HPE 5920 & 5900 Switch Series
Layer 3—IP Services
Command Reference
Part number:
Software version: Release 24
Document version: 6W101-20170622
5998-6643s
22P01
© Copyright 2016 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are trademarks of the Microsoft group of companies.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
ARP commands ···············································································1
arp check enable ··················································································································· 1
arp check log enable ·············································································································· 1
arp max-learning-num ············································································································ 2
arp max-learning-number ········································································································ 3
arp multiport ························································································································· 4
arp static ······························································································································ 5
arp timer aging ······················································································································ 6
display arp ··························································································································· 6
display arp ip-address ············································································································ 8
display arp entry-limit ············································································································· 9
display arp timer aging ··········································································································· 9
display arp vpn-instance ······································································································· 10
reset arp ···························································································································· 11
Gratuitous ARP commands ······························································ 12
arp ip-conflict log prompt ······································································································· 12
arp send-gratuitous-arp ········································································································ 12
gratuitous-arp-learning enable ······························································································· 13
gratuitous-arp-sending enable ······························································································· 14
Proxy ARP commands ···································································· 15
display local-proxy-arp ········································································································· 15
display proxy-arp ················································································································· 15
local-proxy-arp enable ·········································································································· 16
proxy-arp enable ················································································································· 17
ARP snooping commands ································································ 18
arp snooping enable ············································································································ 18
display arp snooping ············································································································ 18
reset arp snooping ··············································································································· 19
ARP fast-reply commands ································································ 21
arp fast-reply enable ············································································································ 21
IP addressing commands ································································· 22
display ip interface ··············································································································· 22
display ip interface brief ········································································································ 24
ip address ·························································································································· 25
ip address unnumbered ········································································································ 27
DHCP commands ·········································································· 28
Common DHCP commands ········································································································· 28
dhcp dscp ·························································································································· 28
dhcp enable ······················································································································· 28
dhcp select ························································································································ 29
DHCP server commands ············································································································· 30
address range ···················································································································· 30
bims-server ························································································································ 31
bootfile-name ····················································································································· 31
class ································································································································· 32
dhcp class·························································································································· 33
dhcp server always-broadcast ······························································································· 34
dhcp server apply ip-pool ······································································································ 35
dhcp server bootp ignore ······································································································ 35
dhcp server bootp reply-rfc-1048 ···························································································· 36
dhcp server forbidden-ip ······································································································· 36
i
dhcp server ip-pool ·············································································································· 37
dhcp server ping packets ······································································································ 38
dhcp server ping timeout ······································································································· 39
dhcp server relay information enable ······················································································· 39
display dhcp server conflict ··································································································· 40
display dhcp server expired ··································································································· 41
display dhcp server free-ip ···································································································· 42
display dhcp server ip-in-use ································································································· 43
display dhcp server pool ······································································································· 44
display dhcp server statistics ································································································· 46
dns-list ······························································································································ 48
domain-name ····················································································································· 48
expired ······························································································································ 49
forbidden-ip ························································································································ 50
gateway-list ························································································································ 50
if-match ····························································································································· 51
nbns-list ····························································································································· 53
netbios-type ······················································································································· 53
network ····························································································································· 54
next-server ························································································································· 55
option ································································································································ 56
reset dhcp server conflict ······································································································ 57
reset dhcp server expired ······································································································ 58
reset dhcp server ip-in-use ···································································································· 58
reset dhcp server statistics ···································································································· 59
static-bind ·························································································································· 59
tftp-server domain-name ······································································································· 60
tftp-server ip-address ··········································································································· 61
voice-config ························································································································ 61
DHCP relay agent commands ······································································································ 62
dhcp relay check mac-address ······························································································· 62
dhcp relay check mac-address aging time ················································································ 63
dhcp relay client-information record ························································································ 64
dhcp relay client-information refresh························································································ 64
dhcp relay client-information refresh enable·············································································· 65
dhcp relay information circuit-id ······························································································ 66
dhcp relay information enable ································································································ 68
dhcp relay information remote-id ···························································································· 68
dhcp relay information strategy ······························································································ 69
dhcp relay release ip ············································································································ 70
dhcp relay server-address ····································································································· 71
display dhcp relay check mac-address ···················································································· 71
display dhcp relay client-information ······················································································· 72
display dhcp relay information ································································································ 73
display dhcp relay server-address ·························································································· 74
display dhcp relay statistics ··································································································· 75
reset dhcp relay client-information ·························································································· 76
reset dhcp relay statistics ······································································································ 77
DHCP client commands ·············································································································· 77
dhcp client dad enable ········································································································· 77
dhcp client dscp ·················································································································· 78
dhcp client identifier ············································································································· 78
display dhcp client ··············································································································· 79
ip address dhcp-alloc ··········································································································· 81
DHCP snooping commands ········································································································· 82
dhcp snooping binding database filename ················································································ 82
dhcp snooping binding database update interval ······································································· 84
dhcp snooping binding database update now ··········································································· 84
dhcp snooping binding record ································································································ 85
dhcp snooping check mac-address ························································································· 85
dhcp snooping check request-message ··················································································· 86
dhcp snooping deny ············································································································· 87
ii
dhcp snooping enable ·········································································································· 87
dhcp snooping information circuit-id ························································································ 88
dhcp snooping information enable ·························································································· 90
dhcp snooping information remote-id ······················································································ 90
dhcp snooping information strategy························································································· 91
dhcp snooping log enable ····································································································· 92
dhcp snooping max-learning-num ··························································································· 93
dhcp snooping rate-limit ········································································································ 93
dhcp snooping trust ············································································································· 94
display dhcp snooping binding ······························································································· 95
display dhcp snooping binding database ·················································································· 96
display dhcp snooping information ·························································································· 96
display dhcp snooping packet statistics ··················································································· 98
display dhcp snooping trust ··································································································· 98
reset dhcp snooping binding ·································································································· 99
reset dhcp snooping packet statistics ······················································································ 99
BOOTP client commands ·········································································································· 100
display bootp client ············································································································ 100
ip address bootp-alloc ········································································································ 101
DNS commands ··········································································· 102
display dns domain ············································································································ 102
display dns host ················································································································ 102
display dns server ············································································································· 104
display ipv6 dns server ······································································································· 105
dns domain ······················································································································ 105
dns dscp ·························································································································· 106
dns proxy enable ··············································································································· 107
dns server ························································································································ 107
dns source-interface ·········································································································· 108
dns spoofing ····················································································································· 109
dns trust-interface·············································································································· 110
ip host ····························································································································· 111
ipv6 dns dscp ··················································································································· 111
ipv6 dns server ················································································································· 112
ipv6 dns spoofing ·············································································································· 113
ipv6 host ·························································································································· 114
reset dns host ··················································································································· 115
DDNS commands ········································································ 116
ddns apply policy ··············································································································· 116
ddns dscp ························································································································ 117
ddns policy ······················································································································· 117
display ddns policy ············································································································ 118
interval ···························································································································· 119
method ···························································································································· 120
password ························································································································· 121
ssl-client-policy ················································································································· 122
url··································································································································· 123
username ························································································································ 125
Basic IP forwarding commands ······················································· 126
display fib ························································································································ 126
ip forwarding-table save ······································································································ 128
Load sharing commands ································································ 129
display ip load-sharing path ································································································· 129
ip load-sharing local-first enable ··························································································· 130
ip load-sharing mode per-flow ······························································································ 131
ip load-sharing symmetric enable ························································································· 132
iii
Fast forwarding commands ···························································· 133
display ip fast-forwarding aging-time ····················································································· 133
display ip fast-forwarding cache ··························································································· 133
display ip fast-forwarding fragcache ······················································································ 134
ip fast-forwarding aging-time ······························································································· 135
ip fast-forwarding load-sharing ····························································································· 136
reset ip fast-forwarding cache ······························································································ 136
IRDP commands ·········································································· 138
ip irdp ······························································································································ 138
ip irdp address ·················································································································· 138
ip irdp lifetime ··················································································································· 139
ip irdp interval ··················································································································· 140
ip irdp multicast ················································································································· 140
ip irdp preference ·············································································································· 141
IP performance optimization commands ············································ 143
display icmp statistics ········································································································· 143
display ip statistics ············································································································· 144
display rawip ···················································································································· 145
display rawip verbose ········································································································· 146
display tcp························································································································ 148
display tcp statistics ··········································································································· 149
display tcp verbose ············································································································ 151
display udp ······················································································································ 153
display udp statistics ·········································································································· 154
display udp verbose ··········································································································· 155
ip forward-broadcast ·········································································································· 157
ip icmp error-interval ·········································································································· 158
ip icmp fragment discarding ································································································· 159
ip icmp source ·················································································································· 159
ip mtu ······························································································································ 160
ip redirects enable ············································································································· 161
ip ttl-expires enable ··········································································································· 161
ip unreachables enable ······································································································ 162
reset ip statistics ··············································································································· 163
reset tcp statistics ·············································································································· 163
reset udp statistics ············································································································· 163
tcp mss ··························································································································· 164
tcp path-mtu-discovery ······································································································· 165
tcp syn-cookie enable ········································································································ 165
tcp timer fin-timeout ··········································································································· 166
tcp timer syn-timeout ·········································································································· 167
tcp window ······················································································································· 167
UDP helper commands ································································· 169
display udp-helper interface ································································································ 169
reset udp-helper statistics ··································································································· 170
udp-helper broadcast-map ·································································································· 170
udp-helper enable ············································································································· 171
udp-helper port ················································································································· 171
udp-helper server ·············································································································· 172
IPv6 basics commands ·································································· 174
display ipv6 fib ·················································································································· 174
display ipv6 icmp statistics ·································································································· 175
display ipv6 interface ········································································································· 176
display ipv6 interface prefix ································································································· 180
display ipv6 neighbors ········································································································ 181
display ipv6 neighbors count ······························································································· 183
display ipv6 neighbors entry-limit ·························································································· 183
iv
display ipv6 neighbors vpn-instance ······················································································ 184
display ipv6 pathmtu ·········································································································· 185
display ipv6 prefix ·············································································································· 186
display ipv6 rawip ·············································································································· 187
display ipv6 rawip verbose ·································································································· 188
display ipv6 statistics ········································································································· 190
display ipv6 tcp ················································································································· 192
display ipv6 tcp verbose ····································································································· 193
display ipv6 udp ················································································································ 196
display ipv6 udp verbose ···································································································· 197
ipv6 address ····················································································································· 199
ipv6 address anycast ········································································································· 200
ipv6 address auto ·············································································································· 201
ipv6 address auto link-local ································································································· 201
ipv6 address eui-64 ··········································································································· 202
ipv6 address link-local ········································································································ 203
ipv6 hop-limit ···················································································································· 204
ipv6 hoplimit-expires enable ································································································ 205
ipv6 icmpv6 error-interval ···································································································· 205
ipv6 icmpv6 multicast-echo-reply enable ················································································ 206
ipv6 icmpv6 source ············································································································ 207
ipv6 mtu ·························································································································· 207
ipv6 nd autoconfig managed-address-flag ·············································································· 208
ipv6 nd autoconfig other-flag ······························································································· 209
ipv6 nd dad attempts ·········································································································· 209
ipv6 nd ns retrans-timer ······································································································ 210
ipv6 nd nud reachable-time ································································································· 211
ipv6 nd ra halt ··················································································································· 212
ipv6 nd ra hop-limit unspecified ···························································································· 212
ipv6 nd ra interval ·············································································································· 213
ipv6 nd ra no-advlinkmtu ····································································································· 213
ipv6 nd ra prefix ················································································································ 214
ipv6 nd ra router-lifetime ····································································································· 215
ipv6 nd router-preference ···································································································· 216
ipv6 neighbor ···················································································································· 216
ipv6 neighbor link-local minimize ·························································································· 218
ipv6 neighbor stale-aging ···································································································· 218
ipv6 neighbors max-learning-num ························································································· 219
ipv6 option drop enable ······································································································ 220
ipv6 pathmtu ···················································································································· 220
ipv6 pathmtu age ··············································································································· 221
ipv6 prefer temporary-address ····························································································· 222
ipv6 prefix ························································································································ 222
ipv6 redirects enable ·········································································································· 223
ipv6 temporary-address ······································································································ 224
ipv6 unreachables enable ··································································································· 225
local-proxy-nd enable ········································································································· 225
proxy-nd enable ················································································································ 226
reset ipv6 neighbors ·········································································································· 226
reset ipv6 pathmtu ············································································································· 227
reset ipv6 statistics ············································································································ 228
DHCPv6 commands ····································································· 229
Common DHCPv6 commands ···································································································· 229
display ipv6 dhcp duid ········································································································ 229
ipv6 dhcp dscp ·················································································································· 229
ipv6 dhcp select ················································································································ 230
DHCPv6 server commands ········································································································ 231
address range ·················································································································· 231
display ipv6 dhcp pool ········································································································ 232
display ipv6 dhcp prefix-pool ······························································································· 233
display ipv6 dhcp server ····································································································· 234
v
display ipv6 dhcp server conflict ··························································································· 235
display ipv6 dhcp server expired ·························································································· 236
display ipv6 dhcp server ip-in-use ························································································· 237
display ipv6 dhcp server pd-in-use ························································································ 239
display ipv6 dhcp server statistics ························································································· 241
dns-server························································································································ 242
domain-name ··················································································································· 243
ipv6 dhcp pool ·················································································································· 243
ipv6 dhcp prefix-pool ·········································································································· 244
ipv6 dhcp server ················································································································ 245
ipv6 dhcp server apply pool ································································································· 246
ipv6 dhcp server forbidden-address ······················································································ 247
ipv6 dhcp server forbidden-prefix ·························································································· 248
network ··························································································································· 249
option ······························································································································ 250
prefix-pool ························································································································ 251
reset ipv6 dhcp server conflict ······························································································ 252
reset ipv6 dhcp server expired ····························································································· 252
reset ipv6 dhcp server ip-in-use ··························································································· 253
reset ipv6 dhcp server pd-in-use ·························································································· 253
reset ipv6 dhcp server statistics ··························································································· 254
sip-server························································································································· 254
static-bind ························································································································ 255
temporary address range ···································································································· 256
DHCPv6 relay agent commands ································································································· 257
display ipv6 dhcp relay server-address ·················································································· 257
display ipv6 dhcp relay statistics ··························································································· 258
ipv6 dhcp relay server-address ···························································································· 260
reset ipv6 dhcp relay statistics ····························································································· 261
DHCPv6 client commands ········································································································· 262
display ipv6 dhcp client ······································································································· 262
display ipv6 dhcp client statistics ·························································································· 264
ipv6 address dhcp-alloc ······································································································ 265
ipv6 dhcp client duid ·········································································································· 266
ipv6 dhcp client dscp ·········································································································· 266
ipv6 dhcp client pd ············································································································· 267
ipv6 dhcp client stateless enable ·························································································· 268
reset ipv6 dhcp client statistics ····························································································· 268
DHCPv6 snooping commands ···································································································· 269
display ipv6 dhcp snooping binding ······················································································· 269
display ipv6 dhcp snooping binding database ········································································· 270
display ipv6 dhcp snooping packet statistics ··········································································· 271
display ipv6 dhcp snooping trust ··························································································· 271
ipv6 dhcp snooping binding database filename ······································································· 272
ipv6 dhcp snooping binding database update interval ······························································· 273
ipv6 dhcp snooping binding database update now ··································································· 274
ipv6 dhcp snooping binding record························································································ 274
ipv6 dhcp snooping check request-message ·········································································· 275
ipv6 dhcp snooping deny ···································································································· 276
ipv6 dhcp snooping enable ·································································································· 276
ipv6 dhcp snooping log enable ····························································································· 277
ipv6 dhcp snooping max-learning-num ·················································································· 277
ipv6 dhcp snooping option interface-id enable ········································································· 278
ipv6 dhcp snooping option interface-id string ·········································································· 279
ipv6 dhcp snooping option remote-id enable ··········································································· 279
ipv6 dhcp snooping option remote-id string············································································· 280
ipv6 dhcp snooping rate-limit ······························································································· 281
ipv6 dhcp snooping trust ····································································································· 282
reset ipv6 dhcp snooping binding ························································································· 282
reset ipv6 dhcp snooping packet statistics ·············································································· 283
vi
IPv6 fast forwarding commands······················································· 284
display ipv6 fast-forwarding aging-time ·················································································· 284
display ipv6 fast-forwarding cache ························································································ 284
ipv6 fast-forwarding aging-time ···························································································· 286
ipv6 fast-forwarding load-sharing ·························································································· 286
reset ipv6 fast-forwarding cache ··························································································· 287
Tunneling commands ···································································· 288
bandwidth ························································································································ 288
default ····························································································································· 288
description ······················································································································· 289
destination ······················································································································· 289
display interface tunnel ······································································································· 290
interface tunnel ················································································································· 294
mtu ································································································································· 295
reset counters interface ······································································································ 295
service ···························································································································· 296
shutdown ························································································································· 296
source ····························································································································· 297
tunnel dfbit enable ············································································································· 298
tunnel discard ipv4-compatible-packet ··················································································· 299
tunnel tos ························································································································· 299
tunnel ttl ·························································································································· 300
GRE commands ·········································································· 301
keepalive ························································································································· 301
Document conventions and icons ···················································· 302
Conventions ···························································································································· 302
Network topology icons ············································································································· 303
Support and other resources··························································· 304
Accessing Hewlett Packard Enterprise Support·············································································· 304
Accessing updates ··················································································································· 304
Websites ························································································································· 305
Customer self repair ·········································································································· 305
Remote support ················································································································ 305
Documentation feedback ···································································································· 305
Index ························································································· 307
vii
ARP commands
arp check enable
Use arp check enable to enable dynamic ARP entry check.
