Post on 22-Nov-2021
transcript
RG-WLAN Series Access Point
RGOS Command Reference
Release 10.4(1b19)p2
RG-WLAN Series Access Point RGOS Command Reference Release 10.4(1b19)p2
Revision No.: Version 10.4(1b19)p2
Copyright Statement
Ruijie Networks ©2000-2015
All rights reserved.
Without our written permission, this document may not be excerpted, reproduced, transmitted, or otherwise in all or in part
by any party in any means.
,
, , , , ,
, are all registered trademarks of Ruijie Networks Co., Ltd. and are protected
by law.
Exemption statement
This document is provided “as is”. The contents of this document are subject to change without any notice. Please obtain
the latest information through the Ruijie Networks website. Ruijie Networks endeavors to ensure content accuracy and will
not shoulder any responsibility for losses and damages caused by content omissions, inaccuracies or errors.
Preface
Version Description
This manual matches the software version RGOS®10.4(1b19)p2.
Target Readers
This manual is intended for the following readers:
Network engineers
Technical salespersons
Network administrators
Obtaining Technical Assistance
Ruijie Networks website: http://www.ruijienetworks.com/
Online customer services: http://webchat.ruijie.com.cn
Customer service center: http://www.ruijie.com.cn/service.aspx
Customer services hotline: +86-4008-111-000
BBS: http://support.ruijie.com.cn
Customer services email: service@ruijie.com.cn
Related Documents
Documents Description
Configuration Guide Describes network protocols and related mechanisms that supported by the
product, with configuration examples.
Command Reference Describes the related configuration commands, including command modes,
parameter descriptions, usage guides, and related examples.
Hardware Installation Guide
Describes functional and physical features of the product and provides
installation procedure, hardware troubleshooting, module technical
specifications, and specifications and guidelines of cables and connectors.
Conventions in this Document
1. Universal Format Convention
Arial: Arial with the point size 10 is used for the body.
Note: A line is added respectively above and below the prompts such as caution and note to separate them from the body.
Format of information displayed on the terminal: Courier New, point size 8, indicating the screen output. User's entries
among the information shall be indicated with bolded characters.
2. Command Line Format Convention
Arial is used as the font for the command line. The meanings of specific formats are described below:
Bold: Key words in the command line, which shall be entered exactly as they are displayed, shall be indicated with bolded
characters.
Italic: Parameters in the command line, which must be replaced with actual values, shall be indicated with italic
characters.
[ ]: The part enclosed with [ ] means optional in the command.
{ x | y | ... }: It means one shall be selected among two or more options.
[ x | y | ... ]: It means one or none shall be selected among two or more options.
//:Lines starting with an exclamation mark "//" are annotated.
3. Signs
Various striking identifiers are adopted in this manual to indicate the matters that special attention should be paid in the
operation, as detailed below:
Descript, prompt, tip or any other necessary supplement or explanation for the operation.
The port types mentioned in the examples of this manual may not be consistent with the actual ones. In real network
environments, you need configure port types according to the support on various products.
The display information of some examples in this manual may include the information on other series
products, like model and description. The details are subject to the used equipments.
Warning, danger or alert in the operation.
Command Reference WLAN Basic Configuration Commands
WLAN Basic Configuration Commands
ampdu-retries
In a wireless network, AMPDU software retransmission is adopted to reduce the sub-frame loss. The
more retransmission attempts, the less the package loss. However excessive retransmission attempts
increase the workload of air interfaces, which reduce the immediacy of other packages. So, it is
recommended to configure more retransmission attempts when sub-frame loss frequently occurred.
ampdu-retries times radio radio_id
Parameter Description
times Set the retransmission times; within the range from 1 to 10. Parameter
Description radio-id ID of the radio to be configured
Defaults By default, the retransmission times is 10.
Command
Mode
AP configuration mode
Usage Guide N/A
Configuration
Examples
Example 1: Enter the configuration mode of AP0001 and set the AMPDU software retransmission
times to 5.
Ruijie(config)#ap- config AP0001
Ruieji(config-ap)#ampdu-retries 5 radio radio_id
Command Description Related
Commands N/A N/A
Platform
Description
Supported by both AC and AP.
ampdu-rts
MPDU RTS protection is able to avoid aggregation conflict on air interface to avoid resource waste.
However, RTS interaction consumes some resources of the air interface which brings about side-effect
to the air interface in most scenario. The function is disabled by default.
[no] ampdu-rts radio radio_id
Command Reference WLAN Basic Configuration Commands
Parameter Description Parameter
Description radio-id ID of the radio to be configured
Defaults By default, this functio is disabled.
Command
Mode
AP configuration mode
Usage Guide N/A
Configuration
Examples
Example 1: Enter the configuration mode of AP0001 and enable the AMPDU RTS protection on the
radio 1.
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# ampdu-rts radio 1
Command Description Related
Commands N/A N/A
Platform
Description
Supported by both AC and AP.
autowifi
Use this command to perform one-click WLAN configuration on an unconfigured device. Use the no
form of this command to cancel the configuration.
autowifi
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
AC/Fat AP configuration mode
Usage Guide
One-click WLAN configuration function is provided for fast configuration on an unconfigured device,
In general, this function aims at helping the scenario investigator to improve efficiency
and helping the channel distributors to test WLAN performance in a more convenient
Command Reference WLAN Basic Configuration Commands
way.
Configuration
Examples
This function automatically performs the following configurations on the AC or the Fat AP:
(1)Vlan Division: On an AC, VLAN 1 is AP’s VLAN, VLAN 2 is STA’s VLAN; On a Fat AP, VLAN 1 is
STA’s VLAN.
(2) Address Pool: On an AC, the network segment 192.168.1.0 is the AP’s address pool; The
network segment 192.168.2.0 is the STA’s address pool; By default, the IP address of VLAN 1 is
192.168.1.1 and the IP address of VLAN 2 is 192.168.2.1; The default management IP address is
88.88.88.88.
On a Fat AP, the network segment 192.168.1.0 is the STA’s address pool; The IP address of BVI 1 is
192.168.1.1.
(3) WLAN Configuration: Set the WLAN name to autowifi_XXXX, the last four digits is the same as
that of the device’s MAC address; Set the WLAN-ID to 1.
(4) Security: By default,WPA2 is used for encryption; the password is autowifi.
(5) WLAN-VLAN Mapping: On an AC, map WLAN-ID 1 to VLAN 1 in the ap-group default group; On
a Fat AP encapsulate VLAN 1 on the wireless interface and set the WLAN-ID to 1.
(6) Service: Enable DHCP service.
Command Description Related
Commands N/A N/A
Platform
Description
Supported by AC and Fat AP.
eth-schd
You can improve the network performance by raising the received Ethernet package limit per time on
an AP, at the cost of reducing immediacy of key packages. With regard to applications which are
multi-user concurrent and real-time sensitive, such as electronic schoolbag, requiring only ordinary
networks, you are recommended to decrease the value of received Ethernet package limit per time to
25.
eth-schd limit
Parameter Description Parameter
Description limit Received package limit per time
Defaults
By default, the limit value varies by AP model, as shown below:
The default limit value of the following APs: 256
AP220-I v1.0, AP220-I v1.1, AP220-SI v1.0
AP220-SI v1.1, AP220-E v2.03, AP220-E v2.0
AP220-SH v2.0, AP220-SH (C) v3.0, AP220-E(M) v2.0, AP220-E(M) v2.20, AP620-H(C) v2.0, AP220-E(C)
v3.0, AP220-E(M) v2.3, AP220-E v2.99, AP620-H(C) v2.99, AP220-SH(C) v2.99
AP220-E(C) v2.99, AP530-I v1.0
Command Reference WLAN Basic Configuration Commands
The default limit value of the following APs : 180
AP320-I v1.0, AP220-E(M)-V2 v3.0, AP320-I v1.1
AP3220 v1.0, AP220-E(P) v1.0, AP220-E(C) v4.0
AP220-E(M)-V2 v3.9
The default limit value of the following APs: 64
AP330-I v1.1, AP220-E(P) v2.0
The default limit value of other APs: 25
Command
Mode
AP configuration mode
Usage Guide N/A
Configuration
Examples
Example 1: Enter the configuration mode of AP0001 and set the value of the received package limit
per time to 100.
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# eth-schd 100
Command Description Related
Commands N/A N/A
Platform
Description
Supported by both AC and AP.
ldpc
As part of FEC (Forward Error Correction) technology, LDPC is a simple and easily-implemented linear
error correcting code developed in the early 1960s that used in the data transmission over noisy
channels to improve the coding reliablity and coding gain,so as to reduce the risk of data loss. However,
only few terminals are incomparible with LDPC, featuring package loss. This command is used to
enable or disable this function.
[no] ldpc radio radio id
Parameter Description Parameter
Description radio-id ID of the radio to be configured.
Defaults By default, this function is enabled.
Command
Mode
AP configuration mode
Command Reference WLAN Basic Configuration Commands
Usage Guide N/A
Configuration
Examples
Example 1: Enter the configuration mode of AP0001 and enable LDPC on radio 1 of the designated
AP.
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# ldpc radio 1
Command Description Related
Commands N/A N/A
Platform
Description
Supported by both AC and AP.
stbc
Space–time block coding is a technique used in wireless communications to transmit multiple copies of
a data stream across a number of antennas at different time and to exploit the various received
versions of the data to improve the reliability of data-transfer. An obvious advantage of STBC is
adopting simple maximum likelihood decoding to realize full antenna gain. But some terminals may be
incompatible with STBC. This commands is used to enable or disable this function.
[no] stbc radio radio_id
Parameter Description Parameter
Description radio-id ID of the radio to be configured
Defaults By default, this function is enabled.
Command
Mode
AP configuration mode
Usage Guide N/A
Configuration
Examples
Example 1: Enter the configuration mode of AP0001 and enable STBC on radio 1 of the designated
AP.
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# stbc radio 1
Command Description Related
Commands N/A N/A
Platform
Description
Supported by both AC and AP.
Command Reference Dot11 Radio Commands
Dot11 Radio Commands
dot11 wlan
Use this command to create a WLAN and enters WLAN configuration mode.
dot11 wlan wlan-id
no dot11 wlan wlan-id
Parameter
Description Parameter Description
no Deletes the WLAN.
wlan-id Specifies a WLAN ID.
Defaults N/A
Command
mode
Global configuration mode
Usage Guide After a WLAN is created, the command line interface enters WLAN configuration mode.
Configuration
Examples
# Create a WLAN called WLAN 1 and enter WLAN configuration mode.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)#
# Delete the WLAN.
Ruijie(config)# no dot11 wlan 1
Related
Commands Command Description
wlan-id Sets a WLAN ID for the Dot11radio interface.
Platform
Description
N/A
broadcast-ssid
Use this command to display the service set identifier (SSID). Use the no form of this command to
hide the SSID.
broadcast-ssid
no broadcast-ssid
Command Reference Dot11 Radio Commands
Parameter
Description Parameter Description
no Hides the SSID.
Defaults By default, the WLAN does not hide the SSID.
Command
mode
WLAN configuration mode
Usage Guide N/A
Configuration
Examples
# Enable WLAN1 to display the SSID.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# broadcast-ssid
# Enable WLAN1 to hide the SSID.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no broadcast-ssid
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
vlan
Use this command to set a VLAN ID bound with the WLAN.
vlan vlan-id
no vlan
Parameter
Description Parameter Description
no Deletes the VLAN ID.
vlan-id Specifies the VLAN ID. The range is from 1 to 4095.
Defaults N/A
Command
mode
# Set the VLAN ID bound with the WLAN 1 to 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan 1
# Delete the VLAN ID of 1 bound with the WLAN 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no vlan
Command Reference Dot11 Radio Commands
Usage Guide N/A
Configuration
Examples
# Set the VLAN ID bound with the WLAN 1 to 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan 1
# Delete the VLAN ID of 1 bound with the WLAN 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no vlan
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ssid
Use this command to set a SSID for the WLAN.
ssid ssid-string
no ssid
Parameter
Description Parameter Description
no Deletes the SSID.
ssid-string Specifies the SSID. The length is from 1 to 32.
Defaults N/A
Command
mode
WLAN configuration mode
Usage Guide A SSID can be associated with multiple WLANs, but a WLAN cannot be associated with multiple
SSIDs at the same time.
Configuration
Examples
# Set the SSID for WLAN 1 to RUIJIE.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# ssid RUIJIE
Related
Commands Command Description
N/A N/A
Command Reference Dot11 Radio Commands
Platform
Description
N/A
interface dot11radio
Use this command to set the dot11radio interface or sub-interface and enter dot11radio interface
configuration mode.
interface dot11radio interface-name
no interface dot11radio interface-name
Parameter
Description Parameter Description
no Deletes dot11radio sub-interface
interface-name
Specifies the Dot11radio interface number, including the
sub-interface number.
Defaults N/A
Command
mode Global configuration mode
Usage Guide The no form of this command is only applicable to sub-interface.
Configuration
Examples
# Enter dot11radio interface configuration mode.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#
# Enter dot11radio sub-interface configuration mode.
Ruijie(config)#interface dot11radio 1/0.1
Ruijie(config-subif)#
# Delete the dot11radio sub-interface configuration.
Ruijie(config)#no interface dot11radio 1/0.1
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
antenna
Use this command to set parameters for transmitting and receiving antennas.
antenna { receive | transmit } chain-mask
Command Reference Dot11 Radio Commands
no antenna { receive | transmit }
Parameter
Description Parameter Description
no Deletes settings for antennas.
chain-mask Specifies the antenna selection mask. The range is from 1 to 7.
Defaults The default antenna selection mask varies with product models and the number of antennas. The
default setting depends on the product model.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the transmitting and receiving mask.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# antenna transmit 7
Ruijie(config-if-Dot11radio 1/0)# antenna receive 7
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
beacon dtim-period
Use this command to set a DTIM period for beacon frames.
beacon dtim-period seconds
no beacon dtim-period
Parameter
Description Parameter Description
no Deletes the setting of DTIM period.
seconds
Specifies the DTIM period. The unit is one beacon period. The range
is from 1 to 255.
Defaults The default DTIM period is 1 beacon period.
Command
mode
Dot11radio interface configuration mode
Command Reference Dot11 Radio Commands
Usage Guide N/A
Configuration
Examples
# Set the DTIM period to 20.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#beacon dtim-period 20
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
beacon period
Use this command to set a beacon period.
beacon period milliseconds
no beacon period
Parameter
Description Parameter Description
no Deletes the setting of beacon period.
milliseconds
Specifies the beacon period in milliseconds. The range is from 20 to
1000.
Defaults The default value is 100 milliseconds.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the beacon period to 200 milliseconds.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#beacon period 200
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Dot11 Radio Commands
channel
Use this command to set the channel that the radio operates in.
channel channel-num
no channel
Parameter
Description Parameter Description
no Sets to auto search and configures the radio channel.
channel-num
Specifies a radio channel. The range is from 1 to 13 on the 2.4-GHz
radio, from 36 to 165 on the 5-GHz radio. (For a specific product, the
supported radio channels depend on the country code.)
Defaults N/A
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the radio to operate in channel 11.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#channel 11
Related
Commands Command Description
radio-type Sets the radio type.
Platform
Description
N/A
radio-type
Use this command to set the RF mode of a radio.
radio-type { 802.11a | 802.11b }
Parameter
Description Parameter Description
802.11a Supports 5 GHz frequency band.
802.11b Supports 2.4 GHz frequency band.
Defaults By default, Radio 1 is configured with 802.11b and Radio 2 802.11a.
Command Reference Dot11 Radio Commands
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the RF mode to 2.4 GHz frequency band.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#radio-type 802.11b
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
chan-width
Use this command to set the bandwidth of radio channels
chan-width { 20 | 40 }
no chan-width
Parameter
Description Parameter Description
no Deletes the setting of channel bandwidth.
20 Sets the channel width to 20 MHz.
40 Sets the channel width to 40 MHz.
Defaults The default channel bandwidth is 20 MHz.
Command
mode
Dot11radio interface configuration mode
Usage Guide It is not allowed to configure channel bandwidth when 802.11n is forbidden.
Configuration
Examples
# Set the channel width to 40 MHz.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#chan-width 40
# Delete the setting of channel width.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no chan-width
Related
Commands Command Description
Command Reference Dot11 Radio Commands
N/A N/A
Platform
Description
N/A
country-code
Use this command to set a country code for a specified radio.
country-code country-code
no country-code
Parameter
Description Parameter Description
no Restores the default country code.
country-code Specifies the country code, which varies with products.
Defaults The default country code is CN.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the country code of the radio to USI.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#country-code USI
# Delete the setting of country code.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no country-code
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
fragment-threshold
Use this command to set a fragmentation threshold for a radio.
fragment-threshold threshold-value
no fragment-threshold
Command Reference Dot11 Radio Commands
Parameter
Description Parameter Description
no Deletes the setting of fragmentation thresholds.
Threshold-value
Specifies the value of a fragmentation threshold. The range is from
256 to 2346 bytes.
Defaults The default value is 2346 bytes.
Command
mode
Dot11radio interface configuration mode
Usage Guide It is only allowed to configure fragmentation thresholds when 802.11n is forbidden.
Configuration
Examples
# Set the fragmentation threshold to 1500 bytes.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# fragment-threshold 1500
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
rts threshold
Use this command to set an RTS threshold for a radio.
rts threshold threshold-value
no rts threshold
Parameter
Description Parameter Description
no Deletes the setting of RTS thresholds.
threshold-value Specifies the RTS threshold. The range is from 257 to 2347 bytes.
Defaults The default value is 2347 bytes.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the RTS threshold to 1500 bytes.
Ruijie(config)#interface dot11radio 1/0
Command Reference Dot11 Radio Commands
Ruijie(config-if-Dot11radio 1/0)# rts threshold 1500
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
slottime
Use this command to set the slot time for a radio.
slottime { long | short }
Parameter
Description Parameter Description
long Sets the long slot time.
short Sets the short slot time.
Defaults The default setting is short slot time.
Command
mode
Dot11radio interface configuration mode
Usage Guide This command only takes effect when the AP operates in 2.5GHz frequency band and non-802.11b.
In 5 GHz frequency band, the default setting is short slot time, which cannot be modified.
Configuration
Examples
# Sets long slot time on the radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# slottime long
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
short-gi
Use this command to set a short Guard Interval (GI) on the radio.
short-gi enable chan-width { 20 | 40 }
no short-gi enable chan-width { 20 | 40 }
Command Reference Dot11 Radio Commands
Parameter
Description Parameter Description
no Deletes the setting of short GI.
20 Short GI in the channel width of 20 MHz.
40 Short GI in the channel width of 40 MHz.
Defaults By default, short GI cannot be enabled in the channel bandwidth of 20 MHz, but can be enabled in the
channel bandwidth of 40 MHz.
Command
mode
Dot11radio interface configuration mode
Usage Guide Short GI in the channel width of 20 MHz is not supported on some products.
Configuration
Examples
# Enable short GI in the channel width of 20 MHz.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# short-gi enable chan-width 20
# Disable short GI in the channel width of 20 MHz.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no short-gi enable chan-width 20
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
short-preamble
Use this command to set a preamble for a radio.
short-preamble
no short-preamble
Parameter
Description Parameter Description
no Sets a long preamble.
Defaults The default setting is short preamble in 2.4 GHz frequency band while long preamble in 5 GHz.
Command
mode
Dot11radio interface configuration mode
Command Reference Dot11 Radio Commands
Usage Guide This command only takes effect when the AP operates in 2.4 GHz frequency band. The default
setting is long preamble in 5 GHz frequency band, which cannot be modified.
Configuration
Examples
# Set the short preamble.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# short-preamble
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
response-rssi
Use this command to set the minimum value of the received signal strength indicator (RSSI) for a
wireless client to connect to the AP. If a wireless client's RSSI is less than this value, this client is not
allowed to associate with this AP.
response-rssi rssi-value
no response-rssi
Parameter
Description Parameter Description
no Deletes a RSSI value.
rssi-value Specifies the RSSI. The range is from 0 to 100 dBm.
Defaults The default value is 0.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# set the RSSI value for wireless access.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# response-rssi 10
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Dot11 Radio Commands
power local
Use this command to set the transmitting power of a radio.
power local power-value
no power local
Parameter
Description Parameter Description
no Deletes the power value.
power-value
Specifies the value of transmitting power. The range is from 1 to 100
percent.
Defaults The default value is 100.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the transmitting power of the radio to 50 percent.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# power local 50
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
retries
Use this command to set the retries of long or short frames.
retries { short | long } retries-value
no retries { short | long }
Parameter
Description Parameter Description
no Restores the default setting.
short
Specifies the retransmission times of short frames. The range is from
1 to 7.
long
Specifies the retransmission times of long frames. The range is from
1 to 4 times.
Command Reference Dot11 Radio Commands
Defaults The default value is 4 for long frames and 7 for short frames.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the retries of long frames.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# retries long 2
# Restore the default retries of short frames.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no retries short
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
sta-idle-timeout
Use this command to set the idle timeout for wireless clients.
sta-idle-timeout seconds
no sta-idle-timeout
Parameter
Description Parameter Description
no Restores the default value.
seconds Specifies the idle timeout. The range is from 60 to 86400 seconds.
Defaults The default value is 300 seconds.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the idle time to 900 seconds.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# sta-idle-timeout 900
Command Reference Dot11 Radio Commands
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
coverage-area-control
Use this command to set the power of transmitting beacon, or to control the coverage area of wireless
signals.
coverage-area-control power-value
no coverage-area-control
Parameter
Description Parameter Description
no Restores the default setting.
power-value Specifies the coverage area. The range is from 0 to 32.
Defaults The default value is 0.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the coverage area of wireless signals.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# coverage-area-control 12
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
mcast_rate
Use this command to set multicast rate.
mcast_rate { 11 | 24 | 54 | 65 | 78 | 104 | 130 }
no mcast_rate
Command Reference Dot11 Radio Commands
Parameter
Description Parameter Description
no Restores the default value.
Defaults The default value is 54.
Command
mode
Dot11radio interface configuration mode
Usage Guide A multicast rate takes effect only when the current AP frequency band supports this rate. If this rate is
not supported, the default rate is used.
Configuration
Examples
# Set a multicast rate.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# mcast_rate 24
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
sta-limit
Use this command to set the maximum number of wireless clients that can be connected to the AP.
sta-limit client-num
no sta-limit
Parameter
Description Parameter Description
no Restores the default value.
client-num Specifies the maximum number of clients. The range is from 1 to 128.
Defaults The default value is 24.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Set the maximum number of wireless clients to 50.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# sta-limit 50
Command Reference Dot11 Radio Commands
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
rate-set
Use this command to set a rate set.
rate-set { 11a | 11b | 11g mandatory | support | disable speed }
rate-set 11n mcs-mandatory | mcs-support index
Parameter
Description Parameter Description
11a The 5-GHz radio has the legacy 802.11a, 802.11na data rates.
11b The 2.4-GHz radio has the legacy 802.11b data rates.
11g The 2.4-GHZ radio has the legacy 802.11g, 802.11ng data rates.
speed
Specifies the rate to be configured, which varies with radio types.
802.11a : 6, 9, 12, 18, 24, 36, 48 and 54 Mbps
802.11b : 1, 2, 5.5 and 11 Mbps
802.11g: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48 and 54 Mbps
disable Sets a data rate to be disabled on the specified radio type.
support Sets a data rate to be supported on the specified radio type.
mandatory Sets a data rate to be mandatory on the specified radio type.
11n Sets the MCS value on the 802.11n radio.
mcs-mandatory Specifies the mandatory MCS value.
mcs-support Specifies the supported MCS value.
index Specifies the range, which is from 0 to 23.
Defaults The default setting differs:
802.11a: Rates 6, 9, 12 are set to mandatory and the rest are set to supported.
802.11b: Rates 1, 2, 5.5, 11 are set to mandatory.
802.11g: Rates 1, 2, 5.5, 11 are set to mandatory and the rest to supported.
mcs- support: The default MCS value is 7 for one traffic, 15 for two traffics, and 23 for three traffics.
mcs- mandatory:0
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Command Reference Dot11 Radio Commands
Configuration
Examples
# Set 54 MHz to support on the 802.11a radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11a support 54
# Set 24 MHz to mandatory on the 802.11g radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11g mandatory 54
# Set MCS 12 to mandatory on the 802.11n radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11n mcs-mandatory 12
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
11bsupport enable
Use the command to enable the specified radio to support 802.11b on 2.4 GHz.
11bsupport enable
no 11bsupport enable
Parameter
Description Parameter Description
no Disables the radio to support 802.11b.
Defaults By default, the 802.11b is supported.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Disable the radio to support 802.11b.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no 11bsupport enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Dot11 Radio Commands
11gsupport enable
Use this command to enable the specified radio to support 802.11g, or 802.11b/g on 2.5 GHz.
11gsupport enable
no 11gsupport enable
Parameter
Description Parameter Description
no Disables the radio to support 802.11g.
Defaults By default, the 802.11g is supported.
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Disable the radio to support 802.11g.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no 11gsupport enable
Ruijie(config)#interface vfc 2
Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
11nsupport enable
Use this command to enable the specified radio to support 802.11n.
11nsupport enable
no 11nsupport enable
Parameter
Description Parameter Description
no Disables the radio to support 802.11n.
Defaults By default, the 802.11n is supported.
Command Dot11radio interface configuration mode
Command Reference Dot11 Radio Commands
mode
Usage Guide N/A
Configuration
Examples
# Enable the radio to support 802.11n.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#11nsupport enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlan-id
Use this command to enable WLAN while enabling the radio.
wlan-id wlan-id
no wlan-id wlan-id
Parameter
Description Parameter Description
no Deletes the WLAN ID.
wlan-id Specifies the WLAN ID.
Defaults N/A
Command
mode
Dot11radio interface configuration mode
Usage Guide N/A
Configuration
Examples
# Enable WLAN 1.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#wlan-id 1
Related
Commands Command Description
dot11 wlan Creates the configuration-related WLAN.
Platform
Description
N/A
Command Reference Dot11 Radio Commands
show dot11 wireless
Use this command to show wireless information and configuration of the wireless network card.
show dot11 wireless interface-name
Parameter
Description Parameter Description
interface-name Specifies the Dot11radio interface number.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
Ruijie#show dot11 wireless 1/0
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show dot11 associations
Use this command to show connections of the wireless network card.
show dot11 associations H.H.H interface-nam
Parameter
Description Parameter Description
H.H.H Specifies the MAC address of a wireless client.
interface-name Specifies the Dot11radio interface number, including the
sub-interface number.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Command Reference Dot11 Radio Commands
Configuration
Examples
Ruijie#show dot11 associations 0023.9090.2900 1/0
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show dot11 associations all-client
Use this command to show information of all clients connected to the wireless network card.
show dot11 associations all-client interface-name
Parameter
Description Parameter Description
interface-name Specifies the Dot11radio interface number, including the
sub-interface number.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
Ruijie#show dot11 association all-client 1/0
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show dot11 channels active
Use this command to show the information of active channels supported by the wireless network
card.
show dot11 channels active interface-name
Command Reference Dot11 Radio Commands
x
Parameter
Description Parameter Description
interface-name Specifies the Dot11radio interface number, including the
sub-interface number.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
Ruijie#show dot11 channels active 1/0
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show dot11 channels all
Use this command to show information of all active channels supported by the wireless network card.
show dot11 channels all interface-name
Parameter
Description Parameter Description
interface-name Specifies the Dot11radio interface number, including the
sub-interface number.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
Ruijie#show dot11 channels all 2/0
Command Reference Dot11 Radio Commands
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WLAN-VLAN Mapping Commands
WLAN-VLAN Mapping Commands
vlan-assign-mode
Use this command to set a VLAN assignment mode for the current or all VLAN groups on an AP
device. Use the no form of this command to remove the setting.
vlan-assign-mode dot1x
no vlan-assign-mode
Parameter Description
Parameter
Description
dot1x Indicates that the authentication server is responsible for
assigning VLANs to users that pass 802.1x
authentication.
Defaults No VLAN assignment mode is specified.
Configuration
Mode VLAN group configuration mode or global configuration mode
Usage Guide
The VLAN assignment mode set in global configuration mode takes effect on all VLAN groups.
The VLAN assignment mode set in VLAN group configuration mode takes effect only on the
current VLAN group.
The VLAN assignment mode set in VLAN group configuration mode prevails over that set in
global configuration mode.
Configuration
Examples
The following example shows how to configure the 802.1x-based VLAN assignment mode for
VLAN group 100 on an AP.
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# vlan-assign-mode dot1x
Command Description Related
Commands show vlan-group [group-id] Display information about a VLAN group.
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
Command Reference WLAN-VLAN Mapping Commands
vlan-group
Use this command to create a VLAN group on an AP device. Use the no form of this command to
delete the configuration.
vlan-group group-id
no vlan-group group-id
Parameter Description Parameter
Description group-id Specifies the ID of a VLAN group, which ranges from 1 to
128.
Defaults None
Configuration
Mode Global configuration mode
Usage Guide None
Configuration
Examples
The following example shows how to create VLAN group 100 on an AP:
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)#
Command Description Related
Commands show vlan-group [group-id] Display information about a VLAN group.
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
default-vlan
When the 802.1x-based VLAN assignment mode is configured on an AP device, the authentication
server is responsible for assigning VLANs to users. Use this command to enable the device to
assign the default VLAN after authentication. Use the no form of this command to delete the
configuration.
default-vlan vlan-id
no default-vlan
Parameter Description Parameter
Description vlan-id Specifies a VLAN ID.
Command Reference WLAN-VLAN Mapping Commands
Defaults The default VLAN is not specified.
Configuration
Mode VLAN group configuration mode
Usage Guide
Before setting the mode of assigning the default VLAN, add the default VLAN to the specific
VLAN group.
The default VLAN takes effect only after it is assigned to a user who passes 802.1x
authentication by the authentication server of the current WLAN.
Configuration
Examples
The following example shows how to set VLAN 10 to the default VLAN of VLAN group 100 on
an AP:
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# default-vlan 10
Command Description Related
Commands show vlan-group [group-id] Display information about a VLAN group.
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
vlan-list
Use this command to set the list of VLANs in a VLAN group on an AP device. Use the no form of this
command to remove the setting.
vlan-list vlan-list
no vlan-list
Parameter Description Parameter
Description vlan-lis Specifies a list of VLANs in a VLAN group. A VLAN group
includes a maximum of 32 VLANs.
Defaults A VLAN group has no VLAN.
Configuration
Mode VLAN group configuration mode
Usage Guide If a WLAN needs to map multiple VLANs, add them to the same VLAN group, and then
associate the VLAN group with the WLAN.
Command Reference WLAN-VLAN Mapping Commands
Configuration
Examples
The following example shows how to add VLANs 100 to 105 to VLAN group 100 on an AP or
AC:
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# vlan-list 100-105
Command Description Related
Commands show vlan-group [group-id] Display information about a VLAN group.
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
vlan-group
Use this command to associate a VLAN group with the current WLAN on an AP. Use the no form of
this command to remove the configuration.
vlan-group group-id
no vlan-group
Parameter Description Parameter
Description group-id Specifies the ID of a VLAN group, which ranges from 1 to
128.
Defaults The WLAN is not associated with any VLAN group.
Configuration
Mode WLAN configuration mode
Usage Guide None
Configuration
Examples
The following example shows how to associate WLAN 1 with VLAN group 100:
Ruijie# configure terminal
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan-group 100
Command Description Related
Commands
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
Command Reference WLAN-VLAN Mapping Commands
encapsulation dot1Q
Use this command to configure encapsulation for a VLAN or VLAN group on the dot11 radio
sub-interface of an AP. Use the no form of this command to remove the configuration.
encapsulation dot1Q [group] {vlan-id | vlan-group-id}
no encapsulation dot1Q [group] {vlan-id | vlan-group-id}
Parameter Description
vlan -id Specifies a VLAN ID. Parameter
Description
vlan-group-id Specifies the ID of a VLAN group, which ranges from 1 to
128.
Defaults Packets of a VLAN or VLAN group are not encapsulated.
Configuration
Mode Interface mode
Usage Guide
To configure VLAN encapsulation on a dot1q sub-interface, run the encapsulation dot1Q
vlan-id command.
To configure VLAN group encapsulation on a dot1q sub-interface, run the encapsulation
dot1Q group vlan-group-id command.
Configuration
Examples
The following example shows how to configure encapsulation for VLAN group 100 on the
sub-interface Dot11radio 1/0.1 on an AP:
Ruijie# configure terminal
Ruijie(config)# interface dot11radio 1/0.1
Ruijie(config-subif)# encapsulation dot1Q group 100
Command Description Related
Commands
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
show vlan-group
Use this command to display information about a VLAN group on an AP device.
show vlan-group [group-id]
Parameter Parameter Description
Command Reference WLAN-VLAN Mapping Commands
Description group-id Specifies the ID of a VLAN group.
Defaults None
Configuration
Mode Privileged mode
Usage Guide None
Configuration
Examples
The following example shows how to display information about VLANs in the VLAN group on
an AP:
Ruijie# show vlan-group
VLAN-Group ID Default VLAN Assign-Mode VLAN-List
------------- ------------ -----------------
-----------------------------
100 10 dhcp-server-state 1-10, 21-30, 51-70
128 NA dot1x 110-130, 141-150
Command Description Related
Commands
Platform
Description This command is supported by the RGOS10.4 (1T17) or later versions.
Command Reference WLAN-WLOG Commands
WLAN-WLOG Commands
wlan diag enable
Use this command to enable the WLAN-WLOG function on ACs and APs. Use the no form of this
command to disable this function.
wlan diag enable
no wlan diag enable
Parameter
Description Parameter Description
N/A N/A
Defaults The WLAN-WLOG function is disabled on ACs and APs.
Command
mode
Global configuration mode
Usage Guide The memory pre-allocation is performed when the WLAN-WLOG function is enabled. If the memory is
insufficient, the WLAN-WLOG function cannot be enabled.
Memories of all saved information and pre-allocated memories are reclaimed when the WLAN-WLOG
function is disabled.
Configuration
Examples
The following example shows how to enable or disable the WLAN-WLOG function:
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#wlan diag enable
Ruijie(config)#no wlan diag enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and APs in WLANs.
show wlan diag sta
Use the following command to display terminal statistics on an AC:
show wlan diag sta [ sta-mac STA_MAC ] [ ip-range IP_PREFIX ] [ action ACTION [ result
RESULT ] ] [ number NUMBER ]
Command Reference WLAN-WLOG Commands
Use the following command to display terminal statistics on an AP:
show wlan diag sta [ sta-mac STA_MAC ] [ number NUMBER ]
Parameter
Description Parameter Description
STA_MAC Specifies the MAC address of an STA.
IP_PREFIX
Specifies the range of IP addresses for the STA, which is limited by
an IP prefix.
ACTION Specifies the type of STA action records.
RESULT Specifies the result of STA action records.
NUMBER Specifies the maximum number of records to be displayed.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
This example shows how to display terminal statistics on an AC:
Ruijie# show wlan diag sta
sta_record: c83a.35c6.0c72
TIME IP Address Rssi Link Rate AP MAC SSID
RADIO Action Result Reason
------------------- --------------- ------- ----------- --------------
---------------------------------- --------- -----------------------------
------ ------------------------------
09:59:28 192.168.248.2 0 0 00d0.f822.33b0 lxh-ssid
1 STA UP BY APMG SUCCESS
10:12:07 192.168.248.2 21 5500 00d0.f822.33b0 lxh-ssid
1 STA DOWN BY RSNA SUCCESS AP circular AC user is offline
This example shows how to Display terminal statistics on an AP:
Ruijie# show wlan diag sta
sta mac: c83a.35c6.0c72
==========================================================================
===============================================================
2012-05-28 19:31:08
wlan id state rssi_rt rs_rate_mcs tx_frm_cnts rx_frm_cnts tx_frm_flow
rx_frm_flow tx_cnts_error tx_flow_error mgmt_cnts mgmt_flow
-------- -------- -------- ----------- ----------- ----------- -----------
----------- ------------- ------------- --------- ---------
1 3 23 80 18 59 4384 5967
0 0 3 381
Command Reference WLAN-WLOG Commands
tx/rxmcs mcs0, mcs1 mcs2, mcs3 mcs4, mcs5 mcs6, mcs7 mcs8, mcs9
mcs10, mcs11 mcs12, mcs13 mcs14, mcs15
------------- ------------- ------------- ------------- -------------
------------- ------------- ------------- -------------
txmcspercent : 0 0 0 0 0 0 0 0
rxmcspercent : 0 0 0 0 0 0 0 0
tx/rxrate 1, 2 5.5, 11 6, 9 12, 18 24, 36 48, 54 -- --
------------- ------- ------- ------- ------- ------- ------- ------- -------
txratepercent: 16 0 0 7 50 27 0 0
rxratepercent: 57 3 0 5 13 22 0 0
Field Description
sta_record Specifies STA records.
TIME Specifies the time when STA records are collected.
IP Address Specifies the IP address of an STA whose statistics are
collected.
Rssi Specifies signal strength.
Link Rate Specifies a connection rate.
AP MAC Specifies the MAC address of an AP associated with
the STA.
SSID Specifies the SSID of the WLAN associated with the
STA.
RADIO Specifies the ID of the radio associated with the STA.
Action Specifies the type of STA action records.
Result Specifies the result of STA action records.
Reason Specifies the reason for STA action records.
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and APs in WLANs.
Command Reference WLAN Location Commands
WLAN Location Commands
wlocation enable
Use this command to enable the WLAN Location (WL) function on the specified AP. Use the no form
of this command to disable this function.
[ no ] wlocation enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to enable wireless location on the AP.
Ruijie(config-ap)# wlocation enable
This example shows how to disable wireless location on the AP.
Ruijie(config-ap)# wlocation enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlocation ae-ip x.x.x.x
Use this command to configure the IP address of the AE server connected with the specified AP.
[ no ] wlocation ae-ip x.x.x.x
Parameter
Description Parameter Description
x.x.x.x The IP address of AE
Defaults 0.0.0.0
Command Reference WLAN Location Commands
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to configure the IP address of the AE server on the specified AP.
Ruijie(config-ap)# wlocation ae-ip 1.1.1.1
This example shows how to restore the IP address of the AE to the default configuration.
Ruijie(config-ap)# no wlocation ae-ip
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlocation ae-port number
Use this command to set the port number of the AE server connected with the specified AP.
[ no ] wlocation ae-port number
Parameter
Description Parameter Description
number The port number of AE.
Defaults 12092
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to set the port number of the AE server connected with the specified AP.
Ruijie(config-ap)# wlocation ae-port 12093
This example shows how to restore the port number of the AE server connected with the specified AP
to the default configuration.
Ruijie(config-ap)# no wlocation ae-port
Related Command Description
Command Reference WLAN Location Commands
Commands
N/A N/A
Platform
Description
N/A
wlocation compound enable
Use this command to enable the function of transmitting aggregate data of wireless location. Use the
no form of this command to disable this function.
[ no ] wlocation compound enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to enable the function of transmitting aggregate data of wireless location on
the specified AP.
Ruijie(config-ap)# wlocation compound enable
This example shows how to disable the function of transmitting aggregate data of wireless location on
the specified AP.
Ruijie(config-ap)# no wlocation compound enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlocation mu enable
Use this command to enable Mobile Unit (MU) wireless location on the specified AP. Use the no form
of this command to disable this function.
Command Reference WLAN Location Commands
[ no ] wlocation mu enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to enable MU wireless location on the specified AP.
Ruijie(config-ap)# wlocation mu enable
This example shows how to disable MU wireless location on the specified AP.
Ruijie(config-ap)# no wlocation mu enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlocation tag enable
Use this command to enable tag wireless location on the specified AP. Use the no form of this
command to disable this function.
[ no ] wlocation tag enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled.
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Command Reference WLAN Location Commands
Configuration
Examples
This example shows how to enable tag wireless location on the specified AP.
Ruijie(config-ap)# wlocation tag enable
This example shows how to disable tag wireless location on the specified AP.
Ruijie(config-ap)# no wlocation tag enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wlocation send-mu-time time
Use this command to set frequency of sending MU location packets on the specified AP.
[ no ] wlocation send-mu-time time
Parameter
Description Parameter Description
time Packets sending interval within the range from 100-5000 ms
Defaults 300 ms
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to set frequency to send MU location packets on the specified AP.
Ruijie(config-ap)# wlocation send-mu-time 400
This example shows how to restore the frequency of sending MU location packets to the default
value.
Ruijie(config-ap)# no wlocation send-mu-time
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WLAN Location Commands
wlocation send-tag-time time
Use this command to set frequency to send tag location packets on the specified AP.
[ no ] wlocation send-tag-time time
Parameter
Description Parameter Description
time Packets sending interval within the range from 100-5000 ms.
Defaults 300 ms
Command
mode
AP configuration mode on the fit AP or AC
Or:
Wlocation mode on the fat AP.
Usage Guide N/A
Configuration
Examples
This example shows how to set frequency to send tag location packets on the specified AP.
Ruijie(config-ap)# wlocation send-tag-time 400
This example shows how to restore frequency of sending tag location packets to the default value.
Ruijie(config-ap)# no wlocation send-tag-time
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Wireless Security Commands
Wireless Security Commands
security rsn
The command is used to configure the authentication mode of a WLAN to RSN. This command has
no no prefix, and any configuration prefixed with no does not work at all. The command format is:
security rsn { enable | disable }
Parameter
Description Parameter Description
enable Indicates that you enable the RSN authentication mode.
disable Indicates to disable the RSN authentication mode.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The command is used to enable the RSN authentication mode. Only after the RSN authentication
mode is enabled can encryption and authentication methods be configured in the RSN mode.
Otherwise, any configuration is invalid. When you use the RSN authentication, you need to configure
an encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both
WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and
authentication methods in these two authentication modes are identical, and the newly configured
encryption and authentication methods will override the previous ones.
Configuration
Examples
The following example configures the authentication mode of WLAN1 to RSN.
Ruijie(config)#wlansec 1
Ruijie(wlansec)# security rsn enable
The followint example disables the RSN authentication mode of WLAN1.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn disable
Related
Commands Command Description
security rsn akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
RSN authentication mode.
security rsn ciphers { aes | tkip } { enable |
disable } Configures an encryption method in the RSN
authentication mode.
security rsn akm psk set-key ascci Configures a shared password for RSNs.
Command Reference Wireless Security Commands
Platform
Description
N/A
security rsn akm
The command is used to configure an authentication method for a WLAN in the RSN authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security rsn akm { psk | 802.1x } { enable | disable }
Parameter
Description Parameter Description
psk
Indicates to configure the authentication method to pre-shared key
identity verification.
802.1x
Indicates to configure the authentication method to IEEE802.1x
authentication.
enable
Indicates that you enable an authentication method in the RSN
authentication mode.
disable
Indicates to disable an authentication method in the RSN
authentication mode.
Defaults N/A
Command
mode WLAN security configuration mode.
Usage Guide The command is used to enable an authentication method in the RSN authentication mode. Only
after the RSN authentication mode is enabled can an authentication method be configured. There are
two authentication methods: PSK and 802.1x.
Configuration
Examples
The following example configures the authentication method for WLAN1 in the RSN authentication
mode to PSK.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm psk enable
The following example disables the PSK authentication for WLAN1 in the RSN authentication mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm psk disable
The following example configures the authentication method for WLAN1 in the RSN authentication
mode to 802.1x authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm 802.1x enable
The following example disables the 802.1x authentication for WLAN1 in the RSN authentication
mode.
Command Reference Wireless Security Commands
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm 802.1x disable
Related
Commands Command Description
security rsn { enable | disable } Configures the WLAN configuration mode.
security rsn ciphers { aes | tkip } { enable |
disable }
Configures an encryption method in the RSN
authentication mode.
security rsn akm psk set-key ascci Configures a shared password for RSNs.
