket. The value is an integer that ranges from 1 to 131072.

Views

User view

Default Level

3: Management level

Usage Guidelines

This command clears statistics on the dual receive buffer of an IPv6 socket and the count restarts. Therefore, confirm your action before running this command.

Example

# Clear statistics on the dual receive buffer of the IPv6 socket with the task ID 2 and the socket ID 4.

<HUAWEI> reset ipv6 socket pktsort task-id 2 socket-id 4
Related Topics

reset ipv6 statistics

Function

The reset ipv6 statistics command clears IPv6 traffic statistics.

Format

reset ipv6 statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To collect IPv6 traffic statistics within a specified period, clear the existing IPv6 traffic statistics before running the display ipv6 statistics command to display IPv6 traffic statistics.

Precautions

The reset ipv6 statistics command clears the specified IPv6 traffic statistics. Therefore, confirm your action before running this command.

Example

# Clear IPv6 traffic statistics.

<HUAWEI> reset ipv6 statistics

reset nd optimized-reply statistics

Function

The reset nd optimized-reply statistics command clears statistics on optimized ND Reply packets.

Format

reset nd optimized-reply statistics [ slot slot-id ]

Parameters

Parameter Description Value
slot slot-id

Clears statistics on optimized ND Reply packets of a specified LPU slot. If this parameter is not specified, the command clears statistics on optimized ND Reply packets of all LPUs.

NOTE:
In a CSS, slot-id specifies the CSS ID and slot ID. For example, slot 1/2 indicates CSS ID1 and slot 2.

The value is an integer and must be set according to the device configuration.

Views

User view

Default Level

2: Configuration level

Usage Guidelines

Before collecting statistics on optimized ND Reply packets on each LPU, you can run the reset nd optimized-reply statistics command to clear statistics on optimized ND Reply packets of all LPUs or a specified LPU.

Example

# Clears statistics on optimized ND Reply packets of the LPU in slot 1.
<HUAWEI> reset nd optimized-reply statistics slot 1

reset rawip ipv6 statistics

Function

The reset rawip ipv6 statistics command clears all Raw IPv6 packet statistics.

Format

reset rawip ipv6 statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You need to run this command to clear the existing statistics on Raw IPv6 packets before running the display rawip ipv6 statistics command to view statistics on Raw IPv6 packets in a specified period.

The reset rawip ipv6 statistics command clears statistics on Raw IPv6 packets. Therefore, confirm your action before running this command.

Example

# Clear all Raw IPv6 packet statistics.

<HUAWEI> reset rawip ipv6 statistics

reset tcp ipv6 authentication-statistics

Function

The reset tcp ipv6 authentication-statistics command clears authentication statistics of a specified TCP6 connection.

Format

reset tcp ipv6 authentication-statistics src-ip src-ip src-port src-port dest-ip dest-ip dest-port dest-port

Parameters

Parameter Description Value
src-ip src-ip Specifies the source IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
src-port src-port Specifies the source port. The value is an integer that ranges from 0 to 65535.
dest-ip dest-ip Specifies the destination IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
dest-port dest-port Specifies the destination port. The value is an integer that ranges from 0 to 65535.

Views

User view

Default Level

3: Management level

Usage Guidelines

The reset tcp ipv6 authentication-statistics command clears authentication statistics of a TCP6 connection. Therefore, confirm your action before running this command.

Example

# Clear authentication statistics of a TCP6 connection.

<HUAWEI> reset tcp ipv6 authentication-statistics src-ip fc00:1::1 src-port 3456 dest-ip fc00:3::5 dest-port 5678

reset tcp ipv6 statistics

Function

The reset tcp ipv6 statistics command clears TCP6 packet statistics.

Format

reset tcp ipv6 statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To delete TCP6 packet statistics displayed using the display tcp ipv6 statistics command, run the reset tcp ipv6 statistics command. The TCP6 packet statistics include the number of both sent and received packets, the number of discarded packets, the number of redirected packets, the threshold-crossing status of TCP6 connections, network attack status, and network quality. You can run the reset tcp ipv6 statistics command to delete existing statistics and then run the display tcp ipv6 statistics command to collect statistics. The statistics help you check whether TCP6 packet counts are correct or help you diagnose faults.

Precautions

The reset tcp ipv6 statistics command clears TCP6 packet statistics on all in-service interface boards. Therefore, confirm your action before running this command.

Example

# Clear TCP6 packet statistics.

<HUAWEI> reset tcp ipv6 statistics

reset udp ipv6 statistics

Function

The reset udp ipv6 statistics command clears UDP6 packet statistics.