Use undo arp check enable to disable dynamic ARP entry check.
Syntax
arp check enable
undo arp check enable
Default
Dynamic ARP entry check is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Dynamic ARP entry check disables a device f rom supporting dynamic ARP entries with multicast
MAC addresses. The device cannot learn dynamic ARP entries containing multicast MAC
addresses. You cannot manually add static ARP entries that contain multicast MAC addresses.
When this function is disabled, ARP entries containing multicast MAC addresses are supported. The
device can learn dynamic ARP entries containing multicast MAC address es obta in ed f r om the ARP
packets sourced from a unicast MAC address. You can also manually add static ARP entries
containing multicast M AC addresses.
Examples
# Enable dynamic ARP entry check.
<Sysname> system-view
[Sysname] arp check enable
arp check log enable
Use arp check log enable to enable the ARP logging function.
Use undo arp check log enable to disable the ARP logging function.
Syntax
arp check log enable
undo arp check log enable
Default
ARP logging is disable d.
Views
System view
Predefined user roles
network-admin
1
•
•
Usage guidelines
This function enables a device to log ARP events when ARP cannot resolve IP addresses correctly.
The device can log the following ARP events:
On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of
the following IP addresses:
The IP address of the receiving interface.
The virtual IP address of the VRRP group.
The public address after NAT.
The sender IP address of a received ARP reply conflicts with one of the following IP addresses:
The IP address of the receiving interface.
The virtual IP address of the VRRP group.
The public address after NAT.
The device sends ARP log messages to the information center. Y ou can use the info-center source
command to specify the log output rules for the information center. For more information about
information center, see Network Manage men t and Mo nitoring Configuration Guid e.
The device can gener ate a large am ount of ARP logs . To conserve system resources, enab le ARP
logging only when you are troubleshooting or debugging ARP events.
Examples
# Enable ARP logging.
<Sysname> sy stem-view
[Sysname] ar p check log enable
arp max-learning-num
Use arp ma x-learning-num to s et th e m axim um number of dynamic ARP entries that an i nterfac e
can learn.
Use undo arp max-learning-num to restore the default.
Syntax
arp max-learning-num number
undo arp max-learning-num
Default
An interface can learn a maximum of 16384 dynamic ARP entries.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view,
VLAN interface view, Layer 2 aggregate interf ace view, Layer 3 aggr egate interface view, Layer 3
aggregate subinterface view, S-channel interface view, S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of dynamic ARP entries for an interface. The value range is
0 to 16384.
2
Usage guidelines
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP
entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When
the maximum number is reached, the interface stops learning ARP entries.
When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.
Examples
# Specify VLAN-interface 40 to learn a maximum of 500 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface vlan-interface 40
[Sysname-Vlan-interface40] arp max-learning-num 500
# Specify T en-GigabitEthernet 1/0/1 to learn a maximum of 1000 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] arp max-learning-num 1000
# Specify Layer 2 aggreg ate interface bridg e-aggregation 1 to learn a m aximum of 1000 d ynamic
ARP entries.
<Sysname> sy stem-view
[Sysname] inte rface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] arp max-learning-num 1000
# Specify Layer 3 aggregate interface route-aggregation 1 to learn a maximu m of 1000 dynamic ARP
entries.
<Sysname> sy stem-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1] arp max-learning-num 1000
arp max-learning-number
Use arp max-learning-number to set the m axim um num ber of dynamic ARP entries that a device
can learn.
Use undo arp max-learning-number to restore the default.
Syntax
arp max-learning-number number slot slot-number
undo arp max-learning-number slot slot-number
Default
A device can learn a maximum of 16384 dynamic ARP entries.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of dynamic ARP entries for a device. The value range is 0
to 16384.
slot slot-number: Specifies an IRF m ember device by its member ID or a PEX by its virtual slot
number.
3
Usage guidelines
A device can dynamically learn ARP entries. T o prevent a device from holding too many ARP entries,
you can set the maxim um number of dynamic ARP entries that the d evice can learn. When the
maximum number is reached, the device stops learning ARP entries.
When the number argument is set to 0, the device is disabled from learning dynamic ARP entries.
Examples
# Set the IRF member device in slot 1 to learn a maximum of 64 dynamic ARP entries.
<Sysname> sy stem-view
[Sysname] ar p max-learning-number 64 slot 1
arp multiport
Use arp multiport to configure a multiport ARP entry.
Use undo arp to remove an ARP entry.
Syntax
arp multiport ip-address mac-address vlan-id [ vpn-instance vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No multiport ARP entries are configured.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address for the multiport ARP entry.
mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H.
vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094.
vpn-instance vpn-instance-name: Specifies an MPL S L3V PN instance for the multiport ARP entry.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN
instance must already exist. Without this option, the multiport ARP entry belongs to the public
network.
Usage guidelines
The specified VLAN must already exist. If the VLAN or the corresponding VLAN interface is
removed, the multiport ARP entry is also removed.
The specified IP address must reside on the sam e subnet as the VLAN i nterface of the specified
VLAN. Otherwise, the multiport ARP entry does not take effect.
To use the multiport ARP entry, you must configur e a multicast or multiport unicas t MAC address
entry to specify multiple output interfaces. The MAC address entry must have the same MAC
address and VLAN ID as the multiport ARP entry.
Examples
# Configure a multiport ARP entry that comprises IP address 202.38.10.2 and MAC address
00e0-fc01-0000 in VLAN 10.
<Sysname> system-view
[Sysname] ar p multiport 202.38.10.2 00e0-fc01-0000 10
4
Related commands
display arp multiport
reset arp multiport
arp static
Use arp static to configure a static ARP entry.
Use undo arp to remove an ARP entry.
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ] [ vpn-instance
vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No static ARP entries are configured.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address for the static ARP entry.
mac-address: Specifies a MAC addr es s for the static ARP entry, in the format of H-H-H.
vlan-id: Specifies the ID of a VLAN t o which the static ARP entry belongs. The va lue range is 1 to
4094. The VLAN and VLAN interface must already exist.
interface-type interface-number: Specifies an interface by its type and number. Make sure the
interface belongs to the specified VLAN.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the static ARP entry. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. T he VPN instance
must already exist. To specify a static ARP entry on the public network, do not specify this option.
Usage guidelines
A static ARP entry is manually configured and maintained. It does not age out and cannot be
overwritten by any dynamic ARP entry.
Static ARP entries ca n be clas s if ied int o l on g an d s hor t st atic ARP entr i es. A short static ARP entry
contains an IP-to-MAC mapping. A long static ARP entry contains an IP-to-MAC mapping, a VL AN,
and an output interface.
A static ARP entry is effective when the device works correctly.
When the VLAN or VLAN inter f ace is deleted, long sta tic ARP entr ies i n the VLA N ar e del eted , and
resolved short static ARP entries in the VLAN become unresolved.
A resolved short static ARP entry becomes unresolved upon cer tain ev ents, f or exam ple, when the
output interface goes down.
A long static ARP entry is ineffective when the corresponding VLAN interface or output i nterface is
down. An ineffective long static ARP entry cannot be used to for ward pac kets.
If you specify both the vlan-id and ip-address arguments, the IP address of the corresponding VLAN
interface must be on the same network as the specified IP address.
5
If you do not specify a VPN, the undo arp command removes ARP entries only for the public
network.
Examples
# Configure a static ARP entry that comprises IP address 202.38.10.2, MAC address
00e0-fc01-0000, and output interface Ten-GigabitEthernet 1/0/1 in VLAN 10.
<Sysname> system-view
[Sysname] ar p static 202.38.10.2 00e0-fc01-0000 10 Ten-GigabitEthernet 1/0/1
Related commands
display arp
reset arp
arp timer aging
Use arp timer aging to set the aging timer for dynamic ARP entries.
Use undo arp timer aging to restore the default.
Syntax
arp timer aging aging-time
undo arp timer aging
Default
The aging timer for dynamic ARP entries is 20 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Sets the aging t imer for dynamic ARP entries, in the range of 1 to 1440 minutes.
Usage guidelines
Each dynamic ARP entr y in the ARP table has a limited lifetim e, called an aging timer. The aging
timer of a dynamic ARP entr y is reset each tim e the dynam ic ARP entr y is updated. D ynamic ARP
entries that are not updated before their aging timers expire are deleted from the ARP table.
Set the aging timer for dynamic ARP entries as needed. For exam ple, when you configure proxy
ARP, set a short aging time so that invalid dynamic ARP entries can be deleted in time.
Examples
# Set the aging timer for dynamic ARP entries to 10 minutes.
<Sysname> system-view
[Sysname] ar p timer aging 10
Related commands
display arp timer aging
display arp
Use display arp to display ARP entries.
6
Syntax
display arp [ [ all | dynamic | multiport | static ] [ slot slot-number ] | vlan vlan-id | interface
interface-type interface-number ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all ARP entries.
dynamic: Disp lays dynamic ARP entries.
multiport: Displays multiport ARP entries.
static: Displays static ARP entries.
slot slot-number: Specif ies an IRF member device by its member ID or a PEX by its virtual slot
number.
vlan vlan-id: Disp lays th e ARP entries f or the spec ified VLAN. T he VLAN I D is in the range of 1 to
4094.
interface interface-type interface-number: Displays the ARP entries for the interface specified by the
argument interface-type interface-number.
count: Displays the number of ARP entries.
verbose: Displays detailed information about ARP entries.
Usage guidelines
This command displa ys information a bout ARP entries, including the IP addres s, MAC address,
VLAN ID, output interface, entry type, and aging timer.
If you do not specify any parameters, the command displays all ARP entries.
Examples
# Display all ARP entries.
<Sysname> di splay arp all
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
193.1.1.70 00e0-fe50-6503 100 XGE1/0/1 N/A IS
192.168.0.115 000d -88f7-9f7d 1 XGE1/0/2 18 D
192.168.0.39 0012 -a990-2241 1 XGE1/0/3 20 D
22.1.1.1 000c-299d-c041 10 N/A N/A M
# Display detailed information about all ARP entries.
<Sysname> di splay arp all verbose
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
Vpn Instance
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
[No Vrf]
193.1.1.70 00e0-fe50-6503 100 XGE1/0/1 N/A IS
[No Vrf]
7
Field
Description
To obtain the output interface inform atio n of the multiport ARP entry, look
192.168.0.115 000d -88f7-9f7d 1 XGE1/0/2 18 D
[No Vrf]
192.168.0.39 0012 -a990-2241 1 XGE1/0/3 20 D
[No Vrf]
22.1.1.1 000c-299d-c041 10 N/A N/A M
[No Vrf]
# Display the number of all ARP entries.
<Sysname> display arp all count
Total number of entries : 5
Table 1 Command output
IP Address IP address in an ARP entry.
MAC Address MAC address in an ARP entry.
VLAN
Interface
Aging
Type
Vpn Instance
Total number of entries Number of ARP entries.
Related commands
ID of the VLAN to which the ARP entry belongs. This field displays
either of the following situations:
• The ARP entry is an unresolved short static ARP entry.
• The output interface of the ARP entry does not belong to the VLAN.
Output interface in an ARP entry. This field displays
following situations:
• The ARP entry is an unresolved short static ARP entry.
• The ARP entry is a multiport ARP entry and has no output interface
information.
up the MAC address table according to the MAC address in the ARP
entry.
Aging time for a dynami c ARP entry in minutes.
time or no aging time.
ARP entry type:
• D—Dynamic.
• S—Static.
• O—OpenFlow.
• M—Multiport.
• I—Invalid.
Name of VPN instance.
for the ARP entry.
[No Vrf]
is displayed if no VPN in stan ce is configured
N/A
in either of the
N/A
means unknown aging
N/A
in
arp static
reset arp
display arp ip-address
Use display arp ip-address to display the ARP entry for an IP address.
Syntax
display arp ip-address [ slot slot-number ] [ verbose ]
8
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip-address: Displays the ARP entry for the specified IP address.
slot slot-number: Specif ies an IRF member device by its member ID or a PEX by its virtual slot
number.
verbose: Displays the detailed inform ation abo ut the specified ARP entry.
Usage guidelines
The ARP entry information inclu des the IP addres s , M AC ad dr ess , VLA N ID, out p ut int erface, entry
type, and aging timer.
Examples
# Display the ARP entry for the IP address 20.1.1.1.
<Sysname> display arp 20.1.1.1
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP address MAC address VLAN Interf ace Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
Related commands
arp static
reset arp
display arp entry-limit
Use display arp entry-limit to display the maximum number of ARP entries that a device supports.
Syntax
display arp entry-limit
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the maximum number of ARP entries that the device supports.
<Sysname> display arp entry-limit
ARP entries: 16384
display arp timer aging
Use display arp timer aging to display the aging timer of dynamic ARP entries.
9
Syntax
display arp timer aging
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging timer of dynamic ARP entries.
<Sysname> disp lay arp timer aging
Current ARP ag ing time is 10 minute(s)
Related commands
arp timer aging
display arp vpn-instance
Use display arp vpn-instance to displa y the ARP entries for a VPN instance.
Syntax
display arp vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to
31 characters.
count: Displays the number of ARP entries.
Usage guidelines
This command displays information about ARP entries for a VPN instance, including the IP address,
MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display ARP entries for the VPN instance named test.
<Sysname> display arp vpn-instance test
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP address MAC address VLAN ID Int erface Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
Related commands
arp static
reset arp
10
reset arp
Use reset arp to clear ARP entries from the ARP table.
Syntax
reset arp { all | dynamic | interface interface-type interface-number | multiport | slot slot-number |
static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all ARP entries.
dynamic: Clears all dynamic ARP entries.
multiport: Clears all multiport ARP entries.
static: Clears all static ARP entries.
slot slot-number: Specif ies an IRF member device by its member ID or a PEX by its virtual slot
number.
interface interface-type interface-number: Clears the ARP entries for the interface specif ied b y the
argument interface-type interface-number.
Usage guidelines
This command can separately clear static ARP entries, dynamic ARP entries, multiport ARP entries,
or ARP entries on specified interfaces.
When the interface interface-type interf ace-number option is specif ied, this com mand clears onl y
dynamic ARP entries for the specified interface.
When the slot slot-number option is specified, this com mand clears only d ynamic ARP entries for
the specified IRF member device or PEX.
Examples
# Clear all static ARP entries.
<Sysname> re set arp static
Related commands
arp static
display arp
11
Gratuitous ARP commands
arp ip-conflict log prompt
Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation.
Use undo arp ip-conflict log prompt to restore the default.