Platform
Description
N/A
security rsn akm psk set-key ascci
The command is used to configure a shared password for RSNs of a WLAN.
security wpa akm psk set-key ascci key
Parameter
Description Parameter Description
key Indicates a shared password.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide This shared password is of use only when the PSK authentication mode is enabled.
Configuration
Examples
The following example configures the shared password for WLAN 1 RSN to 12345678.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn enable
Ruijie(wlansec)# security rsn akm psk enable
Ruijie(wlansec)# security rsn akm psk set-key ascci 12345678
Related
Commands Command Description
security rsn { enable | disable } Configures the RSN authentication mode.
security rsn ciphers { aes | tkip } { enable |
disable }
Configures an encryption method in the RSN
authentication mode.
security rsn akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
RSN authentication mode.
Command Reference Wireless Security Commands
Platform
Description
N/A
security rsn ciphers
The command is used to configure an encryption method for a WLAN in the RSN authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security rsn ciphers { aes | tkip } { enable | disable }
Parameter
Description Parameter Description
aes Indicates to configure the encryption method to AES.
tkip The parameter indicates to configure the encryption method to TKIP.
enable
Indicates that you enable an encryption method in the RSN
authentication mode.
disable
Indicates to disable an encryption method in the RSN authentication
mode.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The command is used to enable an encryption method in the RSN authentication mode. Only after
the RSN authentication mode is enabled can an encryption method be configured. There are two
encryption methods: AES and TKIP. When you use the RSN authentication, you need to configure an
encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both
WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and
authentication methods in these two authentication modes are identical, and the newly configured
encryption and authentication methods will override the previous ones.
Configuration
Examples
The following example configures the encryption method for WLAN1 in the RSN authentication mode
to AES.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers aes enable
The following example disables the AES encryption method for WLAN1 in the RSN authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes disable
The following example configures the encryption method for WLAN1 in the RSN authentication mode
to TKIP.
Command Reference Wireless Security Commands
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers tkip enable
The following example disables the TKIP encryption method for WLAN1 in the RSN authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers tkip disable
Related
Commands Command Description
security rsn { enable | disable } Configures the RSN authentication mode.
security rsn akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
RSN authentication mode.
security rsn akm psk set-key ascci Configures a shared password for RSNs.
Platform
Description
N/A
security static-wep-key authentication
The command is used to configure an authentication method for a WLAN in the static WEP mode.
This command has no no prefix, and any configuration prefixed with no does not work at all. The
command format is:
security static-wep-key authentication { open | share-key }
Parameter
Description Parameter Description
open Indicates the open system authentication mode.
share-key Indicates the shared key configuration mode.
Defaults The default setting is open.
Command
mode
WLAN security configuration mode.
Usage Guide This command must be used with the security static-wep-key encryption command. Usually, the
static WEP key must be configured before the shared key authentication method can be configured.
In any security mode other than the static WEP security mode, it is of no use to configure the link
authentication mode.
Configuration
Examples
The following example configures the authentication mode of WLAN1 to open system authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security static-wep-key authentication open
The following example configures the authentication mode of WLAN1 to shared key authentication.
Ruijie (config)#wlansec 1
Command Reference Wireless Security Commands
Ruijie(wlansec)# security static-wep-key authentication share-key
Related
Commands Command Description
security static-wep-key encryption
Configures the static WEP key, and enable the
static WEP security mode.
Platform
Description
N/A
security static-wep-key encryption
The command is used to configure the static WEP key for a WLAN and configure the security mode of
this WLAN to static WEP. The no option of the command can be used to delete the configured key,
and restore the WLAN to the OPEN mode. The command format is:
[ no ]security static-wep-key encryption key-length { ascii|hex } key-index key
Parameter
Description Parameter Description
key-length
The key length is measured by bit, which can be 40, 104, and 128
bits.
key-index Indicates a key index number, ranging from 1 to 4.
key
Indicates key data. In the ascii mode, 5-byte, 13-byte, and 16-byte
data can serve as a key depending on the key-length parameter. In
the hex mode, 10-byte, 26-byte, and 32-byte data can serve as a key
depending on the key-length parameter.
ascii Indicates that the password takes the form of ASCII code.
hex Indicates that the password is hexadecimal.
no
As a command prefix, the parameter indicates cancellation of the
configured static key.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The prerequisite of configuring security mode for a WLAN is that this WLAN has been created.
Attention should be paid to the following points:
1. This command can be used repeatedly for configuration, and the last configuration will take
effect.
2. This command configures the static WEP key as well as the static-WEP security mode.
Configuration
Examples
The following example configures the static WEP key of WLAN 1 to 12345.
Ruijie (config)#wlansec 1
Command Reference Wireless Security Commands
Ruijie(wlansec)# security static-wep-key encryption 40 ascii 1 12345
Or use the hexadecimal form, which has the same effect:
Ruijie(wlansec)# security static-wep-key encryption 40 hex 1 3132333435
Related
Commands Command Description
security static-wep-key authentication { open |
share-key }
Configures the authentication method in the
static WEP security mode to open system
authentication or shared key authentication.
Platform
Description
The client cannot support a 128-bit WEP password if you use the Windows XP operating system in
the wireless client management software. If the client software does not support a 128-bit WEP
password, as Ruijie’s devices are configured with 128-bit encryption, the consequence is either the
client software cannot be associated with the wireless network or the data channel is unavailable,
depending on the authentication mode.
security wpa
The command is used to configure the authentication mode of a WLAN to WPA. This command has
no no prefix, and any configuration prefixed with no does not work at all. The command format is:
security wpa { enable | disable }
Parameter
Description Parameter Description
enable Indicates that you enable the WPA authentication mode.
disable Indicates to disable the WPA authentication mode.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The command is used to enable the WPA authentication mode. Only after the WPA authentication
mode is enabled can encryption and authentication methods be configured in the WPA mode.
Otherwise, configuration is impossible. When you use the WPA authentication, you need to configure
an encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network.
Configuration
Examples
The following example configures the authentication mode of WLAN1 to WPA.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa enable
The following example disables the WPA authentication mode of WLAN1.
Ruijie (config)#wlansec 1
Command Reference Wireless Security Commands
Ruijie(wlansec)# security wpa disable
Related
Commands Command Description
security wpa akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
WPA authentication mode.
security wpa ciphers { aes | tkip } { enable |
disable } Configures an encryption method in the WPA
authentication mode.
security wpa akm psk set-key ascci
Configures the shared password in the WPA
authentication mode.
Platform
Description
N/A
security wpa akm
The command is used to configure an authentication method for a WLAN in the WPA authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security wpa akm { psk | 802.1x } { enable | disable }
Parameter
Description Parameter Description
psk
Indicates to configure the authentication method to pre-shared key
identity verification.
802.1x
Indicates to configure the authentication method to IEEE802.1x
authentication.
enable
Indicates that you enable an authentication method in the WPA
authentication mode.
disable
indicates to disable an authentication method in the WPA
authentication mode.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The command is used to enable an authentication method in the WPA authentication mode. Only
after the WPA authentication mode is enabled can an authentication method be configured. There are
two authentication methods: PSK and 802.1x. When you use the WPA authentication, you need to
configure an encryption method and an authentication method. If only an encryption or authentication
method is configured, or neither is configured, the wireless client cannot be associated with the
wireless network.
Command Reference Wireless Security Commands
Configuration
Examples
The following example configures the authentication method for WLAN1 in the WPA authentication
mode to pre-shared key identity authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm psk enable
The following example disables the pre-shared key identity authentication for WLAN1 in the WPA
authentication mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm psk disable
The following example configures the authentication method for WLAN1 in the WPA authentication
mode to 802.1x authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm 802.1x enable
The following example disables the 802.1x authentication for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm 802.1x disable
Related
Commands Command Description
security wpa { enable | disable } Configures the WLAN configuration mode.
security wpa ciphers { aes | tkip } { enable |
disable }
Configures an encryption method in the WPA
authentication mode.
Platform
Description
N/A
security wpa akm psk set-key ascci
The command is used to configure a WPA shared password for a WLAN.
security wpa akm psk set-key ascci key
Parameter
Description Parameter Description
key Indicates a shared password.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide This shared password is of use only when the PSK authentication mode is enabled.
Configuration
Examples
The following example configures the shared password for WLAN 1 WPA to 12345678.
Ruijie (config)#wlansec 1
Command Reference Wireless Security Commands
Ruijie(wlansec)# security wpa enable
Ruijie(wlansec)# security wpa akm psk enable
Ruijie(wlansec)# security wpa akm psk set-key ascci 12345678
Related
Commands Command Description
security wpa { enable | disable } Configures the WLAN configuration mode.
security wpa ciphers { aes | tkip } { enable |
disable }
Configures an encryption method in the WPA
authentication mode.
security wpa akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
WPA authentication mode.
Platform
Description
N/A
security wpa ciphers
The command is used to configure an encryption method for a WLAN in the WPA authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security wpa ciphers { aes | tkip } { enable | disable }
Parameter
Description Parameter Description
aes Indicates to configure the encryption method to AES.
tkip Indicates to configure the encryption method to TKIP.
enable
Indicates that you enable an encryption method in the WPA
authentication mode.
disable
Indicates to disable an encryption method in the WPA authentication
mode.
Defaults N/A
Command
mode
WLAN security configuration mode.
Usage Guide The command is used to enable an encryption method in the WPA authentication mode. Only after
the WPA authentication mode is enabled can an encryption method be configured. There are two
encryption methods: AES and TKIP. When you use the WPA authentication, you need to configure an
encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network.
Configuration The following example configures the encryption method for WLAN1 in the WPA authentication mode
Command Reference Wireless Security Commands
Examples to AES.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes enable
The following example disables the AES encryption method for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes disable
The following example configures the encryption method for WLAN1 in the WPA authentication mode
to TKIP.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers tkip enable
The following example disables the TKIP encryption method for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers tkip disable
Related
Commands Command Description
security wpa { enable | disable } Configures the WLAN configuration mode.
security wpa akm { psk | 802.1x } { enable |
disable }
Configures an authentication method in the
WPA authentication mode.
security wpa akm psk set-key ascci
Configures a shared password in the WPA
authentication mode.
Platform
Description
N/A
webauth prevent-jitter
Use this command to set the timeout for jitter prevention during Web authentication of a particular
WLAN. Use the no or default form of this command to restore the default setting.
webauth prevent-jitter timeout
Parameter
Description Parameter Description
timeout
Sets the timeout for jitter prevention during Web
authentication. The range is from 0 to 86400 seconds.
no/default Restores the default value of 300 seconds.
Defaults N/A
Command
mode
WLAN security configuration mode.
Command Reference Wireless Security Commands
Usage Guide N/A
Configuration
Examples
The following example sets the timeout for jitter prevention during Web authentication of WLAN 1 to
900 seconds.
Step 1: Enter WLAN security configuration mode:
(config)#wlansec 1
Step 2: Use the webauth prevent-jitter command to configure the timeout:
webauth prevent-jitter 900
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show wlan security
The command is used to display security configuration of a WLAN.
show wlan security wlan-id
Parameter
Description Parameter Description
wlan-id Indicates the ID of the WLAN to be checked, ranging from 1 to 512.
Defaults N/A
Command
mode
Privileged mode
Usage Guide N/A
Configuration
Examples
The following example displays the security configuration of WLAN1.
Ruijie# show wlan security 1
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Wireless Security Commands
show wclient security
The command is used to display security configuration of a wireless client. It takes the form as
follows:
Show wclient security mac-address
Parameter
Description Parameter Description
mac-address
Indicates the MAC address of the wireless client to be shown, in the
format of H.H.H.
Defaults N/A
Command
mode
Privileged mode.
Usage Guide N/A
Configuration
Examples
The following example displays the security configuration of wireless client 1 with a MAC address of
0023.cdad.d3d5.
Ruijie# show wclient security 0023.cdad.d3d5
Security policy finished :TRUE
Security policy type :WPA-802.1X
Security cipher mode :CCMP
Security EAP type :NONE
Security NAC status :CLOSE
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WIDS Commands
WIDS Commands
attack-detection enable
Use this command to enable the IDS attack detection function. Use the no form of this command to
disable the IDS attack detection function.
attack-detection enable { all | flood | weak-iv | spoof }
no attack-detection enable { all | flood | weak-iv | spoof }
Parameter
Description Parameter Description
all The parameter indicates that you enable all types of IDS attack
detection function.
flood The parameter indicates that you enable the Flooding IDS attack
detection function.
weak-iv The parameter indicates that you enable the Weak-IV IDS attack
detection function.
spoof The parameter indicates that you enable the Spoofing IDS attack
detection function.
no The parameter indicates that you disable the IDS attack detection
function.
Defaults The default is no.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Enable the Weak-IV IDS attack detection function.
Ruijie(config)# wids
Ruijie(config-wids)# attack-detection enable weak-iv
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WIDS Commands
countermeasures ap-max
Use this command to configure the maximum number of APs for the countermeasures.
Use the no form of this command to restore the default setting.
countermeasures ap-max number
no countermeasures ap-max
Parameter
Description Parameter Description
number Specifies the maximum number of APs for the countermeasures.
Value range: 1 to 256
no Restores the maximum number of APs for the countermeasures to
30.
Defaults The maximum number of APs for the countermeasures is 30 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of APs for the countermeasures to 100.
Ruijie(config)# wids
Ruijie(config-wids)# countermeasures ap-max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
countermeasures enable
Use this command to enable the device countermeasures. Use the no form of this command to
disable the device countermeasures.
countermeasures enable
no countermeasure enable
Parameter
Description Parameter Description
no The parameter indicates that you disable the device
countermeasures.
Command Reference WIDS Commands
Defaults This function is disabled by default.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Enable the device countermeasures.
Ruijie(config)# wids
Ruijie(config-wids)# countermeasure enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and fat APs.
countermeasures mode
Use this command to configure the device countermeasures mode. Use the no form of this command
to restore the default countermeasures mode.
countermeasures mode { SSID | rogue | adhoc | config }
no countermeasure mode
Parameter
Description Parameter Description
SSID The parameter indicates the SSIDs that are detected by the
countermeasures and are not on the same AC.
rogue The parameter indicates that only detected rogue devices are
subjected to the countermeasures.
adhoc The parameter indicates that only detected adhoc devices are
subjected to the countermeasures.
config The parameter indicates that only the devices configured in the static
attack list are subjected to the countermeasures.
no The parameter indicates that the current countermeasures mode is
cancelled.
Defaults N/A
Command
mode
WIDS configuration mode.
Command Reference WIDS Commands
Usage Guide N/A
Configuration
Examples
#Set the device countermeasure mode to rogue.
Ruijie(config)# wids
Ruijie(config-wids)# countermeasure mode rogue
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and fat APs.
countermeasures rssi-min
Use this command to configure the lower limit of the signal for the countermeasures.
Use the no form of this command to restore the default setting.
countermeasures rssi-min number
no countermeasures rssi-min
Parameter
Description Parameter Description
number Specifies the lower limit of the signal strength for the
countermeasures.
Value range: 0 to 75
no Restores the lower limit of the signal strength for the
countermeasures to 25.
Defaults The lower limit of the signal strength for the countermeasures is 25 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the lower limit of the signal strength for the countermeasures to 0.
Ruijie(config)# wids
Ruijie(config-wids)# countermeasures rssi-min 0
Related
Commands Command Description
N/A N/A
Platform N/A
Command Reference WIDS Commands
Description
device aging duration
Use this command to configure device aging duration. Use the no form of this command to restore
the default aging duration.
device aging duration seconds
no device aging duration
Parameter
Description Parameter Description
seconds The parameter indicates device aging duration, ranging from 500 to
5000 seconds.
no The parameter indicates that you restore the aging duration to the
default.
Defaults The default aging duration is 1200 seconds.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Set the device aging duration to 1200s.
Ruijie(config)# wids
Ruijie(config-wids)# device aging duration 1200
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device attack mac-address
Use this command to configure a static attack list for device countermeasures. Use the no form of this
command to delete a configured static attack address entry.
device attack mac-address H.H.H
no device attack mac-address H.H.H
Parameter
Description Parameter Description
Command Reference WIDS Commands
H.H.H The parameter indicates that the device with this source MAC
address is subjected to the countermeasures.
no The parameter indicates that you delete a static attack address.
Defaults No setting by default.
Command
mode
WIDS configuration mode.
Usage Guide This configuration is one of the policies for detecting Rogue devices.
Configuration
Examples
#Set the device with the static attack source MAC address of 0000.0000.0001.
Ruijie(config)# wids
Ruijie(config-wids)# device attack mac-address 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description This command is supported on ACs and fat APs.
device attack max
Use this command to configure the maximum number of attack MAC address list members.
Use the no form of this command to restore the default setting.
device attack max number
no device attack max
Parameter
Description Parameter Description
number Specifies the maximum number of attack MAC address list members.
Value range: 1 to 256
no Restores the maximum number of attack MAC address list members
to 128.
Defaults The maximum number of attack MAC address list members is 128 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration The following example sets the maximum number of attack MAC address list members to 100.
Command Reference WIDS Commands
Examples Ruijie(config)# wids
Ruijie(config-wids)# device attack max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device mode
Use this command to configure the working mode of the AP. Use the no form of this command to
restore the default working mode.
device mode { monitor | normal | hybrid }
no device mode
Parameter
Description Parameter Description
monitor The parameter indicates AP works in the monitor mode.
normal The parameter indicates AP works in the normal mode.
hybrid The parameter indicates AP works in the hybrid mode.
no The parameter indicates that you restore the working mode of AP to
the default.
Defaults The AP works in normal mode by default..
Command
mode
WIDS configuration mode on an AP; AP configuration mode on an AC.
Usage Guide N/A
Configuration
Examples
#Set the working mode of the AP to monitor.
Ruijie(config)# wids
Ruijie(config-wids)# device mode monitor
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WIDS Commands
device permit mac-address
Use this command to configure a permissible MAC address list. Use the no form of this command to
delete a configured static attack entry.
device permit mac-address H.H.H
no device permit mac-address H.H.H
Parameter
Description Parameter Description
H.H.H The parameter indicates that the device with this source MAC
address is legal.
no The parameter indicates to delete a permissible MAC address.
Defaults There is no permissible MAC entry by default.
Command
mode
WIDS configuration mode.
Usage Guide This configuration is one of the policies for detecting Rogue devices.
Configuration
Examples
#Set the device with the permissible source MAC address of 0000.0000.0001.
Ruijie(config)# wids
Ruijie(config-wids)# device permit mac-address 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device permit mac-address max
Use this command to configure the maximum number of permissible MAC address list members.
Use the no form of this command to restore the default setting.
device permit mac-address max number
no device permit mac-address max
Parameter
Description Parameter Description
number Specifies the maximum number of permissible MAC address list
members.
Value range: 1 to 1280
Command Reference WIDS Commands
no Restores the maximum number of permissible MAC address list
members to 1024.
Defaults The maximum number of permissible MAC address list members is 1024 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of permissible MAC address list members to 100.
Ruijie(config)# wids
Ruijie(config-wids)# device permit mac-address max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device permit max-ssid
Use this command to configure the maximum number of permissible SSID list members.
Use the no form of this command to restore the default setting.
device permit max-ssid number
no device permit max-ssid
Parameter
Description Parameter Description
number Specifies the maximum number of permissible SSID list members.
Value range: 1 to 1024
no Restores the maximum number of permissible SSID list members to
512.
Defaults The maximum number of permissible SSID list members is 512 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of permissible SSID list members to 100.
Ruijie(config)# wids
Command Reference WIDS Commands
Ruijie(config-wids)# device permit max-ssid 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device permit ssid
Use this command to configure a permissible SSID list. Use the no form of this command to delete a
configured permissible SSID entry.
device permit ssid ssid
no device permit ssid ssid
Parameter
Description Parameter Description
ssid The parameter indicates this is the permissible SSID.
no The parameter indicates that you delete a permissible SSID.
Defaults There is no permissible SSID entry by default.
Command
mode
WIDS configuration mode.
Usage Guide This configuration is one of the policies for detecting Rogue devices.
Configuration
Examples
#Set the SSID of my-wlan as the permissible SSID.
Ruijie(config)# wids
Ruijie(config-wids)# device permit ssid my-wlan
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device permit vendor bssid
Use this command to configure a permissible vendor list. Use the no form of this command to delete a
configured permissible vendor entry.
Command Reference WIDS Commands
device permit vendor bssid H.H.H
no device permit vendor bssid H.H.H
Parameter
Description Parameter Description
H.H.H The parameter indicates this vendor’s address is a permissible
address.
no The parameter indicates that you delete a permissible vendor entry.
Defaults There is no permissible vendor entry by default.
Command
mode
WIDS configuration mode.
Usage Guide The vendor number is used to configure the first three bytes of a MAC address. Do not configure
multiple MAC addresses with the same vendor number. This configuration is one of the policies for
detecting Rogue devices.
Configuration
Examples
#Set the MAC address 0011.2200.0001 as a permissible vendor address.
Ruijie(config)# wids
Ruijie(config-wids)# device permit vendor bssid 0011.2200.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device permit vendor bssid max
Use this command to configure the maximum number of permissible vendor list members.
Use the no form of this command to restore the default setting.
device permit vendor bssid max number
no device permit vendor bssid max
Parameter
Description Parameter Description
number Specifies the maximum number of permissible vendor list members.
Value range: 1 to 1024
no Restores the maximum number of permissible vendor list members to
512.
Defaults The maximum number of permissible vendor list members is 512 by default.
Command Reference WIDS Commands
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of permissible vendor list members to 100.
Ruijie(config)# wids
Ruijie(config-wids)# device permit vendor bssid max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
device statistics max
Use this command to configure the maximum number of statistic list members.
Use the no form of this command to restore the default setting.
device statistics max number
no device statistics max
Parameter
Description Parameter Description
number Specifies the maximum number of statistic list members.
Value range: 1 to 1024
no Restores the maximum number of statistic list members to 512.
Defaults The maximum number of statistic list members is 1024 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of statistic list members to 100.
Ruijie(config)# wids
Ruijie(config-wids)# device statistics max 100
Related
Commands Command Description
N/A N/A
Command Reference WIDS Commands
Platform
Description
N/A
dynamic-blacklist enable
Use this command to enable the dynamic blacklist. Use the no form of this command to disable the
dynamic blacklist.
dynamic-blacklist enable
no dynamic-blacklist enable
Parameter
Description Parameter Description
no The parameter indicates that you disable the dynamic blacklist.
Defaults Dynamic blacklist is disabled by de fault.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Enable the dynamic blacklist.
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
dynamic-blacklist lifetime
Use this command to configure the dynamic blacklist entry lifetime. Use the no form of this command
to restore the default dynamic blacklist entry lifetime.
dynamic-blacklist lifetime seconds
no dynamic-blacklist lifetime
Parameter
Description Parameter Description
seconds The parameter indicates the dynamic blacklist entry lifetime, ranging
Command Reference WIDS Commands
from 60 to 5000 seconds.
no The parameter indicates that you restore the dynamic blacklist entry
lifetime to the default.
Defaults The default is 300s.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Set the dynamic blacklist entry lifetime to 600s.
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist lifetime 600
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
dynamic-blacklist max
Use this command to configure the maximum number of MAC addresses in the dynamic blacklist.
Use the no form of this command to restore the default setting.
dynamic-blacklist max number
no dynamic-blacklist max
Parameter
Description Parameter Description
number Specifies the maximum number of MAC addresses in the dynamic
blacklist.
Value range: 1 to 1024
no Restores the maximum number of MAC addresses in the dynamic
blacklist to 512.
Defaults The maximum number of MAC addresses in the dynamic blacklist is 1024 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Command Reference WIDS Commands
Configuration
Examples
#Set the maximum number of MAC addresses in the dynamic blacklist to 100.
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
flood-detect { auth | deauth | assoc | disassoc } total number number
time time
Use this command to configure attack detection in which an attack is considered to have occurred if
the threshold for determining an attack using frames of the specified type is reached in the specified
detection duration for different MAC addresses.
flood-detect { auth | deauth | assoc | disassoc } total number number time time
Parameter
Description Parameter Description
auth Threshold for determining an authentication frame attack during
attack detection for different MAC addresses
Default value: 500
deauth Threshold for determining a de-authentication frame attack during
attack detection for different MAC addresses
Default value: 500
assoc Threshold for determining an association frame attack during attack
detection for different MAC addresses
Default value: 500
disassoc Threshold for determining a de-association frame attack during attack
detection for different MAC addresses
Default value: 500
time Duration of attack detection
Default value: 10 seconds
Defaults Attack detection is disabled by default.
Command
mode
Ap-config mode for fit APs and WIDS configuration mode for fat APs
Usage Guide Use this command on ACs and fat APs.
Command Reference WIDS Commands
Configuration
Examples
#Configure attack detection in which the threshold for determining an authentication packet attack
within 10 seconds for different MAC addresses is 200.
Ruijie-AC(config)# ap-config ap-name
Ruijie-AC(config-ap)# flood-detect auth total number 200 time 10
Ruijie-AP(config)# wids
Ruijie-AP(config-wids ) flood-detect auth total number 200 time 10
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and fat APs.
kickout threshold
Use this command to kick out the low-rate STA.
kickout threshold rate
Parameter
Description Parameter Description
rate Packet sending-receiving rate with the unit of M/Second.
Defaults The low-rate STA is not filtered by default,
Command
mode
WIDS configuration mode.
Usage Guide This command is used to filter the low-rate STA. When the wireless access end detects that the
sending-receiving rate of STA is less than the configured threshold, it disconnects the association.
Configuration
Examples
#Filter the STA with sending-receiving rate less than 30M/S
Ruijie(config)# wids
Ruijie(config-ac)# kickout threshold 30
Related
Commands Command Description
wids Enters WIDS configuration mode.
Platform
Description
N/A
Command Reference WIDS Commands
reset attack-list all
Use this command to clear the entries of all attack lists.
reset attack-list all
Parameter
Description Parameter Description
all Specifies that the entries of all attack lists are cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all attack lists.
Ruijie(config)# wids
Ruijie(config-wids)# reset attack-list all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset detected
Use this command to reset the device list detected in a WLAN.
reset detected { all | rogue { ap | client } | mac-address H.H.H }
Parameter
Description Parameter Description
all The parameter indicates that you reset all devices detected in a
WLAN.
rogue ap The parameter indicates that you reset the detected Rogue AP.
rogue client The parameter indicates that you reset the detected Rogue Client.
mac-address H.H.H The parameter indicates that you reset the device with the source
MAC address H.H.H.
Defaults N/A
Command Reference WIDS Commands
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Reset the Rogue AP detected in a WLAN.
Ruijie(config)# wids
Ruijie(config-wids)# reset detected rogue ap
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset dynamic-blacklist
Use this command to reset dynamic blacklist entries.
reset dynamic-blacklist { all | mac-address H.H.H }
Parameter
Description Parameter Description
all The parameter indicates that you reset all dynamic blacklist entries.
mac-address H.H.H The parameter indicates that you reset the dynamic blacklist entry
with the source MAC address H.H.H.
Defaults N/A
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Reset the dynamic blacklist entry with the source MAC address 0000.0000.0001.
Ruijie(config)# wids
Ruijie(config-wids)# reset dynamic-blacklist mac-address 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WIDS Commands
reset permit-mac all
Use this command to clear the entries of all permissible MAC address lists.
reset permit-mac all
Parameter
Description Parameter Description
all Specifies that the entries of all permissible MAC address lists are
cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all permissible MAC address lists.
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-mac all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset permit-ssid all
Use this command to clear the entries of all permissible SSID lists.
reset permit-ssid all
Parameter
Description Parameter Description
all Specifies that the entries of all permissible SSID lists are cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Command Reference WIDS Commands
Configuration
Examples
#Clear the entries of all permissible SSID lists.
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-ssid all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset permit-vendor all
Use this command to clear the entries of all permissible vendor lists.
reset permit-vendor all
Parameter
Description Parameter Description
all Specifies that the entries of all permissible vendor lists are cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all permissible vendor lists.
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-vendor all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset static-blacklist all
Use this command to clear the entries of all static blacklists.
reset static-blacklist all
Command Reference WIDS Commands
Parameter
Description Parameter Description
all Specifies that the entries of all static blacklists are cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all static blacklists.
Ruijie(config)# wids
Ruijie(config-wids)# reset static-blacklist all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset statistics
Use this command to reset the IDS attack detection statistics in a WLAN.
reset statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Reset the attack statistics detected in a WLAN.
Ruijie(config)# wids
Ruijie(config-wids)# reset statistics
Related Command Description
Command Reference WIDS Commands
Commands
N/A N/A
Platform
Description
N/A
reset user-isolation-permit-list all
Use this command to clear the entries of all permissible lists for user isolation.
reset user-isolation-permit-list all
Parameter
Description Parameter Description
all Specifies that the entries of all permissible lists for user isolation are
cleared.
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all permissible lists for user isolation.
Ruijie(config)# wids
Ruijie(config-wids)# reset user-isolation-permit-list all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
reset whitelist all
Use this command to clear the entries of all whitelists.
reset whitelist all
Parameter
Description Parameter Description
all Specifies that the entries of all whitelists are cleared.
Command Reference WIDS Commands
Defaults N/A
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Clear the entries of all whitelists.
Ruijie(config)# wids
Ruijie(config-wids)# reset whitelist all
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
sigmac { auth | deauth | assoc | diassoc } number number time time
Use this command to configure attack detection in which an attack is considered to have occurred if
the threshold for determining an attack using frames of the specified type is reached in the specified
detection duration for the same MAC address.
sigmac { uth | deauth | assoc | disassoc } number number time time
Parameter
Description Parameter Description
auth Threshold for determining an authentication frame attack during
attack detection for the same MAC address
Default value: 300
deauth Threshold for determining a de-authentication frame attack during
attack detection for the same MAC address
Default value: 300
assoc Threshold for determining an association frame attack during attack
detection for the same MAC address
Default value: 300
disassoc Threshold for determining a de-association frame attack during attack
detection for the same MAC address
Default value: 300
time Duration of attack detection
Default value: 10 seconds
Defaults Attack detection disabled by default.
Command Reference WIDS Commands
Command
mode
Ap-config mode for fit APs and WIDS configuration mode for fat APs
Usage Guide Use this command on ACs and fat APs.
Configuration
Examples
#Configure attack detection in which the threshold for determining an authentication packet attack
within 10 seconds for the same MAC addresses is 200.
Ruijie-AC(config)# ap-config ap-name
Ruijie-AC(config-ap)# sigmac {auth | deauth | assoc | disassoc} number 200
time 10
Ruijie-AP(config)# wids
Ruijie-AP(config-wids) sigmac {auth | deauth | assoc | disassoc} number 200
time 10
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
static-blacklist mac-address
Use this command to configure the static blacklist. Use the no form of this command to delete the
static blacklist
static-blacklist mac-address H.H.H
no static-blacklist mac-address H.H.H
Parameter
Description Parameter Description
H.H.H The parameter indicates that you set the device with the source MAC
address H.H.H as a static blacklist entry.
no The parameter indicates that you delete the static blacklist.
Defaults No setting by default..
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Configure the device with the source MAC address 0000.0000.0001 to the static blacklist.
Ruijie(config)# wids
Command Reference WIDS Commands
Ruijie(config-wids)# static-blacklist mac-address 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
static-blacklist max
Use this command to configure the maximum number of static blacklists.
Use the no form of this command to restore the default setting.
static-blacklist max number
no static-blacklist max
Parameter
Description Parameter Description
number Specifies the maximum number of static blacklists.
Value range: 1 to 1024
no Restores the maximum number of static blacklists to 512.
Defaults The maximum number of static blacklists is 512 by default.
Command
mode
WIDS configuration mode
Usage Guide N/A
Configuration
Examples
#Set the maximum number of static blacklists to 100.
Ruijie(config)# wids
Ruijie(config-wids)# static-blacklist max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
whitelist mac-address
Use this command to configure the whitelist. Use the no form of this command to delete the whitelist
Command Reference WIDS Commands
whitelist mac-address H.H.H
no whitelist mac-address H.H.H
Parameter
Description Parameter Description
H.H.H The parameter indicates that you set the device with the source MAC
address H.H.H as a whitelist entry.
no The parameter indicates that you delete the whitelist.
Defaults The default is null.
Command
mode
WIDS configuration mode.
Usage Guide N/A
Configuration
Examples
#Configure the device with the source MAC address 0000.0000.0001 to the whitelist.
Ruijie(config)# wids
Ruijie(config-wids)# whitelist mac-address 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
whitelist max
Use this command to configure the maximum number of whitelists.
Use the no form of this command to restore the default setting.
whitelist max number
no whitelist max
Parameter
Description Parameter Description
number Specifies the maximum number of whitelists.
Value range: 1 to 1024
no Restores the maximum number of whitelists to 512.
Defaults The maximum number of whitelists is 512 by default.
Command
mode
WIDS configuration mode
Command Reference WIDS Commands
Usage Guide N/A
Configuration
Examples
#Set the maximum number of whitelists to 100.
Ruijie(config)# wids
Ruijie(config-wids)# whitelist max 100
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
wids
Use this command to enter WIDS configuration mode.
wids
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Global configuration mode.
Usage Guide N/A
Configuration
Examples
#Enter WIDS configuration mode.
Ruijie(config)# wids
Ruijie(config-wids)#
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WIDS Commands
show wids attack-list
Use this command to show the WIDS attack list.
show wids attack-list
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
#Show the WIDS attack list.
Ruijie# show wids attack-list
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show wids blacklist
Use this command to show the static or dynamic blacklist.
show wids blacklist { static | dynamic }
Parameter
Description Parameter Description
static Shows the static blacklist.
dynamic Shows the dynamic blacklist.
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide N/A
Command Reference WIDS Commands
Configuration
Examples
#Show the dynamic blacklist.
Ruijie# show wids blacklist dynamic
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show wids detected
Use this command to show the devices detected in a WLAN.
show wids detected { adhoc | all | friendly ap | interfering ap | rogue { adhoc-ap | ap | client |
config-ap | ssid-ap } | mac-address H.H.H }
Parameter
Description Parameter Description
adhoc Shows the detected ad-hoc network.
all Shows all devices detected in a WLAN.
friendly ap Shows the detected friendly AP.
interfering ap Shows the detected interference AP.
rogue adhoc-ap Shows the detected Rogue ad-hoc AP.
rogue ap Shows the detected Rogue AP.
rogue client Shows the detected Rogue Client.
rogue config-ap Shows the detected Rogue config AP.
rogue ssid -ap Shows the detected Rogue SSID AP.
mac-address H.H.H Shows the detected device with the source MAC address H.H.H.
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
#Show the Rogue AP detected in a WLAN.
Ruijie# show wids detected rogue ap
Related
Commands Command Description
N/A N/A
Command Reference WIDS Commands
Platform
Description
N/A
show wids permitted
Use this command to show the MAC address, SSID, and vendor lists trusted in a WLAN.
show wids permitted { mac-address | ssid | vendor }
Parameter
Description Parameter Description
mac-address Shows the trusted MAC address list.
ssid Shows the trusted SSID list.
vendor Shows the trusted vendor list.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Show the SSID list trusted in WLAN.
Ruijie# show wids permitted ssid
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show wids statistics
Use this command to show the detected attack statistics.
show wids statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command Privileged EXEC mode.
Command Reference WIDS Commands
mode
Usage Guide N/A
Configuration
Examples
#Show the detected attack statistics.
Ruijie# show wids statistics
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and fat APs.
show wids user-isolation permit-mac
Use this command to show the information of the permissible MAC address list for user isolation.
show wids user-isolation permit-mac
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Show the information of the permissible MAC address list for user isolation.
Ruijie# show wids user-isolation permit-mac
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show wids whitelist
Use this command to show the whitelist.
Command Reference WIDS Commands
show wids whitelist
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
#Show the whitelist.
Ruijie# show wids whitelist
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference WDS Commands
WDS Commands
data-plane wireless-broadcast
Use this command to configure broadcast packets to be forwarded from wired ports to wireless ports.
data-plane wireless-broadcast { enable | disable }
Parameter
Description Parameter Description
N/A N/A
Defaults This command is not configured by default.
Command
Mode
Global configuration mode
Usage Guide Use this command when broadcast packets need to be forwarded from wired ports to wireless ports
in Wireless Distribution Systems (WDSs).
Configuration
Examples
#Configure to forward packets from wired ports to wireless ports.
Ruijie(config)# data-plane wireless-broadcast enable
Related
Commands Command Description
station-role { access-point | non-root-bridge |
root-bridge } Configures AP working modes.
Platform
Description
N/A
parent mac-address
Use this command to set the MAC address of the parent node.
parent mac-addrss HHHH.HHHH.HHHH
Parameter
Description Parameter Description
HHHH.HHHH.HHHH MAC address of the parent node to be configured.
Defaults N/A
Command Interface configuration mode
Command Reference WDS Commands
Mode
Usage Guide Use this command to configure the MAC address of the parent node when AP is in the
non-root-bridge mode.
Configuration
Examples
#Set the MAC address of the parent node as HHHH.HHHH.HHHH
Ruijie(config-if-Dot11radio 1/0)# parent mac-address HHHH.HHHH.HHHH
Related
Commands Command Description
station-role { access-point | non-root-bridge |
root-bridge | repeater workgroup-bridge } Configures the AP working mode.
Platform
Description
N/A
station-role
Use this command to set the AP working mode.
station-role { access-point | non-root-bridge | root-bridge }
Parameter
Description Parameter Description
access-point Sets the AP working mode as root access point.
repeater Sets the AP working mode as repeater.
non-root-bridge Sets the AP working mode as non-boot bridge.
root-bridge Sets the AP working mode as root bridge.
workgroup-bridge Sets the AP working mode as workgroup bridge.
Defaults The default working mode is access-point.
Command
Mode
Interface configuration mode
Usage Guide N/A
Configuration
Examples
#Set the AP working mode as root-bridge.
Ruijie(config-if-Dot11radio 1/0)# station-role root-bridge
Related
Commands Command Description
parent mac-address HHHH.HHHH.HHHH
Configures the MAC address of the parent
node.
Command Reference WDS Commands
Platform
Description
N/A
Command Reference Anti-ARP Spoofing Commands
Anti-ARP Spoofing Commands
anti-arp-spoofing ip
Use this command to enable anti-ARP spoofing. Use the no form of this command to disable this
function.
anti-arp-spoofing ip ip-address
no anti-arp-spoofing ip ip-address
Parameter
Description Parameter Description
ip-address IP address of the gateway.
Defaults Anti-ARP spoofing is disabled by default.
Command
Mode
Interface configuration mode.
The interface can be a wired interface or a wireless wlansec interface.
Usage Guide You can use the show anti-arp-spoofing command to display the configuration.
Up to 16 IP addresses can be configured with this command in an interface.
Configuration
Examples
The following example enables anti-ARP spoofing in a wired interface.
Ruijie(config)#interface fastEthernet 0/1
Ruijie(config-if)#anti-arp-spoofing ip 192.168.1.1
The following example enables anti-ARP spoofing in a wireless wlansec interface.
Ruijie(config)#wlansec 1
Ruijie(config-wlansec)#anti-arp-spoofing ip 192.168.1.2
Related
Commands Command Description
show anti-arp-spoofing
Displays the configuration of anti-ARP spoofing
on all interfaces.
Platform
Description
N/A
show anti-arp-spoofing
Use this command to display the configuration of anti-ARP spoofing on all interfaces.
Command Reference Anti-ARP Spoofing Commands
show anti-arp-spoofing
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show anti-arp-spoofing
Anti-arp-spoofing
port ip
------- -------
GigabitEthernet 0/1 192.168.1.1
Wlan 1 192.168.1.2
Related
Commands Command Description
anti-arp-spoofing ip Enables anti-ARP spoofing.
Platform
Description
N/A
Command Reference Link Checking Commands
Link Checking Commands
link-check
Use this command to enable link checking. Use the no form of this command to disable link checking.
link-check { enable | disable }
no link-check { enable | disable }
Parameter
Description Parameter Description
no Disables link checking.
Defaults Link checking is disabled by default.
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
The following example enables link checking.
Ruijie(config)# link-check enable
The following example disables link checking.
Ruijie(config)# link-check disable
or
Ruijie(config)# no link-check enable
Related
Commands Command Description
show running-config Checks whether link checking is enabled.
Platform
Description
This command is supported only on wireless AC and fat AP series.
schedule session
Use this command to configure a scheduling session. Use the no form of this command to delete the
configuration.
schedule session num
no schedule session num
Parameter Parameter Description
Command Reference Link Checking Commands
Description
num
Specifies the ID of the scheduling session to be created or to be
applied to a WLAN. The range is from 1 to 64.
no
Deletes the scheduling session or
cancels the ID (in the range from 1 to 64) of the scheduling session
applied to a WLAN.
Defaults No scheduling session is configured by default.
No scheduling session is applied to a WLAN by default.
Command
mode
Global configuration mode
or WLAN configuration mode on fit AP networking topology
Usage Guide In global configuration mode, you can use this command to create a scheduling session and
configure parameters for it. If the scheduling session has been created, the configuration is invalid.
On fit AP networking topology, the scheduling session created in WLAN configuration mode will be
applied to a WLAN.
Configuration
Examples
The following example creates or configures scheduling session 1.
Ruijie(config)# schedule session 1
The following example deletes scheduling session 1.
Ruijie(config)#no schedule session 1
The following example applies scheduling session 1 to WLAN 1 on fit AP networking topology.
Ruijie(config)# wlan-config 1
Ruijie(config-wlan)# schedule session 1
The following example deletes scheduling session 1 from WLAN 1 on fit AP networking topology.
Ruijie(config)# wlan-config 1
Ruijie(config-wlan)# no schedule session 1
Related
Commands Command Description
show schedule session
Checks configuration information about the
scheduling session.
show running-config Checks current configuration information.
Platform
Description
This command is supported only on wireless AC and fat AP series.
schedule session period/time
Use this command to set a scheduling period for a scheduling session. Use the no form of this
command to delete the configuration.
schedule session num time-range time-range period day1 [to day2] time hh1:mm1 [to
hh2:mm2]
Command Reference Link Checking Commands
no schedule session num time-range time-range period day1 [to day2] time hh1:mm1 [to
hh2:mm2]
Parameter
Description Parameter Description
num
Specifies the ID of the scheduling session for which a scheduling
period is set. The range is from 1 to 64.
time-range Time range ID. The range is from 1 to 4.
day1
Specifies the starting day of the period.
The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday, or Saturday.
day2
Specifies the end day of the period.
The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday, or Saturday.
hh1:mm1
Specifies the start time for scheduling. The range is from 00:00 to
24:00.
hh2:mm2
Specifies the end time for scheduling. The range is from 00:00 to
24:00.
no Deletes the scheduling period.
Defaults No scheduling period is set for a scheduling session by default.
Command
mode
Global configuration mode
Usage Guide You can run this command for many times. The configuration at the last time overwrites that at the
previous time.
Configuration
Examples
The following example creates scheduling session 1 and sets the scheduling period.
Ruijie(config)# schedule session 1
Ruijie(config)# schedule session 1 time-range 1 period mon to fri time 00:00
to 10:00
Ruijie(config)# schedule session 1 time-range 2 period sat to sun time 10:00
to 12:00
Related
Commands Command Description
show schedule session
Checks configuration information about the
scheduling session.
Platform
Description
This command is supported only on wireless AC and fat AP series.
Command Reference Link Checking Commands
schedule session radio
Use this command to apply a scheduling session to the radio on an AP or AP group. Use the no form
of this command to delete the configuration.
schedule session num radio mem
no schedule session num radio mem
Parameter
Description Parameter Description
num
Specifies the ID of the scheduling session to be applied. The range is
from 1 to 64.
mem
Specifies the ID of the radio to which the scheduling session is
applied.