Format

reset udp ipv6 statistics

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To delete UDP6 packet statistics displayed using the display udp ipv6 statistics command, run the reset udp ipv6 statistics command. The statistics include the number of both the sent and received packets, the number of discarded packets, and the number of redirected packets. You can run the reset udp ipv6 statistics command to delete existing statistics and then run the display udp ipv6 statistics command to collect statistics. The statistics help you check whether UDP6 packet counts are correct or help you diagnose faults.

Precautions

The reset udp ipv6 statistics command clears UDP6 packet statistics on all in-service interface boards. Therefore, confirm your action before running this command.

Example

# Clear UDP6 packet statistics.

<HUAWEI> reset udp ipv6 statistics

service type tunnel

Function

The service type tunnel command enables service loopback on an Eth-Trunk interface to loop service packets back to tunnel interfaces.

The undo service type tunnel command disables service loopback on an Eth-Trunk interface.

By default, service loopback is disabled on an Eth-Trunk interface.

Format

service type tunnel

undo service type tunnel

Parameters

None

Views

Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To forward packets using tunnel interfaces, you need to bind the tunnel interfaces to an Eth-Trunk interface. Before binding the tunnel interfaces to the Eth-Trunk interface, run the service type tunnel command to enable service loopback on the Eth-Trunk interface to loop service packets back to tunnel interfaces.

Precautions

After being configured as a service loopback interface, an Eth-Trunk interface can only be used to loop service packets back to tunnel interfaces.

A device can be configured with only one service loopback interface.

You cannot configure both the service type tunnel command and the URPF function on the same Eth-Trunk.

On an Eth-Trunk enabled with the service loopback function, the STP function is automatically disabled. After the service loopback function is disabled on the Eth-Trunk, the STP function is automatically enabled.

After the Eth-Trunk interface is configured as the service loopback interface, other service configurations cannot be performed on the Eth-Trunk interface by invoking the MIB through the NMS. Otherwise, the service loopback interface function or the service configurations delivered through the MIB may be invalid.

Example

# Enable service loopback on the interface Eth-Trunk 0.

<HUAWEI> system-view
[HUAWEI] interface eth-trunk 0
[HUAWEI-Eth-Trunk0] service type tunnel

snmp-agent trap enable feature-name ipv6

Function

The snmp-agent trap enable feature-name ipv6 command enables the trap function for the IPv6 module.

The undo snmp-agent trap enable feature-name ipv6 command disables the trap function for the IPv6 module.

By default, the trap function is enabled for the IPv6 module.

Format

snmp-agent trap enable feature-name ipv6 [ trap-name ipv6ifstatechange ]

undo snmp-agent trap enable feature-name ipv6 [ trap-name ipv6ifstatechange ]

Parameters

Parameter Description Value
trap-name Enables the traps of IPv6 events of specified types. -
ipv6ifstatechange Enables the trap function in case that the IPv6 protocol status on an interface is changed. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

To enable the traps of one or more events, you can specify type-name.

Example

# Enables all traps of IPv6 module.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name ipv6

tcp ipv6 max-mss

Function

The tcp ipv6 max-mss command sets the maximum value of Maximum Segment Size (MSS) for a TCP6 connection.

The undo tcp ipv6 max-mss command deletes the maximum MSS value of a TCP6 connection.

By default, the maximum MSS value is not configured for TCP6 connections.

Format

tcp ipv6 max-mss mss-value

undo tcp ipv6 max-mss

Parameters

Parameter Description Value
mss-value Specifies the maximum MSS value for a TCP6 connection. The value is an integer ranging from 32 to 9600, in bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To establish a TCP6 connection, the MSS value is negotiated, which indicates the maximum length of packets that the local device can receive. If the path MTU is unavailable on one end of a TCP6 connection, this end cannot adjust the TCP6 packet size based on the MTU. As a result, this end may send TCP6 packets that are longer than the MTUs on intermediate devices, which will discard these packets. To prevent this problem, run the tcp ipv6 max-mss command on either end of a TCP6 connection to set the maximum MSS value of TCP6 packets. Then the MSS value negotiated by both ends will not exceed this maximum MSS value, and accordingly TCP6 packets sent from both ends will not be longer than this maximum MSS value and can travel through the intermediate network.

Precautions

The maximum MSS value configured using the tcp ipv6 max-mss command must be greater than the minimum MSS value configured using the tcp ipv6 min-mss command.

Example

# Set the maximum MSS value for a TCP6 connection to 1024 bytes.

<HUAWEI> system-view
[HUAWEI] tcp ipv6 max-mss 1024
Related Topics

tcp ipv6 min-mss

Function

The tcp ipv6 min-mss command sets the minimum value of maximum segment size (MSS) for a TCP6 connection.

The undo tcp ipv6 min-mss command restores the default minimum value of the MSS for a TCP6 connection.