Syntax
arp ip-conflict log prompt
undo arp ip-conflict log prompt
Default
IP conflict notification is disabled. The receiving device sends a gratuitous ARP request, and it
displays an error message after it receives an ARP reply about the conflict.
Views
System view
Predefined user roles
network-admin
Examples
# Enable IP conflict notification on the device.
<Sysname> system-view
[Sysname] ar p ip-conflict log prompt
arp send-gratuitous-arp
Use arp send-gratuitous-arp to e nable periodic sending of grat uitous ARP packets and set th e
sending interval on an interface.
Use undo arp send-gratuitous-arp to disable the interface from periodicall y sending gratuitous
ARP packets.
Syntax
arp send-gratuitous-arp [ interval milliseconds ]
undo arp send-gratuitous-arp
Default
Periodic sending of gratuitous ARP is disabled.
Views
Layer 3 Ethernet interf ace view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface
view, Layer 3 aggregate subinterface view, VLAN interface view
Predefined user roles
network-admin
Parameters
interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200
to 200000 milliseconds. The default value is 2000 milliseconds.
12
•
•
•
Usage guidelines
This function takes effect only when the enabled interface is up and an IP address has been
assigned to the interface.
This function c an se nd gratuitous ARP requ ests only f or a V RRP virtual IP addres s, or the s endi ng
interface's primary IP address or manually configured secondary IP address. The primary IP address
can be configured manually or automatically , whereas the secondary IP address must be configured
manually.
If you change the interval for sending gratuitous ARP packets, the conf iguration takes effect at the
next sending interval.
The frequency of sending gratuitous ARP packets might be much lower than expected when any of
the following conditions exist:
This function is enabled on multiple interfaces.
Each interface is configured with multiple secondary IP addresses.
A small sending interval is configured in the preceding cases.
Examples
# Enable VLAN-interface 2 to send gratuitous ARP packets every 300 milliseconds.
<Sysname> sy stem-view
[Sysname] in terface vlan-interface 2
[Sysname-Vlan-interface2] ar p send-gratuitous-arp interval 300
gratuitous-arp-learning enable
Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets.
Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Default
Learning of gratuitous ARP packets is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The learning of gratuitous ARP packets function allows a device to maintain its ARP table by creating
or updating ARP entries based on received gratuitous ARP packets.
When this functio n is disabled, the de vice uses r ecei ve d gratuitous ARP pack ets to update existing
ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which
saves ARP table space.
Examples
# Enable learning of gratuitous ARP packets.
<Sysname> system-view
[Sysname] gratuitous-arp-learning enable
13
gratuitous-arp-sending enable
Use gratuitous-arp-sending enable to ena ble sending of gratuitous ARP packets upon receiving
ARP requests whose sender IP address is on a different subnet.
Use undo gratuitous-arp-sending enable to restore the default.
Syntax
gratuitous-arp-sending enable
undo gratuitous-arp-sending enable
Default
A device does not send gratuitous ARP p ackets when it receives ARP requ ests whose sender IP
address is on a different subnet.
Views
System view
Predefined user roles
network-admin
Examples
# Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose
sender IP address is on a different subnet.
<Sysname> sy stem-view
[Sysname] undo gratuitous-arp-sending enable
14
Proxy ARP commands
display local-proxy-arp
Use display local-proxy-arp to display the local proxy ARP status.
Syntax
display local-proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays the local proxy ARP status for the specified
interface.
Usage guidelines
You can use this command to check whether local proxy ARP is enabled or disabled.
If an interface is specified, this command displays the local proxy ARP status for the specified
interface.
If no interface is specified, this command displays the local proxy ARP status for all interfaces.
Examples
# Display the local proxy ARP status for VLAN-interface 2.
<Sysname> display local-proxy-arp interface vlan-interface 2
Interface Vl an-interface2
Local Proxy ARP st atus: enabled
Related commands
local-proxy-arp enable
display proxy-arp
Use display proxy-arp to displ a y the proxy ARP status.
Syntax
display proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays the proxy ARP status for the specified interface.
15
Usage guidelines
You can use this command to check whether proxy ARP is enabled or disabled.
If an interface is specified, this command displays proxy ARP status for the specified interface.
If no interface is specified, this command displays proxy ARP status for all interfaces.
Examples
# Display the proxy ARP status on VLAN-interface 1.
<Sysname> display proxy-arp interface Vlan-interface 1
Interface Vl an-interface1
Proxy ARP status : disabled
Related commands
proxy-arp enable
local-proxy-arp enable
Use local-proxy-arp enable to enable local proxy ARP.
Use undo local-proxy-arp enable to disable local proxy ARP.
Syntax
local-proxy-arp enable [ ip-range startIP to endIP ]
undo local-proxy-arp enable
Default
Local proxy ARP is disabled.
Views
VLAN interface view, Layer 3 Et hernet interf ace view, Layer 3 Ethernet subinterface vie w, Layer 3
aggregate interface view, Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Parameters
ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The
start IP address must be lower than or equal to the end IP address.
Usage guidelines
Proxy ARP enables a device on a net work to answer ARP requests f or an IP address not on that
network. With proxy ARP, hosts in different broadcast domains can communicate with each other as
they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3
interfaces and reside in different broadcast domains.
Local proxy ARP allows com munication between hosts that c onnect to the same La yer 3 interface
and reside in different broadcast domains.
Only one IP address range can be specified by using the ip-range keyword on an interface.
Examples
# Enable local proxy ARP on VLAN-interface 2.
<Sysname> system-view
16
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] lo cal-proxy-arp enable
# Enable local proxy ARP on VLAN-interface 2 for an IP address range.
<Sysname> sy stem-view
[Sysname] in terface vlan-interface 2
[Sysname-Vlan-interface2] lo cal-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20
Related commands
display local-proxy-arp
proxy-arp enable
Use proxy-arp enable to enable proxy ARP.
Use undo proxy-arp enable to disable prox y ARP.
Syntax
proxy-arp enable
undo proxy-arp enable
Default
Proxy ARP is disabled.
Views
VLAN interface view, Layer 3 Ethern et interface vi ew, Layer 3 Ethernet subinterface view, Layer 3
aggregate interface view, Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Usage guidelines
Proxy ARP enables a device on a net work to answer ARP requests f or an IP address not on that
network. With proxy ARP, hosts in different broadcast domains can communicate with each other as
they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3
interfaces and reside in different broadcast domains.
Local proxy ARP allows com munication between hosts that c onnect to the same La yer 3 interface
and reside in different broadcast domains.
Examples
# Enable proxy ARP on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] pr oxy-arp enable
Related commands
display proxy-arp
17
ARP snooping commands
arp snooping enable
Use arp snooping enable to enable ARP snooping.
Use undo arp snooping enable to disable ARP snooping.
Syntax
arp snooping enable
undo arp snooping enable
Default
ARP snooping is disabled.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ARP snooping on VLAN 2.
<Sysname> sy stem-view
[Sysname] vlan 2
[Sysname-vlan2] arp snooping enable
display arp snooping
Use display arp snooping to display ARP snooping entries.
Syntax
display arp snooping [ vlan vlan-id ] [ slot slot-number ] [ count ]
display arp snooping ip ip-address [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan vlan-id: Displays ARP snooping entries for a VLAN. The vlan-id argument is in the range of 1 to
4094.
count: Displays the number of the current ARP snooping entries.
ip ip-address: Displays the ARP snooping entry for the specified IP address.
slot slot-number: Specif ies an IRF member device by its member ID or a PEX by its virtual slot
number.
18
Field
Description
Usage guidelines
If you do not specify any keywords or arguments, the command displays all ARP snooping entries.
Examples
# Display ARP snooping entries for VLAN 2.
<Sysname> disp lay arp snooping vlan 2
IP Address MAC Address VLAN ID Interface Aging Status
3.3.3.3 0003-0003-0003 2 XGE1/0/1 20 Valid
3.3.3.4 0004-0004-0004 2 XGE1/0/2 5 Invalid
# Display the number of the current ARP snooping entries.
<Sysname> disp lay arp snooping count
Total entries: 2
Table 2 Command output
IP Address IP address in an ARP snoopin g entry.
MAC Address MAC address in an ARP snoo ping entry .
VLAN ID ID of the VLAN to which the ARP snooping entry belongs.
Interface Input interface in an ARP snoo ping entr y .
Aging Aging time for an ARP snoopi ng entry in minutes.
Status
Total entries Number of ARP snooping entries.
Related commands
reset arp snooping
reset arp snoopin g
Use reset arp snooping to remove ARP snooping entries.
Syntax
reset arp snooping [ ip ip-address | vlan vlan-id ]
Views
User view
Predefined user roles
network-admin
Parameters
Status of an ARP snooping entry:
Valid, Invalid, Collision
.
ip ip-address: Removes the ARP entry for the specified IP address.
vlan vlan-id: Removes the ARP entries for the specified VLAN. The vlan-id argument is in the range
of 1 to 4094.
Usage guidelines
If you do not specify any keywords or arguments, the command removes all ARP snooping entries.
Examples
# Remove ARP snooping entries for VLAN 2.
19
<Sysname> rese t arp snooping vlan 2
Related commands
display arp snooping
20
ARP fast-reply commands
arp fast-reply enab le
Use arp fast-reply enable to enable ARP fast-reply for a VLAN.
Use undo arp fast-reply enable to disable ARP fast-reply for a VLAN.
Syntax
arp fast-reply enable
undo arp fast-reply enable
Default
ARP fast-reply is disabled on a VLAN.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ARP fast-reply for VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] arp fast-reply enable
21
•
•
IP addressing commands
The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified.
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and La yer 3 Ethernet interf aces. You can set an Ethernet port as a Layer 3 int erface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display ip interface
Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface
or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Use the display ip interface com mand to display IP configuration and statis tics for the specified
Layer 3 interface. The statistics include the following information:
The number of unicast packets, bytes, and multicast packets the interface has sent and
received.
The number of TTL-invalid packets and ICMP packets the interface has received.
The packet statistics helps you locate a possible attack on the network.
If you do not specify an interface, the command displays information about all Layer 3 interfaces.
Examples
# Display IP configuration and statistics for VLAN-interface 10.
<Sysname> displ ay ip interface vlan-interface 10
Vlan-interfac e10 current stat e : DOWN
Line protoco l current state : DOWN
Internet Addres s is 1.1.1.1/8 Primary
Broadcast ad dress : 1.255.255.255
The Maximum Tr ansmit Unit : 1500 bytes
input packet s : 0, bytes : 0, multicas ts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number: 0
ICMP packet in put number: 0
Echo reply: 0
Unreachable: 0
Source quench : 0
22
Field
Description
Routing redire ct: 0
Echo request: 0
Router advert : 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
Table 3 Command output
Current physical state of the interface:
• Administrative DOWN—The interface is shut down with the
current state
shutdown command.
• DOWN—The interface is administratively up but its physical state is
down, which might be caused by a connection or link failure.
• UP—Both the administrativ e and phy sical states of the interface a re up.
Current state of the link layer protocol:
• DOWN—The protocol state of the interface is down.
Line protocol current state
• UP—The protocol state of the interface is up.
• UP (spoofing)—The protocol state of the interface pretends to be up.
However, no corresponding link is present, or the corresponding link is
not present permanently but is established as needed.
IP address of an interface followed by:
• Primary—A primary IP address.
• Sub—A secondary IP addr es s .
• DHCP-Allocated—An IP address obtained through DHCP.
Internet Address
• BOOTP-Allocated—An IP address obtained through BOOTP.
• Cluster—A cluster IP address.
• Mad—A MAD IP address.
• IRF-Member—IP address of the management Ethernet port of an IRF
member device.
Broadcast address Broadcast address of the subnet attached to an interfac e.
The Maximum Transmit Unit Maximum transmission units on the interface, in bytes.
input packets, bytes,
multicasts
output packets, bytes,
Unicast packets, bytes, and multicast packets received on an interface
(statistics start at the device startup).
multicasts
TTL invalid packet number
Number of TTL-invalid packets received on the interface (statistics start at
the device startup).
ICMP packet input number:
Echo reply:
Unreachable:
Source quench:
Total number of ICMP packets received on the interface (statistics start at
the device startup):
• Echo reply packets.
• Unreachable packets.
• Source quench packets.
23
Field
Description
• Routing redirect packets.
Routing redirect:
Echo request:
Router advert:
Router solicit:
Time exceed:
IP header bad:
Timestamp request:
Timestamp reply:
Information request:
Information reply:
Netmask request:
Netmask reply:
Unknown type:
Related commands
display ip interface brief
ip address
• Echo request packets.
• Router advertisement packets.
• Router solicitation packets.
• Time exceeded packets.
• IP header bad packets.
• Timestamp request packets.
• Timestamp reply packets.
• Information request packets.
• Information reply packets.
• Netmask request packets.
• Netmask reply packets.
• Unknown type packets.
display ip interface brief
Use display ip interface brief to display brief IP configuration information for the specified Layer 3
interface or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type [ interface-number ] ] brief
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type: Specifies the interface type.
interface-number: Specifies the interface number.
Usage guidelines
Use the display ip interface brief command to display brief IP configuratio n information, including
the state, IP address, and description of the physical and link layer protocols, for the specified Layer
3 interface or all Layer 3 interfaces.
If you do not specify the in terface type and interface number, the command displays the brief IP
configuration information for all Layer 3 interfaces.
If you specify only the interface type, the command displays the brief IP configuration information for
all Layer 3 interfaces of the specified type.
If you specify both the interface type and interface number, the command displays the brief IP
configuration information for the specified interface.
24
Field
Description
Examples
# Display brief IP configuration information for VLAN interfaces.
<Sysname> display ip interface vlan-interface brief
*down: administ ratively down
(s): spoofing ( l): loopback
Interface Physical Protocol IP Address Description
Vlan10 down down 6.6.6.1 Vlan-inte...
Vlan2 down down 7.7.7.1 Vlan-inte...
Table 4 Command output
*down: administratively
down
(s) : spoofing
Interface Interface name.
Physical
Protocol
IP Address
Description
Related commands
The interface is administratively shut down with the
Spoofing attribute o f the interface. It ind ica tes th at an interface might have no link
present even when its link layer protocol is up or the link is established only on
demand.
Physical state of the interface:
• *down—The interface is administratively shut down with the shutdown
command.
• down—The interface is administratively up but its physical state is down
(possibly because of poor connection or line failure).
• up—Both the administrative and physical states of the interface are up.
Link layer protocol state of the interface:
• down—The protocol state of the interface is down (typically when no IP
address is configured for the interface).
• up—The protocol state of the interface is up.
• up(s)—The protocol state of the interface is up (spoofing).
IP address of the interface. If no IP address is configured,
displayed.
Interface description informat i on.
A maximum of 12 characters can be displayed. If there are more than 12
characters, only the first 9 characters are displayed.
shutdown
unassigned
command.
is
display ip interface
ip address
ip address
Use ip address to assign an IP address to the interface.
Use undo ip address to remove the IP address from the interface.
Syntax
ip address ip-address { mask-length | mask } [ irf-member member-id | sub ]
undo ip address [ ip-address { mask-length | mask } [ irf-member member-id | sub ] ]
Default
No IP address is assigned to an interface.
25
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of the interface, in dotted decimal notation.
mask-length: Specifies the subnet mask length in the range of 1 to 31. For a loopback interface, the
value range is 1 to 32.
mask: Specifies the subnet mask in dotted decimal notation.
irf-member member-id: Assigns an IP address to the managem ent Ethernet port of the spec ified
IRF member device. The member-id argument specifies an IRF member device by its member ID in
the range of 1 to 10.
sub: Assigns a secondary IP address to the interface.
Usage guidelines
Use the command to conf igure a primary IP address for an interfac e. If the interface connects to
multiple subnets, configure primary and secondary IP addresses on the interface so the subnets can
communicate with each other through the interface.
An interface can have only one primary IP address. A newly configured primary IP address
overwrites the previous address.
You cannot assign secondary IP addresses to an interface that obtains an IP address through
BOOTP, DHCP, or IP unnumbered.