The range is from 1 to the number of radios on an AP or AP group.
no Cancels the application of the scheduling session.
Defaults No scheduling session is applied to an AP or AP group by default.
No scheduling session is applied to a fat AP by default.
Command
mode
AP or AP group configuration mode on fit AP networking topology or
or global configuration mode on fat AP networking topology
Usage Guide Apply a scheduling session to the radio on an AP or AP group. The scheduling session must have
been created and the radio marked by the radio ID exists on the AP or AP group. Otherwise, the
configuration fails.
Configuration
Examples
The following example applies scheduling session 1 to radio 2 of single AP on fit AP networking
topology.
Ruijie(config)#ap-config AP-001 AP-001 specifies the AP to which the
scheduling session is applied.
You are going to config AP(AP-001), which is on line now.
Ruijie(config-ap)# schedule session 1 radio 2
The following example applies scheduling session 1 to radio 2 of a specific AP group on fit AP
networking topology.
Ruijie(config)#ap-group APG-001 AP-001 specifies the AP group to which the
scheduling session is applied.
Ruijie(config-ap-group)# schedule session 1 radio 2
The following example applies scheduling session 1 to radio 2 on fat AP networking topology.
Ruijie(config)# schedule session 1 radio 2
Related
Commands Command Description
show schedule session
Checks configuration information about the
scheduling session.
Command Reference Link Checking Commands
show running-config Checks current configuration information.
Platform
Description
This command is supported only on wireless AC and fat AP series.
schedule session wlan
Use this command to apply a scheduling session to a WLAN on fat AP networking topology. Use the
no form of this command to delete the configuration.
schedule session num wlan wid
no schedule session num wlan wid
Parameter
Description Parameter Description
num
Specifies the ID of the scheduling session to be applied. The range is
from 1 to 64.
wid
Specifies the ID of the WLAN to which the scheduling session is
applied.
The range is from 1 to 4094.
no Deletes the scheduling time of the specific scheduling session.
Defaults No scheduling session is configured by default.
Command
mode
Global configuration mode on fat AP networking topology
Usage Guide Use this command to apply a scheduling session to a WLAN. The scheduling session and WLAN
must have been created. Otherwise, the configuration fails.
Configuration
Examples
The following example applies scheduling session 1 to WLAN 2 on fat AP networking topology.
Ruijie(config)# schedule session 1 wlan 2
Related
Commands Command Description
show schedule session
Checks configuration information about the
scheduling session.
show running-config Checks current configuration information.
Platform
Description
This command is supported only on wireless fat AP series.
Command Reference Link Checking Commands
show schedule session
Use this command to display configuration about scheduling sessions.
show schedule session [ num ]
Parameter
Description Parameter Description
num Specifies a scheduling session ID in the range from 1 to 64.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide If no scheduling session ID is specified, configuration about all scheduling sessions will be displayed.
Configuration
Examples
The following example displays configuration about scheduling session 1.
Ruijie(config)#show schedule session 1
Schedule session [1]:
Schedule period ............................... Sun, Wed to Fri
Schedule time ................................. 0:00 to 9:30
The following example displays configuration about all scheduling sessions.
Ruijie(config)#show schedule session
Schedule session [1]:
Schedule period ............................... Sun, Wed to Fri
Schedule time ................................. 0:00 to 9:30
Schedule session [3]:
Schedule period ............................... Mon to Fri
Schedule time ................................. 2:00 to 9:00
Related
Commands Command Description
schedule session Configures a scheduling session.
Platform
Description
This command is supported only on wireless AC and fat AP series.
Command Reference RADIUS Dynamic Authorization Extension Commands
RADIUS Dynamic Authorization Extension Commands
clear radius dynamic-authorization-extension statistics
Use this command to clear statistics about RADIUS dynamic authorization extension.
clear radius dynamic-authorization-extension statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Clear statistics about RADIUS dynamic authorization extension:
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received: 50
Incorrect Disconnect-Request Received: 1
Disconnect-Request Dropped for Queue Full: 0
Disconnect-Request Process Timeout: 0
Disconnect-Request Process Success: 49
Disconnect-ACK Sent: 25
Disconnect-ACK Sent Failed: 0
Disconnect-NAK Sent: 24
Disconnect-NAK Sent Failed: 0
Ruijie# clear radius dynamic-authorization-extension statistics
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received: 0
Incorrect Disconnect-Request Received: 0
Disconnect-Request Dropped for Queue Full: 0
Disconnect-Request Process Timeout: 0
Disconnect-Request Process Success: 0
Disconnect-ACK Sent: 0
Disconnect-ACK Sent Failed: 0
Disconnect-NAK Sent: 0
Disconnect-NAK Sent Failed: 0
Command Reference RADIUS Dynamic Authorization Extension Commands
Related
Commands Command Description
show radius dynamic-authorization-extension
statistics
Shows statistics about RADIUS dynamic
authorization extension.
Platform
Description
N/A
radius dynamic-authorization-extension enable
Use this command to enable RADIUS dynamic authorization extension. Use the no form of this
command to disable this function.
radius dynamic-authorization-extension enable
no radius dynamic-authorization-extension enable
Parameter
Description Parameter Description
N/A N/A
Defaults RADIUS dynamic authorization extension is disabled by default.
Command
mode
Global configuration mode
Usage Guide Check whether RADIUS dynamic authorization extension can be properly enabled or disabled.
Configuration
Examples
#Enable RADIUS dynamic authorization extension.
Ruijie(config)# radius dynamic-authorization-extension enable
Related
Commands Command Description
show running-config
Checks whether RADIUS dynamic
authorization extension is enabled.
Platform
Description
N/A
radius dynamic-authorization-extension port
Use this command to set a UDP port for receiving packets about RADIUS dynamic authorization
extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension port num
no radius dynamic-authorization-extension port
Command Reference RADIUS Dynamic Authorization Extension Commands
Parameter
Description Parameter Description
num Specifies a UDP port for receiving packets about RADIUS dynamic
authorization extension. The port number ranges from 1025 to 65535.
The default value is 3799.
Defaults The default UDP port number is 3799.
Command
mode
Global configuration mode
Usage Guide Ensure that the configured UDP port is not being used.
Configuration
Examples
#Set the UDP port numbered 4000:
Ruijie(config)# radius dynamic-authorization-extension port 4000
Related
Commands Command Description
show running-config
Shows the UDP port for receiving packets
about RADIUS dynamic authorization
extension.
Platform
Description
N/A
radius dynamic-authorization-extension timeout
Use this command to set the timeout time for processing packets about RADIUS dynamic
authorization extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension timeout seconds
no radius dynamic-authorization-extension timeout
Parameter
Description Parameter Description
seconds Specifies the timeout time for processing packets about RADIUS
dynamic authorization extension, in seconds. The value ranges from
0 to 600. 0 indicates that the timeout time for processing packets
about RADIUS dynamic authorization extension will not expire.
Defaults The default timeout time is 30 seconds.
Command
mode
Global configuration mode
Command Reference RADIUS Dynamic Authorization Extension Commands
Usage Guide The timeout time needs to be changed based on application requirements.
Configuration
Examples
#Set the timeout time for processing packets about RADIUS dynamic authorization extension to 40
seconds:
Ruijie(config)# radius dynamic-authorization-extension timeout 40
Related
Commands Command Description
show running-config Shows the configuration.
Platform
Description
N/A
radius dynamic-authorization-extension event-timestamp interval
Use this command to set the timeout time for the event-timestamp attribute of packets about
RADIUS dynamic authorization extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension event-timestamp interval seconds
no radius dynamic-authorization-extension event-timestamp interval
Parameter
Description Parameter Description
seconds Specifies the timeout time for the event-timestamp attribute of
packets about RADIUS dynamic authorization extension, in seconds.
The value ranges from 0 to 600. The default value is 6. 0 indicates
that the timeout time for the event-timestamp attribute will not
expire.
Defaults 6
Command
mode
Global configuration mode
Usage Guide The timeout time needs to be changed based on application requirements. It takes effect only after
the event-timestamp attribute check function is enabled.
Configuration
Examples
#Set the timeout time for the event-timestamp attribute of packets about RADIUS dynamic
authorization extension to 40 seconds:
Ruijie(config)# radius dynamic-authorization-extension event-timestamp
interval 40
Related
Commands Command Description
Command Reference RADIUS Dynamic Authorization Extension Commands
show running-config Shows the configuration.
radius dynamic-authorization-extension
attribute check
Enables the function of checking the
event-timestamp attribute of packets about
RADIUS dynamic authorization extension.
Platform
Description
N/A
radius dynamic-authorization-extension attribute check
Use this command to enable the function of checking the event-timestamp attribute of packets about
RADIUS dynamic authorization extension. Use the no form of this command to disable this function.
radius dynamic-authorization-extension attribute check event-timestamp
no radius dynamic-authorization-extension attribute check event-timestamp
Parameter
Description Parameter Description
N/A N/A
Defaults The function of checking the event-timestamp attribute of packets about RADIUS dynamic
authorization extension is disabled by default.
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
#Enable the function of checking the event-timestamp attribute of packets about RADIUS dynamic
authorization extension:
Ruijie(config)# radius dynamic-authorization-extension attribute check
event-timestamp
Related
Commands Command Description
show running-config Shows the configuration.
radius dynamic-authorization-extension
event-timestamp interval
Sets the timeout time for the event-timestamp
attribute of packets about RADIUS dynamic
authorization extension.
Platform
Description
N/A
Command Reference RADIUS Dynamic Authorization Extension Commands
radius dynamic-authorization-extension duplicate-packet discard
Use this command to discard duplicated packets about RADIUS dynamic authorization extension.
Use the no form of this command to disable the function.
radius dynamic-authorization-extension duplicate-packet discard
no radius dynamic-authorization-extension duplicate-packet discard
Parameter
Description Parameter Description
N/A N/A
Defaults Duplicated packets about RADIUS dynamic authorization extension are not discarded.
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
#Discard duplicated packets about RADIUS dynamic authorization extension:
Ruijie(config)# radius dynamic-authorization-extension duplicate-packet
discard
Related
Commands Command Description
show running-config Shows the configuration.
Platform
Description
N/A
radius dynamic-authorization-extension max-request
Use this command to set the number of RADIUS Disconnect-Request packets that can be processed
concurrently. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension max-request num
no radius dynamic-authorization-extension max-request
Parameter
Description Parameter Description
num Specifies the number of RADIUS Disconnect-Request packets that
can be processed concurrently. This value ranges from 0 to 1000. 0
indicates that the number of concurrently processed RADIUS
Disconnect-Request packets is not limited. The default value is 100.
Command Reference RADIUS Dynamic Authorization Extension Commands
Defaults 100
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
#Set the number of concurrently processed RADIUS Disconnect-Request packets to 1:
Ruijie(config)# radius dynamic-authorization-extension max-request 1
Related
Commands Command Description
show running-config Shows the configuration.
Platform
Description
N/A
show radius dynamic-authorization-extension statistics
Use this command to show statistics about RADIUS dynamic authorization extension.
show radius dynamic-authorization-extension statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Use this command to show statistics about RADIUS dynamic authorization extension, including
received and sent packets and the processing results about received request packets.
Configuration
Examples
#Show statistics about RADIUS dynamic authorization extension:
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received: 50
Incorrect Disconnect-Request Received: 1
Disconnect-Request Dropped for Queue Full: 0
Disconnect-Request Process Timeout: 0
Disconnect-Request Process Success: 49
Disconnect-ACK Sent: 25
Disconnect-ACK Sent Failed: 0
Command Reference RADIUS Dynamic Authorization Extension Commands
Disconnect-NAK Sent: 24
Disconnect-NAK Sent Failed: 0
Related
Commands Command Description
clear radius dynamic-authorization-extension
statistics
Clears statistics about RADIUS dynamic
authorization extension.
Platform
Description
N/A
Command Reference WLAN QoS Commands
WLAN QoS Commands
enable-qos
Use this command to enable the wireless QoS function. Use the no form of this command to disable
this function.
enable-qos
no enable-qos
Parameter
Description Parameter Description
no The parameter indicates that you disable the wireless QoS function.
Defaults The wireless QoS function is enabled by default.
Command
mode
WLAN configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Disable the wireless QoS function for WLAN 1.
Ruijie(config)# wlan-config 1
Ruijie(wids-config)# no enable-qos
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
fair-schedule
Use this command to enable the fair scheduling function on the wireless AP. Use the no form of this
command to disable this function.
fair-schedule
no fair-schedule
Parameter
Description Parameter Description
Command Reference WLAN QoS Commands
no
The parameter indicates that you disable the fair scheduling function
on the AP.
Defaults This function is enabled by default.
Command
mode
AC: AP configuration mode
AP: configuration mode
Usage Guide On a fat AP, the command of configuring fair scheduling is used in configuration mode and you
can use the show run command to show configuration.
When the AP works in fit AP mode, the fair scheduling can be configured only on the AC.
Configuration
Examples
Example 1: Disable the fair scheduling on the AP.
Ruijie(config)# ap-config ap-name
Ruijie(wids-config)# no fair-schedule
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on ACs and fat APs.
wlan-based
Use this command to configure the upstream and downstream traffic limit of the current WLAN. Use
the no form of this command to restore the default value.
wlan-based { down-streams | up-streams } average-data-rate average-data-rate burst-data-rate
burst-data-rate
no wlan-based { down-streams | up-streams }
Parameter
Description Parameter Description
per-user-limit Limit for each user on the WLAN
total-user-limit Limit for the entire WLAN
down-streams Total downstream traffic limit of the WLAN
up-streams Total upstream traffic limit of the WLAN
average-data-rate
average-data-rate Average rate limit, ranging from 1 to 819200 in 8Kbps
burst-data-rate
burst-data-rate Burst rate limit, ranging from 1 to 819200 in 8Kbps
no Restores the traffic limit to the default value.
Command Reference WLAN QoS Commands
Defaults No traffic limit is set by default.
Command
mode
WLAN configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to
1600Kbps.
Ruijie(config)# wlan-config 1
Ruijie(wids-config)# wlan-based down-streams average-data-rate 800
burst-data-rate 1600
Related
Commands Command Description
ap-based { down-streams | up-streams }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the AP-based in-band and
out-of-band traffic rate limit.
netuser H.H.H { inbound | outbound }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the Client-based in-band and
out-of-band traffic rate limit.
Platform
Description
This command is supported on ACs.
wlan-qos ap-based
Use this command to configure the upstream and downstream traffic limit of the current AP.
Use the no form of this command to restore the default value.
wlan-qos ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }
average-data-rate average-data-rate burst-data-rate burst-data-rate
no ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }
Parameter
Description Parameter Description
per-user-limit Limit for each user on the AP
total-user-limit Limit for the entire AP
down-streams Total downstream traffic limit of the AP
up-streams Total upstream traffic limit of the AP
average-data-rate
average-data-rate
Average rate limit, ranging from 1 to 819200 in 8Kbps
Command Reference WLAN QoS Commands
Defaults No traffic limit is set by default.
Command
mode
Configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Configure the average downstream rate of AP wlan-ap-001 to 800Kbps and burst rate to
1600Kbps.
Ruijie(config)# wlan-qos ap-based per-user-limit down-streams
average-data-rate 800 burst-data-rate 1600
Related
Commands Command Description
wlan-qos netuser mac-address { inbound |
outbound } average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the Client-based in-band and
out-of-band traffic rate limits.
wlan-qos wlan-based { wlan-id | ssid }
{ per-user-limit | total-user-limit }
{ down-streams | up-streams }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the WLAN-based in-band and
out-of-band traffic rate limits.
Platform
Description
This command is supported on fat APs.
wlan-qos netuser
Use this command to configure the in-band and out-of-band traffic limits for a specified user in the
current WLAN.
Use the no form of this command to restore the default value.
wlan-qos netuser mac-address { inbound | outbound } average-data-rate average-data-rate
burst-data-rate burst-data-rate
no netuser mac-address { inbound | outbound }
Parameter
Description Parameter Description
mac-address User's MAC address to be set
inbound User’s in-band traffic limit
outbound User’s out-of-band traffic limit
average-data-rate
average-data-rate Average rate limit, ranging from 1 to 819200 in 8Kbps
burst-data-rate
burst-data-rate Burst rate limit, ranging from 1 to 819200 in 8Kbps
Command Reference WLAN QoS Commands
no Restores the traffic limit to the default value.
Defaults No traffic limit is set by default.
Command
mode
Configuration mode.
N/A
Usage Guide
Configuration
Examples
Example 1: Set the average in-band rate to 800Kbps and burst rate to 1600Kbps for the user
0000.0000.0001 in WLAN 1.
Ruijie(config)# wlan-qos netuser 0000.0000.0001 inbound average-data-rate 800
burst-data-rate 1600
Related
Commands Command Description
wlan-qos wlan-based { wlan-id | ssid }
{ per-user-limit | total-user-limit}
{ down-streams | up-streams }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the WLAN-based in-band and
out-of-band traffic rate limits.
wlan-qos ap-based { per-user-limit |
total-user-limit } { down-streams | up-streams }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the AP-based in-band and
out-of-band traffic rate limits.
Platform
Description
This command is supported on fat APs.
wlan-qos wlan-based
Use this command to configure the upstream and downstream traffic limit of the current WLAN.
Use the no form of this command to restore the default value.
wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |
up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
no wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |
up-streams }
Parameter
Description Parameter Description
wlan-id WLAN ID
ssid SSID configured by the WLAN
per-user-limit Limit for each user on the WLAN
Command Reference WLAN QoS Commands
total-user-limit Limit for the entire WLAN
down-streams Total downstream traffic limit of the WLAN
up-streams Total upstream traffic limit of the WLAN
average-data-rate
average-data-rate Average rate limit, ranging from 1 to 819200 in 8Kbps
burst-data-rate
burst-data-rate Burst rate limit, ranging from 1 to 819200 in 8Kbps
no Restores the traffic limit to the default value.
Defaults No traffic limit is set by default.
Command
mode
Configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to
1600Kbps.
Ruijie(config)# wlan-based 1 per-user-limit down-streams average-data-rate
800 burst-data-rate 1600
Related
Commands Command Description
wlan-qos ap-based { per-user-limit |
total-user-limit } { down-streams | up-streams }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the AP-based in-band and
out-of-band traffic rate limits.
netuser mac-address { inbound | outbound }
average-data-rate average-data-rate
burst-data-rate burst-data-rate
Configures the Client-based in-band and
out-of-band traffic rate limits.
Platform
Description
This command is supported on fat APs.
wmm edca-client
Use this command to configure the client EDCA. Use the no form of this command to restore the
parameters to the default values.
wmm edca-client { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] [ noack ] | cac [ optional ] } radio
[ radio-id ]
no wmm edca-client { back-groud | best-effort | video | voice } radio [ radio-id ]
Command Reference WLAN QoS Commands
Parameter
Description Parameter Description
back-groud Sets the back-ground queue.
best-effort Sets the best-effort queue.
video Sets the video queue.
voice Sets the voice queue.
aifsn aifsn-value aifsn value, ranging from 1 to 127
cwmin cwmin-value cwmin value, ranging from 0 to 32767
cwmax cwmax-value cwmax value, ranging from 0 to 1023
txop txop-value txop value, ranging from 0 to 344
radio [ radio-id ] Radio of the client EDCA, ranging from 1 to 2
Defaults For the default EDCA policy for the AP, see the 802.11 standard.
Command
mode
AP configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Configure the value of aifsn, that is the business type of edca-client voice to 10, cwmin to
1, cwmax to 5, and txop to 50, and allocate edca-client voice to interface radio 1 on the AP.
ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio
1
Related
Commands Command Description
wmm edca-radio { back-groud | best-effort |
video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop
[ txop-value ] length [ queue-length ] | cac
[ optional ] } radio [ radio-id ]
Configures the EDCA used by AP.
Platform
Description
N/A
wmm edca-radio
Use this command to configure the EDCA used by AP. Use the no form of this command to restore
the parameters to the default values.
wmm edca-radio { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] length [ queue-length ] | cac [ optional ] }
radio [ radio-id ]
no wmm edca-radio { back-groud | best-effort | video | voice } radio [ radio-id ]
Command Reference WLAN QoS Commands
Parameter
Description Parameter Description
back-groud Sets the back-ground queue.
best-effort Sets the best-effort queue.
video Sets the video queue.
voice Sets the voice queue.
aifsn aifsn-value aifsn value, ranging from 1 to 127.
cwmin cwmin-value cwmin value, ranging from 0 to 32767.
cwmax cwmax-value cwmax value, ranging from 0 to 1023.
txop txop-value txop value, ranging from 0 to 344.
radio [ radio-id ] Radio selected for setting the client EDCA parameter, which ranges
from 1 to 2
Defaults For the default EDCA policy for the AP, see the 802.11 standard.
Command
mode
AP configuration mode.
Usage Guide N/A
Configuration
Examples
Example 1: Configure the value of aifsn, that is the business type of edca-radio voice to 10, cwmin to
1, cwmax to 5, and txop to 50, and allocate edca-radio voice to interface radio 1 on the AP.
ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio
1
Related
Commands Command Description
wmm edca-client { back-groud | best-effort |
video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop
[ txop-value ] [ noack ] | cac [ optional ] } radio
[ radio-id ]
Configures the client EDCA.
Platform
Description
N/A
show client details
Use this command to display the QoS information related to a specified client.
show client details H.H.H
Command Reference WLAN QoS Commands
Parameter
Description Parameter Description
H.H.H
Displays the QoS information of the client with the specified source
MAC address.
Defaults N/A
Command
mode Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Example 1: Display the QoS information of the user with the source MAC address of 0000.0000.0001.
Ruijie# show client details 0000.0000.0001
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Smart Antenna Commands
Smart Antenna Commands
smart antenna enable
Use this command to enable the Smart antenna (SA) function of the specified radio on the specified
AP. Use the no form of this command to disable the SA function.
smart antenna enable radio radio-id
no smart antenna enable radio radio-id
Parameter
Description Parameter Description
radio-id Configures the ID for a radio.
Defaults The SA function is enabled by default.
Command
Mode
AP configuration mode.
Usage Guide N/A
Configuration
Examples
#Enable the SA function of Radio 1 on a specified AP.
Ruijie(config-ap)# smart antenna enable radio 1
#Disable the SA function of Radio 1 on a specified AP.
Ruijie(config-ap)# no smart antenna enable radio 1
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only on wireless AC/AP series products.
Command Reference i-Share Antenna Feeder Commands
i-Share Antenna Feeder Commands
antdetect enable
Use this command to enable feeder link detection function. Use the no form of this command to
restore to the default value.
antdetect enable
no antdetect enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
Mode
AP-Config Configuration Mode
Usage Guide N/A
Configuration
Examples
The following example enables I-share antenna feeder link detection function:
ruijie(config-ap)#antdetect enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
on the AP220-E(M) v3.0 and above.
show antenna all
Use this command to display feeder status of all APs.
show antenna all
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command Reference i-Share Antenna Feeder Commands
Command
Mode
Privileged EXEC Mode.
Usage Guide Use this command to display the feeder status.
Configuration
Examples
The following example displays the feeder status:
ruijie# Show antenna all
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
on the AP220-E(M) v3.0 and above.
show sntenna single
Use this command to display antenna feeder status of a single AP.
show antenna single ap-name
Parameter
Description Parameter Description
ap-name The name of a single AP.
Defaults N/A
Command
Mode
Privileged EXEC Mode.
Usage Guide Use this command to display the feeder status.
Configuration
Examples
The following example displays the feeder status:
ruijie# Show antenna single ap-name
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
on the AP220-E(M) v3.0 and above.
Command Reference WLAN Capture Commands
WLAN Capture Commands
channel all
Use this command to enable AP sniffing all channels. Use the no form of this command to restore the
preceding configuration.
channel all radio-id
no channel all radio-id
Parameter
Description Parameter Description
radio-id The parameter indicates the ID of the radio to be configured, which
ranges from 1 to the actual number of radio the AP has.
Defaults By default, the AP is sniffering the working channel only.
Command
mode
WLAN Capture configuration mode
Usage Guide
Deployment of AP sniffing all channels can be enabled only in the monitor mode.
In the mirror mode, an AP can only captures and forwards all the packets on a particular
channel to a remote device running the analyzer software.
Configuration
Examples
Example 1: Configure the AP to capture packets on all channels of radio 1
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#channel all 1
Ruijie(wlan-cap)#exit
Related
Commands Command Description
service enable Enables the WLAN capture service.
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the fat AP.
Command Reference WLAN Capture Commands
service enable
Use this command to enable the WLAN capture service. Use the no form of this command to disable
the WLAN capture service.
service enable
no service enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
mode
After the WLAN capture service is enabled can the remote device connect and control the fat AP.
Usage Guide Only when the WLAN capture service is enabled, can the remote host access and control the fat AP.
After you enable the WLAN capture, all configurations in this mode are unmodifiable.
Configuration
Examples
Example 1: enable the WLAN capture service.
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#service enable
Ruijie(wlan-cap)#exit
Related
Commands Command Description
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the fat AP.
forward
Use this command to configure the forwarding mode of WLAN capture packets.
forward { central | local }
Parameter
Description Parameter Description
central Centralized forwarding mode. Packets of the WLAN capture from AP
Command Reference WLAN Capture Commands
are centralized by AC, and then will be forwarded to the remote
device.
local
Local forwarding mode. Packets of the WLAN capture are forwarded
by AP directly to the remote device.
Defaults Centralized forwarding mode.
Command
mode
WLAN capture configuration mode
Usage Guide This command does not have the no form.
The forwarding mode must be configured before the WLAN capture service is
configured.
Configuration
Examples
Example 1: Configure the local forwarding mode for the AP.
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#forward local
Ruijie(wlan-cap)#exit
Related
Commands Command Description
service enable Enables the WLAN capture.
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the AC.
rpcap port
Use this command to configure a TCP port to be a Wireless Sniffer. Use the no form of this command
to restore the default settings.
rpcap port port-value
no rpcap port
Parameter
Description Parameter Description
port-value Monitoring port number, ranging from 1 to 65535.
Defaults The default value is 2002
Command Reference WLAN Capture Commands
Command
mode
WLAN capture configuration mode
Usage Guide
The sniffing ports must be configured before the WLAN capture is configured.
The designated ports must be idle TCP ports, or failure occurs when binding the WLAN
capture to the designated ports.
Configuration
Examples
Example 1: Configure monitoring port 3000
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#rpcap port 3000
Ruijie(wlan-cap)#exit
Related
Commands Command Description
service enable Enables the WLAN capture service.
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the AC and fat AP.
rpcap login
Use this command to configure remote devices login authentication, including username and
password. Use the no form of this command to restore the default settings.
rpcap login username password
no rpcap login
Parameter
Description Parameter Description
username Username, string, maximum length is 64 characters.
password Password, string, maximum length is 64 characters.
Defaults By default, the username and the password are null.
Command
mode
WLAN capture configuration mode
Command Reference WLAN Capture Commands
Usage Guide Only one set of the username and the password is allowed when configuring remote device login
authentication.
Only when the username and the password are null, can anonymous logins are allowed.
Login authentication must be configured before the WLAN capture service is configured.
Configuration
Examples
Example 1: Configure both the username and the password as “wlan-capture”
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#rpcap login wlan-capture wlan-capture
Ruijie(wlan-cap)#exit
Related
Commands Command Description
service enable Enable the WLAN capture service.
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the AC and fat AP.
wlan-cap
Use this command to create the WLAN capture service or enter WLAN capture configuration service.
Use the no form of this command to remove the configuration.
wlan-cap
no wlan-cap
Parameter
Description Parameter Description
N/A N/A
Defaults By default, the WLAN capture service is disabled.
Command
mode
Global configuration mode
Usage Guide When this command is executed for the first time, terminals create and enable the WLAN capture
service.
Configuration
Examples
Example 1: create and enable the WLAN capture service.
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Command Reference WLAN Capture Commands
Ruijie(wlan-cap)#exit
Related
Commands Command Description
show wlan-cap config Shows the WLAN capture configuration.
Platform
Description
This command is supported only on the AC and fat AP.
wlan-cap channel
Use this command to enable AP sniffing all channels.Use the no form of this command to restore the
preceding configuration.
wlan-cap channel all radio-id
no wlan-cap channel all radio-id
Parameter
Description Parameter Description
radio-id The parameter indicates the ID of the radio to be configured, which
ranges from 1 to 31.
Defaults By default, an terminal can only captures and forwards all the packets on current channel.
Command
mode
AP configuration mode
Usage Guide
Configuration to a non-existent Radio is invalid.
This command is invalid in ap-config all mode.
Configuration
Examples
Example 1: Configure the online AP (1414.4b61.09c7) to capture packets on all channels in the
monitor mode of the radio 1.
Ruijie# configure terminal
Ruijie(config)#ap-config 1414.4b61.09c7
You are going to config AP(1414.4b61.09c7), which is on line now.
Ruijie(config-ap)#wlan-cap channel all 1
Ruijie(config-ap)#exit
Related
Commands Command Description
service enable Enables the WLAN capture service.
show wlan-cap config Shows the WLAN capture configuration.
Command Reference WLAN Capture Commands
Platform
Description
This command is supported only on the AC.
wlan-cap enable
Use this command to enable the WLAN capture service on the radio of the AP.
Use the no form of this command to disable the WLAN capture service on the radio of the AP.
wlan-cap enable radio-id
no wlan-cap enable radio-id
Parameter
Description Parameter Description
radio-id The parameter indicates the ID of the radio to be configured, which
ranges from 1 to 31.
Defaults By default, this function is disabled.
Command
mode
AP configuration mode
Usage Guide
Configuration to a non-existent Radio is invalid.
This command is invalid in ap-config all mode.
Configuration
Examples
Example 1: Configure the online AP (1414.4b61.09c7) to capture packets on all channels of radio 1.
Ruijie# configure terminal
Ruijie(config)#ap-config 1414.4b61.09c7
You are going to config AP(1414.4b61.09c7), which is on line now.
Ruijie(config-ap)#wlan-cap enable 1
Ruijie(config-ap)#exit
Related
Commands Command Description
show wlan-cap interfaces Shows the WLAN capture interfaces list.
Platform
Description
This command is supported only on the AC.
show wlan-cap
Use these commands to show information about the WLAN capture service.
Command Reference WLAN Capture Commands
show wlan-cap config
show wlan-cap state
show wlan-cap interface
Parameter
Description Parameter Description
config Shows current configuration of the WLAN capture.
state Shows current state of the WLAN capture.
interface Shows the WLAN capture interfaces list.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
Example 1: Show current configuration of the WLAN capture.
Ruijie#show wlan-cap config
========================= Wlan-cap-config =======================
Listen port: 2002
Login info: Anonymous
Forward: Central
Service enable: No
Example 2: Show current state of the WLAN capture.
Ruijie#show wlan-cap interface
Wlan capture interface info:
Total interface num: 1
Total running num: 0 (monitor: 0, mirror: 0)
Total idle num: 1
Index AP Name AP Mac Radio Channel Status User Num
----- ---------------- -------------- ----- ------- ------ --------
1 ap320 00d0.f822.33d0 1 11 Idle 0
Example 3: Show the WLAN capture interfaces list.
Ruijie#show wlan-cap state
Total user num: 1
Capture mode: mirror(0); monitor(1)
Forward mode: central(1); local(0)
Index AP Name AP Mac Radio Channel Capture Forward Peer_ip
Port
----- ------------------ -------------- ----- ------- -------- --------
--------------- -----
1 apr2 1414.4b61.0a0f 1 11 Monitor Central
Command Reference WLAN Capture Commands
20.0.0.10 54990
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only on the AC and fat AP.
Command Reference EF-DHCP Commands
EF-DHCP Commands
central dhcp enable
Use this command to forward the DHCP packet through the wireless access controller in local
forwarding mode. Use the no form of this command to restore the default setting.
central dhcp enable
no central dhcp enable
Parameter
Description Parameter Description
N/A N/A
Defaults By default, the DHCP packets are sent in local forwarding mode, namely the packets are forwarded
through the access point.
Command
mode
WLAN configuration mode
Usage Guide Ruijie recommends enabling this function for easy management of the DHCP address pool in WLAN
and simplification of the DHCP topology.
Configuration
Examples
The following example enables this function.
Ruijie(config)#wlan-config 100 ruijie_wlan
Ruijie(config-wlan)#tunnel local
Ruijie(config-wlan)#central dhcp enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only in RGOS10.4(1b19)p1, including RGOS10.4(1b19)p2.
This command is supported on access points and wireless access controllers.
Command Reference Spectral Analysis Commands
Spectral Analysis Commands
spectral enable
Use this command to enable the Spectral Analysis (SA) function on the AP. Use the no form of this
command to disable this function.
spectral enable
no spectral enable
Parameter
Description Parameter Description
N/A N/A
Defaults The spectral function is disabled by default.
Command
mode
AP configuration mode on the fit AP or AC
Or:
Spectral configuration mode on the fat AP
Usage Guide N/A
Configuration
Examples
This example shows how to enable the SA function on the specified AP.
Ruijie(config-ap)# spectral enable
This example shows how to disable the SA function on the specified AP.
Ruijie(config-ap)# no spectral enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on all wireless AC products and several AP products, including
AP220-SH v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
spectra l stability vbr | bth | bts | cph | mwo | cwa num
Use this command to configure interference with recognition accuracy.
[ no ] spectral stability vbr | bth | bts | cph | mwo | cwa num
Parameter
Description Parameter Description
vbr Configures recognition accuracy of the video bridge within the range
from 1 to 5.
Command Reference Spectral Analysis Commands
bth Configures recognition accuracy of the Bluetooth headset within the
range from 1 to 4.
bts Configures recognition accuracy of the Bluetooth voice within the
range from 1 to 2.
cph Configures recognition accuracy of the cordless phone within the
range from 3 to 5.
mwo Configures recognition accuracy of the microwave within the range
from 1 to 5.
cwa Configures recognition accuracy of the continuous wave within the
range from 4 to 10.
Defaults vbr: 5
bth: 1
bts: 1
cph: 5
mwo: 1
cwa: 8
Command
mode
AP configuration mode on the fit AP or AC
Or:
Spectral configuration mode on the fat AP
Usage Guide N/A
Configuration
Examples
This example shows how to configure recognition accuracy of the SA video bridge on the specified
AP.
Ruijie(config-ap)# spectral stability vbr 2
This example shows how to restore recognition accuracy of the video bridge to the default value on
the specified AP.
Ruijie(config-ap)# no spectral stability vbr
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on wireless AC products and several AP products, including AP220-SH
v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
spectral period num
Use this command to configure the AP scanning cycle.
[ no ] spectral period num
Parameter Parameter Description
Command Reference Spectral Analysis Commands
Description
num Configures the scanning cycle within the range from 1 to 100. The
unit of the cycle is 5 microseconds.
Defaults 5 microseconds
Command
mode
AP configuration mode on the fit AP or AC
Or:
Spectral configuration mode on the fat AP
Usage Guide N/A
Configuration
Examples
This example shows how to configure the SA scanning cycle of the specified AP.
Ruijie(config-ap)# spectral period 10
This example shows how to restore the scanning cycle of the specified AP to the default value.
Ruijie(config-ap)# no spectral speriod
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on all wireless AC products and several AP products, including
AP220-SH v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
Command Reference CLI Authorization
CLI Authorization
alias
Use this command to configure a command alias in global configuration mode. Use the no form of
this command to remove the alias of a specified command or all the aliases in a specified mode.
alias mode command-alias original-command
no alias mode command-alias
Parameter
Description Parameter Description
mode Mode of the command represented by the alias
command-alias Command alias
original-command Syntax of the command represented by the alias
Defaults Some commands in EXEC mode have default alias.
Command
Mode
Global configuration mode.
Usage Guide The following table lists the default alias of the commands in privileged EXEC mode.
Alias Actual Command
h help
p ping
s show
u undebug
un undebug
The default alias cannot be removed by the no alias exec command.
After configuring the alias, you can use a word to replace a command. For example, you can create
an alias to represent the first part of a command, and then type the rest part of the command.
The mode of the command represented by the alias is the command mode existing in the current
system. In the global configuration mode, you can use the alias ? command to list all the modes
under which you can configure alias for commands.
Ruijie(config)# alias ?
aaa-gs AAA server group mode
acl acl configure mode
bgp Configure bgp Protocol
config globle configure mode
......
Command Reference CLI Authorization
The alias also has its help information that is displayed after * in the following format:
*command-alias=original-command
For example, in the privileged EXEC mode, the default alias s stands for show. You can enter s? to
query the key words beginning with s and the help information of the alias.
Ruijie#s?
*s=show show start-chat start-terminal-service
If an alias represents more than one word, the command will be displayed in brackets. For example, if
you set sv stand for show version in the privileged EXEC mode, then:
Ruijie#s?
*s=show *sv="show version" show start-chat
start-terminal-service
The alias must begin with the first letter of the command. The first letter of the command cannot be a
space. The space before the command cannot be used as a valid alias.
Ruijie# s?
show start-chat start-terminal-service
The command alias also has its help information. For example, if the alias ia represents ip address in
the interface configuration mode, then:
Ruijie(config-if)#ia ?
A.B.C.D IP address
dhcp IP Address via DHCP
Ruijie(config-if)# ip address
The above help information lists the parameters of ip address and shows the actual command name.
You must enter an entire alias; otherwise it cannot be recognized.
Use the show aliases command to show the aliases setting in the system.
Configuration
Examples
#In global configuration mode, use def-route to represent the default route setting of ip route 0.0.0.0
0.0.0.0 192.168.1.1:
Ruijie# configure terminal
Ruijie(config)# alias config def-route ip route 0.0.0.0 0.0.0.0 192.168.1.1
Ruijie(config)#def-route?
*def-route="ip route 0.0.0.0 0.0.0.0 192.168.1.1"
Ruijie(config)# end
Ruijie# show aliases config
globle configure mode alias:
def-route ip route 0.0.0.0 0.0.0.0
192.168.1.1
Related
Commands Command Description
show aliases Shows the aliases settings.
Platform
Description
N/A
Command Reference CLI Authorization
privilege
Use this command to attribute the execution rights of a command to a command level in global
configuration mode. Use the no form of this command to restore the execution rights of a command to
the default setting.
privilege mode [ all ] [ level level | reset ] command-string
no privilege mode [ all ] [ level level ] command-string
Parameter
Description Parameter Description
mode CLI mode of the command to which the execution rights are
attributed.
all Command alias
level Specifies the execution right levels (0–15) of a command or
sub-commands
reset Restores the command execution rights to its default level
command-string: Command string to be authorized
Defaults N/A.
Command
Mode
Global configuration mode.
Usage Guide The following table lists some key words that can be authorized by the privilege command in CLI
mode. The number of command modes that can be authorized may vary with different devices. In the
global configuration mode, you can use the privilege ? command to list all CLI command modes that
can be authorized.
Mode Descripton
config Global configuration mode.
exec Privileged EXEC mode
interface Interface configuration mode
ip-dhcp-pool DHCP address pool configuration mode
ip-dhcp-pool DHCP address pool configuration mode
keychain KeyChain configuration mode
keychain-key KeyChain-key configuration mode
Configuration
Examples
#Set the password of CLI level 1 as test and attribute the reload rights to reset the device:
Ruijie(config)#enable secret level 1 0 test
Ruijie(config)#privilege exec level 1 reload
After the above setting, you can access the CLI window as level-1 user to use
the reload command:
Ruijie>reload ?
LINE Reason for reload
<cr>
Command Reference CLI Authorization
#You can use the key word all to attribute all sub-commands of reload to level-1 users:
Ruijie(config)# privilege exec all level 1 reload
#After the above setting, you can access the CLI window as level-1 user to use all sub commands of
the reload command:
Ruijie>reload ?
LINE Reason for reload
at reload at a specific time/date
cancel cancel pending reload scheme
in reload after a time interval
<cr>
Related
Commands Command Description
enable secret Sets the CLI-level password.
Platform
Description
N/A.
show aliases
Use this command to show all the command aliases or aliases in special command modes.
show aliases [ mode ]
Parameter
Description Parameter Description
mode Mode of the command represented by the alias.
Defaults N/A.
Command
Mode
EXEC mode.
Usage Guide Show the configuration of all aliases if no command mode is input.
Configuration
Examples
#Show the command alias in EXEC mode:
Ruijie#show aliases exec
exec mode alias:
h help
p ping
s show
u undebug
un undebug
Related Command Description
Command Reference CLI Authorization
Commands
alias Sets a command alias.
Platform
Description
N/A.
Command Reference LINE Commands
LINE Commands
access-class
Set the applied ACL (Access Control List) in Line. Use the access-class { access-list-number |
access-list-name } { in | out } command to configure the ACL in Line. Use the no access-class
{ access-list-number | access-list-name} { in | out } command to cancel the ACL configuration in
LINE.
access-class { access-list-number | access-list-name } { in | out }
no access-class { access-list-number | access-list-name } { in | out }
Parameter
Description Parameter Description
access-list-number|
access-list-name Specifies the ACL defined by access-list
in Performs access control over the incoming connections
out Performs access control over the outgoing connections
Defaults By default, no ACL is configured under Line. All connections are accepted, and all outgoing
connections are allowed.
Command
Mode
Line configuration mode.
Usage Guide This command is used to configure ACLs under Line. By default, all the incoming and
outgoing connections are allowed, and no connection is filtered. After access-class is
configured, only the connections that pass access list filtering can be established successfully.
Use the show running command to view configuration information under Line.
Configuration
Examples
In line vty 0 4, configure access-list for the accepted connections to 10:
Ruijie# configure terminal
Ruijie(config)# line vty 0 4
Ruijie(config-line)# access-class 10 in
Related
Commands Command Description
show running Shows status information
Platform
Description
Command Reference LINE Commands
line
To enter the specified LINE mode, use the following command:
line [ aux | console | tty | vty ] first-line [ last-line ]
Parameter
Description Parameter Description
aux Auxiliary port, on the routers.
console Console port
tty Asynchronous port, on the routers.
vty Virtual terminal line, applicable for telnet/ssh connection.
first-line Number of first-line to enter
Last-line Number of last-line to enter
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide Access to the specified LINE mode.
Configuration
Examples
Enter the LINE mode from LINE VTY 1 to 3:
Ruijie(config)# line vty 1 3
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
line vty
This command can be used to increase the number of VTY connections currently available. The
number of currently available VTY connections can be decreased by using the no form of this
command.
line vty line-number
no line vty line-number
Parameter
Description Parameter Description
line-number Number of vty to enter
Command Reference LINE Commands
Defaults By default, there are five available VTY connections, numbered 0 to 4.
Command
Mode
Global configuration mode.
Usage Guide When you need to increase or decrease the number of available VTY connections, use the
above commands.
Configuration
Examples
Increase the number of available VTY connections to 20. The available VTY connections are
numbered 0 to 19.
Ruijie(config)# line vty 19
Decrease the number of available VTY connections to 10. The available VTY connections are
numbered 0-9.
Ruijie(config)# line vty 10
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
transport input
To set the specified protocol under Line that can be used for communication, use the transport input
command. Use the default transport input command to restore the protocols under Line that can
be used for communication to the default value.
transport input { all | ssh | telnet | none }
default transport input
Parameter
Description Parameter Description
all
Allows all the protocols under Line to be used for
communication
ssh
Allows only the SSH protocol under Line to be used for
communication
telnet
Allows only the Telnet protocol under Line to be used for
communication
none
Allows none of protocols under Line to be used for
communication
Defaults By default, VTY allows all the protocols to be used for communication. The default value of
other types of TTYs is NONE, indicating that no protocols are allowed for communication.
After some protocols are set to be available for communication, use the default transport
Command Reference LINE Commands
input command to restore the setting to the default value.