The default minimum MSS value for a TCP6 connection is 216 bytes.

Format

tcp ipv6 min-mss mss-value

undo tcp ipv6 min-mss

Parameters

Parameter Description Value
mss-value Specifies the minimum MSS value for a TCP6 connection. The value ranges from 32 bytes to 1500 bytes. By default, the value is 216 bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To establish a TCP6 connection, the MSS value is negotiated, which indicates the maximum length of packets that the local device can receive. The TCP6 client on a network may send a request packet for establishing a TCP6 connection carrying a small MSS value. For example, the MSS value is 1. After the TCP6 server receives the request packet carrying the MSS value, the TCP6 connection is established. The TCP6 client then may send large numbers of requests to the server by an application, causing the TCP6 server to generate large numbers of reply packets. This may burden the TCP6 server or network, causing denial of service (DoS) attacks. To resolve this problem, run the tcp ipv6 min-mss command to set the minimum MSS value for a TCP6 connection. This configuration prevents a server from receiving packets carrying a small MSS value.

Precautions

The minimum MSS value configured using the tcp ipv6 min-mss command must be less than the maximum MSS value configured using the tcp ipv6 max-mss command.

If the tcp ipv6 min-mss command is run more than once in the same view, the latest configuration overrides the previous one.

Configure the parameters under the guidance of the technical personnel.

Example

# Set the minimum MSS value for a TCP6 connection to 512 bytes.

<HUAWEI> system-view
[HUAWEI] tcp ipv6 min-mss 512
Related Topics

tcp ipv6 timer fin-timeout

Function

The tcp ipv6 timer fin-timeout command sets the value of the TCP6 FIN-Wait timer.

The undo tcp ipv6 timer fin-timeout command restores the default value of the TCP6 FIN-Wait timer.

By default, the value of the TCP6 FIN-Wait timer is 600s.

Format

tcp ipv6 timer fin-timeout interval

undo tcp ipv6 timer fin-timeout

Parameters

Parameter Description Value
interval Specifies the value of the TCP6 FIN-Wait timer. The value is an integer that ranges from 76 to 3600, in seconds. The default value is 600s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a TCP6 connection changes from FIN_WAIT_1 to FIN_WAIT_2, the TCP FIN-Wait timer is started. If the local device does not receive a packet with the FIN flag after the TCP6 FIN-Wait timer expires, the TCP6 connection is closed.

Precautions

If you run the tcp ipv6 timer fin-timeout command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the value of the TCP6 FIN-Wait timer to 800s.

<HUAWEI> system-view
[HUAWEI] tcp ipv6 timer fin-timeout 800

tcp ipv6 timer syn-timeout

Function

The tcp ipv6 timer syn-timeout command sets the value of the TCP6 SYN-Wait timer.

The undo tcp ipv6 timer syn-timeout command restores the default value of the TCP6 SYN-Wait timer.

By default, the value of the TCP6 SYN-Wait timer is 75s.

Format

tcp ipv6 timer syn-timeout interval

undo tcp ipv6 timer syn-timeout

Parameters

Parameter Description Value
interval Specifies the value of the TCP6 SYN-Wait timer. The value is an integer that ranges from 2 to 600, in seconds. The default value is 75s.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When an SYN packet is sent, the TCP6 SYN-Wait timer is started. If no response packet is received when the TCP6 SYN-Wait timer expires, the TCP6 connection is closed.

Precautions

If you run the tcp ipv6 timer syn-timeout command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the value of the TCP6 SYN-Wait timer to 100s.

<HUAWEI> system-view
[HUAWEI] tcp ipv6 timer syn-timeout 100

tcp ipv6 window

Function

The tcp ipv6 window command sets the size of the packet receive or send buffer of a connection-oriented socket.

The undo tcp ipv6 window command restores the default size of the packet receive or send buffer of a connection-oriented socket.

By default, the size of the packet receive or send buffer of a connection-oriented socket is 8K bytes.

Format

tcp ipv6 window window-size

undo tcp ipv6 window

Parameters

Parameter Description Value
window-size Specifies the size of the packet receive or send buffer of a connection-oriented socket. The value is an integer that ranges from 1 to 32, in K bytes. The default value is 8K bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

This command changes the default size of the packet receive or send buffer. The device uses the default size to establish a TCP6 session.

Precautions

If you run the tcp ipv6 window command multiple times, only the latest configuration takes effect.

You are advised to use this command under the supervision of technical support personnel.

Example

# Set the size of the packet receive or send buffer of a connection-oriented socket to 4K bytes.

<HUAWEI> system-view
[HUAWEI] tcp ipv6 window 4
Translation
Download
Updated: 2019-04-09

Document ID: EDOC1100065659

Views: 115281

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next