The undo ip address command removes all IP addresses from the interface. The undo ip address
ip-address { mask | mask-length } command removes the primary IP address. The undo ip address
ip-address { mask | mask-length } sub command removes a secondary IP address. Before removing
the primary IP address, remove all secondary IP addresses.
The primary and sec ondary IP address es you assign to the interfac e can be located on the same
network segment, but different interfaces on your device must reside on different network segments.
The IP addresses assigned to the management Ethernet ports of all IRF member devices must be in
the same subnet. In an IRF fabric, only the IP address assigned to the management Ethernet port of
the master takes effect. Make sure no IP address conflict exists when you assign IP addresses to the
management Ethernet ports of subord inates. The system does not warn of an IP address conflict
because the IP addresses as signe d to the management Et hern et ports of subordi nates d o n ot t ak e
effect. After an IRF fabric split, the IP addresses assigned to the management Ethernet ports of the
new masters (original subordinates) take effect.
Examples
# Assign VLAN-interface 10 a primary IP address 129.12.0.1 and a secondary IP address
202.38.160.1, with subnet masks both 255.255.255.0.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address 129.12.0 .1 255.255.255.0
[Sysname-Vlan-interface10] ip address 202.38.160 .1 25 5.255.255.0 sub
Related commands
display ip interface
display ip interface brief
26
ip address unnumbered
Use ip address unnumbered to config ure the c ur rent interface as IP unnumbered to borro w an IP
address from the specified interface.
Use undo ip address unnumbered to disable IP unnumbered on the interface.
Syntax
ip address unnumbered interface interface-type interface-number
undo ip address unnumbered
Default
The interface does not borrow IP addresses from other interfaces.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interfac e from which the current interface
can borrow an IP address.
Usage guidelines
Typically, you assign an IP address to an interface either manually or through DHCP. If the IP
addresses are not enough, or the interface is used only occasionally, you can configure an interface
to borrow an IP address from other interfaces. This is called IP unnumbered, and the interface
borrowing the IP address is called IP unnumbered interface.
Multiple interfaces c an use the same unnumber ed IP addres s . If an inter f ac e has multiple manually
configured IP addresses, only the primary IP address manually configured can be borrowed.
You cannot enable a dynamic routing protocol on the interface that has no IP address configured. To
enable the interface to communicate with other devices, you must configure a static route to the peer
device on the interface.
Before entering tunnel interface view, make sure the tunnel interface has been created. For
information about tunnel interface, see Layer 3—IP Services Configuration Guide.
Examples
# Configure the interface Tunnel 1 to borrow the IP address of VLAN-interface 100.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunn el1] ip address un numbered interface vlan-interface 100
27
DHCP commands
Common DHCP commands
dhcp dscp
Use dhcp dscp to set the DSCP valu e for DHCP packets sent b y the DHCP server or the DHCP
relay agent.
Use undo dhcp dscp to restore the def au lt.
Syntax
dhcp dscp dscp-value
undo dhcp dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies th e priority level of the pack et and affects the tra nsmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for DHCP packets to 30.
<Sysname> sy stem-view
[Sysname] dh cp dscp 30
dhcp enable
Use dhcp enable to enable DHCP.
Use undo dhcp enable to disable DHCP.
Syntax
Default
Views
dhcp enable
undo dhcp enable
DHCP is disabled.
System view
28
Predefined user roles
network-admin
Usage guidelines
Enable DHCP before you perform DHCP server or relay agent configurations.
Examples
# Enable DHCP.
<Sysname> sy stem-view
[Sysname] dhcp en able
dhcp select
Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.
Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The
interface discards DHCP packets.
Syntax
dhcp select { relay | server }
undo dhcp select { relay | server }
Default
The interface operates in DHCP server mode and res ponds to DHCP requests with c onfiguration
parameters.
Views
Interface view
Predefined user roles
network-admin
Parameters
relay: Enables the DHCP relay agent on the interface.
server: Enables the DHCP server on the interface.
Usage guidelines
Before changing the DHC P server mode to the DHCP relay agent m ode on an interface, use the
reset dhcp server ip -in-use command to rem ove address bindi ngs and authori zed ARP entries.
These bindings might conflict with ARP entries that are created after the DHCP relay agent is
enabled.
Examples
# Enable the DHCP relay agent on VLAN-interface 2.
<Sysname> sy stem-view
[Sysname] in terface vlan-interface 2
[Sysname-Vlan-interface2] dhcp select relay
Related commands
reset dhcp server ip-in-use
29
DHCP server commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet i nterfaces. You can set an Ethernet port as a La yer 3 interface b y using the
port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
address range
Use address range to configure an IP address range in a DHCP address pool for dynamic
allocation.
Use undo address range to remove the IP address range in the DHCP address pool.
Syntax
address range start-ip-address end-ip-address
undo address range
Default
No IP address range is configured.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
If no IP address range is specified, all IP addresses in the subnet specified by the network command
in address pool view are assignable. If an IP address range is specified, only the IP addresses in the
IP address range are assignable.
After you use the address range command, you cannot use the network secon dary command to
specify a secondary subnet in the address pool.
If you use the command multiple times, the most recent configuration takes effect.
The address range specified by the address range command must be within the subnet specified by
the network command, and the addresses out of the address range cannot be assigned.
Examples
# Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1.
<Sysname> system-view
[Sysname] dh cp server ip-pool 1
[Sysname-dhcp-pool-1] address ra nge 192.168.8.1 192.168.8.150
Related commands
class
dhcp class
display dhcp server pool
network
30
bims-server
Use bims-server to specif y the IP address, por t number, and s hared key of the BIMS server in a
DHCP address pool.
Use undo bims-server to remove the specified BIMS server information.
Syntax
bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key
undo bims-server
Default
No BIMS server information is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key: Specifies the k ey string. This argument is c ase sensitive. If simple is specified, it must be a
string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters.
The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
For security purposes, all passwords, including passwords configured in plaintext, are saved in
ciphertext.
Examples
# Specify the BIMS server I P address 1.1.1.1, p ort num ber 80, and shar ed key aabbcc in addr ess
pool 0.
<Sysname> sy stem-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc
Related commands
display dhcp server pool
bootfile-name
Use bootfile-name to specify a configuration file name or URL.
Use undo bootfile-name to remove the configuration file name or URL.
Syntax
bootfile-name { bootfile-name | url }
undo bootfile-name
31
Default
No configuration file name or URL is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
bootfile-name: Specifies the configuration file name, a case-sensitive s tri ng of 1 to 63 characters.
url: Specifies the conf igurat ion f il e URL in the format of http://. It is a case-sensitive string of 1 to 63
characters.
Usage guidelines
If you use the bootfile-name command multiple times, the most recent configuration takes effect.
If the configuration file is on a TFTP server, specify the configuration file name, and the IP address or
name of the TFTP server.
If the configuration file is on an HTTP server, specify the configuration file URL.
Examples
# Specify the boot file name boot.cfg in DHCP address pool 0.
<Sysname> sy stem-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bootfile-nam e boot.cfg
# Specify the URL http://10.1.1.1/boot.cfg for the remote boot file in DHCP address pool 0.
<Sysname> sy stem-view
[Sysname] dhcp se rver ip-pool 0
[Sysname-dhcp-pool-0] bootfile-name http://1 0.1.1.1/boot.cfg
Related commands
display dhcp server pool
next-server
tftp-server domain-name
tftp-server ip-address
class
Use class to specify an IP address range for a DHCP user class.
Use undo class to remove the IP address range for the DHCP user class.
Syntax
Default
Views
class class-name range start-ip-address end-ip-address
undo class class-name
No IP address range is specified for a DHCP user class.
DHCP address pool view
32
Predefined user roles
network-admin
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63
characters. If the specified user class does not exist, the DHCP server will not assign the addresses
in the address range specified for the user class to any client.
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
The class command enables you to divide an address range into multiple address ranges for
different DHCP user classes. The address range for a user class must be within the primary subnet
specified by the network com mand. If the DH CP client does not matc h any DHCP user class, the
DHCP server selects an address in the IP address range specified by the address range command.
If the address range has no assignable IP addresses or no address range is configured, the address
allocation fails.
Yo u can specif y only one addr ess range f or a DHCP user clas s in an addres s pool. If you use the
class command multiple times for a DHCP user class, the most recent configuration takes effect.
After you specify an address range for a user class, you cannot use the network secondary
command to specify a secondary subnet in the address pool.
Examples
# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for the DHCP user class user
in DHCP address pool 1.
<Sysname> sy stem-view
[Sysname] dh cp server ip-pool 1
[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150
Related commands
address range
dhcp class
display dhcp server pool
dhcp class
Use dhcp class to create a DHCP user class and enter the DHCP user class view.
Use undo dhcp class to remove the specified DHCP user class.
Syntax
dhcp class class-name
undo dhcp class class-name
Default
No DHCP user class exist s.
Views
System view
Predefined user roles
network-admin
33
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63
characters.
Usage guidelines
You can also use this command to enter the view of an existing DHCP user class.
In the DHCP user class view, use the if-match command to configure a match rule to match specific
clients. Then use the class command to specify an IP address range for the matching clients.
Examples
# Create a DHCP user class test and enter DHCP user class view.
<Sysname> sy stem-view
[Sysname] dhcp class test
[Sysname-dhcp-class-test]
Related commands
address range
class
if-match
dhcp server always-broadcast
Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses.
Use undo dhcp server always-broadcast to restore the default.
Syntax
dhcp server always-broadcast
undo dhcp server always-broadcast
Default
The DHCP server reads t he broadcast flag in a DHCP request to decide whether to broadcast or
unicast the response.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP server to ignore the broadcast flag in DHCP requests and
broadcast all responses.
If a DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0), the DHCP
server always unicasts a response (the destination address is ciaddr) to the DHCP client regardless
of whether this command is executed.
If a DHCP request is f rom a DH CP rela y ag ent (t he giaddr field is not 0), t he DHCP serv er a lwa ys
unicasts a response (the destination address is giaddr) to the DHCP relay agent regardless of
whether this command is executed.
Examples
# Enable the DHCP server to broadcast all responses.
<Sysname> sy stem-view
34
[Sysname] dh cp server always-broadcast
dhcp server apply ip-pool
Use dhcp server apply ip-pool to apply an addr ess pool on an interf ac e.
Use undo dhcp server apply ip-pool to remove the configuration.
Syntax
dhcp server apply ip-pool pool-name
undo dhcp server apply ip-pool
Default
No address pool is applied on an interface
Views
Interface view
Predefined user roles
network-admin
Parameters
pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63
characters.
Usage guidelines
Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for
the client from all address pools. If no static binding is found, the server assigns configuration
parameters from the addres s pool appl ied on t he interf ace to the c lient. If the add ress pool has no
assignable IP address or does not exist, the DHCP client cannot obtain an IP address.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Apply DHCP address pool 0 on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] dhcp server appl y ip-pool 0
Related commands
dhcp server ip-pool
dhcp server bootp ignore
Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.
Use undo dhcp server bootp ignore to restore the default.
Syntax
Default
dhcp server bootp ignore
undo dhcp server bootp ignore
The DHCP server does not ignore BOOTP requests.
35
Views
System view
Predefined user roles
network-admin
Usage guidelines
The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not
allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.
Examples
# Configure the DHCP server to ignore BOOTP requests.
<Sysname> system-view
[Sysname] dhcp se rver bootp ignore
dhcp server bootp reply-rfc-1048
Use dhcp server bootp reply-rfc-1048 to enab le the DHCP server to send BOOT P responses in
RFC 1048 format when it receives RFC 1048-incompliant BOOTP requests for statically bound
addresses.
Use undo dhcp server bootp reply-rfc-1048 to disable this feature.
Syntax
dhcp server bootp reply-rfc-1048
undo dhcp server bootp reply-rfc-1048
Default
This feature is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Not all BOOTP clients can send requests com pliant with RFC 1048. By default, the DHCP server
does not process t he Vend field of RFC 1048-incompliant requests but c opies the Vend field into
responses.
Use this command to enable the DHCP server to fill in the Vend field using the RFC 1048-compliant
format in DHCP respons es to RFC 10 48-incom pliant r equests sent b y BOOT P clients that request
statically bound addresses.
Examples
# Enable the DHCP server to send BO OT P responses in RFC 1 048 format upon rec ei ving BO OTP
requests incompliant with RFC 1048.
<Sysname> system-view
[Sysname] dhcp server bootp reply-rfc-1048
dhcp server forbid den-ip
Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation.
Use undo dhcp server forbidden-ip to remove the configuration.
36
Syntax
dhcp server forbidden-ip start-ip-address [ end-ip-address ]
undo dhcp server forbidden-ip start-ip-address [ end-ip-address ]
Default
No IP addresses are excluded from dynamic allocation.
Views
System view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you
do not specify this argument, only the start-ip-address is excluded from dynamic allocation.
Usage guidelines
The IP addresses of som e devices such as the gateway and FTP server cannot be as signed to
clients. Use this command to exclude such addresses from dynamic allocation.
You can exclude multiple IP address ranges from dynamic allocation.
If the excluded IP address is in a static binding, the address can be still assigned to the client.
The address or address range specified in the undo form of the command must be the same as the
address or address range specified in the command. To remove an IP address that has been
specified as part of an address range, you must remove the entire address range.
Examples
# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation.
<Sysname> system-view
[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
Related commands
forbidden-ip
static-bind
dhcp server ip-pool
Use dhcp server ip-pool to create a DHCP address pool and enter its view.
Use undo dhcp server ip-pool to remove the specified DHCP address pool.
Syntax
dhcp server ip-pool pool-name
Default
Views
undo dhcp server ip-pool pool-name
No DHCP address pool is created.
System view
37
Predefined user roles
network-admin
Parameters
pool-name: Specifies the name for the DHCP addres s pool, a case-insensitive string of 1 to 63
characters used to uniquely identify this pool.
Usage guidelines
You can also use this command to enter the view of an existing DHCP address pool.
A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients.
Examples
# Create a DHCP address pool named pool1.
<Sysname> system-view
[Sysname] dh cp server ip-pool pool1
[Sysname-dhcp-pool-pool1]
Related commands
dhcp server apply ip-pool
display dhcp server pool
dhcp server ping packets
Use dhcp server ping packets to specify the maximum number of ping packets.
Use undo dhcp server ping packets to restore the default.
Syntax
dhcp server ping packets number
undo dhcp server ping packets
Default
The maximum number of ping packets is 1.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of ping packets, in the range of 0 to 10. A value of 0
indicates that the DHCP server does not perform address conflict detection.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before as signing it to a DH CP
client.
If a ping attempt succ eeds, the server considers th at the IP address is in use an d picks a new IP
address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP
client.
Examples
# Specify the maximum number of ping packets as 10.
<Sysname> system-view
38
[Sysname] dhcp se rver ping packets 10
Related commands
dhcp server ping timeout
display dhcp server conflict
reset dhcp server conflict
dhcp server ping timeout
Use dhcp server ping timeout to configure the ping response timeout time on the DHCP server.
Use undo dhcp server ping timeout to restore the default.
Syntax
dhcp server ping timeout milliseconds
undo dhcp server ping timeout
Default
The ping response timeout time is 500 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the ping
operation for address conflict detection, set the value to 0 milliseconds.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address bef ore assigni ng it to a DHCP
client.
If a ping attempt succ eeds, the server considers th at the IP address is in use and pick s a new IP
address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP
client.
Examples
# Specify the response timeout time as 1000 milliseconds.
<Sysname> system-view
[Sysname] dhcp server ping timeout 1000
Related commands
dhcp server ping packets
display dhcp server conflict
reset dhcp server conflict
dhcp server relay information enable
Use dhcp server relay information enable to enable the DHCP server to handle Option 82.
Use undo dhcp server relay information enable to configure the DHCP server to ignore Option
82.
39
•
•
•
Syntax
dhcp server relay information enabl e
undo dhcp server relay information en able
Default
The DHCP server handles Option 82.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into
the response. If the server is configured to ignore Option 82, the response will not contain Option 82.
Examples
# Configure the DHCP server to ignore Option 82.
<Sysname> sy stem-view
[Sysname] undo dhcp server relay in formation ena ble
display dhcp ser v er conflict
Use display dhcp server conflict to display information about IP address conflicts.