Command
Mode
Line configuration mode.
Usage Guide This command is used to set the protocols in the Line mode that are available for
communication. By default, VTY allows all the protocols for communication. After protocols
available for communication are set, only these protocols can connect on the specific VTY
successfully. Use the show running command to view configuration information under Line.
Note: You can restore the default configuration by using the default transport input
command. The no transport input command is used to disable all the communication
protocols in the LINE mode. The setting result is the same as that of transport input
none.
Configuration
Examples
Specify that only the Telnet protocol is allowed to login in line vty 0 4:
Ruijie# configure terminal
Ruijie(config)# line vty 0 4
Ruijie(config-line)# transport input telnet
Related
Commands Command Description
show running Shows status information
Platform
Description
Command Reference Basic Management Commands
Basic Management Commands
disable
To switch from privileged user mode to normal user mode or lower the privilege level, run the disable
command.
disable [ privilege-level ]
Parameter Description Parameter
Description privilege-level Privilege level
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide
Use this command to switch to user mode from privileged EXEC mode. If a new privilege level is
added, the current privilege level will be lowered.
The privilege level that follows the disable command must be lower than the current
level.
Configuration
Examples
The following example lowers the current privilege level of the device to level 10:
Ruijie# disable 10
Command Description Related
Commands enable Moves from user mode enter to privileged EXEC mode or
reaches a higher level of authority.
Platform
Description None
enable password
To configure passwords for different privilege levels, run the global configuration command enable
password. The no form of this command is used to delete the password of a specified level.
enable password [level level] {password | [0|7] encrypted-password}
no enable password [level level]
Command Reference Basic Management Commands
Parameter Description
password Password for the user to enter the EXEC configuration layer
level User's level.
0|7
Password encryption type, "0" for no encryption, "7" for simple encryption
(Optional) Ruijie’s private algorithm will be used for password encryption.
If the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
Parameter
Description
encrypted-password Password text.
Defaults None
Command
Mode Global configuration mode
Usage Guide
No encryption is required in general. The encryption type must be specified for copying and pasting a
encrypted password for the device.
A valid password is defined as follows:
Consists of 1-26 upper/lower case letters and numbers
Leading spaces are allowed but usually ignored. Spaces in between or at the end are regarded
as part of the password.
If an encryption type is specified and a plaintext password is entered, you cannot enter
privileged EXEC mode. A lost password that has been encrypted using any method
cannot be restored. In this case, you can only reconfigure the device password.
Configuration
Examples
The following example configures the password as pw10:
Ruijie(config)# enable password pw10
Command Description Related
Commands enable secret Sets the security password
Platform
Description None
enable secret
To configure a security password for different privilege levels, run the global configuration command
enable secret. The no form of this command is used to delete the password of a specified level.
enable secret [level level] {secret | [0|5] encrypted-secret}
no enable secret [level level]
Command Reference Basic Management Commands
Parameter Description
secret Password for the user to enter the EXEC configuration layer
level User's level.
0|5 Password encryption type, "0" for no encryption, "5" for security encryption
Parameter
Description
encrypted-password Password text
Defaults None
Command
Mode Global configuration mode
Usage Guide
A password comes under two caetgories: "password" and "security". "Password" indicates a simple
password, which can be set only for level 15. "Security" means a security password, which can be set
for levels 0-15. If both types of passwords coexist in the system, no "password" type is allowed. If a
"password" type password is set for a level other than 15, the system gives an alert and the password
is automatically converted into a "security" password. If a "password" type password is set for level 15
and the same as a "security" password, an alert is given. The password must be encrypted, with
simple encryption for "password" type passwords and security encryption for "security" type
passwords.
Configuration
Examples
The following example configures the security password as pw10:
Ruijie(config)# enable secret 0 pw10
Command Description Related
Commands enable password Sets passwords for different privilege levels.
Platform
Description None
enable service
To enable or disable a specified service such as SSH Server/Telnet Server/Web Server/SNMP
Agent, use the enable service command in global configuration mode:
enable service { ssh-sesrver | telnet-server | web-server | snmp-agent}
Keyword Description
ssh-server Enables SSH Server. IPv4 and IPv6 services are enabled at the same time.
telnet-server Enables Telnet Server. IPv4 and IPv6 services are enabled at the same time.
web-server Enables HTTP Server. IPv4 and IPv6 services are enabled at the same time.
Parameter
Description
snmp-agent Enables SNMP Agent. IPv4 and IPv6 services are enabled at the same time.
Defaults None
Command Reference Basic Management Commands
Command
Mode Global configuration mode
Usage Guide
Use this command to enable or disable a specified service. Use the no enable service command to
disable the specified service.
The enable service web-server command is followed by three optional keywords: [http |
https | all]. If the command is followed by no keyword or by all, the command enables
http and https services. Followed by http, the command enables http service only.
Followed by https, the command enables https service only.
Configuration
Examples
The following example enables the SSH Server:
Ruijie(Config)# enable service ssh-sesrver
Command Description Related
commands show service Views the service status in the current system.
Platform
Description None
execute
To run the commands in batches, use the execute command in privileged EXEC mode.
run [flash: ] filename
Parameter Description
flash: Parent directory of the batch file Parameter
Description filename Name of the batch file
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide
This command is used to run commands in batches.
You can define the filename and content of each batch file. When edited, the batch files on your
computer are transferred to the flash memory of the device through TFTP. These batch files imitate
Command Reference Basic Management Commands
user input, so you should edit the content in the order of CLI command configuration. For some
interactive commands, the response message should be pre-written into the batch files to ensure the
commands can be normally rund.
Caution: The size of each batch file must not exceed 128 KB. Otherwise, the execution may fail. For
over-sized batch files, you can divide them into several files smaller than 128 KB.
Configuration
Examples
The following example runs the batch file line_rcms_script.text, which is used to enable the reverse
Telnet function for all asynchronous interfaces with contents as follows:
configure terminal
line tty 1 16
transport input all
no exec
end
The execution result is as follows:
Ruijie# execute flash:line_rcms_script.text
executing script file line_rcms_script.text ......
executing done
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# line tty 1 16
Ruijie(config-line)# transport input all
Ruijie(config-line)# no exec
Ruijie(config-line)# end
Command Description Related
Commands N/A N/A
Platform
Description None
ip http authentication
An Http Server requires logon authentication for access to a Web page. Use this command to set
Web logon authentication mode.
ip http authentication {enable | local }
Keyword Description
enable
Uses the password set by the enable password or enable command.
The password must be level 15.
The system performs enable authentication by default.
Parameter
Description
local Uses the username and password set by the local username
command. The user must be bound to the privileges of level 15.
Command Reference Basic Management Commands
Defaults enable
Command
Mode Global configuration mode
Usage Guide This command is used to set the mode of Web logon authentication. Use the no ip http
authentication command to restore it to the default setting.
Configuration
Examples
The following example sets the mode of Web logon authentication as local:
Ruijie(Config)# ip http authentication local
Command Description Related
Commands enable service Enables or disables the specified service.
Platform
Description None
ip http port
To set an HTTP service port, use this command in global configuration mode:
ip http port number
Keyword Description Parameter
Description number Port number of the HTTP server, 80 by default.
Defaults 80
Command
Mode Global configuration mode
Usage Guide This command is used to set an HTTP service port. Use the no ip http port command to restore it to
the default setting.
Configuration
Examples
The following example sets an HTTP service port as 8080:
Ruijie(Config)# ip http port 8080
Command Description Related
Commands enable service Enables or disables the specified service.
Platform None
Command Reference Basic Management Commands
Description
ip telnet source-interface
To specify the IP address of an interface as the source address for Telnet connection, use the ip
telnet source-interface command in global configuration mode:
ip telnet source-interface interface-name
Keyword Description Parameter
Description interface-name Specifies the IP address of the interface as the source address for
Telnet connection.
Defaults None
Command
Mode Global configuration mode
Usage Guide
This command is used to specify the IP address of an interface as the source address for global
Telnet connetction. When using the telnet command to log in a Telnet server, apply the global setting
if no source interface or source address is specified. Use the no ip telnet source-interface
command to restore it to the default setting.
Configuratio
n Examples
The following example specifies the IP address of the Loopback1 interface as the source address
for global Telnet connection.
Ruijie(Config)# ip telnet source-interface Loopback 1
Command Description Related
Commands telnet Logs in a Telnet server.
Platform
Description None
lock
To set a temporary password for the terminal, run the lock command in EXEC mode .
lock
Parameter Description Parameter
Description N/A N/A
Defaults None
Command Reference Basic Management Commands
Command
Mode Privileged EXEC mode
Usage Guide
You can lock the terminal interface and maintain the session continuity to prevent access to the
interface by setting a temporary password. Take the following steps to lock the terminal interface:
Enter the lock command, and the system will prompt you for a password:
Enter the password, which can be any character string. The system will prompt you to confirm
the password, clear the screen, and show the "Locked" information.
To access the terminal, enter the preset temporary password.
To lock the terminal, run the lockable command in line configuration mode and enable terminal
locking in the corresponding line.
Configuration
Examples
The following example locks a terminal interface:
Ruijie(config-line)# lockable
Ruijie(config-line)# end
Ruijie# lock
Password: <password>
Again: <password>
Locked
Password: <password>
Ruijie#
Command Description Related
Commands lockable Supports terminal locking in the line.
Platform
Description None
lockable
To support the lock command at the terminal, run the lockable command in line configuration mode.
The terminal does not support the lock command by default. Use the no command to cancel the
setting.
lockable
no lockable
Parameter Description Parameter
Description N/A N/A
Defaults None
Command Reference Basic Management Commands
Command
Mode Line configuration mode
Usage Guide This command is used to lock a terminal interface in the corresponding line. To lock the terminal, run
the lock command in EXEC mode.
Configuration
Examples
The following example enables terminal locking at the console port and locks the console:
Ruijie(config)# line console 0
Ruijie(config-line)# lockable
Ruijie(config-line)# end
Ruijie# lock
Password: <password>
Again: <password>
Locked
Password: <password>
Command Description Related
Commands lock Locks the terminal.
Platform
Description None
login
If AAA is disabled, run the login command to enable simple login password authentication on the
interface. The no form of this command is used to delete the line login password authentication.
login
no login
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Line configuration mode
Usage Guide If the AAA security server is inactive, this command enables simple password authentication at login.
The password is configured for a VTY or console interface.
Command Reference Basic Management Commands
Configuration
Examples
The following example shows how to set a login password authentication on VTY.
Ruijie(config)# no aaa new-model
Ruijie(config)# line vty 0
Ruijie(config-line)# password 0 normatest
Ruijie(config-line)# login
Command Description Related
Commands password Configures the line login password
Platform
Description None
login authentication
If the AAA is enabled, login authentication must be performed on the AAA server. Use this command
to associate login authentication method list. The no form of this command is used to delete the list.
login authentication {default | list-name}
no login authentication {default | list-name}
Parameter Description
default Name of the default authentication method list Parameter
Description list-name Name of the method list
Defaults None
Command
Mode Line configuration mode
Usage Guide If the AAA security server is active, this command is used for login authentication using the specified
method list.
Configuration
Examples
The following example shows how to associate the method list on VTY and perform login
authentication on a radius server.
Ruijie(config)# aaa new-model
Ruijie(config)# aaa authentication login default radius
Ruijie(config)# line vty 0
Ruijie(config-line)# login authentication default
Command Description Related
Commands aaa new-model Enables the AAA security service.
Command Reference Basic Management Commands
aaa authentication login Configures the login authentication method list.
Platform
Description None
login local
If AAA is disabled, run the login local command to enable local user authentication on the interface.
The no form of this command is used to delete the line for local user authentication.
login local
no login local
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Line configuration mode
Usage Guide If the AAA security server is inactive, this command is used for local user login authentication. The
user is allowed to use the username command.
Configuration
Examples
The following example shows how to set local user authentication on VTY.
Ruijie(config)# no aaa new-model
Ruijie(config)# username test password 0 test
Ruijie(config)# line vty 0
Ruijie(config-line)# login local
Command Description Related
Commands username Configures local user information.
Platform
Description None
privilege mode
See the “Configuring CLI Authorization Commands” chapter.
Command Reference Basic Management Commands
Parameter Description Parameter
Description N/A N/A
Defaults See the “Configuring CLI Authorization Commands” chapter.
Command
Mode See the “Configuring CLI Authorization Commands” chapter.
Usage Guide See the “Configuring CLI Authorization Commands” chapter.
Configuration
Examples See the “Configuring CLI Authorization Commands” chapter.
Command Description Related
Commands N/A N/A
Platform
Description None
password
To configure a password for line login, run the password command. The no form of this command is
used to delete the line login password.
password {password | [0|7] encrypted-password}
no password
Parameter Description
password Password for remote line login
0|7
Password encryption type, "0" for no encryption, "7" for simple encryption
(Optional) Ruijie’s private algorithm will be used for password encryption. If
the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
Parameter
Description
encrypted-password Password text
Defaults None
Command
Mode Line configuration mode
Command Reference Basic Management Commands
Usage Guide This command is used to configure a authentication password for remote line login.
Configuration
Examples
The following example configures the line login password as "red":
Ruijie(config)# line vty 0
Ruijie(config-line)# password red
Command Description Related
Commands login Moves from user mode to privileged EXEC mode or enables a higher level of
authority.
Platform
Description None
service password-encryption
To encrypt a password, run this command. The no form of this command is used to restore to the
default value, but a password in cipher text cannot be restored to plain text.
service password-encryption
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Global configuration mode
Usage Guide This command is disabled by default. Various passwords are displayed in plain text, unless they are
encrypted. After you run the service password-encryption and show running or write command to
save your configuration, the password changes into cipher text. If you disable the command, the
password in cipher text cannot be restored to plain text.
Configuration
Examples
The following example encrypts the password:
Ruijie(config)# service password-encryption
Command Description Related
Commands enable password Sets passwords of different privileges.
Platform None
Command Reference Basic Management Commands
Description
telnet
To log in a server that supports telnet connection, use the telnet command in EXEC (privileged)
mode.
telnet host [port] [/source {ip A.B.C.D | ipv6 X:X:X:X::X | interface interface-name}] [/vrf vrf-name]
Parameter Description
Host The IP address of the host or host name you want to log in.
Port Selects the TCP port number for login, 23 by default.
/source Specifies the source IP address or source interface used by the
Telnet client.
ip A.B.C.D Specifies the source IPv4 address used by the Telnet client.
ipv6 X:X:X:X::X Specifies the source IPv6 address used by the Telnet client.
interface interface-name Specifies the source interface used by the Telnet client.
Parameter
Description
/vrf vrf-name Specifies the VRF routing table you want to query.
Defaults None
Command
Mode Privileged mode
Usage Guide
This command is used to log in a telnet server.
The /vrf keyword only applies to the RSR series of routers.
Configuration
Examples
Example 1: The following example sets telnet to 192.168.1.11. The port number is the default, and
the source interface is Gi 0/1. The queried VRF routing table is vpn1.
Ruijie# telnet 192.168.1.11 /source-interface gigabitEthernet 0/1 /vrf vpn1
Example 2: The following example sets telnet to 2AAA:BBBB::CCCC
Ruijie# telnet 2AAA:BBBB::CCCC
Command Description
ip telnet source-interface Specifies the IP address of the interface as the source
address for Telnet connection.
show sessions Shows the currently established Telnet sessions.
Related
Commands
exit Exits current connection.
Platform None
Command Reference Basic Management Commands
Description
username
To set a local username, run the username command in global configuration mode.
username name {nopassword | password { password | [0|7]
encrypted-password }} username name privilege privilege-level
no username name
Parameter Description
name Username
password User password
0|7
Password encryption type, 0 for no encryption, 7 for simple encryption
(Optional) Ruijie’s private algorithm will be used for password encryption. If
the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
encrypted-password Password text
Parameter
Description
privilege-level User bound privilege level
Defaults None
Command
Mode Global configuration mode
Usage Guide This command is used to establish a local user database for authentication.
If encryption type is 7, the cipher text you enter should contain seven characters to be
valid.
In general, do not set the entryption type 7.
Instead, specify the type of encryption as 7 only when the encrypted password is copied
and pasted.
Configuration
Examples
The following example configures a username and password and bind the user to level 15.
Ruijie(config)# username test privilege 15 password 0 pw15
Command Description Related
Commands login local Enables local authentication
Platform
Description None
Command Reference Basic Management Commands
banner login
To configure the login banner, run the banner login command in clobal configuration mode. Use the
no banner login command to remove the configuration.
banner login c message c
Parameter Description
c Separator of the message contained in the login banner.
Delimiters are not allowed in the MOTD.
Parameter
Description
message Contents of the login banner
Defaults None
Command
Mode Global configuration mode
Usage Guide This command sets the login banner message, which is displayed at login. The system discards all
the characters next to the terminating symbol.
Configuration
Examples
The following example shows how to configure the login banner:
Ruijie(config)# banner login $ enter your password $
Command Description Related
Commands N/A N/A
Platform
Description None
banner motd
To set the Message-of-the-Day (MOTD), run the banner motd command in global configuration
mode. To delete the MOTD setting, run the no banner motd command.
banner motd c message c
Parameter Description
c Separator of the MOTD. Delimiters are not allowed in the MOTD. Parameter
Description message Contents of an MOTD
Defaults None
Command
Mode Global configuration mode
Command Reference Basic Management Commands
Usage Guide This command sets the MOTD, which is displayed at login. The letters that follow the separator will be
discarded.
Configuration
Examples
The following example shows the configuration of MOTD:
Ruijie(config)# banner motd $ hello,world $
Command Description Related
Commands N/A N/A
Platform
Description None
clock set
To configure system clock manually, run one of the two formats of the clock set command in
privileged user mode:
clock set hh:mm:ss month day year
Parameter Description
hh:mm:ss Current time: Hour (24-hour): Minute: Second
day Date (1-31) of month
month Month (1-12) of year
Parameter
Description
year Year (1993-2035): No abbreviation is allowed.
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide
Use this command to set the system time to facilitate management.
For devices without hardware clock, the time set by the clock set command applies only for the
current setting. Once the device is powered off, the set time becomes invalid.
Configuration
Examples
The following example configures the current time as 10:20:30AM March 17th 2003.
Ruijie# clock set 10:20:30 Mar 17 2003
Ruijie# show clock
clock: 2003-3-17 10:20:32
Command Description Related
Commands show clock Shows current clock.
Command Reference Basic Management Commands
Platform
Description None
clock update-calendar
In privileged EXEC mode, use the clock update-calendar command to overwrite the value of
hardware clock by software clock.
clock update-calendar
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide
Some platforms use hardware clock as a complement. As the battery enables hardware clock to run
continuously hardware clock still runs, whether the device is turned off or restarted.
If hardware clock and software clock are out of sync, the software clock is more reliable. Execute the
clock update-calendar command to copy the date and time indicated by the software clock to the
hardware clock.
Configuration
Examples
The following example copies the current time and date indicated by the software clock to the
hardware clock:
Ruijie# clock update-calendar
Command Description Related
Commands N/A N/A
Platform
Description N/A
exec-timeout
To configure connection timeout for this device in LINE mode, use the exec-timeout command.
Once the connection timeout in LINE is cancelled by using the no exec-timeout command, the
connection never expires.
exec-timeout minutes [seconds]
no exec-timeout
Parameter Parameter Description
Command Reference Basic Management Commands
minutes Timeout in minutes. Description
seconds (Optional) Timeout in minutes
Defaults The default timeout is 10 minutes.
Command
Mode Line configuration mode
Usage Guide If there is no input or output for this connection within a specified time, this connection will expire, and
this LINE will be restored to the free status.
Configuration
Examples
The following example specifies the connection timeout as 5’30’’.
Ruijie(config-line)#exec-timeout 5 30
Command Description Related
Commands N/A N/A
Platform
Description None
hostname
To specify or modify the hostname of a device, run the hostname command in global configuration
mode.
hostname name
Parameter Description Parameter
Description name Device hostname, string, number or hyphen, up to 63 characters.
Defaults The default hostname is Ruijie.
Command
Mode Global configuration mode
Usage Guide This hostname is mainly used to identify the device and is taken as the username for the local device
during dialup and CHAP authentication.
Configuration
Examples
The following example configures the hostname of the device as BeiJingAgenda:
Ruijie(config)# hostname BeiJingAgenda
BeiJingAgenda(config)#
Related Command Description
Command Reference Basic Management Commands
Commands N/A N/A
Platform
Description None
prompt
To set the prompt command, run the prompt command in global configuration mode. To delete the
prompt setting, run the no prompt command.
prompt string
Parameter Description Parameter
Description string Character string of the prompt command, containing up to 32 letters.
Defaults None
Command
Mode Global configuration mode
Usage Guide If no prompt string is configured, the system name applies and varies with the system name. The
prompt command is valid only in EXEC mode.
Configuration
Examples
Sets the prompt string to rgnos:
Ruijie(config)# prompt rgnos
Ruijie(config)# end
RGOS
Command Description Related
Commands N/A N/A
Platform
Description None
reload
To restart the device system, run the privileged user command reload.
reload [ text | in [ hh: ] mm [ text ] | at hh:mm [month day year ] [ text ] | cancel ]
Parameter Description
text Causes the system to restart, 1-255 bytes
in [ hh: ] mm The system is restarted after a specified time interval of up to 24 days.
Parameter
Description
at hh:mm The system is restarted at the specified time.
Command Reference Basic Management Commands
month Indicates a month using characters, such as Mar for March.
day Date in the range of 1 to 31
year Year in the range of 1993 to 2035. No abbreviation is allowed.
cancel Cancels the scheduled restart.
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide This command is used to restart the device at a specified time to facilitate management.
Configuration
Examples
The following example restarts the system in 10 minutes:
Ruijie# reload in 10
Router will reload in 600 seconds.
Command Description Related
Commands N/A N/A
Platform
Description None
session-timeout
To configure the session timeout for a remote terminal in current LINE mode, use the
session-timeout command. When the session timeout for the remote terminal in LINE mode is
cancelled, the session never expires.
session-timeout minutes [output]
no session-timeout
Parameter Description
minutes Timeout in minutes. Parameter
Description output Regards data output as the input to determine whether the session expires.
Defaults The default timeout is 0 min.
Command
Mode LINE configuration mode
Usage Guide If no input or output in current LINE mode is found on the remote terminal for the session within a
specified time, this connection will expire, and this LINE will be restored to the free status.
Configuration The following example specifies the timeout as 5 minutes.
Command Reference Basic Management Commands
Examples Ruijie(config-line)#exec-timeout 5 output
Command Description Related
Commands N/A N/A
Platform
Description None
speed
To set the speed at which the terminal transmits packets, run the speed speed command in line
configuration mode. To restore the speed to its default, run the no speed command.
speed speed
Parameter Description Parameter
Description speed Transmission rate (bps) on the terminal. For serial ports, optional rates include 9600,
19200, 38400, 57600, and 115200 bps. The default rate is 9600 bps.
Defaults The default rate is 9600.
Command
Mode Global configuration mode
Usage Guide This command is used to set the speed at which the terminal transmits packets.
Configuration
Examples
The following example shows how to set the rate of the serial port to 57600 bps:
Ruijie(config)# line console 0
Ruijie(config-line)# speed 57600
Command Description Related
Commands N/A N/A
Platform
Description None
write
Use this command to save running-config to a specified location.
write [ memory | network | terminal ]
Parameter Description Parameter
Description memory Writes the system configuration (running-config) into NVRAM, which is equivalent
Command Reference Basic Management Commands
to copy running-config startup-config.
network Saves the system configuration to the TFTP server, which is equivalent to copy
running-config tftp.
terminal Shows the system configuration, which is equivalent to show running-config.
Defaults
Command
Mode Privileged EXEC mode
Usage Guide
Despite the presence of alternative commands, these commands are widely used and accepted.
Therefore, they are reserved to facilitate user operations.
On a device that enables you to specify a boot configuration file, use the write [memory]
command to do the following:
● If you have not specified a boot configuration file using the boot config command, the
system stores configurations in /config.text in the built-in flash memory by default.
● If you have specified a boot configuration file using the boot config command, the
system stores configurations in the file.
● If you have used the boot config command to specify a boot configuration file but the
file does not exist:
■ The system automatically creates the specified file and writes it into system
configuration if the device that stores the file exists;
■ The system will ask you whether to save the current configuration in the default
boot configuration file /config and perform an action as required if the device
that stores the file does not exist possibly because the boot configuration file is
stored on a removable storage device such as USB drive or SD card, and the
device has not been loaded when you run the write [memory] command.
The boot config command is supported only on the RSR10, RSR20, R2700 V5.0,
RSR50, and NPE50 series of routers.
Configuration
Examples
Example 1: The following example shows how to save system configuration on a device that does not
support boot config.
Ruijie# write
Building configuration...
[OK]
Example 2: The following example shows how to use the write command on a device that supports
boot config before and after removing a USB drive you have set up to store the boot configuration
file:
Ruijie(config)# boot config /mnt/usb1/config.text
Ruijie# write
Building configuration...
Write to boot config file: [/mnt/usb1/config.text]
Command Reference Basic Management Commands
[OK]
Ruijie# usb remove 1
0:1:1:38 Ruijie: USB-5-USB_DISK_REMOVED: USB Device <USB Mass Storage Device>
Removed!
Ruijie# write
Building configuration...
Write to boot config file: [/mnt/usb1/config.text]
[Failed]
The device [usb1] does not exist, write to the default config file
[/config.text]? [no] yes
Write to the default config file: [/config.text]
[OK]
Command Description
boot config Names the boot configuration file on the device.
copy Copies device configuration files.
Related
Commands
show running-config Views the system configuration.
Platform
Description None
show clock
To view the system time, run the show clock command in privileged user mode.
show clock
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide This command is used to view the current system clock.
Configuration
Examples
The following example shows a result of the show clock command:
Ruijie# show clock
clock: 2003-3-17 10:27:21
Command Description Related
Commands clock set Sets the system clock.
Command Reference Basic Management Commands
Platform
Description None
show line
To show the configuration of a line, run the show line command in privileged EXEC mode.
show line {console line-num | vty line-num | line-num}
Parameter Description
console Shows the configuration of a console line.
aux Checks configuration information relating to the aux line.
vty Shows the configuration of a vty line.
Parameter
Description
line-num Number of the line.
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide This command shows the configuration of a line.
Configuration
Examples
The following example shows the configuration of a console port:
Ruijie# show line console 0
CON Type speed Overruns
* 0 CON 9600 45927
Line 0, Location: "", Type: "vt100"
Length: 24 lines, Width: 79 columns
Special Chars: Escape Disconnect Activation
^x none M
Timeouts: Idle EXEC Idle Session
never never
History is enabled, history size is 10.
Total input: 53564 bytes
Total output: 395756 bytes
Data overflow: 27697 bytes
stop rx interrupt: 0 times
Command Description Related
Commands N/A N/A
Platform
Description None
Command Reference Basic Management Commands
show reload
To show the system restart settings, run the show reload command in privileged EXEC mode.
show reload
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide This command is used to show the restart settings of the system.
Configuration
Examples
The following example shows the restart settings of the system:
Ruijie# show reload
Reload scheduled in 595 seconds.
At 2003-12-29 11:37:42
Reload reason: test.
Command Description Related
Commands N/A N/A
Platform
Description None
show running-config
To show how the current device system is configured, run the show running-config command in
privileged user mode.
show running-config
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Privileged EXEC mode
Command Reference Basic Management Commands
Usage Guide None
Configuration
Examples None
Command Description Related
Commands N/A N/A
Platform
Description None
show startup-config
To view the device configuration stored in the Non Volatile Random Access Memory (NVRAM), run
the show startup-config command in privileged user mode.
show startup-config
Parameter Description Parameter
Description N/A N/A
Defaults None
Command
Mode Privileged EXEC mode
Usage Guide
The device configuration stored in the NVRAM is executed while the device is starting.
On a device that does not support boot config, startup-config is contained in the default
configuration file /config.text in the built-in flash memory.
On a device that supports boot config, configure startup-config as follows:
If you have specified a boot configuration file using the boot config command and the file exists,
startup-config is stored in the specified configuration file.
If the boot configuration file you have specified using the boot config command does not exist or you
have not specified a boot configuration file using the command, startup-config is contained in
/config.text in the built-in flash memory.
Configuration
Examples None
Command Description Related
Commands boot config Sets the name of the boot configuration
file.
Command Reference Basic Management Commands
Platform
Description None
show version
To view information about the system, run the show version command in privileged EXEC mode.
show version [devices | module | slots]
Parameter Description
devices Current information about the device.
module Current information about the module.
Parameter
Description
slots Current information about the slot.
Defaults None
Command
Mode Privileged mode
Usage Guide This command is used to view current system information, including the system start time, version,
device information, and serial number.
Configuration
Examples
The following example shows system information.
Ruijie# show version
System description : Ruijie Dual Stack Multi-Layer Switch(S3760-24) By Ruijie
Network
System start time: 1970-6-14 11:49:53
System uptime: 3:17:1:17
System hardware version: 2.0
System software version: RGOS 10.3.00(4), Release(34679)
System boot version: 10.2.34077
System CTRL version: 10.2.24136
System serial number: 1234942570001
Command Description Related
Commands N/A N/A
Platform
Description
The parameters such as devices and module are only supported on some modular networking
devices.
Command Reference HTTP Service Commands
HTTP Service Commands
enable service web-server
Use this command to enable the HTTP service function.
Use the no form of this command to disable the HTTP service function.
enable service web-server [ http | https | all ]
no enable service web-server [ http | https ]
Parameter
Description Parameter Description
http Enables the HTTP service.
https Enables the HTTPS service.
all Enables both the HTTP service and the HTTPS service.
Defaults By default, the HTTP service function is disabled.
Command
mode
Global configuration mode.
Usage Guide If run a command ends with the keyword all or without keyword, it indicates enabling both the HTTP
service and the HTTPS service; if run a command ends with keyword http, it indicates enabling the
HTTP service; if run a command ends with keyword https, it indicates enabling the HTTPS service.
Use the command no enable service web-server to disable the corresponding HTTP service.
Configuration
Examples
The following example enables both the HTTP service and the HTTPS service:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#enable service web-server
Related
Commands Command Description
show service Displays the configuration information and
status of system service.
show web-server status Displays the configuration information and
status of the web service.
Platform
Description
N/A
http web-file update
Use this command to update the Web package.
Command Reference HTTP Service Commands
http web-file update
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide When the latest installation package is acquired and is stored in local device, user can run this
command directly without restarting the device to update the Web package.
To enable the new web package to take effect, log in to the web interface again.
Configuration
Examples
The following example updates the Web package
Ruijie#http web-file update
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ip http port
Use this command to configure the HTTP port number.
Use the no form of this command to restore the HTTP port number to the default value.
ip http port port-number
no ip http port
Parameter
Description Parameter Description
port-number Configures the HTTP port number, the value includes 80,
1025-65535.
Defaults The default HTTP port number is 80.
Command
mode
Global configuration mode.
Command Reference HTTP Service Commands
Usage Guide Use this command to configure the HTTP port number.
Configuration
Examples
The following example configures the HTTP port number as 8080:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#ip http port 8080
Related
Commands Command Description
enable service web-server Enables the HTTP service function.
show web-server status Displays the configuration information and
status of the web service.
Platform
Description
N/A
ip http secure-port
Use this command to configure the HTTPS port number.
Use the no form of this command to restore the HTTPS port number to the default value.
ip http secure-port port-number
no ip http secure-port
Parameter
Description Parameter Description
port-number Configures the HTTPS port number, the value includes 443,
1025-65535.
Defaults The default HTTP port number is 443.
Command
mode
Global configuration mode.
Usage Guide Use this command to configure the HTTPS port number.
Configuration
Examples
The following example configures the HTTPS port number as 4443:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#ip http secure-port 4443
Related
Commands Command Description
enable service web-server Enables the HTTP service function.
show web-server status Displays the configuration information and
status of the web service.
Command Reference HTTP Service Commands
Platform
Description
N/A
webmaster level
Use this command to configure HTTP authentication information, including the username and
password.
webmaster level privilege-level username name password { password | [ 0 | 7 ]
encrypted-password }
no webmaster level privilege-level [ username name ]
Parameter
Description Parameter Description
privilege-level Configures the user privilege-level.
name Username.
password Password.
0 | 7 Password type; 0 indicates plaintext, 7 indicates ciphertext.
encrypted-password Password text.
Defaults N/A
Command
mode
Global configuration mode.
Usage Guide When HTTP is enabled, users can log in to the web interface only after being authenticated. Use this
command to configure the username and password for the HTTP authentication information.
Run the command no webmaster level privilege-level I to delete all the usernames and the
password with a designated privilege-level.
Run the command no webmaster level privilege-level username name to delete the designated
username and password.
Usernames and passwords come with three permission levels, each of which includes
at most 20 usernames and passwords.
Configuration
Examples
The following example configures HTTP authentication information, including the username and
password:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#webmaster level 0 username ruijie password admin
Related
Commands Command Description
Command Reference HTTP Service Commands
enable service web-server Enables the HTTP service function.
Platform
Description
N/A
http check-version
Use this command to detect the available upgrade files on the HTTP server.
http check-version
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Use this command to detect the available upgrade files. The detected upgrade files version is later
than that of local files,
Configuration
Examples
The following example demonstrates the version of the detected HTTP upgrade file.
Ruijie#http check-version
Files need to be updated: web.
app name:web
sn version filename
-- ------------------- -------------------------
0 1.2.1(82381) web1.2.1(145680).upd
1 1.2.1(82380) web1.2.1(145680).upd
2 1.2.1(82379) web1.2.1(145680).upd
3 1.2.1(82378) web1.2.1(145680).upd
Related
Commands Command Description
http update Manually updates designated files.
Platform
Description
N/A
http update
Use this command to manually update the web file.
http update web [ version string ]
Command Reference HTTP Service Commands
Parameter
Description Parameter Description
string Version of the Web package to be updated.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Use this command to download the available Web package from a remote server to local device.
If the version is specified, then use the update package with specified version to update the Web
package; otherwise, use the latest update package to update the Web package.
Configuration
Examples
The following example demonstrates how to manually download the latest Web package form the
designated remote server.
Ruijie#http update web
Related
Commands Command Description
http check-vesion Detects the available update package on the
HTTP server.
Platform
Description
N/A
http update mode
Use this command to configure the HTTP update mode.
http update mode auto-detect
no http update mode
Parameter
Description Parameter Description
auto-detect Auto-detect mode
Defaults By default, the auto-detect function is disabled.
Command
mode
Global configuration mode.
Usage Guide Use this command to configure the HTTP update mode
Use this command to configure the HTTP working in the auto-detect mode. The device will detect files
on the server at detection time. User can check the available Web update files on the Web interface.
Use the no form of this command to convert the auto-detect mode into manual mode. The device
working in the manual mode cannot update automatically, so the user must configure the update
Command Reference HTTP Service Commands
manually.
Configuration
Examples
The following example enables the Auto-detect mode:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#http update mode auto-detect
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
http update server
Use this command to configure the IP address and the HTTP port number of the HTTP upgrade
server.
http update server { host-name | ip-address } [ port port-number ]
no http update server
Parameter
Description Parameter Description
host-name Host name of the HTTP remote upgrade server.
ip-address IP address of the HTTP remote upgrade server.
port-number Port number of the HTTP remote upgrade server; value ranges from
1-65535.
Defaults By default, the IP address of the HTTP remote upgrade server is 0.0.0.0 and the port number is 80.
Command
mode
Global configuration mode.
Usage Guide Use this command to configure the IP address and the HTTP port number of the HTTP upgrade
server. When processing the update, the user-configured server address is preferentially used. If the
connection fails, the server address in store in the local upgrade record file will be used to establish
the connection. When all the above connection fails, the update will be suspended.
At least one IP address of upgrade server is stored in the local upgrade record file, and this IP
address cannot be modified.
The HTTP upgrade server address is not need to be configured because the local
upgrade record file records available upgrade server addresses.
Command Reference HTTP Service Commands
If the server domain needs to be configured, enable the DNS function on the device and
configure the DNS server address.
The server IP address cannot be an IPv6 address.
Configuration
Examples
The following example configures the IP address and the HTTP port number of the HTTP upgrade
server:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#http update server 10.83.132.1 port 90
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
http update time
Use this command to configure the HTTP auto-detection time
http update time daily hh:mm
no http update time
Parameter
Description Parameter Description
hh:mm Specific auto-detection time; (24-hour system); accurate to minute.
Defaults By default, the remote HTTP auto-detection time is random.
Command
mode
Global configuration mode.
Usage Guide Use this command to configure the HTTP auto-detection time. The device detects the files available
for upgrade on the server at the specified detection time. Use can read these detected file information
through Web interface.
Use the no form of this command to reset the auto-detection time as random.
Configuration
Examples
The following example configures the HTTP auto-detection time:
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#http update time daily 23:40
Related Command Description
Command Reference HTTP Service Commands
Commands
http update mode Configures the HTTP update mode
Platform
Description
N/A
show web-server status
Use this command to display the configuration information and status of the web.
show web-server status
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
The following example displays the configuration information and status of the web:
Ruijie#show web-server status
http server status : enabled
http server port : 80
https server status: enabled
https server port: 443
http(s) use memory block: 768, create task num: 0
Related
Commands Command Description
enable service web-server Enables the HTTP service function.
ip http port Configures the HTTP port number.
ip http secure-port Configures the HTTPS port number.
Platform
Description
N/A
Command Reference Network Connectivity Test Tool Commands
Network Connectivity Test Tool Commands
ping
Use this command to test the connectivity of a network to locate the network connectivity problem. The
command format is as follows:
ping [ vrf vrf-name | ip ] [ ip-address [ length length ] [ ntimes times ] [ timeout seconds] [ data
data ] [ source source ] [ df-bit ] [ validate ] ]
Parameter
Description Parameter Description
vrf-name VRF name
ip-address Specifies an IPv4 address.
length Specifies the length of the packet to be sent.
times Specifies the number of packets to be sent.
seconds Specifies the timeout time.
data Specifies the data to fill in.
seconds
Specifies the source IPv4 address or the source interface. The
loopback interface address (for example: 127.0.0.1) is not allowed to
be the source address.
df-bit
Sets the DF bit for the IP address. DF bit=1 indicates not to
segmentate the datagrams. By default, the DF bit is 0.
validate Sets whether to validate the reply packets or not.
Defaults Five packets with 100Byte in length are sent to the specified IP address within specified time (2s by
default).
Command
Mode
Privileged EXEC mode.
Usage Guide The ping command can be used in the ordinary user mode and the privileged EXEC mode. In the
ordinary mode, only the basic functions of ping are available. In the privileged EXEC mode, in addition
to the basic functions, the extension functions of the ping are also available. For the ordinary functions
of ping, five packets of 100Byte in length are sent to the specified IP address within the specified
period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed,
and the statistics is displayed at the end. For the extension functions of ping, the number, quantity and
timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end.
To use the domain name function, configure the domain name server firstly. For the concrete
configuration, refer to the DNS Configuration section.
Configuration
Examples
The example below shows the ordinary ping.
Ruijie# ping 192.168.5.1
Sending 5, 100-byte ICMP Echoes to 192.168.5.1, timeout is 2 seconds:
Command Reference Network Connectivity Test Tool Commands
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
The example below shows the extension ping.
Ruijie# ping 192.168.5.197 length 1500 ntimes 100 timeout 3
Sending 100, 1500-byte ICMP Echoes to 192.168.5.197, timeout is 3 seconds, data
ffff source 192.168.4.10:
< press Ctrl+C to break >
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 2/2/3 ms
Ruijie#
Related
Commands Command Description
N/A N/A
Platform
Description
The command is supported by all equipments.
ping ipv6
Use this command to test the connectivity of a network to locate the network connectivity problem. The
command format is as follows:
ping [ ipv6 ] [ ipv6-address [ length length ] [ ntimes times ] [ timeout seconds ] [ data data ] [ source
source ]
Parameter
Descriptio
n
Parameter Description
Ipv6-address Specifies an IPv6 address.
length Specifies the length of the packet to be sent.
times Specifies the number of packets to be sent.
seconds Specifies the timeout time.
data Specifies the data to fill in.
source
Specifies the source IPv6 address or the source interface. The
loopback interface address (for example: 127.0.0.1) is not allowed to
be the source address.
Defaults Five packets with 100Byte in length are sent to the specified IP address within specified time 2s by default
Command
Mode
Privileged EXEC mode.
Command Reference Network Connectivity Test Tool Commands
Usage
Guide
The ping ipv6 command can be used in the ordinary user mode and the privileged EXEC mode. In the
ordinary mode, only the basic functions of ping ipv6 are available. In the privileged EXEC mode, in addition
to the basic functions, the extension functions of the ping ipv6 are also available. For the ordinary functions
of ping ipv6, five packets of 100Byte in length are sent to the specified IP address within the specified
period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed, and
the statistics is displayed at the end. For the extension functions of ping ipv6, the number, quantity and
timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end. To
use the domain name function, configure the domain name server firstly. For the concrete configuration,
refer to the DNS Configuration section.
Configurat
ion
Examples
The example below shows the ordinary ping ipv6.
Ruijie# ping ipv6 2000::1
Sending 5, 100-byte ICMP Echoes to 2000::1, timeout is 2 seconds:
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
The example below shows the extension ping ipv6.
Ruijie# ping ipv6 2000::1 length 1500 ntimes 100 timeout 3 data ffff source
192.168.4.10:
Sending 100, 1500-byte ICMP Echoes to 2000::1, timeout is 3 seconds
< press Ctrl+C to break >
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 2/2/3 ms
Related
Command
s
Command Description
N/A N/A
Platform
Descriptio
n
The command is supported by all ipv6 equipments.
traceroute
Execute the traceroute command to show all gateways passed by the test packets from the source
address to the destination address.
traceroute [ vrf vrf-name | ip ] [ ip-address [ probe number ] [ source source ] [ timeout seconds]
[ ttl minimum maximum ] ]
Parameter Parameter Description
Command Reference Network Connectivity Test Tool Commands
Description
vrf-name VRF name
ip-address Specifies an IPv4 address.
number Specifies the number of probe packets to be sent.
source
Specifies the source IPv4 address or the source interface. The
loopback interface address (for example: 127.0.0.1) is not allowed to
be the source address.
seconds Specifies the timeout time.
minimum maximum Specifies the minimum and maximum TTL values.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use the traceroute command to test the connectivity of a network to exactly locate the network
connectivity problem when the network failure occurs. To use the function domain name, configure
the domain name server. For the concrete configuration, refer to the DNS Configuration part.
Configuration
Examples
The following is two examples of the application bout traceroute, the one is of the smooth network,
and the other is the network in which some gateways aren’t connected successfully.
1. When the network is connected smoothly:
Ruijie# traceroute 61.154.22.36
< press Ctrl+C to break >
Tracing the route to 61.154.22.36
1 192.168.12.1 0 msec 0 msec 0 msec
2 192.168.9.2 4 msec 4 msec 4 msec
3 192.168.9.1 8 msec 8 msec 4 msec
4 192.168.0.10 4 msec 28 msec 12 msec
5 192.168.9.2 4 msec 4 msec 4 msec
6 202.101.143.154 12 msec 8 msec 24 msec
7 61.154.22.36 12 msec 8 msec 22 msec
From above result, it’s clear to know that the gateways passed by the packets sent to the host with an
IP address of 61.154.22.36 (gateways 1~6) and the spent time are displayed. Such information is
helpful for network analysis.
2. When some gateways in the network fail:
Ruijie# traceroute 202.108.37.42
< press Ctrl+C to break >
Tracing the route to 202.108.37.42
1 192.168.12.1 0 msec 0 msec 0 msec
2 192.168.9.2 0 msec 4 msec 4 msec
3 192.168.110.1 16 msec 12 msec 16 msec
Command Reference Network Connectivity Test Tool Commands
4 * * *
5 61.154.8.129 12 msec 28 msec 12 msec
6 61.154.8.17 8 msec 12 msec 16 msec
7 61.154.8.250 12 msec 12 msec 12 msec
8 218.85.157.222 12 msec 12 msec 12 msec
9 218.85.157.130 16 msec 16 msec 16 msec
10 218.85.157.77 16 msec 48 msec 16 msec
11 202.97.40.65 76 msec 24 msec 24 msec
12 202.97.37.65 32 msec 24 msec 24 msec
13 202.97.38.162 52 msec 52 msec 224 msec
14 202.96.12.38 84 msec 52 msec 52 msec
15 202.106.192.226 88 msec 52 msec 52 msec
16 202.106.192.174 52 msec 52 msec 88 msec
17 210.74.176.158 100 msec 52 msec 84 msec
18 202.108.37.42 48 msec 48 msec 52 msec
The above result clearly shown that the gateways passed by the packets sent
to the host with an IP address of 202.108.37.42 (gateways 1~17) and the spent
time are displayed, and gateway 4 fails.
Ruijie# traceroute www.ietf.org
Translating "www.ietf.org"...[OK]
< press Ctrl+C to break >
Tracing the route to 64.170.98.32
1 192.168.217.1 0 msec 0 msec 0 msec
2 10.10.25.1 0 msec 0 msec 0 msec
3 10.10.24.1 0 msec 0 msec 0 msec
4 10.10.30.1 10 msec 0 msec 0 msec
5 218.5.3.254 0 msec 0 msec 0 msec
6 61.154.8.49 10 msec 0 msec 0 msec
7 202.109.204.210 0 msec 0 msec 0 msec
8 202.97.41.69 20 msec 10 msec 20 msec
9 202.97.34.65 40 msec 40 msec 50 msec
10 202.97.57.222 50 msec 40 msec 40 msec
11 219.141.130.122 40 msec 50 msec 40 msec
12 219.142.11.10 40 msec 50 msec 30 msec
13 211.157.37.14 50 msec 40 msec 50 msec
14 222.35.65.1 40 msec 50 msec 40 msec
15 222.35.65.18 40 msec 40 msec 40 msec
16 222.35.15.109 50 msec 50 msec 50 msec
17 * * *
18 64.170.98.32 40 msec 40 msec 40 msec
Related Command Description
Command Reference Network Connectivity Test Tool Commands
Commands
N/A N/A
Platform
Description
The command is supported by all equipments. Where, the VRF function can only be provided in the
RSR equipment.
traceroute ipv6
Use this command to show all gateways passed by the test packets from the source address to the
destination address.
traceroute [ ipv6 ] [ ip-address [ probe number ] [ timeout seconds ] [ ttl minimum maximum ] ]
Parameter
Description Parameter Description
ipv6-address Specifies an IPv6 address.
number Specifies the number of probe packets to be sent.
seconds Specifies the timeout time.
minimum maximum Specifies the minimum and maximum TTL values.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use the traceroute ipv6 command to test the connectivity of a network to exactly locate the network
connectivity problem when the network failure occurs. To use the function domain name, configure
the domain name server. For the concrete configuration, refer to the DNS Configuration part.
Configuration
Examples
The following is two examples of the application bout traceroute ipv6, the one is of the smooth
network, and the other is the network in which some gateways aren’t connected successfully.
1. When the network is connected smoothly:
Ruijie# traceroute ipv6 3004::1
< press Ctrl+C to break >
Tracing the route to 3004::1
1 3000::1 0 msec 0 msec 0 msec
2 3001::1 4 msec 4 msec 4 msec
3 3002::1 8 msec 8 msec 4 msec
4 3004::1 4 msec 28 msec 12 msec
From above result, it’s clear to know that the gateways passed by the packets sent to the host with an
IP address of 3004::1 (gateways 1~4) and the spent time are displayed. Such information is helpful
for network analysis.
2. When some gateways in the network fail:
Ruijie# traceroute ipv6 3004::1
< press Ctrl+C to break >
Command Reference Network Connectivity Test Tool Commands
Tracing the route to 3004::1
1 3000::1 0 msec 0 msec 0 msec
2 3001::1 4 msec 4 msec 4 msec
3 3002::1 8 msec 8 msec 4 msec
4 * * *
5 3004::1 4 msec 28 msec 12 msec
The above result clearly shown that the gateways passed by the packets sent to the host with an IP
address of 3004::1 (gateways 1~5) and the spent time are displayed, and gateway 4 fails.
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Upgrade and Maintenance Commands
Upgrade and Maintenance Commands
copy tftp
Upgrade and maintain by the tftp protocol or upload and download by the tftp protocol.
copy flash: filename tftp://location/filename
copy tftp://location/filename flash: filename
copy flash: filename tftp://location/filename vrf vrfname
copy tftp://location/filename flash: filename vrf vrfname
Parameter
Description Parameter Description
filename File name
vrfname VRF name
Defaults N/A
Command
mode
Privileged user mode.
Usage Guide If there is a space in the source file name, quotation mask is necessary for the TFTP link, for
example:
copy tftp:”//location/filename” flash: filename vrf vrfname
So does the destination file name, for example:
copy tftp://localtion/filename flash:”filename” vrf vrfname
copy tftp://localtion/filename flash:”filename” vrf vrfname
If there is a space in the source file name, quotation mask is necessary for the TFTP
link, for example:
copy tftp:”//location/filename” flash: filename vrf vrfname
So does the destination file name, for example:
copy tftp://localtion/filename flash:”filename” vrf vrfname
Configuration
Examples
The following is two examples: The first one transmits the backup parameter file (config.bak) from the
local host (ip 192.168.12. 1) to the switch; The second one transmits the file (switch.bin) from the
switch to the local switch (ip 192.168.12.1):
Ruijie# copy tftp://192.168.12.1/config.bak flash:
config.text
Ruijie# copy flash: switch.bin tftp://192.168.12.1/
Command Reference Upgrade and Maintenance Commands
Config.bak
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
copy tftp ipv6
Use this command to perform the following operations:
Download files: download the specified source files from the TFTP server to the local.
Upload files:upload the local specified source files to the TFTP server.
copy flash: :filename tftp:// location /filename
copy tftp://location/filename flash: filename
Parameter
Description Parameter Description
filename File name
Defaults N/A
Command
mode
N/A
Usage Guide N/A
Configuration
Examples
The following example downloads the config.text file to the TFTP server.
Ruijie# copy tftp://[2000::100]/config.text
flash:config.text
Accessing tftp://[2000::100]/config.text...
Success : Transmission success,file length 1496
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
copy xmodem
Upgrade and maintain by using the xmodem protocol or upload and download by using the xmodem
Command Reference Upgrade and Maintenance Commands
protocol.
copy flash: filename xmodem
copy xmodem flash: filename
Parameter
Description Parameter Description
filename The name of files in the equipment.
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide If the file is transmitted successfully, show the length of the transmitted file; otherwise, show the
failure information. Any files can be transmitted by TFTP, such as main program file and parameter
file. The Xmodem can only be transmitted in the out-band (serial ports).
The following shows two examples: The first one transmits the files to the switch from the host via the
xmodem protocol. The second uploads the configuration file in the switch to the host via the xmodem
protocol.
If there is a space in the file name, quotation mask is necessary, for example:
copy xmodeam flash: “filename” or copy flash: ”filename” xmodem
Configuration
Examples
The following is an example of upload and download:
Ruijie# copy xmodem flash: config.text
Ruijie# copy flash: config.text xmodem
Success : Transmission success,file length 1496
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Interface Commands
Interface Commands
carrier-delay
In the interface configuration mode, execute the carrier-delay command to set the carrier delay on
the interface, and the no carrier-delay command to restore it to the default value.
carrier-delay [ seconds ]
no carrier-delay
Parameter
Description Parameter Description
seconds Optional parameter in the range of 1 to 60 seconds
Defaults The default carrier delay is 2 seconds.
Command
Mode
Interface configuration mode
Usage Guide This parameter refers to the delay after which the carrier detection signal DCD of the interface link
changes from the Down status to the Up status. If the DCD changes within the delay, the system will
ignore such changes without disconnecting the upper data link layer for renegotiation.
If the DCD carrier is disconnected for a long time, the parameter should be set longer to accelerate
route aggregation so that the routing table can be converged more quickly. On the contrary, if the
DCD carrier interruption period is shorter than the time used for route aggregation, you should set the
parameter to a higher value to avoid unnecessary route vibration.
Configuration
Examples
The following example shows how to configure the carrier delay of serial interface to 5 seconds:
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config)# carrier-delay 5
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
clear counters
Use this command to clear the counters on the specified interface.
clear counters [ interface-id ]
Command Reference Interface Commands
Parameter
Description Parameter Description
interface-id Interface type and interface ID
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide In the privileged EXEC mode, use the show interfaces command to display the counters or the clear
counters command to clear the counters. If the interface is not specified, the counters on all
interfaces will be cleared.
Configuration
Examples
Ruijie# clear counters gigabitethernet 1/1
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
clear interface
Reset the interface hardware.
clear interface interface-id
Parameter
Description Parameter Description
interface-id Interface type and interface ID
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide This command is only used on the switch port, member port of the L2 Aggregate port, routing port,
and member port of the L3 aggregate port. This command is equal to the shutdown and no
shutdown commands.
Configuration
Examples
Ruijie# clear interface gigabitethernet 1/1
Command Reference Interface Commands
Related
Commands Command Description
shutdown Shutdown the interface.
Platform
Description
N/A
description
Use this command to set the alias of interface.. Use the no form of the command to restore the
default setting.
description string
no description
Parameter
Description Parameter Description
string Interface alias
Defaults By default, there is no alias.
Command
Mode
Interface configuration mode.
Usage Guide Use show interfaces to display the interface information, including the alias.
Configuration
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# description GBIC-1
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
duplex
Use the duplex command in the interface configuration mode to specify the duplex mode for the
interface. Use the no form of the command to restore it to the default setting.
duplex { auto | full | half }
no duplex
Command Reference Interface Commands
Parameter
Description Parameter Description
auto Self-adaptive full duplex and half duplex
full Full duplex
half Half duplex
Defaults Auto.
Command
Mode
Interface configuration mode.
Usage Guide The duplex mode is associated with the interface type. Use show interfaces to display the duplex
mode of the interface
Configuration
Examples
Ruijie(config-if)# duplex full
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
interface fastEthernet
Use this command to select a Ethernet interface, and enter the interface configuration mode.
interface fastEthernet mod-num/port-num
Parameter
Description Parameter Description
mod-num/port-num The range depends on the device and the extended module.
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide The no form of the command is not available, and this interface type cannot be deleted. Use show
interfaces or show interfaces fastEthernet to display the interface configurations.
Configuration
Examples
Ruijie(config)# interface fastEthernet 1/2
Ruijie(config-if)#
Command Reference Interface Commands
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
interface giagbitEthernet
Use this command to select a Gigabit Ethernet interface, and enter the interface configuration mode.
interface gigabitEthernet mod-num/port-num
Parameter
Description Parameter Description
mod-num/port-num The range depends on the device and the extended module.
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide The no form of the command is not available, and this interface type cannot be deleted. Use show
interfaces or show interfaces gigabitEthernet to display the interface configurations.
Configuration
Examples
Ruijie(config)# interface gigabitEthernet 1/2
Ruijie(config-if)#
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
medium-type
Use this command to select the medium type for an interface. Use the no form of the command to
restore it to the default setting.
medium-type { auto-select [ prefer [ fiber | copper ] ] | fiber | copper }
no medium-type
Parameter Parameter Description
Command Reference Interface Commands
Description
fiber Optical interface.
prefer[fiber| copper] The preferred medium type for the interface is selected.
auto-select Auto-select the medium type for the interface.
copper Copper interface.
Defaults Copper interface.
Command
Mode
Interface configuration (physical interface, except for AP and SVI)
Usage Guide If a port can be selected as an optical port or electrical port, you can only select one of them. Once
the media type is selected, the attributes of the port, for example, status, duplex, flow control, and
rate, all mean those of the currently selected media type. After the port type is changed, the attributes
of the new port type take the default values, which can be modified as needed.
Configuration
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# medium-type copeer
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
The 12 SFP interfaces of the 24SFP/12GT line cards and 1210/100/1000M BASE-T interfaces allow
for dynamic switching.
The combo interface is not supported to automatically determine whether the current port is the SFP
interface or the 10/100/1000M BASE-T interface.
mtu
Use this command to set the MTU supported on the interface.
mtu num
Parameter
Description Parameter Description
num 64 to 9216 (or 65536, which varies by products)
Defaults By default, the num is 1500.
Command
Mode
Interface configuration mode.
Usage Guide Set the maximum transmission unit (MTU) supported on the interface.
Command Reference Interface Commands
Configuration
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# mtu 9216
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
shutdown
Use the shutdown command in the interface configuration mode to disable an interface. Use the no
form of the command to enable a disabled port.
shutdown
no shutdown
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Interface configuration mode
Usage Guide Use this command to stop the forwarding on the interface (Gigabit Ethernet interface, Aggregate port
or SVI). You can enable the port with the no shutdown command. If you shut down the interface, the
configuration of the interface exists, but does not take effect. You can view the interface status by
using the show interfaces command.
If you use the script to run no shutdown frequently and rapidly, the system may prompt
the interface status reversal.
Configuration
Examples
Shut down Ap 1:
Ruijie(config)# interface aggregateport 1
Ruijie(config-if)# shutdown
Enable Ap 1:
Ruijie(config)# interface aggregateport 1
Ruijie(config-if)# no shutdown
Command Reference Interface Commands
Related
Commands Command Description
clear interface Reset the hardware.
show interfaces Show the interface information.
Platform
Description
N/A
snmp trap link-status
You can set whether to send LinkTrap on a port. If the function is enabled, the SNMP will send the
LinkTrap when the link status of the port changes. The no form of this command prevents the SNMP
from sending the LinkTrap.
snmp trap link-status
no snmp trap link-status
Parameter
Description Parameter Description
N/A N/A
Defaults This function is enabled. If the link status of the port changes, the SNMP sends the LinkTrap.
Command
Mode
Interface configuration mode.
Usage Guide For an interface (for instance, Ethernet interface, AP interface, and SVI interface), this command sets
whether to send LinkTrap on the interface. If the function is enabled, the SNMP sends the LinkTrap
when the link status of the interface changes.
Configuration
Examples
Do not send LinkTrap on the interface:
Ruijie(config)# interface gigabitEthernet 1/1
Ruijie(config-if)# no snmp trap link-status
Following configuration shows how to configure the interface to forwarding Link trap:
Ruijie(config)# interface gigabitEthernet 1/1
Ruijie(config-if)# snmp trap link-status
Related
Commands Command Description
snmp trap link-status Enable sending LinkTrap on the interface.
no snmp trap link-status Disable sending LinkTrap on the interface.
Platform
Description
N/A
Command Reference Interface Commands
speed
Use this command to configure the speed on the port. Use the no form of the command to restore it to
the default setting.
Parameter
Description Parameter Description
10 Means that the transmission rate of the interface is 10Mbps.
100 Means that the transmission rate of the interface is 100Mbps.
1000 Means that the transmission rate of the interface is 1000Mbps.
10G Means that the transmission rate of the interface is 10Gbps.
auto Self-adaptive
Defaults Auto.
Command
Mode
Interface configuration mode.
Usage Guide If an interface is the member of an aggregate port, the rate of the interface depends on the rate of the
aggregate port. You can set the rate of the interface, but it does not take effect until the interface exits
the aggregate port. Use show interfaces to display configuration. The rate varies by interface types.
For example, you cannot set the rate of a SFP interface to 10M or 100M.
Configuration
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# speed 100
Related
Commands Command Description
show interfaces Show the interface information.
Platform
Description
N/A
show interfaces
Use this command to show the interface information and optical module information.
show interfaces [interface-id] [counters | description | status | switchport | trunk | transceiver
[alarm | diagnosis] | mtu | usage]
Parameter
Description Parameter Description
interface-id
Interface (including Ethernet interface, aggregate port, SVI or
loopback interface).
Command Reference Interface Commands
counters The counters on the interface.
description The description of the interface, including the link status.
status
All the link status of the Layer 2 interface, including the rate and
duplex.
switchport Layer 2 interface information.
trunk Trunk port, applicable for physical port and aggregate port.
transceiver Basic optical module information.
alarm
Alarm information of the optical module. The “None” is displayed
when no fault exists.
diagnosis Diagnosis parameter value of the optical module.
line-detect Line detecting status of the port.
mtu Show the value of MTU on the interface.
usage Show the bandwidth usage of the interface.
Defaults Show all the information.
Command
Mode
Privileged EXEC mode.
Usage Guide Show the basic information if no parameter is specified.
The functions of showing the optical module information, alarming the fault and diagnosing the
parameters shall be used combining with the optical module of the RG network.
To show the optical module and alarm the fault and diagnose the parameters, the function of Digital
Diagnostic Monitoring must be supported by the optical module.
Configuration
Examples
The follow example shows the interface information when the Gi0/1 is Trunk port:
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
Command Reference Interface Commands
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status is
OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Control is OFF
Port-type: trunk
Native vlan:1
Allowed vlan lists:1-4094
Active vlan lists:1, 3-4
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the interface information when the Gi0/1 is Access port:
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status
is OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Command Reference Interface Commands
Control is OFF
Port-type: access
Vlan id : 2
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the layer-2 interface information when the Gi0/1 is Hybrid port.
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status
is OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Control is OFF
Port-type: hybrid
Tagged vlan id:2
Untagged vlan id:none
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
Command Reference Interface Commands
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the layer-2 information of the Gi0/1.
Ruijie# show interfacesgigabitEthernet 0/1 switchport
Interface Switchport ModeAccess Native Protected VLAN lists
--------- ---------- --------- ------ ------ ---------
GigabitEthernet 0/1 enabled Access 11 Disabled ALL
The following example shows the MTU information on the interface GigabitEthernet 1/1.
Ruijie#show interfaces GigabitEthernet 1/1 mtu
interface MTU
------------------- -------
GigabitEthernet 1/1 1500
The following example shows the bandwidth usage on the interface GigabitEthernet 1/1.
Ruijie#show interfaces GigabitEthernet 1/1 usage
Interface Bandwidth Bandwidth Usage
------------------- --------------- ----------------
GigabitEthernet 1/1 1,000,000 Kbit 20%
Related
Commands Command Description
duplex Duplex
flowcontrol Flow control status.
interface gigabitEthernet
Select the interface and enter the interface
configuration mode.
interface aggregateport
Create or access the aggregate port, and enter
the interface configuration mode.
interface vlan
Create or access the switch virtual interface
(SVI), and enter the interface configuration
mode.
shutdown Disable the interface.
speed Configure the speed on the port.
switchport priority Configure the default 802.1q interface priority.
switchport protected Specify the interface as a protected port.
Platform
Description
N/A
Command Reference MAC Address Commands
MAC Address Commands
address-bind ipv6-mode
Use this command to set the IP mode of address binding. Use the no form of this command to delete
the configuration.
Set the IP mode to the compatible mode.
address-bind ipv6-mode compatible
Set the IP mode to the loose mode.
address-bind ipv6-mode loose
Set the IP mode to the strict mode.
address-bind ipv6-mode strict
no address-bind ipv6-mode
Parameter Description Parameter
Description N/A N/A
Defaults Strict mode
Command
Mode
Global configuration mode.
Usage Guide There are three IP address binding modes: compatible, loose and strict. The following table shows
the forwarding rule corresponding to each binding mode.
Mode IPv4 forwarding rule
Strict Only the packets matching IPv4 and MAC are forwarded.
Loose Only the packets matching IPv4 and MAC are forwarded.
compatible Only the packets matching IPv4 and MAC are forwarded.
Mode IPv4 forwarding rule
Strict No IPv6 packets are forwarded. (Default)
Loose All IPv6 packets are forwarded.
compatible Only the IPv6 packets whose source MAC addresses are
bound MAC addresses are forwarded.
Command Reference MAC Address Commands
Configuration
Examples
The following example binds the IP address 192.168.5.2 and the MAC address 00do.f822.33aa and
forward the corresponding packets:
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# address-bind 192.168.5.2 00d0.f822.33aa
Ruijie(config)# address-bind ipv6-mode compatible
Command Description Related
Commands N/A N/A
Platform
Description
N/A
clear mac-address-table dynamic
Use this command to clear the dynamic MAC address.
clear mac-address-table dynamic [ address mac-addr [ interface interface-id ] [ vlan vlan-id ]
Parameter Description
dynamic Clear all the dynamic MAC addresses.
address mac-addr Clear the specified dynamic MAC address.
interface interface-id Clear all the dynamic MAC addresses of the specified interface.
Parameter
Description
vlan vlan-id Clear all the dynamic MAC addresses of the specified VLAN.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use the show mac-address-table dynamic command to display all the dynamic MAC addresses.
Configuration
Examples
The following example clears all the dynamic MAC addresses:
Ruijie# clear mac-address-table dynamic
Command Description Related
Commands show mac-address-table dynamic Use this command to display dynamic MAC address.
Platform
Description
N/A
mac-address-table aging-time
Use this command to specify the aging time of the dynamic MAC address. Use the no form of the
Command Reference MAC Address Commands
command to restore the default value.
mac-address-table aging-time seconds
no mac-address-table aging-time
Parameter Description Parameter
Description seconds
Aging time of the dynamic MAC address, in seconds. The
time range varies with switches.
Defaults 300 seconds.
Command
Mode
Global configuration mode.
Usage Guide Use the show mac-address-table aging-time command to display configuration.
Use the show mac-address-table dynamic command to display the dynamic MAC address table.
Configuration
Examples
Ruijie(config)# mac-address-table aging-time 150
Command Description Related
Commands show mac-address-table aging-time Display the aging time of the dynamic MAC address.
show mac-address-table dynamic Display the dynamic MAC address table.
Platform
Description
N/A
mac-address-table filtering
Use this command to configure the MAC address to be filtered. Use the no form of the command to
remove the configuration.
mac-address-table filtering mac-address vlan vlan-id [ source | destination ]
no mac-address-table filtering mac-address vlan vlan-id
Parameter Description
mac-address MAC address to be filtered
vlan vlan-id VLAN ID. Its range varies with switches.
source Filter frames based on the source MAC address only.
Parameter
Description
destination Filter frames based on the destination MAC address only.
Defaults No filtered address is configured by default.
When this command is configured without the source or destination specified, the frame received in
the specified VLAN, which has the same source or destination MAC address with the specified MAC
address, will be filtered.
Command Reference MAC Address Commands
Command
Mode
Global configuration mode.
Usage Guide The filtered MAC address shall not be a multicast address. Use show mac-address-table filtering to
display the filtered MAC addresses.
Configuration
Examples
Ruijie(config)# mac-address-table filtering 00d0f8000000 vlan 1
Command Description Related
Commands clear mac-address-table filtering Clear the MAC address filtering table
show mac-address-table filtering Show the configuration of the address filtering table.
Platform
Description
N/A
mac-address-table notification
Use this command to enable the MAC address notification function. Use the no form of the command
to disable this function.
mac-address-table notification [ interval value | history-size value ]
no mac-address-table notification [interval | history-size ]
Parameter Description
interval value Specify the interval of sending the MAC address trap message,
1 second by default.
Parameter
Description
history-size value Specify the maximum number of the entries in the MAC
address notification table, 50 entries by default.
Defaults By default, the interval is one second and the maximum number of the entries in the MAC address
notification table is 50.
Command
Mode
Global configuration mode.
Usage Guide The MAC address notification function is specific for only dynamic MAC address and secure MAC
address. No MAC address trap message is generated for static MAC addresses. In the global
configuration mode, you can use the snmp-server enable traps mac-notification command to
enable or disable the switch to send the MAC address trap message.
Configuration
Examples
Ruijie(config)# mac-address-table notification
Ruijie(config)# mac-address-table notification interval 40
Ruijie(config)# mac-address-table notification history-size 100
Command Reference MAC Address Commands
Command Description
snmp-server enable traps Set the method of handling the MAC address trap message..
show mac-address-table
notification
Show the MAC address notification configuration and the MAC
address trap notification table.
Related
Commands
snmp trap mac-notification Enable the MAC address trap notification function on the
specified interface.
Platform
Description
N/A
mac-address-table static
Use this command to configure a static MAC address. Use the no form of the command to remove a
static MAC address.
mac-address-table static mac-addr vlan vlan-id interface interface-id
no mac-address-table static mac-addr vlan vlan-id interface interface-id
Parameter Description
mac-addr Destination MAC address of the specified entry
vlan-id VLAN ID of the specified entry.
Parameter
Description
interface-id Interface (physical interface or aggregate port) that packets are forwarded to
Defaults No static MAC address is configured by default.
Command
Mode
Global configuration mode.
Usage Guide A static MAC address has the same function as the dynamic MAC address that the switch learns.
Compared with the dynamic MAC address, the static MAC address will not be aged out. It can only be
configured and removed by manual. Even if the switch is reset, the static MAC address will not be
lost. A static MAC address shall not be configured as a multicast address. Use the show
mac-address-table static command to show the configuration of the static MAC address table. Use
the clear mac-address-table static command to clear the settings to the static address table.
Configuration
Examples
When the packet destined to 00d0 f800 073c arrives at VLAN4, it will be forwarded to the specified
port gigabitethernet 1/1:
Ruijie(config)# mac-address-table static 00d0.f800.073c vlan 4 interface gigabitethernet 1/1
Command Description Related
Commands show mac-address-table static Show the configuration of the static address table.
clear mac-address-table static Clear the settings to the static address table.
Command Reference MAC Address Commands
Platform
Description
N/A
show address-bind
Use this command to show IP address-MAC address binding.
show address-bind
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show address-bind
IP Address Binding MAC Addr
------------ -----------------
3.3.3.3 00d0.f811.1112
3.3.3.4 00d0.f811.1117
Command Description Related
Commands address-bind Enable IP address-MAC address binding.
Platform
Description
N/A
show address-bind uplink
Use this command to show the uplink port.
show address-bind uplink
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
mode
N/A
Command Reference MAC Address Commands
Usage Guide N/A
Configuration
Examples
Ruijie# show address-bind uplink
Ports State
------------ ------
Fa0/1 Disabled
Fa0/2 Disabled
……
Command Description Related
Commands address-bind uplink Set the uplink port.
Platform
Description
N/A
show mac-address-table address
Use this command to show all types of MAC addresses (including dynamic address, static address
and filtering address)
show mac-address-table [ address mac-addr ] [ interface interface-id ] [ vlan vlan-id ]
Parameter Description
address mac-addr Specified MAC address.
interface interface-id Interface ID
Parameter
Description
vlan vlan-id VLAN ID
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show mac-address-table address 00d0.f800.1001
Vlan MAC Address Type Interface
---------- -------------------- --------
1 00d0.f800.1001 STATIC Gi1/1
Command Description
show mac-address-table static Show the static MAC address.
Related
Commands
show mac-address-table filtering Show the filtering MAC address.
show mac-address-table dynamic Show the dynamic MAC address.
show mac-address-table interface Show all types of MAC addresses of the specified interface
Command Reference MAC Address Commands
show mac-address-table vlan Show all types of MAC addresses of the specified VLAN
show mac-address-table count Show the address counts in the MAC address table.
show mac-address-table static Show the static MAC address.
show mac-address-table filtering Show the filtering MAC address.
Platform
Description
N/A
show mac-address-table aging-time
Use this command to display the aging time of the dynamic MAC address.
show mac-address-table aging-time
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide
Configuration
Examples
Ruijie# show mac-address-table aging-time
Aging time : 300
Command Description Related
Commands mac-address-table aging-time Specify the aging time of the dynamic MAC address.
Platform
Description
N/A
show mac-address-table count
This command is used to display the number of address entries in the address table.
show mac-address-table count [interface interface-id | vlan vlan-id]
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command Privileged EXEC mode.
Command Reference MAC Address Commands
Mode
Usage Guide N/A
Configuration
Examples
Ruijie# show mac-address-table count
Dynamic Address Count : 51
Static Address Count : 0
Filter Address Count : 0
Total Mac Addresses : 51
Total Mac Address Space Available: 8139
Command Description
show mac-address-table static Display the static address.
show mac-address-table filtering Display the filtering address.
show mac-address-table dynamic Display the dynamic address.
show mac-address-table address Display all the address information of the specified
address.
show mac-address-table interface Display all the address information of the specified
interface.
Related
Commands
show mac-address-table vlan Display all the address information of the specified vlan.
Platform
Description
N/A
show mac-address-table dynamic
Use this command to show the dynamic MAC address.
show mac-address-table dynamic [ address mac-add r] [ interface interface-id ] [ vlan vlan-id ]
Parameter Description
mac-addr Destination MAC address of the entry
vlan-id VLAN of the entry
Parameter
Description
interface-id Interface that the packet is forwarded to.
It may be a physical port or an aggregate port
Defaults All the MAC addresses are displayed by default.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration Ruijie# show mac-address-table dynamic
Command Reference MAC Address Commands
Examples Vlan MAC Address Type Interface
------------------------- -------- -------------------
1 0000.0000.0001 DYNAMIC gigabitethernet 1/1
1 0001.960c.a740 DYNAMIC gigabitethernet 1/1
1 0007.95c7.dff9 DYNAMIC gigabitethernet 1/1
1 0007.95cf.eee0 DYNAMIC gigabitethernet 1/1
1 0007.95cf.f41f DYNAMIC gigabitethernet 1/1
1 0009.b715.d400 DYNAMIC gigabitethernet 1/1
1 0050.bade.63c4 DYNAMIC gigabitethernet 1/1
Command Description Related
Commands clear mac-address-table dynamic Clear the dynamic MAC address.
Platform
Description
N/A
show mac-address-table filtering
Use this command to show the filtering MAC address.
show mac-address-table filtering [ ddr mac-addr ] [ vlan vlan-Id ]
Parameter Description
mac-addr Destination MAC address of the entry
Parameter
Description
vlan-id VLAN ID of the entry
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show mac-address-table filtering
Vlan MAC Address Type Interface
------- ----------------- ------- -----------
1 0000.2222.2222 FILTER Not available
Command Description Related
Commands clear mac-address-table
filtering Clear the address filtering table.
mac-address-table filtering Set the address filtering table.
Platform
Description
N/A
Command Reference MAC Address Commands
show mac-address-table interface
Use this command to show the dynamic MAC address management and learning mode.
show mac-address-table mac-manage-learning
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show mac-address-table mac-manage-learning
######MAC manage-learning
running mode: uniform
configuration mode: uniform
dynamic address learning-synchronization: off.
Command Description
mac-manage-learing uniform Set the dynamic MAC address management and learning
mode to uniform mode.
mac-manage-learning uniform
learning-synchronization
Set synchronization of the dynamic MAC addresses of the
entire switch. .
Related
Commands
mac-manage-learning dispersive Set the dynamic MAC address management and learning
mode to dispersive mode.
Platform
Description
N/A
show mac-address-table notification
Use this command to show the MAC address notification configuration and the MAC address
notification table.
show mac-address-table notification [ interface [ interface-id ] | history ]
Parameter Description
interface interface-id Interface ID. Show the MAC address notification configuration
on the interface.
Parameter
Description
history Show the MAC address notification history.
Command Reference MAC Address Commands
Defaults The MAC address notification configuration is shown by default.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show mac-address-table notification interface
Interface MAC Added Trap MAC Removed Trap
--------- -------------- --------------
GigabitEthernet1/14 Disabled Disabled
Ruijie# show mac-address-table notification
MAC Notification Feature: Disabled
Interval between Notification Traps: 1 secs
Maximum Number of entries configured in History Table:1
Current History Table Length: 0
Ruijie# show mac-address-table notification history
History Index: 0
MAC Changed Message:
Operation:ADD Vlan: 1 MAC Addr: 00f8.d012.3456 GigabitEthernet 3/1
Command Description
mac-address-table notification Enable MAC address notification.
Related
Commands
snmp trap mac-notification Enable the MAC address trap notification function on the
specified interface.
Platform
Description
N/A
show mac-address-table static
Use this command to show the static MAC address.
show mac-address-table static [addr mac-add r] [ interface interface-Id ] [ vlan vlan-id ]
Parameter Description
mac-addr Destination MAC address of the entry
vlan-id VLAN ID of the entry
Parameter
Description
interface-id Interface of the entry physical interface or aggregate port
Defaults N/A
Command
Mode
Privileged EXEC mode.
Command Reference MAC Address Commands
Usage Guide N/A
Configuration
Examples
Show only static MAC addresses
Ruijie# show mac-address-table static
Vlan MAC Address Type Interface
---------- -------------------- -------- ---------
1 00d0.f800.1001 STATIC gigabitethernet 1/1
1 00d0.f800.1002 STATIC gigabitethernet 1/1
1 00d0.f800.1003 STATIC gigabitethernet 1/1
Command Description Related
Commands mac-address-table static Configure the static MAC address.
clear mac-address-table static Clear the static addresses.
Platform
Description
N/A
show mac-address-table vlan
Use this command to display all addresses of the specified VLAN.
show mac-address-table vlan [vlan-id]
Parameter Description
vlan-id VLAN ID
Parameter
Description
Defaults -
Command
Mode
Privileged mode
Usage Guide -
Configuration
Examples
Ruijie# show mac-address-table vlan 1
Vlan MAC Address Type Interface
----- ------------- ------- ------------------
1 00d0.f800.1001 STATIC gigabitethernet 1/1
1 00d0.f800.1002 STATIC gigabitethernet 1/1
1 00d0.f800.1003 STATIC gigabitethernet 1/1
Command Description
show mac-address-table static This command is used to display static addresses.
show mac-address-table filtering This command is used to display filtered addresses.
Related
Commands
show mac-address-table dynamic This command is used to display dynamic addresses.
Command Reference MAC Address Commands
show mac-address-table address This command is used to display all address information
about the specified address.
show mac-address-table interface This command is used to display all address information
about the specified interface.
show mac-address-table count This command is used to display the number of addresses
in the address table.
Platform
Description
-
snmp trap mac-notification
Use this command to enable the MAC address trap notification on the specified interface. You can
use The no form of the command to disable this function.
snmp trap mac-notification { added | removed }
no snmp trap mac-notification { added | removed }
Parameter Description
added Notify when a MAC address is added.
Parameter
Description
removed Notify when a MAC address is removed
Defaults Disabled.
Command
Mode
Interface configuration mode.
Usage Guide Use show mac-address-table notification interface to display configuration.
Configuration
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# snmp trap mac-notification added
Command Description
mac-address-table notification Enable MAC address notification.
Related
Commands
show mac-address-table
notification
Show the MAC address notification configuration and the MAC
address notification table.
Platform
Description
N/A
Command Reference VLAN Commands
VLAN Commands
vlan
Use this command to enter vlan configuration mode. Use the no form of this command to delete vlan.
vlan vlan-id
no vlan vlan-id
Parameter
Description Parameter Description
vlan-id VLAN ID.
Note: The default VLAN 1 cannot be deleted.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide Execute the end command or press Ctrl+C to return to priviledged EXEC mode.
Execute the exit command to returen to global configuration mode.
Configuration
Examples
Ruijie(config)# vlan 1
Ruijie(config-vlan)#
Related
Commands Command Description
show vlan Displays VLAN member ports information.
Platform
Description
N/A
Command Reference IP Address Commands
IP Address Commands
ip-address
Use this command to configure the IP address of an interface. Use the no form of this command to
delete the IP address of the interface.
ip address ip-address network-mask [ secondary ] | [ gateway ip-address ]
no ip address [ip-address network-mask [ secondary ] | [ gateway ] ]
Parameter
Description Parameter Description
ip-address
32-bit IP address, which comprises multiple groups of 8 bits in
decimal format. Groups are separated by dots.
network-mask
32-bit network mask, which comprises multiple groups of 8 bits in
decimal format. 1 stands for the mask bit, and 0 stands for the
host bit. Groups are separated by dots.
secondary Indicates the secondary IP address that has been configured.
gateway ip-address
Configures the gateway address for the Layer-2 switch. The
gateway address is only supported on Layer-2 switches. No
address follows the gateway parameter when using the no form of
this command.
Defaults No IP address is configured for the interface.
Command
Mode
Interface configuration mode
Usage Guide The device cannot receive and send IP packets before it is configured with an IP address. After an IP
address is configured for the interface, the interface is allowed to run the Internet Protocol (IP).
The network mask is also a 32-bit value that identifies which bits of the IP address is the network
address portion. Among the network mask, the IP address bits set to 1s are the network address
portion. The IP address bits that set to 0s are the host address. For example, the network mask of a
Class A IP address is 255.0.0.0. You can divide a network into different subnets using the network
mask. Subnet division means to use the bits in the host address as the network address portion, so
as to reduce the capacity of a host and increase the number of networks. In this case, the network
mask is called a subnet mask.
The RGOS software supports multiple IP addresses for an interface. One is the primary IP address
and the others are secondary IP addresses. Theoretically, there is no limit on the number of
secondary IP addresses. The primary IP address, however, must be configured before the secondary
IP addresses are configured. The secondary IP addresses and the primary IP address must belong
Command Reference IP Address Commands
to different networks, and different secondary IP addresses must also belong to different networks.
Secondary IP addresses are often used in network construction. Typically, you can try to use
secondary IP addresses in the following situations:
A network does not have enough host addresses. At present, a LAN should be a class C network
where 254 hosts can be configured. However, when there are more than 254 hosts in the LAN,
another class C network address is necessary since one class C network is not enough. Therefore,
the device should be connected to two networks and multiple IP addresses should be configured.
Many older networks are L2-based bridge networks that have not been divided into different subnets.
Use of secondary IP addresses will make it very easy to upgrade this network to an IP layer-based
routing network. The equipment is configured with an IP address for each subnet.
Two subnets of a network are separated by another network. You can create a subnet for the
separated network, and connect the separated subnet by configuring a secondary IP address. One
subnet cannot appear on two or more interfaces of a device.
In general, the Layer-2 switch is configured with a default gateway by using the ip default-gateway
command. Sometimes the Layer-2 switch may be managed through Telnet, and the management IP
address and default gateway of the Layer-2 switch need to be modified. In this case, after configuring
either of the ip address and ip default-gateway commands, the other command cannot be
configured any more due to the configuration change which causes a failure to access this device
through the network. So you need to use the keyword gateway in the ip address command to modify
both the management IP address and the default gateway. The keyword gateway is not in the output
of the show running config command but in the output of the ip default-gate command.
Configuration
Examples
The following example sets the primary IP address to 10.10.10.1, and the network mask to
255.255.255.0.
ip address 10.10.10.1 255.255.255.0
The following example sets the default gateway to 10.10.10.254.
ip address 10.10.10.1 255.255.255.0 gateway 10.10.10.254
Related
Commands Command Description
show interface
Shows detailed information about the
interface.
Platform
Description
For the Layer 2 switch, the IP address can be configured only for a Layer 3 interface. The Level-2
address is not supported, that is, the secondary IP address option is unavailable.
The keyword gateway is only supported by Layer-2 switches.
Command Reference IP Address Commands
ip unnumbered
Use this command to configure an unnumbered interface. After an interface is configured as an
unnumbered interface, it is allowed to run the IP protocol and can receive and send IP packets. Use
the no form of this command to cancel this configuration.
ip unnumbered interface-type interface-number
no ip unnumbered
Parameter
Description Parameter Description
interface-type Interface type
interface-number Interface number
Defaults No unnumbered interface is configured.
Command
Mode
Interface configuration mode
Usage Guide An unnumbered interface is an interface on which IP is enabled but no IP address is assigned to it.
The unnumbered interface should be associated to an interface with an IP address. The source IP
address of the IP packet generated by an unnumbered interface is the IP address of the associated
interface. In addition, the routing protocol process determines whether to send route update packets
to an unnumbered interface according to the IP address of the associated interface. The following
restrictions apply when an unnumbered interface is used:
(1) An Ethernet interface cannot be configured as an unnumbered interface.
(2) A serial interface can be configured as an unnumbered interface when it is encapsulated with
SLIP, HDLC, PPP, LAPB and Frame Relay. However, when Frame Relay is used for encapsulation,
only the point-to-point interface can be configured as an unnumbered interface. X.25 encapsulation
does not allow configuration as an unnumbered interface.
(3) You cannot detect whether an unnumbered interface works normally using the ping command,
because no IP address is configured for the unnumbered interface. However, the status of the
unnumbered interface can be monitored remotely using SNMP.
(4) The network cannot be started using an unnumbered interface.
Configuration
Examples
The following example configures the local interface as an unnumbered interface, and sets the
associated interface to the FE interface 0/1. An IP address must be configured for the associated
interface.
ip unnumbered fastEthernet 0/1
Related
Commands Command Description
show interface Shows detailed information about the interface.
Command Reference IP Address Commands
Platform
Description
This command is not supported on Layer 2 switches.
arp
Use this command to add a permanent IP-MAC address mapping to the ARP cache table. Use the no
form of this command to delete the static MAC address mapping.
arp [ vrf name ] ip-address MAC-address type
no arp [ vrf name ] ip-address
Parameter
Description Parameter Description
vrf name
Specifies the VRF instance. The name parameter indicates the name
of the VRF instance.
ip-address
The IP address that corresponds to the MAC address. It
comprises four groups of numeric values in decimal format
separated by dots.
MAC-address 48-bit data link layer address
type
ARP encapsulation type. The keyword is arpa for Ethernet
interfaces.
Defaults There is no static mapping record in the ARP cache table.
Command
Mode
Global configuration mode
Usage Guide RGOS finds the 48-bit MAC address according to the 32-bit IP address using the ARP cache table.
Since most hosts support dynamic ARP resolution, usually static ARP mapping is not necessary. The
clear arp-cache command can be used to delete the ARP mapping that is learned dynamically.
Configuration
Examples
The following example sets an ARP static mapping record for an Ethernet host.
arp 1.1.1.1 4e54.3800.0002 arpa
Related
Commands Command Description
clear arp-cache Clears the ARP cache table
Platform
Description
N/A
Command Reference IP Address Commands
arp anti-ip-attack
For a message that hits a directly-connected route, if the switch does not learn the ARP entry that
corresponds to the destination IP address, the switch is not able to forward the message via hardware
and needs to send the message to the CPU to parse the address. This process is called ARP
learning. Sending a large number of such messages to the CPU, however, will influence the other
tasks of the switch. To prevent the IP messages from attacking the CPU, a discard entry is set to the
hardware during address resolution, so that all sequential messages with that destination IP address
are not sent to the CPU at all. After the address resolution, the entry is updated to the forwarding
status, so that the switch can forward the messages with that destination IP address via hardware.
In general, during the ARP request ,if the switch CPU receives three destination IP address
messages that hit the ARP entry, the switch considers that there is possibility to attack the CPU and
thus sets a discard entry to prevent unknown unicast messages from attacking the CPU. Users can
set the num parameter of this command to decide whether it attacks the CPU in the specific network
environment or disable this function. Use the arp anti-ip-attack num command to set the parameter
or disable this function. Use the no form of this command to restore the num parameter to the default
value 3.
arp anti-ip-attack num
no arp anti-ip-attack
Parameter
Description Parameter Description
num
The number of IP messages to trigger the ARP to set a discard entry.
The value ranges from 0 to 100. 0 stands for disabling the ARP
anti-IP-attack function.
Defaults The switch sets a discarded entry after three unknown unicast messages are sent to the CPU.
Command
Mode
Global configuration mode
Usage Guide The ARP anti-IP-attack function will occupy the switch hardware routing resources when the switch is
attacked by unknown unicast messages. If there are enough resources, you can set the num
parameter in the arp anti-ip-attack to a smaller value. If not, in order to first ensure normal routing,
you can set the num parameter to a larger value or simply disable this function.