Syntax
display dhcp server conflict [ ip ip-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays conflict information about the specified IP address. If you do not specify this
option, this command displays information about all IP address conflicts.
Usage guidelines
The DHCP server creates IP address conflict information in the following conditions:
Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and
discovers that it has been used by other host.
The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP
address conflict.
The DHCP server discovers that the only assignable address in the address pool is its own IP
address.
Examples
# Display information about all IP address conflicts.
<Sysname> disp lay dhcp server conflict
IP address Detect time
40
Field
Description
Field
Description
4.4.4.1 Apr 25 16:57:20 2007
4.4.4.2 Apr 25 17:00:10 2007
Table 5 Command output
IP address Conflicted IP address.
Detect time Time when the conflict was discovered.
Related commands
reset dhcp server conflict
display dhcp ser v er expired
Use display dhcp server expired to display the lease expiration information.
Syntax
display dhcp server expired [ ip ip-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays lease expiration information about the specified IP address.
pool pool-name: Displays leas e expiration infor mation about th e specified addres s pool. The pool
name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify an y parameter s, this command displa ys lease expir ation inf orm ation about all
address pools.
DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been
assigned.
Examples
# Display all lease expiration information.
<Sysname> disp lay dhcp server expired
IP address Client-identifier/Hard ware address Lease ex piration
4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007
-2d45-7468-6572-6e65-7430-2f31
Table 6 Command output
IP address Expired IP address.
Client-identifier/Hardware address Client ID or MAC address.
Lease expiration Time when the lease expired.
41
Field
Description
Related commands
reset dhcp server expired
display dhcp ser v er free-ip
Use display dhcp server free-ip to display information about assignable IP addresses.
Syntax
display dhcp server free-ip [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a
case-insensitive string of 1 to 63 c haracters. If you do not specif y an address pool, this com mand
displays all assignable IP addresses for all address pools.
Examples
# Display assignable IP addresses in all address pools.
<Sysname> display dhcp server free-ip
Pool name: 1
Network: 10.0.0.0 mask 255.0.0.0
IP ranges from 10.0.0.10 to 10.0.0.100
IP ranges fro m 10.0.0.105 to 10.0.0.255
Secondary networ ks:
10.1.0.0 mask 255.255.0.0
IP ranges from 10.1.0.0 to 10.1.0.255
10.2.0.0 mask 255.255.0.0
IP Ranges from 10.2.0.0 to 10.2.0.255
Pool name: 2
Network: 20.1.1.0 mask 255.255 .255.0
IP ranges fro m 20.1.1.0 to 20.1.1.255
Table 7 Command output
Pool name Name of the address pool.
Network Assignable network.
IP ranges Assignable IP address range.
Secondary networks Assignable secondary network s.
Related commands
address range
dhcp server ip-pool
42
Field
Description
network
display dhcp server ip-in-use
Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
Syntax
display dhcp server ip-in-use [ ip ip-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays binding information about the specified IP address.
pool pool-name: Displays binding information about the specified IP address pool. The pool name is
a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command displays binding information about all assigned
DHCP addresses.
If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.
The client binding inf or mation can be used b y other security modules s uc h as IP s our ce gu ar d o nly
when the DHCP server is configured on the gateway of DHCP clients.
Examples
# Display binding information about all assigned DHCP addresses.
<Sysname> disp lay dhcp server ip-in-use
IP address Client identifier/ Lease expiration Type
Hardware address
10.1.1.1 4444-4444-4444 Not used Static(F)
10.1.1.2 3030-3030-2e30-3030- May 1 14:02:49 2009 Auto(C)
662e-3030-3033-2d45 7468-6572-6e65-74
10.1.1.3 1111-1111-1111 After 2100 Static(C)
Table 8 Command output
IP address IP address assigned.
Client identifier/Hardware
address
Client ID or hardware address.
Lease expiration
Lease expiration time:
• Exact time (May 1 14:02:49 2009 in this example) —Time when the
lease will expire.
• Not used—The IP address of the static bind ing has not bee n assigned
to the specific client.
• Unlimited—Infinite lease expiration time.
• After 2100—The lease will expire after 2100.
43
Field
Description
Binding types:
• Static(F)—A free static binding whose IP address has not been
assigned.
• Static(O)—An offered static binding whose IP address has been
selected and sent by t h e DH CP server in a DHCP-OFFER pack et to the
Type
client. Static(C)—A committed static binding whose IP address has
been assigned to the DHCP client.
• Auto(O)—An offered temporary dynamic bin ding w hose I P ad dres s has
been dynamically selected by the DHCP server and sent in a
DHCP-OFFER packet to the DHCP client.
• Auto(C)—A committed dynamic binding whose IP address has been
dynamically assigned to the DHCP client.
Related commands
reset dhcp server ip-in-use
display dhcp ser v er pool
Use display dhcp server pool to display information about a DHCP address pool.
Syntax
display dhcp server pool [ pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool-name: Displays information about the specified address pool. The pool name is a
case-insensitive string of 1 to 63 characters. If you do no t specify the pool-name argument, this
command displays information about all address pools.
Examples
# Display information about all DHCP address pools.
<Sysname> di splay dhcp server pool
Pool name: 0
Network 20.1. 1.0 mask 255.255 .255.0
class a range 20.1.1.50 20.1.1.6 0
bootfile-name ab c.cfg
dns-list 20.1.1.66 20 .1.1.67 20.1.1.68
domain-name www.aabbcc.com
bims-server ip 192 .168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
option 2 ip-address 1.1.1.1
expired 1 2 3 0
Pool name: 1
Network 20.1. 1.0 mask 255.255 .255.0
secondary netw orks:
44
Field
Description
20.1.2.0 mask 255.255.255.0
20.1.3.0 mask 255.255.255.0
bims-server ip 192.168 .0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37
forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24
gateway-list 1.1.1.1 2.2.2.2 4.4.4.4
nbns-list 5.5.5.5 6.6.6.6 7.7.7.7
netbios-type m-node
option 2 ip-address 1.1.1.1
expired 1 0 0 0
Pool name: 2
Network 20.1. 1.0 mask 255.255 .255.0
address range 20 .1.1.1 to 20.1.1.15
class depart mentA range 20.1.1.20 to 20.1.1.29
class departme ntB range 20.1.1.30 to 20.1.1.40
next-server 20.1.1.33
tftp-server domain-name www.dian.org.cn
tftp-server ip-address 192.168.0.120
voice-config ncp-ip 10.1.1.2
voice-config as-ip 10.1.1 .5
voice-config voice-vlan 3 enable
voice-config fail-over 10.1.1.1 123*
option 2 ip-address 1.1.1.3
expired 1 0 0 0
Pool name: 3
static bindings:
ip-address 10.10.1 .2 mask 255.0.0.0
hardware-address 00e0-00fc-0001 ethernet
ip-address 10.10.1 .3 mask 255.0.0.0
client-identifier aaa a-bbbb
expired unlimi ted
Table 9 Command output
Pool name Name of an address pool.
Network Assignable network.
secondary networks Assignable secondary network s.
address range Assignable address range.
class class-name range
static bindings Static IP-to-MAC/client ID bindings.
option Customized DHCP option.
expired
bootfile-name Boot file name
DHCP user class and its addr ess rang e.
Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3
minutes 4 seconds.
45
Field
Description
dns-list DNS server IP address.
domain-name Domain name suffix.
bims-server BIMS server information.
forbidden-ip IP addresses excluded from dynamic allocation.
gateway-list Gateway addresses.
nbns-list WINS server addresses.
netbios-type NetBIOS node type.
next-server Next server IP address.
tftp-server domain-name TFTP server name.
tftp-server ip-address TFTP server address.
voice-config ncp-ip Primary network calling processor address.
voice-config as-ip Backup network calling processor address.
voice-config voice-vlan Voice VLAN.
voice-config fail-over Failover route.
display dhcp ser v er statistics
Use display dhcp server statistics to display the DHCP server statistics.
Syntax
display dhcp server statistics [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63
characters. If you do not specify this option, th is comm and displays information about all address
pools.
Examples
# Display the DHCP server statist ics.
<Sysname> disp lay dhcp server statistics
Pool number: 1
Pool utilization: 0.39%
Bindings:
Automatic: 1
Manual: 0
Expired: 0
Conflict: 1
Messages re ceived: 10
46
Field
Description
DHCPDISCOVER: 5
DHCPREQUEST: 3
DHCPDECLINE: 0
DHCPRELEASE: 2
DHCPINFORM: 0
BOOTPREQUEST: 0
Messages se nt: 6
DHCPOFFER: 3
DHCPACK: 3
DHCPNAK: 0
BOOTPREPLY: 0
Bad Messages: 0
Table 10 Command output
Pool number
Pool utilization
Bindings
Conflict
Messages received
Total number of address pools. This field is not displayed wh en you
display statistics for a specific address pool.
Pool utilization rate:
• If you display statistics for all address pools, this field displays the
utilization rate of all address pools.
• If you display statistics for an address pool, this field displays the
pool utilization rate of the specified address pool.
Bindings include the following types:
• Automatic—Number of dynamic bindings.
• Manual—Number of static bindings.
• Expired—Number of expired bindings.
Total number of conflict addresses. This field is not displayed if you
display statistics for a specific address pool.
DHCP packets received from clients:
• DHCPDISCOVER.
• DHCPREQUEST.
• DHCPDECLINE.
• DHCPRELEASE.
• DHCPINFORM.
• BOOTPREQUEST.
This field is not displayed if you display statistics for a specific address
pool.
Messages sent
Bad Messages
Related commands
reset dhcp server statistics
DHCP packets sent to clients:
• DHCPOFFER.
• DHCPACK.
• DHCPNAK.
• BOOTPREPLY.
This field is not displayed if statistics about a specific address pool are
displayed.
Number of bad messages. This field is not displayed if you di splay
statistics for a specific address pool.
47
dns-list
Use dns-list to specify DNS server addresses in a DHCP address pool.
Use undo dns-list to remove DNS server addresses from a DHCP address pool.
Syntax
dns-list ip-address&<1-8>
undo dns-list [ ip-address&<1-8> ]
Default
No DNS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: S pecifies DNS servers. &<1-8> ind icates that you can s pecify up to eight DNS
server addresses separated by spaces.
Usage guidelines
If you use the dns-list command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses
in the DHCP address pool.
Examples
# Specify the DNS server address 10.1.1.254 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] dns-list 10.1.1.254
Related commands
display dhcp server pool
domain-name
Use domain-name to specify a domain name in a DHCP address pool.
Use undo domain-name to remove the specified domain name.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
48
•
•
Parameters
domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the domain name company.com in address pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] domain-name company.com
Related commands
display dhcp server pool
expired
Use expired to specify the lease duration in a DHCP address pool.
Use undo expired to restore the default lease duration for a DHCP address pool.
Syntax
expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }
undo expired
Default
The lease duration of a dynamic DHCP address pool is one day.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
day day: Specifies the number of days, in the range of 0 to 365.
hour hour: Specifies the number of hours, in the range of 0 to 23.
minute minute: Specifies the number of minutes, in the range of 0 to 59.
second second: Specifies the number of seconds, in the range of 0 to 59.
unlimited: Specifies the unlimited lease duration, which is ac tu al l y 136 years.
Usage guidelines
The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before
the lease expires, the DHCP client must extend the lease duration.
If the lease extension operation succeeds, the DHCP client can continue to use the IP address.
If the lease extension operation does not succeed, both of the following events occur:
The DHCP client cannot use the IP address after the lease duration expires.
The DHCP server will label the IP address as an expired address.
Examples
# Specify the lease duration as 1 day, 2 hours, 3 minutes, and 4 seconds in DHCP address pool 0.
<Sysname> system-view
49
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] expire d day 1 hour 2 minute 3 seco nd 4
Related commands
display dhcp server expired
display dhcp server pool
reset dhcp server expired
forbidden-ip
Use forbidden-ip to exclude IP addresses from dynamic allocation in an address pool.
Use undo forbidden-ip to cancel the configuration.
Syntax
forbidden-ip ip-address&<1-8>
undo forbidden-ip [ ip-address&<1-8> ]
Default
No IP addresses are excluded from dynamic allocation in an address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies exclude d IP addresses. &<1-8> indicates that you c an specify up to
eight IP addresses, separated by spaces.
Usage guidelines
The excluded IP addresses in an address pool are still assignable in other address pools.
You can exclude a maximum of 4096 IP addresses in an address pool.
If you do not spec ify any parameters, the undo forbidden-ip command delet es all excluded IP
addresses.
Examples
# Exclude IP address es 192.168.1.3 and 192.168.1.10 f rom dynamic allocati on in DHCP address
pool 0.
<Sysname> sy stem-view
[Sysname] dhcp se rver ip-pool 0
[Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 1 92.168.1.10
Related commands
dhcp server forbidden-ip
display dhcp server pool
gateway-list
Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondar y
subnet.
50
Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a
DHCP secondary subnet.
Syntax
gateway-list ip-address&<1-8>
undo gateway-list [ ip-address&<1-8> ]
Default
No gateway address is configured in a DHCP address pool or a DHCP secondary subnet.
Views
DHCP address pool view, DHCP secondary subnet view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifie s gateways. &<1-8> indicates that you can specif y up to eight g ateway
addresses separated by spaces. Gateway addresses must reside on the same subnet as the
assignable IP addresses.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo gateway-list command deletes all gateway
addresses.
If you specify gatewa ys in both address pool view and secondary subn et view, DHCP assigns the
gateway addresses in the secondary subnet view to the clients on the secondary subnet.
If you specify gat eways in address p ool view but not in secon dary subn et view, DHCP assigns the
gateway addresses in address pool view to the clients on the secondary subnet.
Examples
# Specify the gateway address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp se rver ip-pool 0
[Sysname-dhcp-pool-0] gateway-list 10.1.1.1
Related commands
display dhcp server pool
if-match
Use if-match to configure a match rule for a DHCP user class.
Use undo if-match to remove the match rule for a DHCP user class.
Syntax
Default
if-match rule rule-number option option-code [ hex hex-string [ mask mask | offset offset length
length ] ]
undo if-match rule rule-number
No match rule is configured for the DHCP user class.
51
•
•
•
•
Views
DHCP user class view
Predefined user roles
network-admin
Parameters
rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID r epresents a
higher match priority.
option option-code: Matches a DHCP option by a number in the range of 1 to 254.
hex hex-string: Matches the specified hexadecimal string in the option. The length of the
hexadecimal string must be an even number in the range of 2 to 256. If you do not specify this option,
the DHCP server only checks whether the specified option exists in the received packets.
mask mask: Specifies the mask used to match the option content. The mask argument is a
hexadecimal string, whos e length is an even num ber in the range of 2 to 256. The length of mask
must be the same as that of hex-string.
offset offset: Specifies the offs et us ed to match the option, in t h e rang e of 0 to 254 bytes. If you do
not specify this option, the server matches the entire option with the rule.
length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The
specified length must be the same as the hex-string length.
Usage guidelines
Y ou can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified
by a rule ID. Different match rules can include the same option code, but they cannot have the same
matching criteria.
The DHCP server compares DHCP requests against the match rules. A DHCP client matches a
DHCP user class when its request matches one of the specified match rules.
The match operation follows these guidelines:
If only the option-code argument is specified in the rule, packets containing the option match the
rule.
If the option-code and hex-string arguments are specified in the rule, packets that have the
specified hexadecimal string in the specified option match the rule.
If the option-code, hex-string, offset and length arguments are specified in the rule, packets
match the rule as long as their content from offset+1 bit to offset+length bit in the specified
option is the same as the specified hexadecimal string.
If the option-code, hex-string, and mask arguments are specified in the rule, the DHCP server
ANDs the content from the first bit to the mask-1 bit in the specified option with the mask. Then
the server compares the result with the result of the AND operation between hex-string and
mask. If the two results are the same, the received packet matches the rule.
Examples
# Configure match rule 1 to match DHCP requests that contain Option 82 for DHCP user class exam.
<Sysname> sy stem-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 1 opti on 82
# Configure m atch rule 2 to m atch DHCP requests that contain Option 82. Option 82's first three
bytes are 0x13ae92 for the DHCP user class exam.