Configuration
Examples
The following example sets the number of IP messages that will trigger ARP to set a discard entry to.
Ruijie(config)# arp anti-ip-attack 5
The following example disables the ARP anti-IP-attack function.
Ruijie(config)# arp anti-ip-attack 0
Related Command Description
Command Reference IP Address Commands
Commands
N/A N/A
Platform
Description
This command is supported on Layer 3 switches.
arp gratuitous-send interval
Use this command to set the interval of sending free ARP request messages on an interface. Use the
no form of this command to disable this function on the interface.
arp gratuitous-send interval seconds
no arp gratuitous-send
Parameter
Description Parameter Description
seconds
The time interval in seconds for sending free ARP request messages
in the range from 1 to 3600
Defaults Periodically sending free ARP request messages is disabled on an interface.
Command
Mode
Interface configuration mode
Usage Guide If a network interface of the switch is used as the gateway of its downlink devices but a downlink
device pretends to be the gateway, you can configure the function to send free ARP request
messages regularly on this interface to notify that the switch is the real gateway.
Configuration
Examples
The following example sets the interval for sending free ARP request messages to SVI 1 to 1 second.
Ruijie(config)# interface vlan 1
Ruijie(config-if)# arp gratuitous-send interval 1
The following example disables the function of sending free ARP request messages to SVI 1.
Ruijie(config)# interface vlan 1
Ruijie(config-if)# no arp gratuitous-send
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference IP Address Commands
arp retry interval
Use this command to set the interval for sending ARP request messages locally, namely, the time
interval between two continuous ARP requests sent for parsing one IP address. Use the no form of
this command to restore the default value, that is, retry an ARP request per second.
arp retry interval seconds
no arp retry interval
Parameter
Description Parameter Description
seconds
Time interval in seconds for retrying ARP request messages in the
range from 1 to 3600
1 second by default
Defaults The retry interval of ARP requests is 1 second.
Command
Mode
Global configuration mode
Usage Guide The switch sends ARP request messages frequently, thus causing problems like network congestion.
In this case, you can set the retry interval of ARP request messages to a larger value. In general, it
should not exceed the aging time of dynamic ARP entries.
Configuration
Examples
The following example sets the retry interval of ARP request messages to 30 seconds.
arp retry interval 30
Related
Commands Command Description
arp retry times number Sets the retry times of ARP request messages.
Platform
Description
N/A
arp retry times
Use this command to set the local retry times of ARP request messages, namely, the times of
sending ARP request messages to parse one IP address. Use the no form of this command to
restore the default settings (five ARP requests).
arp retry times number
no arp retry times
Parameter
Description Parameter Description
Command Reference IP Address Commands
number
The times of sending the same ARP request in the range from 1 to
100. 1 indicates that the ARP request is not retransmitted but only
one ARP request message is sent.
Defaults If the ARP response message is not received, the ARP request message will be sent for 5 times, and
then timeout occurs.
Command
Mode
Global configuration mode
Usage Guide The switch sends ARP request messages frequently, thus causing problems like network congestion.
In this case, you can set the retry times of ARP request messages to a smaller value. In general, the
retry times should not be set to an excessively large value.
Configuration
Examples
The following example sets the retry times of local ARP request messages to 1.
arp retry times 1
The following example sets the retry times of local ARP request messages to 2.
arp retry times 2
Related
Commands Command Description
arp retry interval seconds
Sets the retry interval of ARP request
messages.
Platform
Description
N/A
arp timeout
Use this command to configure the timeout for ARP static mapping records in the ARP cache. Use
the no form of this command to restore the default settings.
arp timeout seconds
no arp timeout
Parameter
Description Parameter Description
seconds The timeout in seconds ranging from 0 to 2147483
Defaults The default timeout is 3600 seconds.
Command
Mode
Interface configuration mode
Command Reference IP Address Commands
Usage Guide The ARP timeout setting is only applicable to the IP and MAC address mapping records that are
learned dynamically. The shorter the timeout, the truer the mapping table saved in the ARP cache,
but the more network bandwidth occupied by ARP. Therefore, weight the advantages and
disadvantages of ARP timeout before using it. Generally you do not need to configure the ARP
timeout unless specially required.
Configuration
Examples
The following example sets the timeout for dynamic ARP mapping records that are learned
dynamically from FE port 0/1 to 120 seconds.
interface fastEthernet 0/1
arp timeout 120
Related
Commands Command Description
clear arp-cache ClearS the ARP cache table.
show interface Shows interface information.
Platform
Description
N/A
arp unresolve
Use this command to configure the maximum number of unresolved ARP entries. Use the no form of
this command to restore the default value 8192.
arp unresolve number
no arp unresolve
Parameter
Description Parameter Description
number
The maximum number of unresolved ARP entries in the range from 1
to 8192. The default value is 8192.
Defaults The ARP cache table can contain up to 8192 unresolved entries.
Command
Mode
Global configuration mode
Usage Guide If there are a large number of unresolved entries in the ARP cache table and they do not disappear
after a period of time, use this command to limit the number of unresolved entries.
Configuration The following example sets the maximum number of unresolved entries to 500.
Command Reference IP Address Commands
Examples arp unresolve 500
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ip proxy-arp
Use this command to enable the proxy ARP function on the interface. Use the no form of this
command to disable the proxy ARP function.
ip proxy-arp
no ip proxy-arp
Parameter
Description Parameter Description
N/A N/A
Defaults The proxy ARP function is disabled on L3 switches of 10.2(3) and later versions, but enabled on
routers.
Command
Mode
Interface configuration mode
Usage Guide Proxy ARP helps hosts without routing information to obtain MAC addresses of other networks or
subnet IP addresses. For example, a device receives an ARP request. The IP addresses of the
request sender and receiver are in different networks. However, the device knows a route to the IP
address of the request receiver and sends an ARP response, in which the MAC address is the
Ethernet MAC address of the device itself. This process is known as proxy ARP.
Configuration
Examples
The following example enables proxy ARP on FE port 0/1.
interface fastEthernet 0/1
ip proxy-arp
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
Command Reference IP Address Commands
service trustedarp
Use this command to enable the trusted ARP function. Use the no form of this command to disable
the trusted ARP function.
service trustedarp
no service trustedarp
Parameter
Description Parameter Description
N/A N/A
Defaults The trusted ARP function is disabled.
Command
Mode
Global configuration mode
Usage Guide The trusted ARP function of the device is used to prevent ARP proofing. As a part of the GSN
scheme, it should be used together with the GSN scheme.
Configuration
Examples
The following example enables the trusted ARP function in global configuration mode.
config
service trustedarp
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ip broadcast-address
Use this command to define a broadcast address for an interface in interface configuration mode. Use
the no form of this command to cancel the broadcast address configuration.
ip broadcast-address ip-address
no ip broadcast-address
Parameter
Description Parameter Description
ip-address Broadcast address of the IP network
Defaults The IP broadcast address is 255.255.255.255.
Command Reference IP Address Commands
Command
Mode
Interface configuration mode
Usage Guide At present, the destination address of an IP broadcast packet is all-1s, indicating 255.255.255.255.
The RGOS software can generate broadcast packets with other defined IP addresses, and can
receive both all-1s packets and broadcast packets defined by itself.
Configuration
Examples
The following example sets the destination address of IP broadcast packets generated by this
interface to 0.0.0.0.
ip broadcast-address 0.0.0.0
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
ip directed-broadcast
Use this command to enable the conversion from IP directed broadcast to physical broadcast in
interface configuration mode. Use the no form of this command to cancel the configuration.
ip directed-broadcast [ access-list-number ]
no ip directed-broadcast
Parameter
Description Parameter Description
access-list-number
(Optional) Access list number ranging from 1 to 199 or from 1300 to
2699. After an access list number is defined, only the IP directed
broadcast packets that match this access list are converted.
Defaults The conversion function is disabled.
Command
Mode
Interface configuration mode
Usage Guide An IP directed broadcast packet is an IP packet whose destination address is an IP subnet broadcast
address. For example, a packet with the destination address 172.16.16.255 is called a directed
broadcast packet. However, the node that generates this packet is not a member of the destination
subnet.
The device that is not directly connected to the destination subnet receives an IP directed broadcast
Command Reference IP Address Commands
packet and handles this packet in the same way as forwarding a unicast packet. After the directed
broadcast packet reaches a device that is directly connected to this subnet, the device converts the
directed broadcast packet into a flooding broadcast packet (typically the broadcast packet whose
destination IP address is all-1s), and then sends the packet to all hosts in the destination subnet as
with link layer broadcast.
You can enable conversion from directed broadcast into physical broadcast on a specified interface,
so that this interface can forward a directed broadcast packet to a directly connected network. This
command affects only the final transmission of directed broadcast packets that have reached the
destination subnet instead of normal forwarding of other directed broadcast packets.
You can also define an access list on an interface to control which directed broadcast packets to
forward. After an access list is defined, only the packets that conform to the conditions defined in the
access list will perform the conversion from directed broadcast to physical broadcast.
If the no ip directed-broadcast command is configured on an interface, RGOS will discard the
directed broadcast packets received from the directly connected network.
Configuration
Examples
The following example enables the forwarding of directed broadcast packet on the FE port 0/1 of the
device.
interface fastEthernet 0/1
ip directed-broadcast
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
ip address-pool
Use this command to enable the IP address pool function. Use the no form of this command to
disable the IP address pool function.
ip address-pool local
no ip address-pool local
Parameter
Description Parameter Description
N/A N/A
Defaults The IP address pool function is enabled.
Command
Mode
Global configuration mode
Command Reference IP Address Commands
Usage Guide By default, the IP address pool function is enabled, the user can configure the IP address pool, and
the PPP user can assign an IP address to the peer end from the IP address pool. Use the no ip
address-pool local command to disable the IP address pool function and delete all IP address pools
previously configured.
Configuration
Examples
The following example enables the IP address pool function.
ip address-pool local
Related
Commands Command Description
ip local pool Configures the IP address pool.
Platform
Description
This command is not supported on switches.
clear arp-cache
Use this command to remove dynamic ARP mapping records from the ARP cache table in privileged
mode.
clear arp-cache [ vrf vrf_name | trusted ] [ p [mask ] ] | interface interface-name ]
Parameter
Description Parameter Description
trusted Removes trusted ARP entries.
vrf vrf_name Removes dynamic ARP entries of the specified VRF instance.
ip
Specifies the IP address so as to remove ARP entries of this IP
address. If the trusted keyword is specified, trusted ARP entries are
removed; otherwise, dynamic ARP entries are removed.
mask
Specifies the subnet mask so as to remove ARP entries of the
specified subnet. The preceding IP address must be a subnet
number. If the trusted keyword is specified, trusted ARP entries of the
subnet are removed; otherwise, dynamic ARP entries of the subnet
are removed.
interface interface-name Removes dynamic ARP entries of the specified interface.
Defaults N/A
Command
Mode
Privileged user mode
Command Reference IP Address Commands
Usage Guide This command can be used to refresh an ARP cache table.
A Network Foundation Protection Policy (NFPP) device receives one ARP packet for
every MAC or IP address per second by default. If the interval between twice ARP
clearing is within 1 second, the second response packet will be filtered out and the ARP
packet will fail to be parsed in a short time.
Configuration
Examples
The following example removes all dynamic ARP mapping records.
clear arp-cache
The following example removes the dynamic ARP entry 1.1.1.1.
clear arp-cache 1.1.1.1
The following example removes dynamic ARP table entries on interface SVI1.
clear arp-cache interface Vlan 1
Related
Commands Command Description
arp Adds a static mapping record to the ARP table.
Platform
Description
The parameter trusted is not supported by routers.
clear ip route
Use this command to remove the entire IP routing table or a particular routing record in the IP routing
table in privileged user mode.
clear ip route { * | network [ netmask ] }
Parameter
Description Parameter Description
* Removes all the routes.
network The network or subnet address to be removed
netmask (Optional) Network mask
Defaults N/A
Command
Mode
Privileged user mode
Command Reference IP Address Commands
Usage Guide Once an invalid route is found in the routing table, you can immediately refresh the routing table to get
the updated routes. Note that, however, refreshing the entire routing table will result in a temporary
communication failure on the entire network.
Configuration
Examples
The following example refreshes only the route 192.168.12.0.
1 clear ip route 192.168.12.0
Related
Commands Command Description
show ip route Shows the IP routing table.
Platform
Description
This command is not supported on Layer 2 switches.
show arp
Use this command to show the ARP cache table
show arp [ [ vrf vrf-name ] [ trusted ] ip [ mask ] | static | complete | incomplete | mac-address ]
Parameter
Description Parameter Description
vrf vrf-name Shows ARP entries of the specified VRF instance.
trusted
Shows trusted ARP entries. Currently, only the global VRF supports
the trusted ARP.
ip
Shows the ARP entries of the specified IP address.
If the trusted keyword is specified, only trusted ARP entries are
shown; otherwise, non-trusted ARP entries are shown.
ip mask
Shows the ARP entries of the IP subnet.
If the trusted keyword is specified, only trusted ARP entries are
shown; otherwise, non-trusted ARP entries are shown.
static Shows all the static ARP entries.
complete Shows all the resolved dynamic ARP entries.
incomplete Show alls the unresolved dynamic ARP entries.
mac-address Shows the ARP entry with the specified MAC address.
Defaults N/A
Command
Mode
Priviledged user mode
Usage Guide N/A
Command Reference IP Address Commands
Configuration
Examples
The following example shows the output result of the show arp command.
Ruijie# show arp
Total Numbers of Arp: 7
Protocol Address Age(min) Hardware
Type Interface
Internet 192.168.195.68 0 0013.20a5.7a5f arpa VLAN 1
Internet 192.168.195.67 0 001a.a0b5.378d arpa VLAN 1
Internet 192.168.195.65 0 0018.8b7b.713e arpa VLAN 1
Internet 192.168.195.64 0 0018.8b7b.9106 arpa VLAN 1
Internet 192.168.195.63 0 001a.a0b5.3990 arpa VLAN 1
Internet 192.168.195.62 0 001a.a0b5.0b25 arpa VLAN 1
Internet 192.168.195.5 -- 00d0.f822.33b1 arpa VLAN 1
Field Description
Protocol Protocol of the network address,which is always set to Internet
Address IP address corresponding to the hardware address
Age (min) Age of the ARP cache record in minutes
If it is locally or statically configured, the value of the field is represented with “-”.
Hardware Hardware address corresponding to the IP address
Type Hardware address type, which is ARPA for Ethernet addresses
Interface Interface associated with the IP address
The following example shows the output result of the show arp 192.168.195.68 command.
Ruijie# show arp 192.168.195.68
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.68 1 0013.20a5.7a5f arpa VLAN 1
The example shows the output result of the show arp 192.168.195.0 255.255.255.0 command.
Ruijie# show arp 192.168.195.0 255.255.255.0
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.64 0 0018.8b7b.9106 arpa VLAN 1
Internet 192.168.195.2 1 00d0.f8ff.f00e arpa VLAN 1
Internet 192.168.195.5 -- 00d0.f822.33b1 arpa VLAN 1
Internet 192.168.195.1 0 00d0.f8a6.5af7 arpa VLAN 1
Command Reference IP Address Commands
Internet 192.168.195.51 1 0018.8b82.8691 arpa VLAN 1
The following example shows the output result of the show arp 001a.a0b5.378d command.
Ruijie# show arp 001a.a0b5.378d
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.67 4 001a.a0b5.378d arpa VLAN 1
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported by routers or Layer 2 switches.
show arp counter
Use this command to show the number of ARP entries in the ARP cache table.
show arp counter
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Any mode
Usage Guide N/A
Configuration
Examples
The following example shows the output result of the show arp counter command:
Ruijie# show arp counter
The Arp Entry counter:0
The Unresolve Arp Entry:0
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference IP Address Commands
show arp detail
Use this command to show details about the ARP cache table.
show arp detail [ interface-type interface-number | ip [ mask ] | mac-address | static | complete |
incomplete ]
Parameter
Description Parameter Description
interface-type
interface-number Shows the ARP entry of a Layer 2 or Layer 3 port.
ip Shows the ARP entry of the specified IP address.
ip mask
Shows the ARP entries of the network segment included within the IP
mask.
mac-address Shows the ARP entry of the specified MAC address.
static Shows all the static ARP entries.
complete Show all the resolved dynamic ARP entries.
incomplete Show all the unresolved dynamic ARP entries.
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide Use this command to show ARP details, such as the ARP type (Dynamic, Static, Local, Trust) and
information about a specific Layer 2 port.
Configuration
Examples
The following example shows the output result of the show arp detail command.
Ruijie# show arp detail
IP Address MAC Address Type Age(min) Interface Port
20.1.1.1 000f.e200.0001 Static -- -- --
20.1.1.1 000f.e200.0001 Static -- Vl3 --
20.1.1.1 000f.e200.0001 Static -- Vl3 Gi2/0/1
193.1.1.70 00e0.fe50.6503 Dynamic 1 Vl3 Gi2/0/1
192.168.0.1 0012.a990.2241 Dynamic 10 Gi2/0/3 Gi2/0/3
192.168.0.1 0012.a990.2241 Dynamic 20 Ag1 Ag1
192.168.0.1 0012.a990.2241 Dynamic 30 Vl2 Ag2
192.168.0.39 0012.a990.2241 Local -- Vl3 --
192.168.0.39 0012.a990.2241 Local -- Gi2/0/3 --
192.168.0.1 0012.a990.2241 Local -- Vl3 --
192.168.0.1 0012.a990.2241 Local -- Gi2/3/2 --
Command Reference IP Address Commands
IP Address IP address corresponding to the hardware address
MAC Address hardware address corresponding to the IP address
Type ARP type, including Static, Dynamic, Trust, and Local.
Age (min) Age of the ARP learning in minutes
Interface Layer 3 interface associated with the IP address
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported on Layer 3 switches but not supported on routers.
show arp timeout
Use this command to show the aging time of the dynamic ARP entry on an interface.
show arp timeout
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Any mode
Usage Guide N/A
Configuration
Examples
The following example shows the output result of the show arp timeout command:
Ruijie# show arp timeout
Interface arp timeout(sec)
---------------------- ----------------
VLAN 1 3600
Command Reference IP Address Commands
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
show ip arp
Use this command to show the ARP cache table in privileged user mode.
show ip arp
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Configuration
Examples
The following example shows the output result of the show ip arp command.
Ruijie# show ip arp
Protocol Address Age(min)Hardware Type Interface
Internet 192.168.7.233 23 0007.e9d9.0488 ARPA FastEthernet 0/0
Internet 192.168.7.112 10 0050.eb08.6617 ARPA FastEthernet 0/0
Internet 192.168.7.79 12 00d0.f808.3d5c ARPA FastEthernet 0/0
Internet 192.168.7.1 50 00d0.f84e.1c7f ARPA FastEthernet 0/0
Internet 192.168.7.215 36 00d0.f80d.1090 ARPA FastEthernet 0/0
Internet 192.168.7.127 0 0060.97bd.ebee ARPA FastEthernet 0/0
Internet 192.168.7.195 57 0060.97bd.ef2d ARPA FastEthernet 0/0
Internet 192.168.7.183 -- 00d0.f8fb.108b ARPA FastEthernet 0/0
Field Description
Protocol Network address protocol, which is always set to Internet
Address IP address corresponding to the hardware address
Age (min)Age of the ARP cache record in minutes
If it is locally or statically configured, the value of the field is represented with “-”.
Command Reference IP Address Commands
Type The type of hardware address, which is ARPA for Ethernet addresses
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
show ip interface
Use this command to show information about the IP status of an interface.
show ip interface [ interface-type interface-number | brief ]
Parameter
Description Parameter Description
interface-type Speciies the interface type.
interface-number Specifies the interface number.
brief
Shows brief configuration information about the IP addresses of the
layer-3 interface, including the interface primary IP address,
secondary IP address, and interface status.
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide When an interface is available, RGOS will create a direct route in the routing table. An available
interface means that the RGOS software can receive and send packets through this interface. If the
interface changes from available status to unavailable status, the RGOS software removes the direct
route from the routing table.
If the interface is unavailable (two-way communication is allowed), the line protocol status will be
shown as UP. If only the physical line is available, the interface status will be shown as UP.
The results shown may vary with the interface type, because some contents are interface-specific
options.
Configuration
Examples
The following example shows the output result of the show ip interface brirf command.
Ruijie#show ip interface brief
Interface IP-Address(Pri) IP-Address(Sec) Status Protocol
GigabitEthernet 0/10 2.2.2.2/24 3.3.3.3/24 down down
GigabitEthernet 0/11 no address no address down down
Command Reference IP Address Commands
2 VLAN 1 1.1.1.1/24 no address down down
Status: link status of the interface. The options include up, down, and administratively
down. The link status of an interface will be administratively down if you run the
shutdown command to forcibly shut down the interface.
Protocol: IPv4 protocol status of the interface.
The following example shows the output result of the show ip interface vlan command.
SwitchA#show ip interface vlan 1
VLAN 1
IP interface state is: DOWN
IP interface type is: BROADCAST
IP interface MTU is: 1500
IP address is:
1.1.1.1/24 (primary)
IP address negotiate is: OFF
Forward direct-broadcast is: OFF
ICMP mask reply is: ON
Send ICMP redirect is: ON
Send ICMP unreachabled is: ON
DHCP relay is: OFF
Fast switch is: ON
Help address is:
Proxy ARP is: OFF
ARP packet input number: 0
Request packet: 0
Reply packet: 0
Unknown packet: 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo request: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Field Description
IP interface state is: The network interface is available, and both its interface hardware
status and line protocol status are UP.
IP interface type is: Shows the interface type, such as broadcast or point-to-point.
IP interface MTU is: Shows the MTU value of the interface.
Command Reference IP Address Commands
IP address is: Shows the IP address and mask of the interface.
IP address negotiate is: Shows whether to obtain the IP address through negotiation.
Forward
direct-broadcast is: Shows whether to forward directed broadcast packets.
ICMP mask reply is: Shows whether to send ICMP mask response messages.
Send ICMP redirect is: Shows whether to send ICMP redirection messages.
Send ICMP
unreachabled is: Shows whether to send ICMP unreachable messages.
DHCP relay is: Shows whether DHCP relay is enabled.
Fast switch is: Shows whether the IP fast switching function is enabled.
Route horizontal-split is: Shows whether horizontal split is enabled, which will affect the route
update behavior of the distance vector protocol.
Help address is: Shows the helper IP address.
Proxy ARP is: Shows whether the proxy ARP is enabled.
ARP packet input
number: 0
Request
packet: 0
Reply
packet: 0
Unknown
packet: 0
Shows the total number of ARP packets received on the interface,
including:
ARP request packets
ARP reply packets
Unknown packets
TTL invalid packet
number: Shows the number of packets with invalid TTL.
ICMP packet input
number: 0
Echo request:
0
Echo reply:
0
Unreachable:
0
Source quench:
0
Routing redirect:
0
Shows the total number of ICMP packets received on the interface,
including:
Echo request packets
Echo reply packets
Unreachable packets
Source quench packets
Routing redirection packets
Outgoing access list is Shows whether an outgoing access list has been configured for an
interface.
Inbound access list is Shows whether an incoming access list has been configured for an
interface.
Command Reference IP Address Commands
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show ip pool
Use this command to display an IP address pool of the system.
show ip pool [ pool-name ]
Parameter
Description Parameter Description
pool-name Address pool name
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Configuration
Examples
The following example shows the output result of the show ip pool command.
Ruijie#show ip pool
Pool Begin End Free In use
aaa 1.1.1.1 1.1.1.200 200 0
ccc 2.2.2.2 2.2.2.211 210 0
Related
Commands Command Description
ip local pool Configures the IP address pool.
Platform
Description
This command is not supported on switches.
Command Reference IP Address Commands
ip mask-reply
Use this command to configure the RGOS software to respond to the ICMP mask request and send
an ICMP response message in interface configuration mode. Use the no form of this command to
disable the sending of the ICMP mask response message.
ip mask-reply
no ip mask-reply
Parameter
Description Parameter Description
N/A N/A
Defaults No ICMP mask response message is sent.
Command
Mode
Interface configuration mode
Usage Guide Sometimes a network device needs to know the subnet mask of a subnet on the Internet. To obtain
such information, the network device can send an ICMP mask request message, and the network
device that receives this message will return a mask response message.
Configuration
Examples
The following example sets the FE interface 0/1 of a device to respond to the ICMP mask request
message.
interface fastEthernet 0/1
ip mask-reply
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
ip mtu
Use this command to set the Maximum Transmission Unit (MTU) for IP packets in interface
configuration mode. Use the no form of this command to restore the default settings.
ip mtu bytes
no ip mtu
Parameter
Description Parameter Description
Command Reference IP Address Commands
bytes
Maximum transmission unit of IP packets ranging from 68 to 1500
bytes
Defaults The MTU is the same as the MTU value configured by the interface command mtu.
Command
Mode
Interface configuration mode
Usage Guide If an IP packet is larger than the IP MTU, the RGOS software will split this packet. All the devices in
the same physical network segment must have the same IP MTU for the interconnected interface.
If the interface configuration command mtu is used to set the MTU value of the interface, IP MTU will
automatically match with the MTU value of the interface. However, if the IP MTU value is changed,
the MTU value of the interface will remain unchanged.
Configuration
Examples
The following example sets the IP MTU value of the FE interface 0/1 to 512 bytes.
interface fastEthernet 0/1
ip mtu 512
Related
Commands Command Description
mtu Sets the MTU value of an interface.
Platform
Description
This command is not supported on Layer 2 switches.
ip redirects
Use this command to allow the RGOS software to send an ICMP redirection message in interface
configuration mode. Use the no form of this command to disable the ICMP redirection function.
ip redirects
no ip redirects
Parameter
Description Parameter Description
N/A N/A
Defaults The ICMP redirection function is enabled.
Command
Mode
Interface configuration mode
Command Reference IP Address Commands
Usage Guide When the route is not optimal, it may cause the device to receive packets through one interface and
send it though the same interface. If the device sends the packet from the same interface through
which this packet is received, the device will send an ICMP redirection message to the data source,
telling the data source that the gateway for the destination address is another device in the subnet. In
this way, the data source will send subsequent packets along the optimal path.
The RGOS software enables ICMP redirection by default.
Configuration
Examples
The following example disables ICMP redirection on the FE interface 0/1.
interface fastEthernet 0/1
no ip redirects
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
ip source-route
Use this command to allow the RGOS software to process an IP packet with source route information
in global configuration mode. Use the no form of this command to disable the source route
information processing function.
ip source-route
no ip source-route
Parameter
Description Parameter Description
N/A N/A
Defaults The function is enabled.
Command
Mode
Global configuration mode
Usage Guide RGOS supports IP source routes. When the device receives an IP packet, it will check the options of
the IP packet, such as strict source route, loose source route and record route. Details about these
options can be found in RFC 791. If an option is found to be enabled in this packet, a response will be
made. If an invalid option is detected, an ICMP parameter error message will be sent to the data
source, and then this packet is discarded.
The RGOS software supports IP source routes by default.
Command Reference IP Address Commands
Configuration
Examples
The following example disables the IP source route feature.
no ip source-route
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
ip unreachables
Use this command to allow the RGOS software to generate ICMP destination unreachable
messages. Use the no form of this command to disable this function.
ip unreachables
no ip unreachables
Parameter
Description Parameter Description
N/A N/A
Defaults The function is enabled.
Command
Mode
Interface configuration mode
Usage Guide RGOS software will send an ICMP destination unreachable message if it receives a unicast message
in which the destination address is itself and cannot process the upper protocol of this message.
RGOS software will send an ICMP host unreachable message to the data source if it cannot forward
a message due to no routing.
This command influences all ICMP destination unreachable messages.
Configuration
Examples
The following example disables the sending of ICMP destination unreachable messages on the FE
interface 0/1.
interface fastEthernet 0/1
no ip unreachables
Command Reference IP Address Commands
Related
Commands Command Description
N/A N/A
Platform
Description
This command is not supported on Layer 2 switches.
Command Reference TCP Commands
TCP Commands
ip tcp mss
Use this command to configure the upper limit of the MSS value. Use the no form of this command to
remove the configuration.
ip tcp mss max-segment-size
no ip tcp mss
Parameter
Description Parameter Description
max-segment-size Upper limit of the MSS value in the range from 68 to 10000 bytes
Defaults The upper limit is not set by default.
Command
Mode
Global configuration mode
Usage Guide This command is used to limit the maximum value of MSS for the TCP connection to be created. The
negotiated MSS cannot exceed the configured value. You can use this command to reduce the
maximum value of MSS. However, this configuration is not needed in general.
Configuration
Examples
Ruijie(config)# ip tcp mss 1300
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported by RGOS 10.3 and later versions.
ip tcp not-send-rst
Use this command to prohibit sending the reset packet when a port-unreachable packet is received.
Use the no form of this command to remove the configuration.
ip tcp not-send-rst
no ip tcp not-send-rst
Parameter
Description Parameter Description
Command Reference TCP Commands
N/A N/A
Defaults The reset packet is sent when a port-unreachable packet is received.
Command
Mode
Global configuration mode
Usage Guide When the TCP module distributes TCP packets, if the TCP connection to which such packets belong
cannot be found, a reset packet will be returned to the peer end to terminate the TCP connection. The
attacker may initiate attacks by sending a large number of port-unreachable TCP packets. You can
use this command to prohibit sending the reset packet when a port-unreachable packet is received.
Configuration
Examples
Ruijie(config)# ip tcp not-send-rst
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported by RGOS 10.3 and later versions.
ip tcp path-mtu-discovery
Use this command to enable Path Maximum Transmission Unit (PMTU) discovery function for TCP in
global configuration mode. Use the no form of this command to disable this function.
ip tcp path-mtu-discovery [ age-timer minutes | age-timer infinite ]
no ip tcp path-mtu-discovery
Parameter
Description Parameter Description
age-timer minutes
The time interval for further discovery after discovering PMTU. Its
value ranges from 10 to 30 minutes. The default value is 10.
age-timer infinite No further discovery after discovering PMTU
Defaults The PMTU discovery function is disabled.
Command
Mode
Global configuration mode
Usage Guide Based on RFC1191, the TCP path MTU function improves the network bandwidth utilization and data
transmission when the user uses TCP to transmit the data in batch.
Enabling or disabling this function takes no effect for existent TCP connections and is only effective
for TCP connections to be created. This command is valid for both IPv4 and IPv6 TCP.
Command Reference TCP Commands
According to RFC1191, after discovering the PMTU, the TCP uses a greater MSS to detect the new
PMTU at a certain interval, which is specified by the parameter age-timer. If the PMTU discovered is
smaller than the MSS negotiated between two ends of the TCP connection, the device will be trying to
discover the greater PMTU at the specified interval untill the PMTU value reaches the MSS or the
user stops this timer. Use the parameter age-timer infinite to stop this timer.
Configuration
Examples
Ruijie(config)# ip tcp path-mtu-discovery
Related
Commands Command Description
show tcp pmtu
Shows the PMTU value for the TCP
connection.
Platform
Description
This command is supported by RGOS 10.3 and later versions.
ip tcp syntime-out
Use this command to set the timeout value for SYN packets (the maximum time from SYN
transmission to successful three-way handshake). Use the no form of this command to restore the
default value.
ip tcp syntime-out seconds
no ip tcp syntime-out
Parameter
Description Parameter Description
seconds
Timeout value for SYN packets in the range from 5 to 300 seconds.
The default value is 20.
Defaults 20 seconds
Command
Mode
Global configuration mode
Usage Guide If there is an SYN attack in the network, reducing the SYN timeout value can prevent resource
consumption, but it takes no effect for successive SYN attacks. When the device actively requests a
connection with an external device, reducing the SYN timeout value can shorten the time for the user
to wait, such as telnet login. For poor network conditions, the timeout value can be increased
properly.
Configuration
Examples
Ruijie(config)# ip tcp syntime-out 10
Command Reference TCP Commands
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported by RGOS 10.3 and later versions.
ip tcp window-size
Use this command to change the size of receiving buffer and sending buffer for TCP connections.
Use the no form of this command to restore the default value.
ip tcp window-size size
no ip tcp window-size
Parameter
Description Parameter Description
size
Size of receiving buffer and sending buffer for TCP connections in the
range from 0 to 65535 bytes. The default value is 4096.
Defaults The size of receiving buffer and sending buffer is 4096 bytes.
Command
Mode
Global configuration mode
Usage Guide The TCP receiving buffer is used to buffer the data received from the peer end. These data will be
subsequently read by application programs. Generally, the window size of TCP packets implies the
size of free space in the receiving buffer. For connections involving a large bandwidth and mass data,
increasing the size of receiving buffer will remarkably improve TCP transmission performance.
The sending buffer is used to buffer the data of application programs. Each byte in the sending buffer
has a sequence number, and bytes with sequence numbers acknowledged will be removed from the
sending buffer. Increasing the sending buffer will improve the interaction between TCP and
application programs, thus enhancing the performance. However, increasing the receiving buffer and
sending buffer will result in more memory consumption of TCP.
This command is used to change the size of receiving buffer and sending buffer for TCP connections.
This command changes both the receiving buffer and sending buffer, and only applies to subsequent
connections.
Configuration
Examples
Ruijie(config)# ip tcp window-size 16386
Related
Commands Command Description
N/A N/A
Command Reference TCP Commands
Platform
Description
This command is supported by RGOS 10.3 and later versions.
show tcp connect
Use this command to display basic information about the current TCP connections.
show tcp connect
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Configuration
Examples
Ruijie#sh tcp connect
tcp connect status:
TCB Local Address Foreign Address State
cf25000 0.0.0.0.2650 0.0.0.0.0 LISTEN
c441000 0.0.0.0.23 0.0.0.0.0 LISTEN
c441800 1.1.1.1.23 1.1.1.2.64201 ESTABLISHED
c444cc0 ::.23 ::.0 LISTEN
c429980 3000::1.23 3000::2.64236 ESTABLISHED
Field Description
TCB The control block’s location in the current memory
Local Address Th Local address and port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address The remote address and port number. The number after the
last “.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
State Current status of the TCP connection. There are eleven
possible states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent out.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
Command Reference TCP Commands
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the
peer end, and then sent its own FIN packet.
CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the
FIN packet.
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported by RGOS 10.3 and later versions.
show tcp pmtu
Use this command to display information about TCP PMTU.
show tcp pmtu
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Configuration
Examples
Ruijie# show tcp pmtu
No. Local Address Foreign Address PMTU
[1] 2002::1.18946 2002::2.23 1440
[2] 192.168.195.212.23 192.168.195.112.13560 1440
Command Reference TCP Commands
Field Description
No. Sequence number
Local Address The local address and the port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address The remote address and the port number. The number after the
last "." is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
PMTU PMTU value
Related
Commands Command Description
ip tcp path-mtu-discovery Enables the TCP PMTU discovery function.
Platform
Description
This command is supported by RGOS 10.3 and later versions.
show tcp port
Use this command to show information about the current TCP port.
show tcp port
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Configuration
Examples
Ruijie#sh tcp port
tcp port status:
Tcpv4 listen on 2650 have connections:
TCB Foreign Address Port State
Tcpv4 listen on 2650 have total 0 connections.
Tcpv4 listen on 23 have connections:
TCB Foreign Address Port State
c340800 1.1.1.2 64571 ESTABLISHED
Tcpv4 listen on 23 have total 1 connections.
Tcpv6 listen on 23 have connections:
Command Reference TCP Commands
TCB Foreign Address Port State
c429980 3000::2 64572 ESTABLISHED
Tcpv6 listen on 23 have total 1 connections.
Field Description
TCB The control block’s location in the current memory
Foreign Address Remote address
Port Remote port number
State Status of the current TCP connection. There are eleven possible
states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the
peer end, and then sent its own FIN packet.
CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the FIN
packet.
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported by RGOS 10.3 and later versions.
Command Reference DHCP Commands
DHCP Commands
bootfile
Use this command to define the startup mapping file name of the DHCP client in DHCP address pool
configuration mode. Use the no form of this command to remove the definition.
bootfile file-name
no bootfile
Parameter Description Parameter
Description file-name Startup file name
Defaults No startup file name is defined by default.
Command
Mode
DHCP address pool configuration mode.
Usage Guide Some DHCP clients need to download the operating system and the configuration file during startup.
The DHCP server should provide the mapping file name required for the startup, so that DHCP clients
can download the file from the corresponding server such as Trivial File Transfer Protocol (TFTP).
Other servers are defined by the next-server command.
Configuration
Examples
The following example defines device.conf as the startup file name.
bootfile device.conf
Command Description Related
Commands ip dhcp pool
Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
next-server Configures the next server IP address of the DHCP client startup process.
Platform
Description
N/A
client-identifier
Use this command to define the unique ID of the DHCP client (indicated in hexadecimal separated by
dot) in DHCP address pool configuration mode. Use the no form of this command to delete the client
ID.
client-identifier unique-identifier
no client-identifier
Command Reference DHCP Commands
Parameter Description Parameter
Description
unique-identifier
DHCP client ID indicated in hexadecimal and separated by dot, for
instance,
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31.
Defaults N/A
Command
Mode
DHCP address pool configuration mode
Usage Guide When some DHCP clients request the DHCP server to assign IP addresses, they use their client IDs
rather then their hardware addresses. The client ID consists of the media type, MAC addresses and
interface name. For example, the MAC address is 00d0.f822.33b4, the interface name is
GigabitEthernet 0/1, and the corresponding client ID is
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31, where, 01 denotes the type of
the Ethernet media.
The 67.6967.6162.6974.4574.6865.726e.6574.302f.31 is the hexadecimal code of GigabitEthernet0/1.
For the definition of the media code, see the section "Address Resolution Protocol Parameters" in the
RFC1700.
This command is used only when the DHCP is defined by manual binding.
Configuration
Examples
The following example defines the client ID of the Ethernet DHCP client whose MAC address is
00d0.f822.33b4.
Ruijie(dhcp-config)# client-identifier
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31
Command Description
hardware-address Defines the hardware address of DHCP client.
host Defines the IP address and network mask, which is used to configure the
DHCP manual binding.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
Platform
Description
N/A
client-name
Use this command to define the name of the DHCP client in DHPC address pool configuration mode.
Use the no form of this command to delete the name of the DHCP client.
client-name client-name
no client-name
Parameter Parameter Description
Command Reference DHCP Commands
Description
client-name
Name of DHCP client, which is a set of standard-based ASCII
characters. The name should not include the suffix domain
name. For example, you can define the name of the DHCP
client as river, not river.i-net.com.cn.
Defaults No client name is defined by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide This command can be used to define the name of the DHCP client only when the DHCP is defined by
manual binding. This name should not include the suffix domain name.
Configuration
Examples
The following example defines a string river as the name of the client.
Ruijie(dhcp-config)# client-name river
Command Description
host Defines the IP address and network mask, which is used to
configure the DHCP manual binding.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
Platform
Description
N/A
default-router
Use this command to define the default gateway of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the definition of the default gateway.
default-router ip-address [ ip-address2…ip-address8 ]
no default-router
Parameter Description
ip-address Defines the IP address of the equipment. It is required to
configure one IP address at least.
Parameter
Description
ip-address2…ip-address8 (Optional) Up to eight gateways can be configured.
Defaults No gateway is defined by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide In general, the DHCP client should get the information of the default gateway from the DHCP server.
The DHCP server should specify at least one gateway address for the client, and this address should
Command Reference DHCP Commands
be of the same network segment as the address assigned to the client.
Configuration
Examples
The following example defines 192.168.12.1 as the default gateway.
Ruijie(dhcp-config)# default-router 192.168.12.1
Command Description Related
Commands ip dhcp pool
Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
Platform
Description
N/A
dns-server
Use this command to define the Domain Name System (DNS) server of the DHCP client in DHPC
address pool configuration mode. Use the no form of this command to delete the definition of the
DNS server.
dns-server { ip-address [ ip-address2…ip-address8 ] | use-dhcp-client interface-type
interface-number }
no dns-server
Parameter Description
ip-address Defines the IP address of the DNS server. At least one IP address
should be configured.
Parameter
Description
ip-address2…ip-address8 (Optional) Up to eight DNS servers can be configured.
Defaults No DNS server is defined by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide When multiple DNS servers are defined, the former will possess higher priory, so the DHCP client will
select the next DNS server only when its communication with the former DNS server fails.
Configuration
Examples
The following example specifies the DNS server 192.168.12.3 for the DHCP client.
Ruijie(dhcp-config)# dns-server 192.168.12.3
Command Description
domain-name Defines the suffix domain name of the DHCP client.
ip address dhcp Enables the DHCP client on the interface to obtain the IP address information.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
Command Reference DHCP Commands
Platform
Description
N/A
domain-name
Use this command to define the suffix domain name of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the suffix domain name.
domain-name domain-name
no domain-name
Parameter Description
domain-name Defines the suffix domain name string of the DHCP client.
Parameter
Description
Defaults No suffix domain name is defined by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide After the DHCP client obtains specified suffix domain name, it can access a host with the same suffix
domain name by the host name directly.
Configuration
Examples
The following example defines the suffix domain name i-net.com.cn for the DHCP client.
Ruijie(dhcp-config)# domain-name i-net.com.cn
Command Description
dns-server Defines the DNS server of the DHCP client.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
Platform
Description
N/A
hardware-address
Use this command to define the hardware address of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the definition of the hardware
address.
hardware-address hardware-address [ type ]
no hardware-address
Parameter Description Parameter
Description hardware-address Defines the hardware address of the DHCP client.
Command Reference DHCP Commands
type
Uses the string definition or digits definition to indicate the hardware
platform protocol of the DHCP client,:
String options:
Ethernet
ieee802
Digits options:
1 (10M Ethernet)
6 (IEEE 802)
Defaults No hardware address is defined by default.
If there is no option when the hardware address is defined, it is Ethernet by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide This command can be used only when the DHCP is defined by manual binding.
Configuration
Examples
The following example defines the MAC address 00d0.f838.bf3d with the type ethernet.
Ruijie(dhcp-config)# hardware-address 00d0.f838.bf3d
Command Description
client-identifier Defines the unique ID of the DHCP client (Indicated in hexadecimal
separated by dot).
Related
Commands
host Defines the IP address and network mask, which is used to configure
the DHCP manual binding.
ip dhcp pool
Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
Platform
Description
N/A
host
Use this command to define the IP address and network mask of the DHCP client host in DHCP
address pool configuration mode. Use the no form of this command to delete the definition of the IP
address and network mask for the DHCP client.
host ip-address [ netmask ]
no host
Parameter Description
ip-address Defines the IP address of DHCP client.
Parameter
Description
netmask Defines the network mask of DHCP client.
Defaults No IP address or network mask of the host is defined by default.
Command Reference DHCP Commands
Command
Mode
DHCP address pool configuration mode
Usage Guide If the network mask is not defined definitely, the DHCP server will use the natural network mask of
this IP address: 255.0.0.0 for class A IP address, 255.255.0 for class B IP address, and
255.255.255.0 for class C IP address.
This command can be used only when the DHCP is defined by manual binding.
Configuration
Examples
The following example sets the client IP address as 192.168.12.91, and the network mask as
255.255.255.240.
Ruijie(dhcp-config)# host 192.168.12.91 255.255.255.240
Command Description
client-identifier Defines the unique ID of the DHCP client (Indicated in
hexadecimal separated by dot).
hardware-address Defines the hardware address of DHCP client.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
Platform
Description
N/A
ip address dhcp
Use this command to make the Ethernet interface or the Point-to-Point Protocol (PPP),
High-Level Data Link Control (HDLC) and Frame Relay (FR) encapsulated interface obtain the IP
address information by DHCP in interface configuration mode. Use the no form of this command to
cancel this configuration.
ip address dhcp
no ip address dhcp
Parameter Description Parameter
Description N/A N/A
Defaults The interface cannot obtain the ID address by the DHCP by default.
Command
Mode
Interface configuration mode
Usage Guide When requesting the IP address, the DHCP client of the RGOS software also requires the DHCP
server to provide information about five configuration parameters: 1) DHCP option 1, indicates the
client subnet mask; 2) DHCP option 3, indicates the same as the gateway information of the same
subnet; 3) DHCP option 6, indicates the DNS server information; 4) DHCP option 15, indicates the
Command Reference DHCP Commands
host suffix domain name; 5) DHCP option 44, indicates the WINS server information (optional).
The client of the RGOS software is allowed to obtain the address on the PPP, FR or HDL link by the
DHCP, which should be supported by the server. At present, our server supports this function.
Configuration
Examples
The following example makes the FastEthernet 0 port obtain the IP address automatically.
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-FastEthernet 0/1)# ip address dhcp
Command Description
dns-server Defines the DNS server of DHCP client.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
Platform
Description
N/A
ip dhcp excluded-address
Use this command to define some IP addresses and prevent the DHCP server from assigning them
to the DHCP client in global configuration mode. Use the no form of this command to cancel this
definition.
ip dhcp excluded-address low-ip-address [ high-ip-address ]
no ip dhcp excluded-address low-ip-address [ high-ip-address ]
Parameter Description
low-ip-address Excludes the IP address, or excludes the start IP address
within the range of the IP address.
Parameter
Description
high-ip-address Excludes the end IP address within the range of the IP
address.
Defaults The DHCP server assigns the IP addresses of the whole address pool by default.
Command
Mode
Global configuration mode
Usage Guide If no excluded IP address is configured, the DHCP server attempts to assign all IP addresses in the
DHCP address pool. This command can reserve some IP addresses for specific hosts to prevent the
DHCP from assigning these addresses to the DHCP client, and define the excluded IP address
accurately to reduce the conflict detecting time when the DHCP server assigns the address.
Configuration
Examples
The following example configures that the DHCP server will not assign the IP addresses within
192.168.12.100 to 150.
Ruijie(config)# ip dhcp excluded-address 192.168.12.100 192.168.12.150
Command Reference DHCP Commands
Command Description Related
Commands ip dhcp pool
Defines the name of the DHCP address pool and enters
DHCP address pool configuration mode.
network (DHCP)
Defines the network number and network mask of the
DHCP address pool.
Platform
Description
N/A
ip dhcp ping packets
Use this command to configure the times of pinging the IP address when the DHCP server detects
the address conflict in global configuration mode. Use the no form of this command to restore the
default configuration
ip dhcp ping packets [ number ]
no ip dhcp ping packets
Parameter Description Parameter
Description
number
(Optional) Number of packets in the range from 0 to 10, where 0
indicates disabling the ping operation. The ping operation sends
two packets by default.
Defaults The ping operation sends two packets by default.
Command
Mode
Global configuration mode
Usage Guide When the DHCP server attempts to assign the IP address from the DHCP address pool, use the ping
operation to check whether this address is occupied by other hosts. Record it if the address is
occupied, otherwise, assign it to the DHCP client. The ping operation will send up to 10 packets (two
packets by default).
Configuration
Examples
The following example sets the number of the packets sent by the ping operation to 3.
Ruijie(config)# ip dhcp ping packets 3
Command Description Related
Commands clear ip dhcp conflict Clears the DHCP history conflict record.
ip dhcp ping packets
Configures the timeout that the DHCP server waits for
the ping response. If all the ping packets are not
responded within the specified time, this IP address
can be assigned. Otherwise, it will record the address
conflict.
show ip dhcp conflict Shows the DHCP server detects address conflict
Command Reference DHCP Commands
when it assigns an IP address.
Platform
Description
N/A
ip dhcp ping timeout
Use this command to configure the timeout that the DHCP server waits for a response when it uses
the ping operation to detect the address conflict in global configuration mode. Use the no form of this
command to restore it to the default configuration.
ip dhcp ping timeout milli-seconds
no ip dhcp ping timeout
Parameter Description Parameter
Description milli-seconds
Time that the DHCP server waits for ping response in
the range 100 to 10000 milliseconds.
Defaults The timeout is 500 seconds by default.
Command
Mode
Global configuration mode
Usage Guide This command defines the time that the DHCP server waits for a ping response packet.
Configuration
Examples
The following example configures that the waiting time of the ping response packet is 600ms.
Ruijie(config)# ip dhcp ping timeout 600
Command Description Related
Commands clear ip dhcp conflict Clears the DHCP history conflict record.
ip dhcp ping packets
Defines the number of the packets sent by the ping
operation for the detection of the address conflict
when the DHCP server assigns an IP address.
show ip dhcp conflict
Shows the address conflict the DHCP server detects
when it assigns an IP address.
Platform
Description
N/A
ip dhcp pool
Use this command to define a name of the DHCP address pool and enter DHCP address pool
configuration mode in global configuration mode. Use the no form of this command to delete the
DHCP address pool.
Command Reference DHCP Commands
ip dhcp pool pool-name
no ip dhcp pool pool-name
Parameter Description Parameter
Description pool-name
String of characters and positive integers, for
example, mypool or 1.
Defaults No DHCP address pool is defined by default.
Command
Mode
Global configuration mode
Usage Guide Execute the command to enter DHCP address pool configuration mode, which is shown as:
Ruijie(dhcp-config)#
In this configuration mode, you can configure the IP address range, the DNS server and the default
gateway.
Configuration
Examples
The following example defines a DHCP address pool with the name mypool0.
Ruijie(config)# ip dhcp pool mypool0
Ruijie(dhcp-config)#
Related
Commands Command Description
host
Defines the IP address and network mask, which is
used to configure the DHCP manual binding.
ip dhcp excluded-address
Defines the IP addresses that the DHCP server
cannot assign to the clients.
network (DHCP)
Defines the network number and network mask of the
DHCP address pool.
Platform
Description
N/A
lease
Use this command to define the lease time of the IP address that the DHCP server assigns to the
client in DHCP address pool configuration mode. Use the no form of this command to restore the
default configuration.
lease { days [ hours ] [ minutes ] | infinite }
no lease
Parameter Description Parameter
Description days Lease time in days
Command Reference DHCP Commands
hours (Optional) Lease time in hours. It is necessary to
define the days before defining the hours.
minutes
(Optional) Lease time in minutes. It is necessary to
define the days and hours before defining the
minutes.
infinite Infinite lease time
Defaults The lease time is 1 day by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide When the lease is getting near to expire, the DHCP client will send the request of renewing the lease.
In general, the DHCP server will allow renewing the lease of the original IP address.
Configuration
Examples
The following example sets the DHCP lease to 1 hour.
Ruijie(dhcp-config)# lease 0 1
The following example sets the DHCP lease to 1 minute.
Ruijie(dhcp-config)# lease 0 0 1
Command Description Related
Commands ip dhcp pool
Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
Platform
Description
N/A
netbios-name-server
Use this command to configure the WINS name server of the Microsoft DHCP client NETBIOS in
DHCP address pool configuration mode. Use the no form of this command to delete the WINS
server.
netbios-name-server ip-address [ ip-address2…ip-address8 ]
netbios-name-server
Parameter Description Parameter
Description ip-address
IP address of the WINS server. It is required to
configure one IP address at least.
ip-address2…ip-address8
(Optional) IP addresses of WINS servers. Up to
eight WINS servers can be configured.
Defaults No WINS server is defined by default.
Command DHCP address pool configuration mode
Command Reference DHCP Commands
Mode
Usage Guide When more than one WINS server is defined, the former has higher priory. The DHCP client will
select the next WINS server only when its communication with the former WINS server fails.
Configuration
Examples
The following example specifies the WINS server 192.168.12.3 for the DHCP client.
Ruijie(dhcp-config)# netbios-name-server 192.168.12.3
Command Description
ip address dhcp Enables the DHCP client on the interface to obtain
the IP address.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and
enter DHCP address pool configuration mode.
Platform
Description
N/A
netbios-node-type
Use this command to define the node type of the master NetBIOS of the Microsoft DHCP client in the
DHCP address configuration mode. Use the no form of this command to delete the configuration of
the NetBIOS node type.
netbios-node-type type
no netbios-node-type
Parameter Description Parameter
Description
type
Type of node in two modes:
Digit in hexadecimal form in the range of 0 to FF.
Only the following numerals are available:
1: b-node.
2: p-node.
4: m-node.
8: h-node.
String:
b-node: broadcast node
p-node: peer-to-peer node
m-node: mixed node
h-node: hybrid node
Defaults No type of the NetBIOS node is defined by default.
Command
Mode
DHCP address pool configuration mode
Command Reference DHCP Commands
Usage Guide There are four types of the NetBIOS nodes of the Microsoft DHCP client: 1) Broadcast, which carries
out the NetBIOS name resolution by the broadcast method, 2) Peer-to-peer, which directly requests
the WINS server to carry out the NetBIOS name resolution, 3) Mixed, which requests the name
resolution by the broadcast method firstly, and then carry out the name resolution by the WINS server
connection, 4) Hybrid, which requests the WINS server to carry out the NetBIOS name resolution
firstly, and it will carry out the NetBIOS name resolution by the broadcast method if the response is
not received.
By default, the node type for Microsoft operating system is broadcast or hybrid. If the WINS server is
not configured, broadcast node is used. Otherwise, hybrid node is used. It is recommended to set the
type of the NetBIOS node to Hybrid.
Configuration
Examples
The following example sets the NetBIOS node of Microsoft DHCP client as Hybrid.
Ruijie(dhcp-config)# netbios-node-type h-node
Command Description Related
Commands ip dhcp pool
Defines the name of DHCP address pool and enter
DHCP address pool configuration mode.
netbios-name-server
Configures the WINS name server of the Microsoft
DHCP client NETBIOS.
Platform
Description
N/A
network (DHCP)
Use this command to define the network number and network mask of the DHCP address pool. Use
the no form of this command to delete the definition.
network net-number net-mask
no network
Parameter Description
net-number Network number of the DHCP address pool
Parameter
Description
net-mask
Network mask of the DHCP address pool. If the
network mask is not defined, the natural network
mask will be used by default.
Defaults No network number or network mask is defined by default.
Command
Mode
DHCP address pool configuration mode
Usage Guide This command defines the subnet and subnet mask of a DHCP address pool, and provides the
DHCP server with an address space which can be assigned to the clients. Unless excluded
addresses are configured, all the addresses of the DHCP address pool can be assigned to the
Command Reference DHCP Commands
clients. The DHCP server assigns the addresses in the address pool in priority order. If the DHCP
server found an IP address is in the DHCP binding table or in the network segment, it checks the next
until it assigns an effective IP address.
The show ip dhcp binding command can be used to view the address assignment, and the show ip
dhcp conflict command can be used to view the address conflict detection.
Configuration
Examples
The following example defines the network number of the DHCP address pool as 192.168.12.0, and
the network mask as 255.255.255.240.
Ruijie(dhcp-config)# network 192.168.12.0 255.255.255.240
Command Description
ip dhcp excluded-address Defines the IP addresses that the DHCP server
cannot assign to the clients.
Related
Commands
ip dhcp pool Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
Platform
Description
N/A
next-server
Use this command to define the startup sever list that the DHCP client accesses during startup. Use
the no form of this command to delete the definition of the startup server list.
next-server ip-address [ ip-address2…ip-address8 ]
no next-server
Parameter Description Parameter
Description
ip-address
Defines the IP address of the startup server, which
is usually the TFTP server. It is required to
configure one IP address at least.
ip-address2…ip-address8
(Optional) Configures IP addresses of up to eight
startup servers.
Defaults N/A
Command
Mode
DHCP address pool configuration mode
Usage Guide When multiple servers are defined, the former will possess higher priory. The DHCP client will select
the next startup server only when its communication with the former startup server fails.
Configuration
Examples
The following example specifies the startup server 192.168.12.4 for the DHCP client.
Ruijie(dhcp-config)# next-server 192.168.12.4
Command Reference DHCP Commands
Command Description
bootfile Defines the default startup mapping file name of
the DHCP client.
ip dhcp pool Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
Related
Commands
ip help-address Defines the Helper address on the interface.
option
Configures the option of the RGOS software DHCP
server.
Platform
Description
N/A
option
Use this command to configure the option of the DHCP server. Use the no form of this command to
delete the definition of option.
option code { ascii string | hex string | ip ip-address }
no option
Parameter
Description Parameter Description
code Defines the DHCP option codes.
ascii string Defines an ASCII string.
hex string Defines a hexadecimal string.
ip ip-address Defines an IP address list.
Defaults N/A
Command
Mode
DHCP address pool configuration mode
Usage Guide The DHCP provides a mechanism to transmit the configuration information to the host in the TCP/IP
network. The DHCP message has a variable option field that can be defined according to the actual
requirement. The DHCP client needs to carry the DHCP message with at least 312 bytes of option
information. Furthermore, the fixed data field in the DHCP message is also referred to as an option.
For the current definition of DHCP option, see the RFC 2131.
Configuration
Examples
The following example defines the option code 19, which determines whether the DHCP client can
enable the IP packet forwarding. 0 indicates to disable the IP packet forwarding, and 1 indicates to
enable the IP packet forwarding. The following configuration enables the IP packet forwarding on the
DHCP client.
Ruijie(dhcp-config)# option 19 hex 1
Command Reference DHCP Commands
The following example defines the option code 33, which provides the DHCP client with the static
route information. The DHCP client will install two static routes: 1) the destination network
172.16.12.0 and the gateway 192.168.12.12, 2) the destination network 172.16.16.0 and the gateway
192.168.12.16.
option 33 ip 172.16.12.0 192.168.12.12 172.16.16.0 192.168.12.16
Command Description Related
Commands ip dhcp pool
Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
Platform
Description
N/A
service dhcp
Use this command to enable the DHCP server and the DHCP relay on the device in global
configuration mode. Use the no form of this command to disable the DHCP server and the DHCP
relay agent.
service dhcp
no service dhcp
Parameter Description Parameter
Description N/A N/A
Defaults The DHCP server and the DHCP relay agent are disabled by default.
Command
Mode
Global configuration mode
Usage Guide The DHCP server can assign the IP addresses to the clients automatically and provide them with the
network configuration information such as the configuration information about the DNS server and
default gateway. The DHCP relay can forward the DHCP requests to other servers, and the returned
DHCP responses to the DHCP client, serving as the relay for DHCP packets.
Configuration
Examples
The following example enables the DHCP server and the DHCP relay agent on the device.
Ruijie(config)# service dhcp
Command Description Related
Commands show ip dhcp server statistics
Shows various statistics information of the
DHCP server.
Platform
Description
N/A
Command Reference DHCP Commands
clear ip dhcp binding
Use this command to clear the DHCP binding table in privileged user mode.
clear ip dhcp binding { * | ip-address }
Parameter Description Parameter
Description * Deletes all DHCP bindings.
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide This command can only clear the automatic DHCP binding, but the manual DHCP binding can be
deleted by the no ip dhcp pool command.
Configuration
Examples
The following example clears the DHCP binding with the IP address 192.168.12.100.
Ruijie# clear ip dhcp binding 192.168.12.100
Command Description Related
Commands show ip dhcp binding Shows the address binding of the DHCP server.
Platform
Description
N/A
clear ip dhcp conflict
Use this command to clear the DHCP address conflict record in privileged user mode.
clear ip dhcp conflict { * | ip-address }
Parameter Description
* Deletes all DHCP address conflict records.
Parameter
Description
ip-address Deletes the conflict record of the specified IP
addresses.
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide The DHCP server uses the ping session to detect the address conflict, while the DHCP
client uses the address resolution protocol (ARP) to detect the address conflict. The
clear ip dhcp conflict command can be used to delete the history conflict record.
Command Reference DHCP Commands
Configuration
Examples
The following example clears all address conflict records.
Ruijie# clear ip dhcp conflict *
Command Description
ip dhcp ping packets
Defines the number of the packets sent by the ping
operation for the detection of the address conflict when
the DHCP server assigns an IP address.
Related
Commands
show ip dhcp conflict Shows the address conflict that the DHCP server
detects when it assigns an IP address.
Platform
Description
N/A
clear ip dhcp server statistics
Use this command to reset the counter of the DHCP server in privileged user mode.
clear ip dhcp server statistics
Parameter Description
N/A N/A
Parameter
Description
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide The counter of the DHCP server records the entries of the DHCP address pool, automatic binding,
manual binding and expired binding. Furthermore, it also collects statistics about the number of sent
and received DHCP packets. The clear ip dhcp server statistics command can be used to delete
the history counter record and restart the statistics collecting.
Configuration
Examples
The following example clears the statistics record of the DHCP server.
clear ip dhcp server statistics
Command Description Related
Commands show ip dhcp server statistics Shows the statistics record of the DHCP server.
Platform
Description
N/A
Command Reference DHCP Relay Commands
DHCP Relay Commands
ip dhcp relay check server-id
Use this command to enable the ip dhcp relay check server-id function. Use the no form of this
command to disable the ip dhcp relay check server-id function.
ip dhcp relay check server-id
no ip dhcp relay check server-id
Parameter
Description Parameter Description
N/A N/A
Defaults The ip dhcp relay check server-id function is disabled by default.
Command
Mode
Global configuration mode
Usage Guide Use this command to select the destination DHCP server according to server-id option when
forwarding a DHCP request. If this comand is not configured, the DHCP request is forwarded to all
DHCP servers.
Configuration
Examples
The following example enables the ip dhcp relay check server-id function.
Ruijie# configure terminal
Ruijie(config)# ip dhcp relay check server-id
Related
Commands Command Description
service dhcp Enables the DHCP Relay.
Platform
Description
This command is only supported by the switches.
ip dhcp relay information option dot1x
Use this command to enable the dhcp option dot1x function of DHCP relay.
Use the no form of the command to disable the dhcp option dot1x function.
ip dhcp relay information option dot1x
no ip dhcp relay information option dot1x
Parameter Parameter Description
Command Reference DHCP Relay Commands
Description
N/A N/A
Defaults The dhcp option dot1x function is disabled by default.
Command
Mode
Global configuration mode
Usage Guide It is necessary to enable the DHCP Relay, and combine with the 802.1x related configuration to
configure this command.
Configuration
Examples
The following example enables the DHCP option dot1x function on the device.
Ruijie# configure terminal
Ruijie(config)# ip dhcp relay information option dot1x
Related
Commands Command Description
service dhcp Enables the DHCP Relay.
ip dhcp relay information
option dot1x access-group Configures the option dot1x acl.
Platform
Description
This command is only supported by switches.
ip dhcp relay information option dot1x access-group
Use this command to configure the ACL associated with the DHCP relay option dot1x. Use the no
form of this command to disable the ACL associated with the DHCP relay option dot1x.
ip dhcp relay information option dot1x access-group acl-name
no ip dhcp relay information option dot1x access-group acl-name
Parameter
Description Parameter Description
N/A N/A
Defaults No ACL is associated by default.
Command
Mode
Global configuration mode
Usage Guide Ensure that the ACL does not conflict with the existing ACE of the configured ACL on the interface.
Configuration
Examples
The following example enables the dhcp option dot1x acl function.
Ruijie# configure terminal
Command Reference DHCP Relay Commands
Ruijie(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize
Ruijie(config-ext-nacl)# permit ip any host 192.168.3.1
//Permit sending the packets to the gateway.
Ruijie(config-ext-nacl)# permit ip any host 192.168.4.1
Ruijie(config-ext-nacl)# permit ip any host 192.168.5.1
Ruijie(config-ext-nacl)# permit ip host 192.168.3.1 any
// Permit the communication between the packets whose source IP address is that
of the gateway.
Ruijie(config-ext-nacl)# permit ip host 192.168.4.1 any
Ruijie(config-ext-nacl)# permit ip host 192.168.5.1 any
Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
//Deny the exchange between the unauthenticated users.
Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.4.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.5.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.4.0 0.0.0.255 192.168.4.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.4.0 0.0.0.255 192.168.5.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.5.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.3.0
0.0.0.255
Ruijie(config-ext-nacl)# deny ip 192.168.5.0 0.0.0.255 192.168.4.0
0.0.0.255
Ruijie(config-ext-nacl)# exit
Ruijie(config)# ip dhcp relay information option dot1x access-group
DenyAccessEachOtherOfUnauthrize
Related
Commands Command Description
service dhcp Enables DHCP relay.
ip dhcp relay information
option dot1x Enables the DHCP option dot1x function.
Platform
Description
This command is only supported by switches.
ip dhcp relay information option82
Use this command to configure to enable the option82 function of DHCP relay. Use the no form of
this command to disable the function.
ip dhcp relay information option82
Command Reference DHCP Relay Commands
no ip dhcp relay information option82
Parameter
Description Parameter Description
N/A N/A
Defaults The option82 function of DHCP relay is disabled by default.
Command
Mode
Global configuration mode
Usage Guide This function is exclusive with the option dot1x function.
Configuration
Examples
The following example enables the option82 function on the DHCP relay.
Ruijie# configure terminal
Ruijie(config)# Ip dhcp relay information option82
Related
Commands Command Description
service dhcp Enables the DHCP Relay.
ip dhcp relay information option dot1x Enables the DHCP option dot1x function.
Platform
Description
This command is only supported by switches.
ip dhcp relay suppression
Use this command to enable the DHCP relay suppression function on a specified interface. Use the
no form of this command to disable ththis function.
ip dhcp relay suppression
no ip dhcp relay suppression
Parameter
Description Parameter Description
N/A N/A
Defaults The function is disabled by default.
Command
Mode
Interface configuration mode
Usage Guide After this command is executed, the system will not relay the DHCP request message on the
interface.
Command Reference DHCP Relay Commands
Configuration
Examples
The following example enables the DHCP relay suppression function on interface 1.
Ruijie# configure terminal
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-if)# ip dhcp relay suppression
Ruijie(config-if)# exit
Ruijie(config)#
Related
Commands Command Description
service dhcp Enables the DHCP relay.
Platform
Description
This command is only supported by switches.
ip helper-address
Use this command to add the IP address of a DHCP server. Use the no form of this command to
delete the IP address of the DHCP server.
The server address can be configured in global configuration mode or interface configuration mode.
ip helper-address [ vrf vrf-name ]A.B.C.
no ip helper-address [ vrf vrf-name ]A.B.C.
Parameter
Description Parameter Description
N/A N/A
Defaults No server address is configured by default.
Command
Mode
Global configuration mode, or interface configuration mode
Usage Guide Up to 20 DHCP server can be configured globally or on each layer-3 interface.
If the DHCP server address is not configured on the interface, the DHCP relay uses the address of
the global DHCP server. If the DHCP address is configured on the interface, the DHCP relay uses the
configured server address.
For the vrf parameter, the global configuration and interface-based configuration are slightly different.
In global configuration mode, if the vrf parameter is not specified, the default address of the current
server does not belong to any vrf. In interface-based configuration, if the vrf parameter is not
specified, the current default server and port configurations belong to the same vrf.
Configuration
Examples
The following example:
1. Configures the IP address for the global server to 192.168.1.1.
2. Configures the IP address for the vrf instance-based server delp1 to 192.168.2.1.
Ruijie# configure terminal
Command Reference DHCP Relay Commands
Ruijie(config)# ip helper-address 192.168.1.1
Ruijie(config)# ip helper-address vrf dep1 192.168.2.1
Related
Commands Command Description
service dhcp Enables the DHCP relay.
Platform
Description
N/A
service dhcp
Use this command to enable the DHCP relay in global configuration mode. Use the no form of this
command to disable this function.
no service dhcp
Parameter
Description Parameter Description
N/A N/A
Defaults This function is disabled by default.
Command
Mode
Global configuration mode
Usage Guide The DHCP relay can forward the DHCP request to other servers and the DHCP response packets to
the DHCP client, serving as the relay for DHCP packets.
Configuration
Examples
The following configuration example enables the DHCP relay.
Ruijie# configure terminal
Ruijie(config)# service dhcp
Related
Commands Command Description
ip helper-address Adds the IP address of an DHCP server.
Platform
Description
N/A
Command Reference DHCP Snooping Commands
DHCP Snooping Commands
clear ip dhcp snooping binding
Use this command to delete the dynamic user information from the DHCP snooping binding
database.
clear ip dhcp snooping binding [mac | vlan vlan-id | ip | interface interface-id ]
Parameter
Description Parameter Description
mac MAC address of the specified user to be deleted.
vlan-id VLAN ID of the specified user to be deleted.
ip IP address of the specified user to be deleted.
interface-id Interface where the specified user to be deleted belongs.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide If users want to clear the current dynamic user information from the DHCP snooping binding
database, use this command.
Configuration
Examples
The following example demonstrates how to clear the dynamic database information from the DHCP
snooping binding database.
Ruijie# clear ip dhcp snooping binding
Ruijie# show ip dhcp snooping binding
Total number of bindings: 0
MacAddress IpAddress Lease(sec) Type VLAN Interface
---------- ---------- ---------- -------- ---- ---------
Related
Commands Command Description
show ip dhcp snooping binding
Show the information of the DHCP snooping
binding database.
Platform
Description
N/A.
Command Reference DHCP Snooping Commands
ip dhcp snooping
Use this command to enable the DHCP snooping function globally. The no form of this command will
disable the DHCP snooping function globally.
ip dhcp snooping
no ip dhcp snooping
Parameter
Description Parameter Description
N/A. N/A.
Defaults Disabled
Command
Mode
Global configuration mode
Usage Guide Enable the DHCP snooping function on the switch. You can use the show ip dhcp snooping
command to view whether the DHCP snooping function is enabled.
DHCP Snooping cannot coexist with private VLAN.
Configuration
Examples
The following is an example of enabling the DHCP snooping function.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
------------------------ ------- ---------------
Related
Commands Command Description
show ip dhcp snooping
View the configuration information of DHCP
snooping.
Platform
Description
N/A.
Command Reference DHCP Snooping Commands
ip dhcp snooping bootp-bind
Use this command to enable DHCP snooping bootp bind function. The no form of this command will
disable the function.
ip dhcp snooping bootp-bind
no ip dhcp snooping bootp-bind
Parameter
Description Parameter Description
N/A. N/A.
Defaults Disabled
Command
Mode
Global configuration mode.
Usage Guide By default, the DHCP Snooping only forwards Bootp packets. With this function enabled, it can snoop
Bootp packets. After the Boop client requests an address successfully, the DHCP Snooping adds the
Bootp user to the static binding database.
Configuration
Examples
The following example enables the DHCP snooping bootp bind function.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping bootp-bind
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status :ENABLE
Verification of hwaddr field status :DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
------------------------ ------- ------------
Related
Commands Command Description
show ip dhcp snooping Show the configuration of the DHCP snooping.
Platform
Description
N/A.
ip dhcp snooping database write-delay
Use this command to configure the switch to write the dynamic user information of the DHCP
Command Reference DHCP Snooping Commands
snooping binding database into the flash periodically. The no form of this command will disable this
function
ip dhcp snooping database write-delay time
\
no ip dhcp snooping database write-delay time
Parameter
Description Parameter Description
time
The interval at which the system writes the dynamic user information
of the DHCP snooping database into the flash. The range is from 600
to 86400 seconds.
Defaults Disabled
Command
Mode
Global configuration mode.
Usage Guide This function can avoid loss of user information after restart. In that case, users need to obtain IP
addresses again for normal communication.
Configuration
Examples
The following is an example of setting interval at which the switch writes the user information into the
flash as 3600s:
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping database write-delay 3600
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: ENABLE
DHCP snooping database write-delay time: 3600
DHCP snooping option 82 status: DISABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
------------------------ ------- ---------------
Related
Commands Command Description
show ip dhcp snooping
View the configuration information of the DHCP
snooping.
Platform
Description
N/A.
ip dhcp snooping database write-to-flash
Use this command to write the dynamic user information of the DHCP binding database into flash in
Command Reference DHCP Snooping Commands
real time.
ip dhcp snooping database write-to-flash
Parameter
Description Parameter Description
N/A. N/A.
Defaults N/A.
Command
Mode
Global configuration mode.
Usage Guide Use this command to write the dynamic user information of the DHCP binding database into flash in
real time.
Configuration
Examples
The following is an example of writing the dynamic user information of the DHCP binding database
into flash.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping database write-to-flash
Ruijie(config)# end
Ruijie#
Related
Commands Command Description
N/A. N/A.
Platform
Description
N/A.
ip dhcp snooping information option
Use this command to add option82 to the DHCP request message. The no form of this command
disables this function.
ip dhcp snooping information option [ standard-format ]
no ip dhcp snooping information option [ standard-format ]
Parameter
Description Parameter Description
standard-format The option82 uses the standard format.
Defaults Disabled.
Command
Mode
Global configuration mode.
Command Reference DHCP Snooping Commands
Usage Guide This command adds option82 to the DHCP request message based on which the DHCP server
assigns IP address.
Configuration
Examples
Add option82 to the DHCP request message:
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping information option
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status : ENABLE
DHCP snooping Verification of hwaddr status : ENABLE
DHCP snooping database write-delay time : 0
DHCP snooping option 82 status : DISABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
------------------------ ------- ----------------
Related
Commands Command Description
show ip dhcp snooping Show the configuration of the DHCP Snooping.
Platform
Description
N/A.
ip dhcp snooping trust
Use this command to set the ports of the switch as trusted ports. The no form of this command sets
the ports as untrust ports.
ip dhcp snooping trust
no ip dhcp snooping trust
Parameter
Description Parameter Description
N/A. N/A.
Defaults All ports are untrust ports.
Command
Mode
Interface configuration mode.
Usage Guide Use this command to set the port as trust port. The DHCP response messages received under the
trust port are forwarded normally, but the response messages received under the untrust port will be
discarded.
Command Reference DHCP Snooping Commands
Configuration
Examples
The following is an example of setting fastEthernet 0/1 as a trust port:
Ruijie# configure terminal
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-if)# ip dhcp snooping trust
Ruijie(config-if)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status:ENABLE
Interface Trusted Rate limit (pps)
----------------- ------- ----------------
FastEthernet0/1 yes unlimited
Related
Commands Command Description
show ip dhcp snooping
View the configuration information of the DHCP
snooping.
Platform
Description
N/A.
ip dhcp snooping verify mac-address
Use this command to check whether the source MAC address of the DHCP request message
matches against the client addr field of the DHCP message. The no form of this command disables
this function.
ip dhcp snooping verify mac-address
no ip dhcp snooping verify mac-address
Parameter
Description Parameter Description
N/A. N/A.
Defaults Disabled.
Command
Mode
Global configuration mode.
Usage Guide Use this command to enable checking the validity of the source MAC address of the DHCP request
message. Once the function is enabled, the system will discard the DHCP request message that fails
to pass the source MAC address check.
Command Reference DHCP Snooping Commands
Configuration
Examples
The following is an example of enabling the check of the source MAC address of the DHCP request
message.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping verify mac-address
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
Verification of hwaddr field status: ENABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
Related
Commands Command Description
show ip dhcp snooping
View the configuration information of the DHCP
snooping.
Platform
Description
N/A.
show ip dhcp snooping
Use this command to view the setting of the DHCP snooping.
show ip dhcp snooping
Parameter
Description Parameter Description
N/A. N/A.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A.
Configuration
Examples
Show the information of DHCP Snooping.
Ruijie# show ip dhcp snooping
Switch DHCP snooping status :ENABLE
Verification of hwaddr field status :DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
Command Reference DHCP Snooping Commands
DHCP snooping Support Bootp bind status: ENABLE
Interface Trusted Rate limit (pps)
------------------------ ------- ------------
Related
Commands Command Description
ip dhcp snooping Enable the DHCP snooping globally.
ip dhcp snooping verify mac-address
Enable the check of source MAC address of
DHCP Snooping packets.
ip dhcp snooping write-delay
Set the interval of writing user information to
FLASH periodically.
ip dhcp snooping information option Add option82 to the DHCP request message.
ip dhcp snoooping bootp-bind
Enable the DHCP snooping bootp bind
function.
ip dhcp snooping trust Set the port as a trust port.
Platform
Description
N/A.
show ip dhcp snooping binding
Use this command to view the information of the DHCP snooping binding database.
show ip dhcp snooping binding
Parameter
Description Parameter Description
N/A. N/A.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A.
Configuration
Examples
Show the information of the DHCP Snooping binding database.
Ruijie# show ip dhcp snooping binding
Total number of bindings: 1
MacAddress IpAddress Lease Type VLAN Interface
00d0.f801.0101 192.168.1.1 - static 1 fastethernet 0/1
Related
Commands Command Description
Command Reference DHCP Snooping Commands
ip dhcp snooping binding
Add the static user information to the DHCP
Snooping database.
clear ip dhcp snooping binding
Clear the dynamic user information from the
DHCP snooping binding database.
Platform
Description
N/A.
Command Reference DNS Module Commands
DNS Module Commands
ip domain-lookup
Use this command to enable the DNS to carry out the domain name resolution. Use the no form of
this command to disable the DNS domain name resolution function.
ip domain-lookup
no ip domain-lookup
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled
Command
Mode
Global configuration mode.
Usage Guide This command enables the domain name resolution function.
Configuration
Examples
The following example enables the DNS domain name resolution function.
Ruijie(config)# ip domain-lookup
Related
Commands Command Description
show hosts
Shows the DNS related configuration
information.
Platform
Description
N/A
ip name-server
Use this command to configure the IP address of the domain name server. Use the no form of this
command to delete the configured domain name server.
ip name-server { ip-address | ipv6-address }
no ip name-server [ ip-address | ipv6-address ]
Parameter
Description Parameter Description
ip-address The IP address of the domain name server.
Command Reference DNS Module Commands
ipv6-address The IPv6 address of the domain name server.
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide Add the IP address of the DNS server. Once this command is executed, the equipment will add a
DNS server. When the device cannot obtain the domain name from a DNS server, it will attempt to
send the DNS request to subsequent servers until it receives a response.
Up to 6 DNS servers are supported. You can delete a DNS server with the ip-address option or all the
DNS servers.
Configuration
Examples
Ruijie(config)# ip name-server 192.168.5.134
Ruijie(config)# ip name-server
2001:0DB8::250:8bff:fee8:f800 2001:0DB8:0:f004::1
Related
Commands Command Description
show hosts
Shows the DNS related configuration
information.
Platform
Description
N/A
ip host
Use this command to configure the mapping of the host name and the IP address by manual. Use the
no form of the command to remove the host list.
ip host host-name ip-address
no ip host host-name ip-address
Parameter
Description Parameter Description
host-name The host name of the equipment, in the maximum of 255 characters.
ip-address The IP address of the equipment
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide To delete the host list, use the no ip host host-name ip-address command.
Command Reference DNS Module Commands
Configuration
Examples
Ruijie(config)# ip host switch 192.168.5.243
Related
Commands Command Description
show hosts
Shows the DNS related configuration
information.
Platform
Description
N/A
clear host
Use this command to clear the dynamically learned host name in privileged user mode.
clear host [ host-name ]
Parameter
Description Parameter Description
host-name
Deletes the dynamically learned host. “*” denotes to clear all the
dynamically learned host names.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide You can obtain the mapping record of the host name buffer table in two ways: 1) the ip host static
configuration, 2) the DNS dynamic learning. Execute this command to delete the host name records
learned by the DNS dynamically.
Configuration
Examples
The following configuration will delete the dynamically learned mapping records from the host
name-IP address buffer table.
clear host *
Related
Commands Command Description
show hosts Shows the host name buffer table.
Platform
Description
N/A
Command Reference DNS Module Commands
show hosts
Use this command to display DNS configuration.
show hosts [ hostname ]
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Show the DNS related configuration information.
Configuration
Examples
Ruijie# show hosts
Name servers are:
192.168.5.134 static
Host type Address TTL(sec)
switch static 192.168.5.243 ---
www.ruijie.com dynamic 192.168.5.123 126
Related
Commands Command Description
ip host
Configures the host name and IP address
mapping by manual.
ipv6 host
Configures the host name and IPv6 address
mapping by manual.
ip name-server Configures the DNS server.
Platform
Description
N/A
Command Reference SNTP Commands
SNTP Commands
sntp enable
Use this command to enable the Simple Network Time Protocol (SNTP). Use the no form of this
command to restore the default value Disable.
sntp enable
no sntp enable
Parameter
Description Parameter Description
N/A N/A
Defaults SNTP is disabled by default.
Command
Mode
Global configuration mode
Usage Guide This command shows SNTP parameters.
Configuration
Examples
Ruijie(config)# sntp enable
Related
Commands Command Description
show sntp Shows the SNTP configuration.
clock update-calendar
Synchronizes the software clock with the
hardware clock.
clock set Sets the software clock.
Platform
Description
N/A
sntp interval
Use this command to set the interval for the SNTP Client to synchronize its clock with the NTP/SNTP
Server.
sntp interva seconds
no sntp interval
Parameter Parameter Description
Command Reference SNTP Commands
Description
seconds Synchronization interval in the range 60 to 65535 seconds
Defaults The interval is 1800 seconds by default.
Command
Mode
Global configuration mode
Usage Guide The show sntp command shows SNTP parameters.
The interval will take effect after the sntp enable command is executed.
Configuration
Examples
Ruijie(config)# sntp interval 3600
Related
Commands Command Description
sntp enable Enables SNTP.
show sntp Shows the SNTP configuration.
clock update-calendar
Synchronizes the software clock with the
hardware clock.
Platform
Description
N/A
sntp server
Use this command to set the SNTP server. You can configure the SNTP server as the public NTP
server on the Internet, since SNTP is completely compatible with NTP.
sntp server ip-address
no sntp server
Parameter
Description Parameter Description
ip-address IP address of the NTP/SNTP server.
Defaults No NTP/SNTP server is configured by default.
Command
Mode
Global configuration mode
Usage Guide The show sntp command shows SNTP parameters.
Command Reference SNTP Commands
Configuration
Examples
Ruijie(config)# sntp server 192.168.4.12
Related
Commands Command Description
show sntp Shows the SNTP configuration status.
sntp enable Enables SNTP.
Platform
Description
N/A
show sntp
Use this command to show SNTP parameters.
show sntp
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged mode
Usage Guide This command shows SNTP parameters.
Configuration
Examples
Ruijie# show sntp
SNTP state : Enable
SNTP server : 192.168.4.12
SNTP sync interval : 60
Time zone : +8
Related
Commands Command Description
sntp enable Enables SNTP.
show sntp Shows the SNTP parameters.
Platform
Description
N/A
Command Reference NTP Commands
NTP Commands
no ntp
Use this command to disable the ntp synchronization service with the time server and clear all
configuration information of ntp.
no ntp
Parameter
Description Parameter Description
N/A N/A
Defaults The NTP service is disabled by default.
Command
Mode
Global configuration mode
Usage Guide By default, the NTP service is disabled. However, the NTP service will be enabled once the NTP
server or the NTP security identification mechanism is configured.
Configuration
Examples
The following example disables the NTP service.
Ruijie(config)# no ntp
Related
Commands Command Description
ntp server Specifies the NTP server.
Platform
Description
N/A
ntp access-group
Use this command to configure the access control priority of the NTP service. Use the no form of this
command to cancel the access control priority.
ntp access-group { peer | serve | serve-only | query-only } access-list-number | access-list-name
no ntp access-group { peer | serve | serve-only | query-only } access-list-number |
access-list-name
Parameter
Description Parameter Description
peer Allows the time request for, control and query for the local NTP
Command Reference NTP Commands
service, as well as time synchronization between the local device and
the peer device (full access permission).
serve
Allows the time request for, and control and query for the local NTP
service, but not time synchronization between the local device and
the peer device
serve-only Allows the time request for the time of local NTP service.
query-only Allows the control and query for the local NTP service.
access-list-number
Number of the IP access control list (ACL), in the range 1 to 99 and
1300 to 1999.
access-list-name Name of the IP ACL
Defaults No NTP access control rule is configured by default.
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the access control priority of the NTP service. The NTP services
access control function provides a minimal security measure (the more secure way is to use the NTP
authentication mechanism).
When an access request arrives, the NTP service matches the rules in accordance from the smallest
to the largest to access restriction, and the first matched rule shall prevail. The matching order is
peer, serve, serve-only, and query-only.
The control and query function is not supported in the current system. Although it
matches with the order in accordance with the preceding rules, requests related to the
control and query function are not supported.
If you do not configure any access control rules, all accesses are allowed. Once the
access control rules are configured, only the rule that allows access can be carried out.
Configuration
Examples
The following example shows how to allow the peer device in acl1 to control, query, request for, and
synchronize the time with the local device; and limit the peer device in acl2 to request the time for the
local device:
Ruijie(config)# ntp access-group peer 1
Ruijie(config)# ntp access-group serve-only 2
Related
Commands Command Description
ip access-list Creates the IP access control list.
Command Reference NTP Commands
Platform
Description
N/A
ntp authenticate
Use this command to enable NTP authentication globally.
ntp authenticate
no ntp authenticate
Parameter
Description Parameter Description
N/A N/A
Defaults Global NTP authentication is disabled by default.
Command
Mode
Global configuration mode
Usage Guide If the global security identification mechanism is not used, the synchronization communication is not
encrypted. To enable encrypted communication on the server, enable the security identification
mechanism and configure other keys globally.
The authentication standard is that the trusted key has been specified by ntp authentication-key
and ntp trusted-key.
Configuration
Examples
The following example enables the authentication mechanism after an authentication key is
configured and specified as the global trusted key.
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Ruijie(config)# ntp trusted-key 6
Ruijie(config)# ntp authenticate
Related
Commands Command Description
ntp authentication-key Sets the global authentication key.
ntp trusted-key Configures the global trusted key.
Platform
Description
N/A
ntp authentication-key
Use this command to configure a global NTP authentication key for the NTP service.
ntp authentication-key key-id md5 key-string [ enc-type ]
no ntp authentication-key key-id
Command Reference NTP Commands
Parameter
Description Parameter Description
key-id Key ID
key-string Key string
enc-type
(Optional) Whether this key is encrypted.
0 indicates the key is not encrypted, and 7 indicates the key is
encrypted simply.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide Configure the global authentication key and adopt md5 for encryption. Each key has unique key-id.
You can use the ntp trusted-key to set the key of key-id as the global trusted key.
At most 1024 keys are allowed. However, each server can support only one key.
Configuration
Examples
The following example configures an authentication key with ID 6.
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Related
Commands Command Description
ntp authenticate
Enables the global security identification
mechanism.
ntp trusted-key Configures the global trusted key.
ntp server Specifies an NTP server.
Platform
Description
N/A
ntp disable
Use this command to disable the function of receiving the NTP packet on the interface.
ntp disable
Parameter
Description Parameter Description
N/A N/A
Defaults The NTP packet is received on the interface by default.
Command Interface configuration mode
Command Reference NTP Commands
Mode
Usage Guide The NTP packet received on any interface can be provided to the client to perform the clock
adjustment by default. The function can shield the NTP packet received from the corresponding
interface.
Note: This command takes effect only for the interface whose IP address can be configured to receive
and send packets.
Configuration
Examples
The following example disables the function of receiving the NTP packet on the interface.
Ruijie(config)# no ntp disable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ntp server
Use this command to specify an NTP server for the NTP client.
ntp server ip-addr [ version version ] [ source if-name ] [ key keyid ] [ prefer ]
no ntp server ip-addr
Parameter
Description Parameter Description
ip-addr Sets the IP address of the NTP server. IPv4 and IPv6 are supported.
version
(Optional) Specifies the version (1-3) of NTP. The default version is
NTPv3.
if-name
(Optional) Specifies the source interface from which the NTP packet
is sent (Layer 3 interface).
keyid
(Optional) Specifies the encryption key adopted in communication
with the corresponding server.
prefer (Optional) Specifies the corresponding server as the Prefer server.