<Sysname> sy stem-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 2 opti on 82 hex 13ae92 offset 0 length 3
52
# Configure match rule 3 to match DHCP requests that contain Option 82. Option 82's highest bit of
the fourth byte is 1 for the DHCP user class exam.
<Sysname> sy stem-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 3 opti on 82 hex 00000080 mask 00000080
Related commands
dhcp class
nbns-list
Use nbns-list to specify WINS server addresses in a DHCP address pool.
Use undo nbns-list to remove the specified WINS server addresses.
Syntax
nbns-list ip-address&<1-8>
undo nbns-list [ ip-address&<1-8> ]
Default
No WINS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to
eight WINS server addresses separated by spaces.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo nbns-list command deletes all WINS server
addresses.
Examples
# Specify the WINS server IP address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] nbns-list 10.1.1.1
Related commands
display dhcp server pool
netbios-type
netbios-type
Use netbios-type to specify the NetBIOS node type in a DHCP address pool.
Use undo netbios-type to remove the specified NetBIOS node type.
53
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
Default
No NetBIOS node type is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
b-node: Specifies the broadcast node. A b-node client sends the destination nam e in a broadcast
message to get the name-to-IP mapping from a server.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server.
If it does not receive a response, the h-node client broadcasts the destination name to get the
mapping from a server.
m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not
receive a response, the m-node cl ient u nicasts the des tination n am e to th e W INS serv er t o get the
mapping.
p-node: Specifies the peer -to-peer node. A p-node cli ent sends the des tination nam e in a unicast
message to get the mapping from the WINS server.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the NetBIOS node type as p-node in DHCP address pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] netbios-type p-node
Related commands
display dhcp server pool
nbns-list
network
Use network to specify the subnet for dynamic allocation in a DHCP address pool.
Use undo network to remove the specified subnet.
Syntax
network network-address [ mask-length | mask mask ] [ secondary ]
Default
Views
undo network network-address [ mask-length | mask mask ] [ secondary ]
No subnet is specified in a DHCP address pool.
DHCP address pool view
54
Predefined user roles
network-admin
Parameters
network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified,
the natural mask will be used.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask in dotted decimal format.
secondary: Specif ies the subnet as a sec ondary subnet. If you do not specify this ke yword, this
command specifies the primary subnet. If th e addresses in the primar y subnet are used up, the
DHCP server can select addresses from a secondary subnet for clients.
Usage guidelines
Yo u can use the secondary keyword to s pecif y a secondar y subn et and e nter it s view, where you
can specify gateways by using the gateway-list command for DHCP clients in the secondary
subnet.
You can specify only one primary subnet for a DHCP address pool. If you use the network command
multiple times, the most recent configuration takes effect.
You can specify up to 32 secondary subnets for a DHCP address pool.
The primary subnet and secondary subnets in a DHCP address pool must not have the same
network address and mask.
If you have used the address range or class comm and in an addr ess pool, you cannot sp ecify a
secondary subnet in the same address pool.
Modifying or rem oving the network configuration d eletes t he ass igned ad dresses f rom the c urrent
address pool.
Examples
# Specify primar y subnet 192.168.8.0/24 and secondary subne t 192.16 8.10.0/ 24 in D HCP address
pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0
[Sysname-dhcp-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary
[Sysname-dhcp-pool-0-secondary]
Related commands
display dhcp server pool
gateway-list
next-server
Use next-server to specify the IP address of a server in a DHCP address pool.
Use undo next-server to remove the server's IP address from the DHCP address pool.
Syntax
Default
next-server ip-address
undo next-server
No server's IP address is specified in an address pool.
55
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a server.
Usage guidelines
Upon s tartup, the DHCP cli ent obtains an IP addres s and the specified s erver IP address. Then it
contacts the specified server, such as a TFTP server, to get other boot information.
If you use the next-server command multiple times, the most recent configuration takes effect.
Examples
# Specify a server's IP address 10.1.1.254 in DHCP address pool 0.
<Sysname> sy stem-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] next-server 10.1.1.254
Related commands
display dhcp server pool
option
Use option to customize a DHCP option.
Use undo option to remove a customized DHCP option.
Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }
undo option code
Default
No DHCP option is customized.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
code: Specifies the number of the customized option, in the range of 2 to 254, excluding 50 through
54, 56, 58, 59, 61, and 82.
ascii ascii-string: Specifies an ASCII string of 1 to 255 characters as the option content.
hex hex-string: Specifies a hexadecimal string of even numbers from 2 to 256 as the option content.
ip-address ip-address&<1-8>: Specifies the IP addresses as the op tion content. &<1-8> indicates
that you can specify up to eight IP addresses separated by spaces.
Usage guidelines
The DHCP server fills the cus tom ized option with the s pecif ied ASCI I strin g, hexa decim al string, o r
IP addresses, and sends it in a response to the client.
56
•
•
•
•
If you use the option command with t he sam e code specified, the most r ecent conf iguration takes
effect.
You can customize options for the following purposes:
If a DHCP option is specified by both the dedicated command and the option command, the DHCP
server assigns the content specified by the dedicated command. For example, if a DNS server
address is specified by t he dns-list command and the option 6 com mand, the server uses the
address specified by dns-list command.
Examples
# Configure Option 7 to specify the log server address 2.2.2.2 in address pool 0.
<Sysname> sy stem-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] option 7 ip-address 2.2.2.2
Add newly released options.
Add options for which the vendor defines the contents, for example, Option 43.
Add options for which the CLI does not provide a dedicated configuration command. For
example, you can use the option 4 ip-address 1.1.1.1 command to define the time server
address 1.1.1.1 for DHCP clients.
Add all option values if the actual requirement exceeds the limit for a dedicated option
configuration command. For example, the dns-list command can specify up to eight DNS
servers. To specify more than eight DNS server, you must use the option 6 command to define
all DNS servers.
Related commands
display dhcp server pool
reset dhcp server conflict
Use reset dhcp server conflict to clear IP address conflict information.
Syntax
reset dhcp server conflict [ ip ip-address ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears conf lict inform ation about the specif ied IP address. If you d o not specify this
option, this command clears all address conflict information.
Usage guidelines
Address conflicts occur when dynamically assigned IP addresses have been statically configured for
other hosts. After you modify the address pool configuration, the conflicted addresses might become
assignable. To assign these addresses, use the r eset dhcp serv er conflict command to clear t he
conflict information first.
Examples
# Clear all IP address conflict information.
<Sysname> rese t dhcp server conflict
57
Related commands
display dhcp server conflict
reset dhcp server expired
Use reset dhcp server expired to clear binding information about expired IP addresses.
Syntax
reset dhcp server expired [ ip ip-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears binding information about the specified expired IP address.
pool pool-name: Clears binding information about the expired IP addresses in the specified address
pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specif y an y par am eters, this com m and clears bin ding inform ation a bout al l expir ed IP
addresses.
Examples
# Clear binding information about all expired IP addresses.
<Sysname> reset dhcp server expired
Related commands
display dhcp server expired
reset dhcp server ip-in-use
Use reset dhcp serv er i p-in-use to clear binding information about assigned IP addresses.
Syntax
reset dhcp server ip-in-use [ ip ip-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears binding information about the specified assigned IP address.
pool pool-name: Clears binding inf ormation about the s pecified address poo l. The pool name is a
case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command clears binding information about all assigned IP
addresses.
58
If you use this command to c lear information about an assigned static binding, the static binding
becomes an unassigned static binding.
Examples
# Clear binding information about the IP address 10.110.1.1.
<Sysname> rese t dhcp server ip-in-use ip 10.110.1.1
Related commands
display dhcp server ip-in-use
reset dhcp server statistics
Use reset dhcp server statistics to clear DHCP server statistics.
Syntax
reset dhcp server statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear DHCP server statistics.
<Sysname> rese t dhcp server statistics
Related commands
display dhcp server statistics
static-bind
Use static-bind to statically bind a client ID or MAC address to an IP address.
Use undo static-bind to remove a static binding.
Syntax
static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier |
hardware-address hardware-address [ ethernet | token-ring ] }
undo static-bind ip-address ip-address
Default
No static binding is specified in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no
mask length or mask is specified.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask, in dotted decimal format.
59
client-identifier client-identifier: S pecifies the client ID of the static bi nding, a string of 4 to 254
characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in
which the last H can be a two -digit or four -digit hex ad ecim al num ber while the ot her Hs m ust be all
four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and
aabb-cc-dddd are incorrect IDs.
hardware-address hardware-address: Specifies the client hardware address of the static binding, a
string of 4 to 79 characters that can contain only hexadecimal numbers and hyphen (-), in the format
of H-H-H…, in which the last H can be a t wo-dig it or four-digit hexadecimal number while the other
Hs must be all four -digit hexadecim al numbers. For exam ple, aabb-cccc-dd is a correc t hardware
address, while aabb-c-dddd and aabb-cc-dddd are incorrect hardware addresses.
ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.
token-ring: Specifies the client hardware address type as token ring.
Usage guidelines
The IP address of a static binding must not be an interface address of the DHCP server. Otherwise,
an IP address conflict occurs, and the bound client cannot obtain the IP address.
You can specify multiple static bindings in an address pool. The total number of static bindings in all
address pools cannot exceed 8192.
Yo u cann ot m odif y bindings. To change the binding for a DHCP client, you m ust delete the exis ting
binding first and create a new binding.
Examples
# Bind the IP address 10.1.1.1/24 to the client ID 00aa-aabb in DHCP address pool 0.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255. 25 5.0
client-identifier 00aa-aabb
Related commands
display dhcp server pool
tftp-server domain-name
Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool.
Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool.
Syntax
tftp-server domain-name domain-name
undo tftp-server domain-name
Default
No TFTP server name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.
60
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server name aaa in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server do main-name aaa
Related commands
display dhcp server pool
tftp-server ip-address
tftp-server ip-address
Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.
Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool.
Syntax
tftp-server ip-address ip-address
undo tftp-server ip-address
Default
No TFTP server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a TFTP server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server ip -address 10.1.1.1
Related commands
display dhcp server pool
tftp-server domain-name
voice-config
Use voice-config to configure the content for Option 184 in a DHCP address pool.
Use undo voice-config to remove the Option 184 content from a DHCP address pool.
61
•
•
Syntax
voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan
vlan-id { disable | enable } }
undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]
Default
No Option 184 content is configured in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
as-ip ip-address: Specifies the IP address of the backup network calling processor.
fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string
is a string of 1 to 39 characters, which can include numbers 0 through 9 and asterisk (*).
ncp-ip ip-address: Specifies the IP address of the primary network calling processor.
voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.
disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice
VLAN.
enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Configure Option 184 in DHCP address pool 0. The primary and backup network calling
processors are at 10.1.1.1 and 10.2.2.2, resp ec ti ve ly. The voice VLAN 3 is ena bl ed. T he f ailo ver IP
address is 10.3.3.3. The dialer string is 99*.
<Sysname> system-view
[Sysname] dh cp server ip-pool 0
[Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1
[Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2
[Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable
[Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99*
Related commands
display dhcp server pool
DHCP relay agent commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet i nterfaces. You can set an Ethernet port as a La yer 3 interface b y using the
port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
dhcp relay check mac-address
Use dhcp relay check mac-address to enable MAC address check on the relay agent.
Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
62
Syntax
dhcp relay check mac-address
undo dhcp relay check mac-address
Default
The MAC address check feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request
with the source MAC addres s in the frame header. If they are the same, the DHCP relay agent
forwards the request t o th e DHCP ser ver. If they are n ot the s am e, the DHCP relay agent d iscar ds
the request.
The MAC address check feature takes effect only when the dhcp select relay command has
already been configured on the interf ac e.
Enable the MAC a ddress check feature only on the DHCP relay agent directl y connected to the
DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before
sending them. If you enable this feature on an intermediate relay agent, it might discard valid DHCP
packet, and the sending clients will not obtain IP addresses.
Examples
# Enable MAC address check on the relay agent.
<Sysname> system-view
[Sysname] in terface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay chec k mac-address
Related commands
dhcp select relay
dhcp relay check mac-address aging time
Use dhcp relay check mac-address aging time to c onfigure the aging time for MAC a ddress
check entries on the DHCP relay agent.
Use undo dhcp relay check mac-address aging time to restore the default.
Syntax
dhcp relay check mac-address aging-time time
undo dhcp relay check mac-address aging-time
Default
The aging time is 30 seconds.
Views
System view
Predefined user roles
network-admin
63
Parameters
time: Specifies the aging time for MAC address check entries in seconds, in the range of 30 to 600.
Usage guidelines
This command takes effect only after you execute the dhcp relay check mac-address command.
Examples
# Set the aging time for MAC address check entries on the DHCP relay agent to 60 seconds.
<Sysname> sy stem-view
[Sysname] dhcp relay check mac-address aging-time 60
dhcp relay client-information record
Use dhcp relay client-information record to enable recording client information in relay entries. A
relay entry contains information about a client such as the client's IP and MAC addresses.
Use undo dhcp relay client-information record to disable the feature.
Syntax
dhcp relay client-information record
undo dhcp relay client-information record
Default
The DHCP relay agent does not record client information in relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Disabling recording of client information deletes all recorded relay entries.
Client information is rec orded only when the DHCP relay agent is configured o n the gateway of
DHCP clients.
Examples
# Enable recording of relay entries on the relay agent.
<Sysname> system-view
[Sysname] dhcp re lay client-information record
Related commands
dhcp relay client-information refresh
dhcp relay client-information refresh enable
dhcp relay client-information refresh
Use dhcp relay client-information refresh to configure the interval at which the DHCP relay agent
periodically refreshes relay entries.
Use undo dhcp relay client-information refresh to restore the default.
Syntax
dhcp relay client-information refresh [ auto | interval interval ]
64
undo dhcp relay client-information refresh
Default
The refresh interval is automatically calculated based on the number of relay entries.
Views
System view
Predefined user roles
network-admin
Parameters
auto: Automatically calcul ates the refresh interval. The m ore the entries, the shorter the refresh
interval. The shortest interval must not be less than 500 ms.
interval interval: Specifies the refresh interval in the range of 1 to 120 seconds.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Set the refresh interval to 100 seconds.
<Sysname> system-view
[Sysname] dhcp re lay client-information refresh interval 100
Related commands
dhcp relay client-information record
dhcp relay client-information refresh enable
dhcp relay client-information refresh enable
Use dhcp relay client-information refresh enable to enab le the DHCP rela y agent to periodically
refresh dynamic relay entries.
Use undo dhcp relay client-information refresh enable to disable the DHCP relay agent to
periodically refresh dynamic relay entries.
Syntax
dhcp relay client-information refresh enable
undo dhcp relay client-information refresh enable
Default
The DHCP relay agent periodically refreshes relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address.
The DHCP relay agent conveys the message to the DHCP server and does not remove the
IP-to-MAC entry of the client.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the
DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
65
•
•
•
If the server returns a DHCP-ACK message or does not return any message within an interval,
the DHCP relay agent performs the following operations:
Removes the relay entry.
Sends a DHCP-RELEASE message to the DHCP server to release the IP address.
If the server returns a DHCP-NAK message, the relay agent keeps the entry.
With this feature disabled, the DHCP relay agent does not remove relay entries automatically . After a
DHCP client releases its IP address, you must use the reset dhcp relay client-information on the
relay agent to remove the corresponding relay entry.
Examples
# Disable periodic refresh of relay entries.
<Sysname> system-view
[Sysname] un do dhcp relay client-information refresh enable
Related commands
dhcp relay client-information record
dhcp relay client-information refresh
reset dhcp relay client-information
dhcp relay information circuit -id
Use dhcp relay information circuit-id to conf igure the padd ing m ode and pad ding form at for the
Circuit ID sub-option of Option 82.
Use undo dhcp relay information circuit-id to restore the default.
Syntax
dhcp relay information circuit-id { string circuit-id | { normal | verbose [ node-identifier { mac |
sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp relay information cir cuit-id
Default
The padding mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
Parameters
string circuit-id: Specifies the string mode that uses a case-sensitive string of 3 to 63 characters as
the content of the Circuit ID sub-option.
normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port
number.
verbose: Specifies the verbose mode. The padding content includes the VLAN ID and interf ace
number.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node
identifier. The padding con tent includes the node identifier, Ethernet type (f ixed to eth), interface
number, and VLAN ID. The node identifier varies by keyword mac, sysname, and user-defined.
mac: Uses the MAC addr e ss of the access node as the node identifier. It is the default node
identifier.
66
•
NOTE:
If
is used as the node identifier, do not include any space when you set the device name.
Otherwise, the DHCP relay agent fails to add or replace the Option 82.
•
is specified
format is ascii
sysname: Uses the device name as the node identifier. You can set the device name by using
the sysname command in system view. The padding format for the device name is always
ASCII regardless of the specified padding format.
sysname
user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node
identifier. The padding format for the specified character string is always ASCII regardless of
the specified padding format.
format: Specifies the padding format for the Circuit ID sub-option.
ascii: Specifies the padding format as ASCII.
hex: Specifies the padding format as hex.
Usage guidelines
The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For
more information about interface splitting and subinterfaces, see Interface Configuration Guide.
If you use this command multiple times, the most recent configuration takes effect.
The padding form at for the user-defined str ing, the normal m ode, or the verbose modes varies by
command configuration. Table 11 shows how the padding format is determined for different modes.
Table 11 Padding format for different modes
Examples
# Specify the padding mode as verbose, node identifier as the device name, and the padding format
as ASCII for the Circuit ID sub-option.
<Sysname> system-view
[Sysname] in terface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information circuit-id verbose node-identifier
sysname format ascii
Keyword (mode)
string
circuit-id
normal
verbose
If no padding format
You cannot specify a
padding format, and the
padding format is
always ASCII.
Hex. ASCII. Hex.
Hex for the VLAN ID.
ASCII for the node
identifier, Ethernet type,
and interface number.
If the padding
N/A N/A
ASCII.
If the padding format is hex
ASCII for the node identifier and
Ethernet type.
Hex for the interface number and
VLAN ID.
Related commands
dhcp relay information enable
dhcp relay information strategy
display dhcp relay information
67
dhcp relay information enable
Use dhcp relay information enable to enable the relay agent to support Option 82.
Use undo dhcp relay information enable to disable Option 82 support.
Syntax
dhcp relay information enable
undo dhcp relay information enable
Default
The DHCP relay agent does not support Option 82.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not
contain Option 82 before f orwarding the req uests to the DHCP server. The content of Option 82 is
determined by the dhcp relay information circuit-id and dhcp relay information remote-id
commands. If the DHCP requests contain Option 82, the relay agent handles the requests according
to the strategy configured with the dhcp relay information strategy command.
If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82
to the DHCP server.
Examples
# Enable Option 82 support on the relay agent.
<Sysname> system-view
[Sysname] in terface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
Related commands
dhcp relay information circuit-id
dhcp relay information remote-id
dhcp relay information strategy
display dhcp relay information
dhcp relay information remote-id
Use dhcp relay information remote-id to configure the padding mode and padding f orm at for the
Remote ID sub-option of Option 82.
Use undo dhcp relay information remote-id to restore the default.
Syntax
Default
dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }
undo dhcp relay information remote-id
The padding mode is normal and the padding format is hex.
68
Views
Interface view
Predefined user roles
network-admin
Parameters
normal: Specifies the normal mode in which the padding content is the MAC address of the
receiving interface.
format: Specif ies the padding for mat for the Rem ote ID sub-option. The def ault padding f ormat is
hex.
ascii: Specifies the padding format as ASCII.
hex: Specifies the padding format as hex.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as
the content of the Remote ID sub-option.
sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID
sub-option. You can set the device name by using the sysname command.
Usage guidelines
The padding form at for the specified character strin g (string) or the device name (sysname) is
always ASCII. The padding format for the normal mode is determined by the command.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the padding content for the Remote ID sub-option of Option 82 as device001.
<Sysname> system-view
[Sysname] in terface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay info rmation enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information remote-id string device001
Related commands
dhcp relay information enable
dhcp relay information strategy
display dhcp relay information
dhcp relay information strategy
Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle
messages containing Option 82.
Use undo dhcp relay information strategy to restore the default handling strategy.
Syntax
Default
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
The handling strategy for messages that contain Option 82 is replace.
69
Views
Interface view
Predefined user roles
network-admin
Parameters
drop: Drops DHCP messages that contain Option 82 messages.
keep: Keeps the original Option 82 intact.
replace: Replaces the original Option 82 with the configured Option 82.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP
requests that do not contain Option 82 before forwarding the requests to the DHCP.
Examples
# Specify the handling strategy for Option 82 as keep.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy keep
Related commands
dhcp relay information enable
display dhcp relay information
dhcp relay releas e ip
Use dhcp relay release ip to release a specific client IP address.
Syntax
dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ]
Views
System view
Predefined user roles
network-admin
Parameters
client-ip: Specifies the IP address to be released.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance of the IP address. The
vpn-instance-name is a case-sensitive string of 1 to 31 character s. If you do not specify a VPN
instance, this command releases the IP address in the public network.
Usage guidelines
After you execute th is command, the rel ay agent sends a DHCP -RELEASE packet to th e DHCP
server and removes the relay entry of the IP address. Upon receiving the packet, the server removes
binding information about the specified IP address to release the IP address.
Examples
# Release the IP address 1.1.1.1.
70
<Sysname> system-view
[Sysname] dhcp relay release ip 1.1.1.1
dhcp relay server-address
Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.
Use undo dhcp relay server-address to remove DHCP servers.
Syntax
dhcp relay server-address ip-address
undo dhcp relay server-address [ ip-address ]
Default
No DHCP server is specified on the DHCP relay agent.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP
packets received from DHCP clients to this DHCP server.
Usage guidelines
The specified IP address of the DHCP server must not reside on the same subnet as the IP address
of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses.
You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards
the packets from the clients to all the specified DHCP servers.
If you do not specif y an IP address, the undo dhcp relay server-address com mand removes all
DHCP servers on the interface.
Examples
# Specify the DHCP server 1.1.1.1 on the relay agent interface VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1
Related commands
dhcp select relay
display dhcp relay interface
display dhcp relay check mac-address
Syntax
Views
Use display dhcp relay check mac-address to dis play MAC addres s check entries on the re lay
agent.
display dhcp relay check mac-address
Any view
71
Field
Description
Predefined user roles
network-admin
network-operator
Examples
# Display MAC address check entries on the DHCP relay agent.
<Sysname> display dhcp relay check mac-address
Source-MAC Interface Aging-time
23f3-1122-adf1 XGE1/0/1 10
23f3-1122-2230 XGE1/0/2 30
Table 12 Command output
Source MAC Source MAC address of the attacker.
Interface Interface where the attack comes from.
Aging-time Aging time of the MAC address check entry, in seconds.
display dhcp relay client-information
Use display dhcp relay client-information to display relay entries on the relay agent.
Syntax
display dhcp relay client-information [ interface interface-type interface -number | ip ip-address
[ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays relay entries on the specified interface.
ip ip-address: Displays the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the
specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31
characters.
Usage guidelines
The DHCP relay agent rec ords r elay entr ies onl y when the dhcp relay client-information record
command has been issued.
If you do not specify any parameters, the display dhcp relay client-information command displays
all relay entries on the relay agent.
Examples
# Display all relay entries on the relay agent.
<Sysname> disp lay dhcp relay client-information
Total number of client-information item s: 2
Total number of dynamic items: 1
72
Field
Description
Total number of temporary items: 1
IP address MAC address Type Interface VPN name
10.1.1.1 00e0-0000-0001 Dynamic Vlan1 VPN1
10.1.1.5 00e0-0000-0000 Temporary Vla n2 VPN2
Table 13 Command output
Total number of client-information items Total number of relay entries.
Total number of dynamic items Total number of dynamic relay entries.
Total number of temporary items Total number of temporary relay entries.
IP address IP address of the DHCP client.
MAC address MAC address of the DHCP client.
Relay entry type:
• Dynamic—The relay agent creates a dynamic relay entry
Type
upon receiving an ACK response from the DHCP server.
• Temporary—The relay agent creates a temporary relay
entry upon receiving a REQUEST packet from a DHCP
client.
Interface
Layer 3 interface connected to the DHCP client.
displayed for relay entries without interface information.
Related commands
dhcp relay client-information record
reset dhcp relay client-information
display dhcp relay information
Use display dhcp relay information to displa y Option 82 conf iguration inf ormation for the DHCP
relay agent.
Syntax
display dhcp relay information [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
N/A
is
interface interface-type interface-number: Displays Option 82 configuration information for the
specified interface. If you do not specify an interface, this command displays Option 82 configuration
information about all interfaces.
Examples
# Display Option 82 configuration information for all interfaces.
<Sysname> displ ay dhcp relay information
Interface: Vlan-interface100
Status: Enable
73
Field
Description
Strategy: Replace
Circuit ID Pattern: Verbos e
Remote ID Pattern : Sysname
Circuit ID format-type: Undefined
Remote ID format-type: ASCII
Node identifier : aabbcc
Interface: Vlan-interface200
Status: Enable
Strategy: Replace
Circuit ID Pattern: User Defined
Remote ID Pattern: User Defined
Circuit ID format-type: ASCII
Remote ID format-type: ASCII
User defined:
Circuit ID: vlan100
Remote ID: device 001
Table 14 Command output
Interface Interface name.
Option 82 states:
Status
Strategy
Circuit ID Pattern
Remote ID Pattern
Circuit ID format-type
Remote ID format-type
Node identifier Access node identifier.
User defined Content of the user-defined sub-options.
Circuit ID User-defined content of the Circuit ID sub-option.
Remote ID User-defined content of the Remote ID sub-option.
• Enable—DHCP relay agent support for Option 82 is enabled.
• Disable—DHCP relay agent support for Option 82 is disabled.
Handling strategy for request messages containing Option 82,
Keep
Padding content m ode of the Circuit ID sub-option,
User Defined
Padding content mode of the Remote ID sub-option,
or
Padding format of the Circuit ID sub-option,
Padding format of t he Remote ID sub-option,
Replace
, or
.
User Defined
.
.
display dhcp relay server-address
Drop
,
Verbose, Normal
Sysname, Normal
ASCII, Hex, or Undefined
ASCII, Hex, or Undefined
, or
,
.
.
Use display dhcp relay server-address to display DHCP server addresses configured on an
interface.
Syntax
display dhcp relay server-address [ interface interface-type interface-number ]
Views
Any view
74
Field
Description
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP server addresses on the specified
interface. If you do not spec ify an interface, this comm and displays DHCP serv er addresses on all
interfaces operating in DHCP relay agent mode.
Examples
# Display DHCP server addresses on all interfaces.
<Sysname> display dhcp relay server-address
Interface nam e Server IP address
Vlan1 2.2.2.2
Table 15 Command output
Interface name Interface name.
Server IP address DHCP server IP address.
Related commands
dhcp relay server-address
display dhcp relay statistics
Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.
Syntax
display dhcp relay statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP packet statistics on the specified
interface. If you do not specify an interface, this command displays all DHCP packet statistics on the
DHCP relay agent.
Examples
# Display all DHCP packet statistics on the DHCP relay agent.
<Sysname> dis play dhcp relay st atistics
DHCP packets dropped: 0
DHCP packets received from clie nts: 0
DHCPDISCOV ER: 0
DHCPREQUEST: 0
DHCPINFORM : 0
DHCPRELEASE: 0
75
DHCPDECLINE: 0
BOOTPREQUE ST: 0
DHCP packets received from serv ers: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY : 0
DHCP packets relayed to servers : 0
DHCPDISCOV ER: 0
DHCPREQUEST: 0
DHCPINFORM : 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUE ST: 0
DHCP packets relayed to clients : 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY : 0
DHCP packets sent to servers: 0
DHCPDISCOV ER: 0
DHCPREQUEST: 0
DHCPINFORM : 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUE ST: 0
DHCP packets sent to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY : 0
Related commands
reset dhcp relay statistics
reset dhcp relay client-information
Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Syntax
reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address
[ vpn-instance vpn-instance-name ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Clears relay entries on the specified interface.
76
ip ip-address: Clears the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Clears the relay entry for the specified IP address in the specified
MPLS L3VPN instance. The vpn-instance-name is a c ase-sensitive s tring of 1 to 31 characters. If
you do not specify a VPN instance, this command clears the relay entry in the public network.
Usage guidelines
If you do not specify any parameters, this command clears all relay entries on the DHCP relay agent.
Examples
# Clear all relay entries on the DHCP relay agent.
<Sysname> rese t dhcp relay client-information
Related commands
display dhcp relay client-information
reset dhcp relay statistics
Use reset dhcp relay statistics to clear relay agent statistics.
Syntax
reset dhcp relay statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Clears DHCP relay agent statistics on the specified
interface. If you do not specify an interface, this command clears all DHCP relay agent statistics.
Examples
# Clear all DHCP relay agent statistics.
<Sysname> rese t dhcp relay statistics
Related commands
display dhcp relay statistics
DHCP client commands
dhcp client dad enable
Use dhcp client dad enable to enable duplicate address detection.
Syntax
Default
Use undo dhcp client dad enable to disable duplicate address detection.
dhcp client dad enable
undo dhcp client dad enable
Duplicate address detection is enabled on an interface.
77
Views
System view
Predefined user roles
network-admin
Usage guidelines
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address
owner to send an ARP reply, which makes the client unable to use the IP addr ess assigned by the
server. As a best practice, disable duplicate address detection when ARP attacks exist on the
network.
Examples
# Disable the duplicate address.
<Sysname> system-view
[Sysname] undo dh cp client dad enable
dhcp client dscp
Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.
Use undo dhcp client dscp to restore the default.
Syntax
dhcp client dscp dscp-value
undo dhcp client dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies th e priority level of the pack et and affects the tra nsmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for DHCP packets sent by the DHCP client to 30.
<Sysname> sy stem-view
[Sysname] dhcp client dscp 30
dhcp client identifier
Use dhcp client identifier to configure a DHCP client ID for an interface.
Use undo dhcp client identifier to restore the default.
78
•
•
Syntax
dhcp client identifier { ascii string | hex string | mac interface-type interface-number }
undo dhcp client identifier
Default
An interface generates an ASCII c haracter string as the DHCP client ID bas ed on its MAC a ddres s
and the interface name.
Views
Interface view
Predefined user roles
network-admin
Parameters
ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.
hex string: Specifies a hexadecimal string of 4 to 64 characters as the client ID.
mac interface-type interface-number: Uses the MAC addr ess of the s pecified inte rfac e as a DHCP
client ID. The interface-type interface-number argument specifies an interface by its type and
number.
Usage guidelines
A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addres ses for
clients based on the DHC P client ID. You can specify a DHCP client ID by perf orming one of the
following operations:
Naming an ASCII string or hexadecimal string as the client ID.
Using the MAC address of an interface to generate a client ID.
Whichever method you use, make sure the IDs for different DHCP clients are unique.
Examples
# Specify the hexadecimal string of FFFFFFF as the client ID for VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp client identifier hex FFFFFFFF
Related commands
display dhcp client
display dhcp client
Use display dhcp client to display DHCP client information.
Syntax
display dhcp client [ verbose ] [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
79
Field
Description
Parameters
verbose: Displays verbose DHCP client information.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify an interface, this command displays DHCP client information about all
interfaces.
Examples
# Display DHCP client information about all interfaces.
<Sysname> display dhcp client
Vlan-interface10 DHCP client in formation:
Current state: BOUND
Allocated IP: 40 .1.1.20 255.25 5.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
DHCP server: 40.1.1.2
# Display verbose DHCP client information.
<Sysname> disp lay dhcp client verbose
Vlan-interface10 DHCP client in formation:
Current state: BOUND
Allocated IP: 40 .1.1.20 255.25 5.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
Lease from May 21 19:00:29 2012 to May 31 19: 00:29 2012
DHCP server: 40.1.1.2
Transaction ID : 0x1c09322d
Default router: 40.1.1.2
Classless stat ic routes:
Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16
Destinatio n: 10.198.122.63, Mask: 255. 255.255.255, NextHop: 192.16 8.40.16
DNS servers: 44.1.1.11 44.1.1.12
Domain name: ddd.com
Boot servers: 200.200.200.200 1.1.1.1
Client ID type: ac sii(type value =00)
Client ID value: 000c.29d3.8659-Vlan1
Client ID (with ty pe) hex: 0030-3030-632e-3239 6433-2e38-3635-392d 4574-6830-2f30-2f32
T1 will timeout in 1 day 11 hours 58 mi nutes 52 seconds.
Table 16 Command output
Vlan-interface10 DHCP client
information
Current state
Information about the interface that acts as the DHCP client.
Current state of the DHCP client:
• HALT—The client stops applying for an IP address.
• INIT—The initialization state.
• SELECTING—The client has sent out a DHCP-DISCOVER
message in search for a DHCP server and is waiting for the
response from DHCP servers.
80
Field
Description
• REQUESTING—The client has sent out a
DHCP-REQUEST message requesting for an IP address
and is waiting for the response from DHCP servers.
• BOUND—The client has re cei ved the DH CP-ACK message
from a DHCP server and obtained an IP addres s
successfully.
• RENEWING—The T1 timer expires.
• REBOUNDING—The T2 timer expires.
Allocated IP IP address allocated by the DHCP server.
Allocated lease Allocated lease time.
T1 1/2 lease time (in seconds) of the DHCP client IP address.
T2 7/8 lease time (in seconds) of the DHCP client IP address.
Lease from….to…. Start and end time of the lease.
DHCP server DHCP server IP address that assigned the IP address.
Transaction ID
Default router Gateway address assigned to the client.
Classless static r ou tes Classless static r ou tes assigned to the client.
Static routes Classful static routes assigned to the client.
DNS servers DNS server address assigned to the client.
Domain name Domain name suffix assigned to the client .
Boot servers
Client ID type
Client ID value Value of the DHCP client ID.
Client ID (with type) hex DHCP client ID with the type field, a hexadecimal string.
T1 will timeout in 1 day 11 hours 58
minutes 52 seconds.
Related commands
Transaction ID, a random nu m ber ch ose n by the c lie nt to identify
an IP address allocation.
PXE server addresses (up to 16 addresses) specified for the
DHCP client, which are obtained through Option 43.
DHCP client ID type:
• If an ASCII str ing is used as the client ID value, the type
value is 00.
• If the MAC address of a specific interface is used as the
client ID value, the type value is 01.
• If a hexadecimal string is used as the client ID value, the
type value is the first two characters in the string.
How long the T1 (1/2 lease time) timer will timeout.
dhcp client identifier
ip address dhcp-alloc
ip address dhcp-alloc
Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.
Use undo ip address dhcp-alloc to cancel an interface from using DHCP.
81
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
Default
An interface does not use DHCP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
When you execute the undo ip address dhcp-alloc command, the interface sends a
DHCP-RELEASE message to release the IP address obtained through DHCP. If the interf ace is
down, the message cannot be sent out.
For a subinterface that obtained an IP address through DHCP , using the shutdown command on its
primary interface does not make the subinterf ace send a DHCP-REL EASE message for releasing
the subinterface's IP address.
Examples
# Configure VLAN-interface 10 to use DHCP for IP address acquisition.
<Sysname> system-view
[Sysname] in terface vlan-interface 10
[Sysname-Vlan-interface10] ip address dhcp-alloc
DHCP snooping commands
DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client
and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay
agent.
dhcp snooping binding database filename
Use dhcp snooping binding database filename to configure the D HCP snoopin g device to back
up DHCP snooping entries to a file.
Use undo dhcp snooping binding database filename to disable the auto backup and remove the
backup file.
Syntax
dhcp snooping binding databas e filename { filename | url url [ username username [ password
{ cipher | simple } key ] ] }
undo dhcp snooping binding database filename
Default
The DHCP snooping device does not back up DHCP snooping entries.
Views
System view
Predefined user roles
network-admin
82
•
•
•
•
•
Parameters
filename: Specifies the name of a local file. For information about the filename argument, see
Fundamentals Configuration Guide.
url url: Specif ies the URL of a rem ote file. Do not incl ude any usernam e or password in t he URL.
Case sensitivity and the supported path format type vary by server.
username username: Specifies the username for logging in to the remote device.
cipher: Sets a ciphertext password.
simple: Sets a plaintext pass word.
key: Specifies the k ey string. This argument is c ase sensitive. If simple is specified, it must be a
string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
Usage guidelines
For security purposes, all passwords, including passwords configured in plaintext, are saved in
ciphertext.
With this command executed, the DHCP snooping device backs up DHCP snooping entries
immediately and runs a uto backup. The command automatically creates the file if you specif y a
non-existent file. The DHCP snooping device, by default, waits 300 seconds after a DHCP snooping
entry change to update the backup file. To change the waiting period, use the dhcp snooping
binding database update interval command. If no DHCP snooping entry changes, the backup file
is not updated.
When the file is o n a remote device, follow thes e restrictions and guidel ines to specify the URL,
username, and password:
Examples
# Configure the DHCP snooping device to back up DHCP snooping entries to the file
database.dhcp.
<Sysname> system-view
[Sysname] dhcp sn ooping binding database file name database. dhcp
# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp
in the working directory of the FTP server at 10.1.1.1.
<Sysname> sy stem-view
[Sysname] dhcp snooping binding database filenam e url ftp://10.1.1.1/database.dhcp
username 1 passwo rd simple 1
If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file
path, where the port number is optional.
If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file
path, where the port number is optional.
The username and password must be the same as those configured on the FTP or TFTP
server. If the server authenticates only the username, the password can be omitted. For
example, enter URL ftp://1.1.1.1/database.dhcp username admin to specify the URL and
username options at the CLI.
If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for
example, ftp://[1::1]/database.dhcp.
You can also specify the DNS domain name for the server address field, for example,
ftp://company/database.dhcp.
# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp
in the working directory of the TFTP server at 10.1.1.1.
<Sysname> sy stem-view
[Sysname] dhcp sn ooping binding database file name tftp://10.1.1.1/database.dhcp
83
Related commands
dhcp snooping binding database upda te interval
dhcp snooping binding database update interval
Use dhcp snooping binding database update interval to set the waiting time after a DHCP
snooping entry change for the DHCP snooping device to update the backup file.
Use undo dhcp snooping binding database update interval to restore the default.
Syntax
dhcp snooping binding database upda te interval seconds
undo dhcp snooping binding databas e update interval
Default
The DHCP snooping de vice waits 300 sec on ds af ter a DH CP snoo pi ng entry change to up dat e t he
backup file. If no DHCP snooping entry changes, the backup file is not updated.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the waiting time in seconds, in the range of 60 to 864000.
Usage guidelines
When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP
snooping device updates the backup file when the waiting perio d is reached. All changed entries
during the period will be saved to the backup file.
The waiting time does not take effect if you do not configure the DHCP snooping entry auto backup
by using the dhcp snooping binding database filename command.
Examples
# Set the waiting time to 600 seconds for the DHCP snooping device to update the backup file.
<Sysname> system-view
[Sysname] dhcp sn ooping binding database upda te interval 600
Related commands
dhcp snooping binding database filename
dhcp snooping binding databa se update now
Use dhcp snooping binding database upd ate now to manuall y save DHCP snooping entri es to
the backup file.
Syntax
dhcp snooping binding database update now
Views
System view
Predefined user roles
network-admin
84
Usage guidelines
This command does not take effect if you do not configure the DHCP snooping entry auto backup by
using the dhcp snooping binding database filename command.
Examples
# Manually save DHCP snooping entries to the backup file.
<Sysname> system-view
[Sysname] dhcp sn ooping binding database upda te now
Related commands
dhcp snooping binding database filename
dhcp snooping binding record
Use dhcp snooping binding record to enable recording of client inf ormation in DHCP snooping
entries.
Use undo dhcp snooping binding record to disable recording of client information in DHCP
snooping entries.
Syntax
dhcp snooping binding record
undo dhcp snooping binding record
Default
DHCP snooping does not record client information.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
S-channel interface/S -c hannel aggr egat e interface view
VSI interface/VSI aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCP snooping on the port directly connecting to the clients to record client
information in DHCP snooping entries.
Examples
# Enable recording of client information in DHCP snooping entries.
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping binding record
dhcp snooping c heck mac-address
Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
Syntax
dhcp snooping check mac-address
undo dhcp snooping check mac-address
85
Default
MAC address check for DHCP snooping is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
S-channel interface/S -channel aggregate interface view
VSI interface/VSI aggregate interface view
Predefined user roles
network-admin
Usage guidelines
With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP
request with the source MAC address field in the frame header. If they are the same, DHCP
snooping considers this req uest vali d and f orwards it to the DH CP server. If they are not the s am e,
DHCP snooping discards the DHCP request.
Examples
# Enable MAC address check for DHCP snooping.
<Sysname> system-view
[Sysname] in terface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check mac-address
dhcp snooping check request-message
Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP
snooping.
Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP
snooping.
Syntax
dhcp snooping check request-message
undo dhcp snooping check request-message
Default
DHCP-REQUEST check is disabled for DHCP snooping.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
S-channel interface/S -channel aggregate interface view
VSI interface/VSI aggregate interface view
Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and
DHCP-RELEASE pack ets. This feature prevent s unauthorized c lients that forge DHCP-REQUEST
packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entr y for each
received DHCP-REQUEST message.
86
•
•
If a match is found, DHCP snooping compares the entry with the message. If they have
consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP
server. If they have different information, DHCP snooping considers the message invalid and
discards it.
If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] in terface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping check request-message
dhcp snooping deny
Use dhcp snooping deny to configure a port as DHCP packet blocking port.
Use undo dhcp snooping deny to restore the default.
Syntax
dhcp snooping deny
undo ipv6 dhcp snooping deny
Default
A port does not block DHCP packets.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
DHCP clients connected to DHCP packet blocking ports cannot obtain IP addresses and other
configuration parameters from the DHCP server.
Do not configure a port as both a trusted port and a DHCP packet blocking port.
Examples
# Configure Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 as a DHCP packet blocking port.
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping deny
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Syntax
Default
Use undo dhcp snooping enable to disable DHCP snooping.
dhcp snooping enable
undo dhcp snooping enable
DHCP snooping is disabled.
87
•
•
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCP snooping feature together with trusted port configur ation. Before truste d ports are
configured, all ports on the DHCP snooping device are untrusted and the device discards all
responses sent from DHCP servers.
When DHCP snooping is disabled, the device forwards all responses from DHCP servers.
Examples
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp snooping enable
dhcp snooping information circuit-id
Use dhcp snooping information circuit-id to configure the padding mode and padding format for
the Circuit ID sub-option.
Use undo dhcp snooping information circuit-id to restore the default.
Syntax
dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose
[ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp snooping information circuit-id [ vlan vlan-id ]
Default
The padding mode is normal and the padding format is hex.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies a VLAN ID for the Circuit ID sub-option.
string circuit-id: Specifies the string mode, in which the padding content for the Circuit ID sub-option
is a case-sensitive string of 3 to 63 characters.
normal: Specifies the normal mode. The padding content includes the VLAN ID and interface
number.
verbose: Specifies the verbose mode.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node
identifier. The padding con tent includes the node identifier, Ethernet type (f ixed to eth), interface
number, and VLAN ID. The node identifier varies by keyword mac, sysname, and user-defined.
mac: Uses the MAC addre s s of the access node as the node identifier. It is the default node
identifier.
sysname: Uses the device name as the node identifier. You can set the device name b y using
the sysname command in system view. The padding format for the device name is always
ASCII regardless of the specified padding format.
88
NOTE:
If
is used as the node identifier, do not include any space when you set the device name.
Otherwise, the DHCP snooping device fails to add or replace the Option 82.
•
is specified
format is ascii
sysname
user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node
identifier. The padding format for the specified character string is always ASCII regardless of
the specified padding format.
format: Specifies the padding format for the Circuit ID sub-option.
ascii: Specifies the padding format as ASCII.
hex: Specifies the padding format as hex.
Usage guidelines
The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces. For
more information about interface splitting and subinterfaces, see Interface Configuration Guide.
If you use this command multiple times, the most recent configuration takes effect.
The padding form at for the user-defined str ing, the normal m ode, or the verbose modes varies by
command configuration. Table 17 shows how the padding format is determined for different modes.
Table 17 Padding format for different modes
If replace is configured as the handling strategy for DHCP requests that contain Option 82, you must
specify the padding mode and padding format for the Circuit ID sub-option. If the handling strategy is
keep or drop, you do n ot need to s pecify the pad ding mode and padding format f or the Circuit ID
sub-option.
Examples
# Configure verbos e as the padding mode, device nam e as the node identifier, and ASCII as the
padding format for the Circuit ID sub-option.
<Sysname> sy stem-view
[Sysname] in terface Ten-GigabitEthernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information en able
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose
node-identifi er sysname forma t ascii
Keyword (mode)
string
circuit-id
normal
verbose
If no padding format
You cannot specify a
padding format, and the
padding format is
always ASCII.
Hex. ASCII. Hex.
Hex for the VLAN ID.
ASCII for the node
identifier, Ethernet type,
and interface number.
If the padding
N/A N/A
ASCII.
If the padding format is hex
ASCII for the node identifier and
Ethernet type.
Hex for the interface number and
VLAN ID.
Related commands
dhcp snooping information enable
dhcp snooping information strategy
display dhcp snooping information
89
dhcp snooping information enable
Use dhcp snooping information enable to enable DHCP snooping to support Option 82.
Use undo dhcp snooping information enable to disable this feature.
Syntax
dhcp snooping information enable
undo dhcp snooping information enable
Default
DHCP snooping does not support Option 82.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DH CP snooping to add Option 82 in to DHCP request pack ets that do not
contain Option 82 before f orwarding the req uests to the DHCP server. The content of Option 82 is
determined by the dhcp snooping information circuit-id and dhcp snooping information
remote-id comm ands. If the received DHCP request pack ets contain Option 82, DHCP snoop ing
handles the packets according to the strategy configured with the dhcp snooping information
strategy command.
If this feature is disabled, DHCP snooping forwards requests that contain or do not contain Option 82
to the DHCP server.
Examples
# Enable DHCP snooping to support Option 82.
<Sysname> system-view
[Sysname] interface Ten-GigabitEthernet1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable
Related commands
dhcp snooping information circuit-id
dhcp snooping information remote-id
dhcp snooping information strategy
dhcp snooping information remote-id
Use dhcp snooping information remote-id to configure the padding mode and padding format for
the Remote ID sub-option.
Use undo dhcp snooping information remote-id to restore the default.
Syntax
dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string
remote-id | sysname } }
Default
undo dhcp snooping information remote-id [ vlan vlan-id ]
The padding mode is normal and the padding format is hex.
90
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies the VLAN ID as the Remote ID sub-option.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as
the content of the Remote ID sub-option.
sysname: Specifies the s ysname mode that uses the device name as the R emote ID sub-option.
You can configure the device name by using the sysname command in system view.
normal: Specifies the normal mode. The padding content is the MAC address of the receiving
interface.
format: Specifies th e padding form at for the Remote ID s ub-option. The defau lt padding form at is
hex.
ascii: Specifies the padding format as ASCII.
hex: Specifies the padding format as hex.
Usage guidelines
DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option.
The padding format for the normal padding mode is determined by the command configuration.
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Pad the Remote ID sub-option with the character string device001.
<Sysname> sy stem-view
[Sysname] interface Ten-GigabitEth ernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping in formation remote-id string device001
Related commands
dhcp snooping information enable
dhcp snooping information strategy
display dhcp snooping information
dhcp snooping information strategy
Use dhcp snooping information strategy to configure the handling strategy for Option 82 in
request messages.
Syntax
Default
Use undo dhcp snooping information strategy to restore the default.
dhcp snooping information strategy { drop | keep | replace }
undo dhcp snooping information strategy
The handling strategy for Option 82 in request messages is replace.
91
Loading...