Defaults No NTP server is configured by default.
Command
Mode
Global configuration mode
Usage Guide Currently, Ruijie system only acts as clients that can synchronize time from a maximum of 20 servers.
To initiate the encrypted communication with the server, set the global encryption key and global
trusted key firstly, and then specify the corresponding key as the trusted key of the server to launch
the encrypted communication of the server. To complete the encrypted communication with the
Command Reference NTP Commands
server, the server should have the identical global encryption key and global trust key.
In the same condition (for instance, precision), the prefer clock is used for synchronization.
Note that the NTP-packet-sending source interface is configured with the IP address and can
communicate with the corresponding NTP server.
Configuration
Examples
The following example configures the network device as the NTP server.
IPv4 configuration: Ruijie(config)# ntp server 192.168.210.222
IPv6 configuration: Ruijie(config)# ntp server 10::2
Related
Commands Command Description
no ntp Disables the NTP service.
Platform
Description
This command is unavailable on some devices that do not support this function.
ntp synchronize
Use this command to perform real-time synchronization.
ntp synchronize
no ntp synchronize
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide Eight consecutive packets are synchronized for the first synchronization between the client and the
server. Follow-up NTP synchronization occurs automatically every one minute. To manually
implement real-time synchronization during the auto-synchronization interval, you can use this
command.
Configuration
Examples
The following example implement NTP real-time synchronization.
Ruijie(config)# ntp synchronize
Related
Commands Command Description
ntp server
Specifies an NTP server and implements
synchronization.
Command Reference NTP Commands
Platform
Description
This command is supported only by specific products.
ntp trusted-key
Use this command to set a key corresponding to an ID as the global trusted key.
ntp trusted-key key-id
no ntp trusted-key key-id
Parameter
Description Parameter Description
key-id Global trusted key ID
Defaults No trusted key is configured by default.
Command
Mode
Global configuration mode
Usage Guide The NTP communication parties must use the same trusted key. To improve security, the key is
identified by ID and is not transmitted.
Configuration
Examples
The following example configures an authentication key and sets it as the trusted key of
corresponding server.
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Ruijie(config)# ntp trusted-key 6
Ruijie(config)# ntp server 192.168.210.222 key 6
Related
Commands Command Description
ntp authenticate
Enables the security authentication
mechanism.
ntp authentication-key Sets the NTP authentication key.
ntp server Specifies an NTP server.
Platform
Description
N/A
ntp update-calendar
Use this command to update the calendar for the NTP client using the time synchronized from an
external clock source. Use the no form of this command to disable the update-calendar function
ntp update-calendar
no ntp update-calendar
Command Reference NTP Commands
Parameter
Description Parameter Description
N/A N/A
Defaults The NTP update-calendar function is not configured by default.
Command
Mode
Global configuration mode
Usage Guide This function enables NTP clients to update the calendars of devices periodically using the time
synchronized from an external clock source. The calendar of the device is still available even if the
device is shut down or reset.
By default, the NTP update-calendar function is not configured. After configuration, the NTP client
updates the calendar every time the time synchronization of external clock source is successful.
Configuration
Examples
The following example configures the NTP update-calendar function.
Ruijie(config)# ntp update-calendar
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
debug ntp
Use this command to show NTP debugging information.
debug ntp
no debug ntp
Parameter
Description Parameter Description
N/A N/A
Defaults This function is disabled by default.
Command
Mode
Privileged user mode
Usage Guide Use this command to debug the NTP service, export necessary debugging information for failure
diagnosis and troubleshooting.
Command Reference NTP Commands
Configuration
Examples
The following example enables NTP debugging.
Ruijie(config)# debug ntp
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show ntp status
Use this command to show the NTP information.
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged mode
Usage Guide If the NTP service of the system is enabled, the command shows existing NTP information. This
command will display no information until the synchronization server is added for the first time.
Configuration
Examples
The following example shows the existing NTP information of the system.
Ruijie# show ntp status
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference FTP Server Commands
FTP Server Commands
debug ftp server
Use this command to enable outputting the debugging messages in the FTP server. Use the no form
of this command to disable this function.
debug ftpserve
no debug ftpserver
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
Mode
Privileged user mode.
Usage Guide Use this command to display the detailed debugging information during FTP server operation.
Configuration
Examples
The following example shows how to enable outputting the debugging messages in the FTP Server:
Ruijie# debug ftpserver
FTPSRV_DEBUG:(RECV) SYST
FTPSRV_DEBUG:(REPLY) 215 RGOS Type: L8
FTPSRV_DEBUG:(RECV) PORT 192,167,201,82,7,120
FTPSRV_DEBUG:(REPLY) 200 PORT Command okay.
The following example shows how to disable outputting the debugging messages in the FTP Server:
Ruijie# no debug ftpserver
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ftp-server enable
Use this command to enable the FTP server. Use the no form of this command to disable the FTP
server.
Command Reference FTP Server Commands
ftp-server enable
no ftp-server enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
Mode
Global configuration mode.
Usage Guide This command is used to enable the FTP server to connect the FTP client to upload/download the
files.
To enable the FTP client to access to the FTP server files, this command shall be
co-used with the ftp-server topdir command.
Configuration
Examples
The following example shows how to enable the FTP Server and make the FTP client access to the
syslog content only:
Ruijie(config)# ftp-server topdir /syslog
Ruijie(config)# ftp-server enable
The following example shows how to disable the FTP Server:
Ruijie(config)# no ftp-server enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ftp-server password
Use this command to set the login password for the FTP server. Use the no form of this command to
cancel the password configuration.
ftp-server password [ type ] password
no ftp-server password
Command Reference FTP Server Commands
Parameter
Description Parameter Description
type
Define the encryption type of the password: 0 or 7. The default type is
0.
0 indicates the password is not encrypted.
7 indicates the password is encrypted.
password The login password for the FTP server.
Defaults By default, there is no password.
Command
Mode
Global configuration mode.
Usage Guide For the FTP server, the login username and the login password must be configured to verify the client
connection. One password can be set at most.
The password must include the letter or number. The space in front of / behind the password is
allowed, but it is ignored. While the space in the middle of the password is a part of password.
The minimum and maximum lengths of the plain-text password are 1 character and 25 characters.
The minimum and maximum lengths of the encrypted password are 4 characters and 52 characters
respectively.
The encrypted password is generated by plain-text password encryption and its format must comply
with the encryption specification. If the encrypted password is used for the setting, the client must use
the corresponding plain-text password for the purpose of successful login.
Null password is not supported by the FTP server. Without the password configuration,
the client fails to pass the identity verification of the server.
Configuration
Examples
The following example shows how to set the plain-text password as pass:
Ruijie(config)# ftp-server password pass
OR:
Ruijie(config)# ftp-server password 0 pass
The following example shows how to set the cipher-text password as 8001:
Ruijie(config)# ftp-server password 7 8001
The following example shows how to delete the password configuration:
Ruijie(config)# no ftp-server password
Related
Commands Command Description
N/A N/A
Command Reference FTP Server Commands
Platform
Description
N/A
ftp-server timeout
Use this command to set the FTP session idle timeout. Use the no form of this command to restore
the idle timeout to the default value 30 minutes
ftp-server timeout time
no ftp-server timeout
Parameter
Description Parameter Description
time Set the session idle timeout, in minutes. The valid range is 1-3600.
Defaults Default time is 30 minutes.
Command
Mode
Global configuration mode.
Usage Guide Use this command to set the FTP session idle timeout. If the session is idle, the FTP server deems
the session connection is invalid and disconnects with the user.
The session idle time refers to the time for the FTP session between two FTP operations
Configuration
Examples
The following example shows how to set the session idle timeout as 5m:
Ruijie(config)# ftp-server timeout 5
The following example shows how to restore the session idle timeout to the default value 30m
Ruijie(config)# no ftp-server timeout
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference FTP Server Commands
ftp-server topdir
Use this command to set the directory range for the FTP client to access to the FTP server files. Use
the no form of this command to prevent the FTP client from accessing to the FTP server files.
ftp-server topdir directory
no ftp-server topdir
Parameter
Description Parameter Description
directory Set the top-directory.
Defaults By default, no top-directory is configured.
Command
Mode
Global configuration mode.
Usage Guide The FTP server top directory specifies the directory range of the files accessed by the client. Can the
FTP client accesses to the files on the FTP server with the top directory correctly specified.
Without this command configured, FTP client fails to access to any file or directory on the FTP server.
Configuration
Examples
The following example shows how to enable the FTP Server and make the FTP client access to the
syslog content only:
Ruijie(config)# ftp-server topdir /syslog
Ruijie(config)# ftp-server enable
The following example shows how to remove the top-directory configuration:
Ruijie(config)# no ftp-server topdir
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ftp-server username
Use this command to set the login username for the FTP server. Use the no form of this command to
cancel the username configuration.
ftp-server username username
no ftp-server username
Parameter Parameter Description
Command Reference FTP Server Commands
Description
username Set the login username.
Defaults By default, no username is set.
Command
Mode
Global configuration mode
Usage Guide Use this command to set the login username for the FTP server. To log in to the FTP server, the
correct username and password shall be provided.
The maximum length of the username is 64 characters and the spaces are not allowed in the middle
of the username. The username consists of letters, semiangle number and semiangle mark. One
username can be configured for the FTP server at most.
The anonymous user login is not supported on the FTP server. The client fails to pass
the identity verification if the username is removed.
Configuration
Examples
The following example shows how to set the username as user:
Ruijie(config)# ftp-server username user
The following example shows how to remove the username configuration:
Ruijie(config)# no ftp-server username
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show ftp-server
Use this command to show the status information of the FTP server.
show ftp-server
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command Reference FTP Server Commands
Command
Mode
Privileged EXEC mode
Usage Guide The FTP server status information includes:
Enabled/Disabled server
The control connection is set up or not (the related IP, Port are shown)
The data connection is set up or not (the related IP, Port and the working mode are shown)
The current file transmission type
The login username and password
The FTP server top directory
The session idle timeout setting
Configuration
Examples
The following example shows the related status information of the FTP server:
Ruijie# show ftp-server
ftp-server information
=======================================
enable : Y
topdir : /
timeout: 20min
username config : Y
password config : Y
type: BINARY
control connect : Y
ftp-server: ip=192.167.201.245 port=21
ftp-client: ip=192.167.201.82 port=4978
port data connect : Y
ftp-server: ip=192.167.201.245 port=22
ftp-client: ip=192.167.201.82 port=4982
passive data connect : N
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference UDP-Helper Module Commands
UDP-Helper Module Commands
ip forward-protocol
Use this command to configure the User Datagram Protocol (UDP) port to enable relay forwarding.
Use the no form of this command to disable forwarding on the UDP port.
ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]
no ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]
Parameter
Description Parameter Description
port
Port where relay forwarding is enabled. If this parameter is not
specified, the broadcast packet from the ports 69, 53, 37, 137, 138,
and 49 will be forwarded by default.
tftp
Specified by Trivial File Transfer Protocol(69).
If this parameter is specified, the broadcast packet from port 69 is
relayed and forwarded.
domain
Specified by Domain Name System(53).
If this parameter is specified, the broadcast packet from port 53 is
forwarded.
time
Specified by Time service(37).
If this parameter is specified, the broadcast packet from port 37 is
forwarded.
netbios-ns
Specified by NetBIOS Name Service(137).
If this parameter is specified, the broadcast packet from port 137 is
forwarded.
netbios-dgm
Specified by NetBIOS Datagram Service(138).
If this parameter is specified, the broadcast packet from port 138 is
forwarded.
tacacs
Specified by TAC Access Control System(49).
If this parameter is specified, the broadcast packet from port 49 is
forwarded.
Defaults No UDP port for forwarding is configured by default.
Command
Mode
Global configuration mode
Usage Guide Enabling UDP-Helper means to forward the broadcast packet of the UDP ports 69, 53, 37, 137, 138,
and 49 without any additional configuration, by default.
Command Reference UDP-Helper Module Commands
Configuration
Examples
Ruijie(config)# ip forward-protocol udp 134
Related
Commands Command Description
udp-helper enable
Enables the forwarding of the UDP broadcast
packet.
ip forward-protocol
Configures the UDP port to enalbe relay
forwarding.
Platform
Description
N/A
ip helper-address
Use this command to configure the destination server which the UDP broadcast packet will be
forwarded to. Use the no form of this command to delete the destination server.
ip helper-address address
no ip helper-address address]
Parameter
Description Parameter Description
address
IP address of the destination server in the dotted decimal format.
Each interface supports up to 20 server addresses.
Defaults N/A
Command
Mode
Interface configuration mode
Usage Guide Up to 20 destination servers can be configured on an interface. If the destination server is configured
on an interface and UDP-Helper is enabled, the broadcast packet of the specified port received from
this interface will be sent to the destination server configured on this interface in unicast form.
Use the no ip helper-address command to remove the destination server.
Configuration
Examples
#Configure the destination server where the UDP broadcast packet will be forwarded to.
Ruijie(config-if)# ip helper-address 192.168.100.1
Related
Commands Command Description
ip forward-protocol
Enables the forwarding function on the UDP
port.
Platform N/A
Command Reference UDP-Helper Module Commands
Description
udp-helper enable
Use this command to enable relay forwarding for the UDP broadcast packet. Use the no form of this
command to disable this function.
udp-helper enable
no udp-helper enable
Parameter
Description Parameter Description
N/A N/A
Defaults The relay and forwarding of the UDP broadcast packet is disabled by default.
Command
Mode
Global configuration mode
Usage Guide Enable the forwarding function of UDP-Helper. The UDP broadcast packets from the port 69, 53, 37,
137, 138, and 49 are relayed and forwarded by default.
Configuration
Examples
#Enable the UDP forwarding function.
Ruijie(config)# udp-helper enable
Related
Commands Command Description
ip forward-protocol
Enables the forwarding function on the UDP
port.
Platform
Description
N/A
Command Reference SNMP Commands
SNMP Commands
no snmp-server
Use this command to disable the SNMP agent function in global configuration mode.
no snmp-server
Parameter
Description Parameter Description
N/A N/A
Defaults The SNMP agent function is disabled.
Command
mode Global configuration mode
Usage Guide This command disables the SNMP agent services of all Versions supported on the device.
Configuration
Examples
The following example disables the SNMP agent service.
Ruijie(config)# no snmp-server
Related
Commands Command Description
N/A N/A
Platform
Description N/A
snmp-server chassis-id
Use this command to specify the SNMP system serial number in global configuration mode. Use the
no form of this command to restore it to the initial value.
snmp-server chassis-id text
no snmp-server chassis-id
Parameter
Description Parameter Description
text Text of the system serial number, digits or characters.
Defaults The default serial number is 60FF60.
Command Reference SNMP Commands
Command
mode Global configuration mode
Usage Guide The SNMP system serial number is generally the serial number of the machine to facilitate the device
identification. The serial number can be viewed by the show snmp command.
Configuration
Examples
The following example specifies the SNMP system serial number as 123456:
Ruijie(config)# snmp-server chassis-id 123456
Related
Commands Command Description
show snmp Shows the SNMP statistics.
Platform
Description N/A
snmp-server community
Use this command to specify the SNMP community access string in global configuration mode. Use
the no form of this command to cancel the specified SNMP community access string.
snmp-server community string [ view view-name ] [ [ ro | rw ] [ host ipaddr ] [ ipv6 ipv6-aclname ]
[ aclnum ] [ aclname ]
no snmp-server community string
Parameter
Description Parameter Description
string
Community string, which is equivalent to the communication
password between the NMS and the SNMP agent
view-name Name of the view used for view-based management
ro Indicates that the NMS can only read the variables of the MIB.
rw Indicates that the NMS can read and write the variables of the MIB.
aclnum
Serial number of the ACL, which is associated with a specified
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
aclname
Name of the ACL, which is associated with a specified access list,
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
ipv6-aclname
Name of the IPv6 ACL, which is associated with a specified access
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB
ipaddr
Specifies IP address of the NMS accessing the MIB, which is
associated with NMS addresses.
Command Reference SNMP Commands
Defaults All communities are read only by default.
Command
mode Global configuration mode
Usage Guide This command is the first important command to enable the SNMP agent function. It specifies the
community attribute, range of the NMSs that can access the MIB, and more.
To disable the SNMP agent function, run the no snmp-server command.
Configuration
Examples
The following example restricts the access to the MIB using the access list, which allows only the
NMS of the IP address 192.168.12.1 to access the MIB.
Ruijie(config)# access-list 2 permit 192.168.12.1
Ruijie(config)# access-list 2 deny any
Ruijie(config)# snmp-server community public ro 2
Related
Commands Command Description
access-list Defines the access list.
Platform
Description N/A
snmp-server contact
Use this command to specify the SNMP system contact in global configuration mode. Use the no
form of this command to delete the system contact.
snmp-server contact text
no snmp-server contact
Parameter
Description Parameter Description
text Character string describing the system contact.
Defaults N/A
Command
mode Global configuration mode
Usage Guide N/A
Configuration The following example specifies the SNMP system contract to i-net800@i-net.com.cn:
Command Reference SNMP Commands
Examples Ruijie(config)# snmp-server contact i-net800@i-net.com.cn
Related
Commands Command Description
show snmp-server Checks the SNMP information.
Platform
Description N/A
snmp-server enable traps
Use this command to enable the SNMP server to actively send the SNMP Trap massage to NMS
when some emergent and important events occur in global configuration mode. Use the no form of
this command to disable the SNMP server to actively send the SNMP Trap massage to NMS.
snmp-server enable traps [ snmp ]
no snmp-server enable traps
Parameter
Description Parameter Description
snmp Enables the trap notification of SNMP events.
Defaults The Trap notification is disabled by default.
Command
mode Global configuration mode
Usage Guide This command must work with the global configuration command snmp-server host to send the
SNMP Trap message.
Configuration
Examples
The following example enables the SNMP server to actively send the SNMP Trap message.
Ruijie(config)# snmp-server enable traps snmp
Ruijie(config)# snmp-server host 192.168.12.219 public snmp
Related
Commands Command Description
snmp-server host Specifies the SNMP host
Platform
Description N/A
Command Reference SNMP Commands
snmp-server group
Use this command to set the SNMP user group in the global configuration mode. The no form of this
command is used to remove the user group.
snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } } [ read readview ] [ write
writeview ] [ access { ipv6 ipv6-aclname | aclnum | aclname } ]
no snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } }
Parameter
Description Parameter Description
v1 | v2c | v3 Specifies SNMP Version.
auth
Authenticates the messages transmitted by the user group without
encryption. This applies to only SNMPv3.
noauth
Neither authenticate nor encrypt the messages transmitted by the
user group. This applies only to SNMPv3.
priv
Authenticates and encrypts the messages transmitted by the user
group. This applies only to SNMPv3.
readview Associates with a read-only view.
writeview Associates with a read-write view.
aclnum
Serial number of the ACL, which is associated with a specified
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
aclname
Name of the ACL, which is associated with a specified access list,
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
ipv6_aclname
Name of the IPv6 ACL, which is associated with a specified access
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB
Defaults No user group is set by default.
Command
mode Global configuration mode
Usage Guide None
Configuration
Examples
The following example sets a user group.
Ruijie(config)# snmp-server group mib2user v3 priv read mib2
Related
Commands Command Description
show snmp group Shows the SNMP user group configuration.
Command Reference SNMP Commands
Platform
Description N/A
snmp-server host
Use this command to specify the SNMP host (NMS) to send the trap message in global configuration
mode. Use the no form of this command to remove the specified SNMP host.
snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3 { auth |
noauth | priv } ] community-string [ udp-port port-num ] [ notification-type ]
no snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3
{ auth | noauth | priv } ] community-string [ udp-port port-num ]
Parameter
Description Parameter Description
host-addr SNMP host address
ipv6-addr SNMP host address(ipv6)
vrfname Sets the name of vrf forwarding table
Version SNMP Version: V1, V2C or V3
auth | noauth | priv Security level of SNMPv3 users
community-string Community string or username (SNMPv3 Version)
port-num Port of the SNMP host
notification-type The type of the SNMP trap message sent actively, such as snmp.
Defaults No SNMP host is specified by default.
If no type of the SNMP trap message is specified, all types of the SNMP trap message are included.
Command
mode Global configuration mode
Usage Guide This command must work with the snmp-server enable traps command in global configuration
mode to actively send the SNMP trap messages to NMS.
You can configure multiple SNMP hosts to receive the SNMP Trap messages. One host can use
different combinations of the types of the SNMP trap message, different ports and different VRF
forwarding tables, but the last configuration for the same host (same port, same VRF configuration)
will overwrite the previous configurations. In other words, to send different SNMP trap messages to
the same host, different combination of SNMP trap messages have to be configured.
Configuration
Examples
The following example specifies an SNMP host to receive the SNMP event trap:
Ruijie(config)# snmp-server host 192.168.12.219 public snmp
Related
Commands Command Description
snmp-server enable traps Enables to send the SNMP trap message.
Command Reference SNMP Commands
Platform
Description N/A
snmp-server location
Use this command to set the SNMP system location information in global configuration mode. Use
the no form of this command to remove the specified SNMP system location information.
snmp-server location text
no snmp-server location
Parameter
Description Parameter Description
text Character string describing the system information
Defaults Null
Command
mode Global configuration mode
Usage Guide N/A
Configuration
Examples
The following example specifies the system information:
Ruijie(config)# snmp-server location start-technology-city 4F of A Buliding
Related
Commands Command Description
snmp-sever contact Specifies the system contact information.
Platform
Description N/A
snmp-server packetsize
Use this command to specify the maximum size of the SNMP packet in global configuration mode.
Use the no form of this command to restore it to the default value.
snmp-server packetsize byte-count
no snmp-server packetsize
Parameter
Description Parameter Description
byte-count Packet size in the range from 484 to 17876 bytes
Command Reference SNMP Commands
Defaults 1472 bytes.
Command
mode Global configuration mode
Usage Guide None
Configuration
Examples
The following example specifies the maximum SNMP packet size as 1,492 bytes:
Ruijie(config)# snmp-server packetsize 1492
Related
Commands Command Description
snmp-server queue-length
Specifies the length of the SNMP trap message
queue.
Platform
Description N/A
server queue-length
Use this command to specify the length of the SNMP trap message queue in global configuration
mode.
snmp-server queue-length length
Parameter
Description Parameter Description
length Queue length in the range from 1 to 1000
Defaults 10.
Command
mode Global configuration mode
Usage Guide The SNMP trap message queue is used to store the SNMP trap messages. This command can be
used to adjust the size of the SNMP trap message queue to control the speed to sending the SNMP
trap messages.
The maximum speed to send messages is 4 messages per second.
Configuration
Examples
The following example specifies the speed to send the trap message as 4 messages per second:
Ruijie(config)# snmp-server queue-length 4
Related
Commands Command Description
snmp-server packetsize Specifies the maximum size of the SNMP
Command Reference SNMP Commands
packet.
Platform
Description N/A
snmp-server system-shutdown
Use this command to enable the SNMP system restart notification function in global configuration
mode. Use the no form of this command to disable the SNMP system notification function.
snmp-server system-shutdown
no snmp-server system-shutdown
Parameter
Description Parameter Description
N/A N/A
Defaults The SNMP system restart notification function disabled by default.
Command
mode Global configuration mode
Usage Guide This command is used to enable the SNMP system restart notification function. The RGOS sends the
SNMP trap messages to the NMS to notify the system restart before the device is reloaded or
rebooted.
Configuration
Examples
The following example enables the SNMP system restart notification function:
Ruijie(config)# snmp-server system-shutdown
Related
Commands Command Description
N/A N/A
Platform
Description N/A
snmp-server trap-source
Use this command to specify the source address of the SNMP trap message in global configuration
mode. Use the no form of this command to restore it to the default value.
snmp-server trap-source interface
no snmp-server trap-source
Parameter Parameter Description
Command Reference SNMP Commands
Description
interface Interface used as the source of the SNMP trap message.
Defaults The IP address of the interface where the NMP message is sent from is used as the source address.
Command
mode Global configuration mode
Usage Guide The IP address of the interface where the NMP message is sent from is just the source address by
default. For easy management and identification, this command can be used to fix a local IP address
as the SNMP source address.
Configuration
Examples
The following example specifies the IP address of Ethernet interface 0/1 as the source of the SNMP
trap message:
Ruijie(config)# snmp-server trap-source fastethernet 0/1
Related
Commands Command Description
snmp-server enable traps
Enables the sending of the SNMP trap
message.
snmp-server enable host Specifies the NMS host.
Platform
Description N/A
snmp-server trap-timeout
Use this command to define the retransmission timout time of the SNMP trap message in the global
configuration mode. The no form of this command is used to restore it to the default value.
snmp-server trap-timeout seconds
no snmp-server trap-timeout
Parameter
Description Parameter Description
seconds Timeout period (in seconds) in the range from 1 to 1000.
Defaults 30 seconds.
Command
mode Global configuration mode
Usage Guide N/A
Configuration The following example specifies the timeout period as 60 seconds.
Command Reference SNMP Commands
Examples Ruijie(config)# snmp-server trap-timeout 60
Related
Commands Command Description
snmp-server queue-length
Specifies the length of the SNMP trap message
queue.
snmp-server enable host Specifies the NMS host
Platform
Description N/A
snmp-server user
Use this command to set the SNMP user in global configuration mode. Use the no form of this
command to delete the user.
snmp-server user username groupname { v1 | v2 | v3 [ encrypted ] [ auth { md5 | sha }
auth-password ] [ priv des56 priv-password ] } [ access { [ ipv6 ipv6_aclname ] [ aclnum |
aclname } ] ]
no snmp-server user username groupname { v1 | v2c | v3 }
Parameter
Description Parameter Description
username User name
groupname Group name of the user.
v1 | v2 | v3
SNMP Version. But only SNMPv3 supports the following security
parameters.
encrypted
Input the password in cipher text mode.
In cipher text mode, input consecutive HEX alphanumeric characters.
Note that the authentication password of MD5 has a length of 16
bytes, while that of SHA has a length of 20 bytes. Two characters
make a byte. The encrypted key can only be used by the local SNMP
engine on the switch.
auth Specifies whether to use the authentication.
md5
Enables the MD5 authentication protocol. While the sha enables the
SHA authentication protocol.
auth-password
Password string (no more than 32 characters) used by the
authentication protocol. The system will change the password to the
corresponding authentication key.
priv
Specifies whether to use the encryption. des56 refers to 56-bit DES
encryption protocol.
priv-password
Password string (no more than 32 characters) used for encryption.
The system will change the password to the corresponding
encryption key.
Command Reference SNMP Commands
aclnum
Serial number of the ACL, which is associated with the specified
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
aclname
Name of the ACL, which is associated with the specified access list,
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
ipv6_aclname
Name of the IPv6 ACL, which is associated with the specified access
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB.
Defaults No user is set by default.
Command
mode Global configuration mode
Usage Guide N/A
Configuration
Examples
The following example configures an SNMPv3 user with MD5 authentication and DES encryption:
Ruijie(config)# snmp-server user user-2 mib2user v3 auth md5 authpassstr priv
des56 despassstr
Related
Commands Command Description
show snmp user Shows the SNMP user configuration.
Platform
Description N/A
snmp-server view
Use this command to set an SNMP view in global configuration mode. Use the no form of this
command to delete the view.
snmp-server view view-name oid-tree { include | exclude }
no snmp-server view view-name [ oid-tree ]
Parameter
Description Parameter Description
view-name View name
oid-tree The MIB object associated with the view is an MIB sub tree.
include Indicates that the sub trees of the MIB object are included in the view.
exclude
Indicates that the sub trees of the MIB object are excluded from the
view.
Command Reference SNMP Commands
Defaults A default view is set to access all MIB objects by default.
Command
mode Global configuration mode
Usage Guide None
Configuration
Examples
The following example sets a view that includes all MIB-2 sub-trees (oid is 1.3.6.1).
Ruijie(config)# snmp-server view mib2 1.3.6.1 include
Related
Commands Command Description
show snmp view Shows the view configuration.
Platform
Description N/A
snmp trap link-status
For this command, refer to the INTF-CREF.doc
Parameter
Description Parameter Description
N/A N/A
Defaults Refer to the INTF-CREF.doc.
Command
mode Refer to the INTF-CREF.doc.
Usage Guide Refer to the INTF-CREF.doc.
Configuration
Examples Refer to the INTF-CREF.doc
Related
Commands Command Description
N/A N/A
Platform
Description N/A
Command Reference SNMP Commands
show snmp
Use this comand to show the SNMP status information in privileged user mode.
show snmp [ mib | user | view | group | host ]
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode Privileged user mode
Usage Guide show snmp: Show the SNMP statistics.
show snmp mib: Show the SNMP MIBs supported in the system.
show snmp user: Show the SNMP user information.
show snmp view: Show the SNMP view information.
show snmp group: Show the SNMP user group information.
Show snmp host: show the display information configured by users.
Configuration
Examples
The following example shows an SNMP statistics:
Ruijie# show snmp
Chassis: 60FF60
0 SNMP packets input
0 Bad SNMP Version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled
SNMP agent: enabled
Command Reference SNMP Commands
Related
Commands Command Description
snmp-server chassis-id Specifies the SNMP system serial number.
Platform
Description N/A
Command Reference IPv6 Commands
IPv6 Commands
clear ipv6 neighbors
Use this command to clear the dynamically learned neighbors.
clrear ipv6 neighbors [ vrf vrf-name ]
Parameter Description Parameter
Description vrf-name VRF name
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide This command can be used to clear all the neighbors dynamically learned by the neighbor
discovering. Note that the static neighbors will not be cleared.
Configuration
Examples
Ruijie# clear ipv6 neighbors
Command Description
ipv6 neighbor Configure the neighbor.
show ipv6 neighbors Show the neighbor information.
Related
Commands
Platform
Description
N/A
ipv6 address
Use this command to configure an IPv6 address for a network interface. Use the no form of this
command to delete the configured address.
ipv6 address ipv6-address/prefix-length
ipv6 address ipv6-prefix/prefix-length eui-64
ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]
no ipv6 address
no ipv6 address ipv6-address/prefix-length
no ipv6 address ipv6-prefix/prefix-length eui-64
no ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]
Parameter Parameter Description
Command Reference IPv6 Commands
iipv6-prefix IPv6 address prefix in the format defined in RFC4291. The address
shall be in hex; the fields in the address shall be separated by comma,
and each field shall contain 16 bits.
ipv6-address IPv6 address in the format defined in RFC4291. The address shall be
in hex; the fields in the address shall be separated by comma, and
each field shall contain 16 bits.
prefix-length Length of the IPv6 prefix, the network address of the IPv6 address.
Description
prefix-name The general prefix name. Use the specified general prefix to generate
the interface address.
sub-bits The value of the sub-prefix bit and the host bit generates the interface
address combining with the general prefix. The value shall be in the
format defined in the RFC4291.
eui-64 The generated IPV6 address consists of the address prefix and the 64
bit interface ID
Defaults N/A
Command
Mode
Interface configuration mode
Usage Guide When an IPv6 interface is created and the link status is UP, the system will automatically generate a
local IP address for the interface.
The IPv6 address could also be generated using the general prefix. That is, the IPv6 address consists
of the general prefix and the sub-prefix and the host bit. The general prefix could be configured using
the ipv6 general-prefix command or may be learned through the DHCPv6 agent PD (Prefix
Discovery) function (please refer to the DHCPv6 Configuration). Use the sub-bits/prefix-length
parameter of this command to configure the sub-prefix and the host bit.
If no deleted address is specified when using no ipv6 address, all the manually configured
addresses will be deleted.
no ipv6 address ipv6-prefix/prefix-length eui-64 can be used to delete the addresses configured with
ipv6 address ipv6-prefix/prefix-length eui-64.
Configuration
Examples
Ruijie(config-if)# ipv6 address 2001:1::1/64
Ruijie(config-if)# no ipv6 address 2001:1::1/64
Ruijie(config-if)# ipv6 address 2002:1::1/64 eui-64
Ruijie(config-if)# no ipv6 address 2002:1::1/64 eui-64
Command Description Related
Commands N/A N/A
Platform
Description
N/A
Command Reference IPv6 Commands
ipv6 address autoconfig
Use this command to automatically configure an IPv6 stateless address for a network interface. Use
the no form of this command to delete the auto-configured address.
ipv6 address autoconfig[default]
no ipv6 address autoconfig
Parameter Description Parameter
Description default (Optional) If this keyword is configured, a default routing is generated. Note that only
one layer3 interface on the entire device is allowed to use the default keyword
Defaults N/A
Command
Mode
Interface configuration mode
Usage Guide The stateless automatic address configuration is that when receiving the RA (Route Advertisement)
message, the device could use the prefix information of the RA message to automatically generate
the EUI-64 interface address.
If the RA message contains the flag of the “other configurations”, the interface will obtain these “other
configurations” through the DHCPv6. The “other configurations” usually means the IPv6 address of
the DNS server, the IPv6 address of the NTP server, etc.
Use the no ipv6 address autoconfig command to delete the IPv6 address.
Configuration
Examples
Ruijie(config-if)# ipv6 address autoconfig default
Ruijie(config-if)# no ipv6 address autoconfig
Command Description Related
Commands ipv6 address ipv6-prefix/prefix-length [eui-64] Configure the IPv6 address for the interface
manually.
Platform
Description
N/A
ipv6 enable
Use this command to enable the IPv6 function on an interface. Use the no form of this command to
disable this function.
ipv6 enable
no ipv6 enable
Parameter Description Parameter
Description N/A N/A
Command Reference IPv6 Commands
Defaults Disabled.
Command
Mode
Interface configuration mode.
Usage Guide The IPv6 function of an interface can be enabled by configuring ipv6 enable or by configuring IPv6
address for the interface.
If an IPv6 address is configured for the interface, the IPv6 function will be enabled
automatically on the interface and cannot be disabled with no ipv6 enable.
Configuration
Examples
Ruijie(config-if)# ipv6 enable
Command Description Related
Commands show ipv6 interface Show the related information of an interface.
Platform
Description
N/A
ipv6 general-prefix
Use this command to configure the IPv6 general prefix in the global configuration mode.
ipv6 general-prefix prefix-name ipv6-prefix/prefix-length
no ipv6 general-prefix prefix-name ipv6-prefix/prefix-length
Parameter Description
prefix-name The general prefix name.
pv6-prefix The network prefix value of the general-prefix following the
format defined in RFC4291.
Parameter
Description
prefix-length The length of the general prefix.
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide It is convenient to number the network by using the general prefix, which defines a prefix so that many
longer specified prefixes could refer to it. These specified prefixes are updated whenever the general
prefix changes. If the network number changes, just modify the general prefix.
Command Reference IPv6 Commands
A general prefix could contain multiple prefixes.
These longer specified prefixes are usually used for the Ipv6 address configuration on the interface.
Configuration
Examples
The following example configures manually a general prefix as my-prefix.
Ruijie(config)# ipv6 general-prefix my-prefix 2001:1111:2222::/48
Command Description Related
Commands ipv6 address prefix-name
sub-bits/prefix-length
Configure the interface address using the general prefix.
show ipv6 general-prefix Show the general prefix.
Platform
Description
N/A
ipv6 hop-limit
Use this command to configure the default hop count to send unicast messages in the global
configuration mode.
ipv6 hop-limit value
no ipv6 hop-limit
Parameter Description Parameter
Description N/A N/A
Defaults The default is 64.
Command
Mode
Global configuration mode.
Usage Guide This command takes effect for the unicast messages only, not for multicast messages.
Configuration
Examples
Ruijie(config)# ipv6 hop-limit 100
Command Description Related
Commands N/A N/A
Platform
Description
N/A
ipv6 nd dad attempts
Use this command to set the number of the NS packets to be continuously sent for IPv6 address
Command Reference IPv6 Commands
collision check on the interface. Use the no form of this command to restore it to the default setting.
ipv6
no
Parameter Description Parameter
Description value
Number of the NS packets. If it is set to 0, it indicates that the IPv6
address collision check is disabled on the interface. The range is 0 to 600.
Defaults 1.
Command
Mode
Interface configuration mode.
Usage Guide When the interface is configured with a new IPv6 address, the address collision shall be checked
before the address is assigned to the interface, and the address shall be in the ”tentative” status. After
the address collision check is completed, if no collision is detected, the address can be used
normally; if collision is detected and the interface ID of the address is an EUI-64 ID, it indicates that
the link-layer address is repeated, and the system will automatically shut down the interface (that is,
to prohibit IPv6 operations on the interface). In this case, you shall modify and configure a new
address manually, and restart address collision check for the down/up interface. Whenever the state
of an interface changes from down to up, the address collision check function of the interface will be
enabled.
Configuration
Examples
Ruijie(config-if)# ipv6 nd dad attempts 3
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
ipv6 nd managed-config-flag
Use this command to set the “managed address configuration” flag bit of the RA message. Use the
no form of this command to remove the setting.
ipv6 nd managed-config-flag
no ipv6 nd managed-config-flag
Parameter Description Parameter
Description N/A N/A
Defaults None.
Command Reference IPv6 Commands
Command
Mode Interface configuration mode.
Usage Guide This flag determines whether the host that receives the RA message obtains an IP address through
stateful auto configuration. If the flag is set, the host obtains an IP address through stateful auto
configuration, otherwise it does not be used.
Configuration
Examples
Ruijie(config-if)# ipv6 nd managed-config-flag
Command Description Related
Commands show ipv6 interface Show the interface information.
ipv6 nd other-config-flag Set the flag for obtaining all information except IP address
through stateful auto configuration.
Platform
Description
N/A
ipv6 nd ns-interval
Use this command to set the interval for the interface to retransmitting NS (Neighbor Solicitation). Use
the no form of this command to restore it to the default setting.
ipv6 nd ns-interval milliseconds
no ipv6 nd ns-interval
Parameter Description Parameter
Description milliseconds Interval for retransmitting NS in the range of 1000 to 429467295 milliseconds
Defaults The default value in RA is 0 (unspecified); the interval for retransmitting NS is 1000ms(1s).
Command
mode
Interface configuration mode.
Usage Guide The configured value will be advertised through RA and will be used by the device itself. It is not
recommended to set a too short interval.
Configuration
Examples
Ruijie(conifig-if)# ipv6 nd ns-interval 2000
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
Command Reference IPv6 Commands
ipv6 nd other-config-flag
Use this command to set “other stateful configuration” flag bit of the RA message. Use the no form of
this command to delete the flag bit.
ipv6 nd other-config-flag
no ipv6 nd other-config-flag
Parameter Description Parameter
Description N/A N/A
Defaults The flag bit is not set by default.
Command
mode
Interface configuration mode.
Usage Guide With this flag bit set, the flag bit of the RA message sent by the device is set. After receiving this flag
bit, the host uses the dhcpv6 to acquire the information excluding the IPv6 address for the purpose of
automatic configuration. When the managed address configuration is set, the default other
stateful configuration is also set
Configuration
Examples
Ruijie(config-if)# ipv6 nd other-config-flag
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
ipv6 nd prefix
Use this command to configure the address prefix included in the RA. Use the no form of this
command to delete the set prefix or restore it to the default setting.
ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ valid-lifetime preferred-lifetime ] | [ at valid-date
preferred-date ] | [infinite | preferred-lifetime ] ] [no-advertise] | [[ off-link ] [ no-autoconfig ] ]
no ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ off-link ] [ no-autoconfig ] |
[ no-advertise ] ]
Parameter Description
ipv6-prefix IPv6 network ID following the format defined in RFC4291
prefix-length Length of the IPv6 prefix. “/” shall be added in front of the prefix
valid-lifetime Valid lifetime of the RA prefix received by the host
Parameter
Description
preferred-lifetime Preferred lifetime of the RA prefix received by the host
Command Reference IPv6 Commands
at valid-date preferred-date Set the dead line for the valid lifetime and that of the preferred
lifetime, in day, month, year, hour, minute.
infinite Indicate that the prefix is always valid.
default Set the default prefix.
no-advertise The prefix will not be advertised by the device.
off-link
When the host sends an IPv6 packet, if the prefix of the destination
address matches the set prefix, it is considered that the destination is
on-link and is directly reachable. If this option is set, it indicates that
the prefix is not used for on-link judgment.
no-autoconfig
Indicate that the RA prefix received by the host cannot be used for
auto address configuration.
Defaults By default, the advertised prefix is the one set with ipv6 address on the interface. The default
parameters of the prefix configured in the RA are as follows:
valid-lifetime: 2592000s (30 days)
preferred-lifetime: 604800s (7 days),
The prefix is advertised and is used for on-link judgment and auto address configuration.
Command
Mode
Interface configuration mode.
Usage Guide This command can be used to configure the parameters of each prefix, including whether to advertise
the prefix. By default, the prefix advertised in RA is the one set with ipv6 address on the interface. To
add other prefixes, use this command.
ipv6 nd prefix default
Set the default parameters to be used by the interface. If no parameter is specified for an added
prefix, the parameters set with ipv6 nd prefix default will be used. Note that after a parameter is
specified for the prefix, the default configuration will not be used. That is to say, the configuration of
the prefix cannot be modified with ipv6 nd prefix default; only the prefix that uses all the default
configurations can be modified with this command.
at valid-date preferred-date
The valid lifetime of a prefix can be specified in two ways. One way is to specify a fixed time for each
prefix in the RA; the other way is to specify the end time (in this mode, the valid lifetime of the prefix
sent in RA will be gradually reduced until the end time is 0).
Command Reference IPv6 Commands
Configuration
Examples
The following example adds a prefix for SVI 1.
Ruijie(config)# interface vlan 1
Ruijie(conifig-if)# ipv6 nd prefix 2001::/64 infinite 2592000
The following example sets the default prefix parameters for SVI 1 (they cannot be used for auto
address configuration):
Ruijie(config)# interface vlan 1
Ruijie(config-if)# ipv6 prefix default no-autoconfig
If no parameter is specified, the default parameters will be used, and the prefix cannot be used for
auto address configuration.
Command Description Related
Commands show ipv6 interface Show the RA information of an interface.
Platform
Description
N/A
ipv6 nd ra-hoplimit
Use this command to set the hopcount of the RA message. Use the no form of this command to
restore it to the default setting.
ipv6 nd ra-hoplimit value
no ipv6 nd ra-hoplimit
Parameter Description Parameter
Description value Hopcount
Defaults The default value is 64.
Command
Mode
Interface configuration mode.
Usage Guide It is used to set the hopcount of the RA message.
Configuration
Examples
Ruijie(config -if)# ipv6 nd ra-hoplimit 110
Command Description
show ipv6 interface Show the interface information.
ipv6 nd ra-lifetime Set the lifetime of the device.
Related
Commands
ipv6 nd ra-interval Set the interval of sending the RA message.
ipv6 nd ra-mtu Set the MTU of the RA message.
Command Reference IPv6 Commands
Platform
Description
N/A
ipv6 nd ra-interval
Use this command to set the interval of sending the RA. Use the no form of this command to restore it
to the default setting.
ipv6 nd ra-interval { seconds | min-max min_value max_value }
no ipv6 nd ra-interva l
Parameter Description
seconds Interval of sending the RA message in seconds, 3-1800s.
min-max Maximum and minimum interval sending the RA message in seconds
min_value Minimum interval sending the RA message in seconds
Parameter
Description
max_value Maximum interval sending the RA message in seconds
Defaults 200s. The actual interval of sending the RA message will be fluctuated 20% based on 200s.
Command
Mode
Interface configuration mode.
Usage Guide If the device serves as the default device, the set interval shall not be longer than the lifetime of the
device. Besides, to ensure other devices along the link occupies network bandwidth while sending the
RA message, the actual interval for sending the RA message will be fluctuated 20% based on the set
value.
If the key word min-max is specified, the actual interval for sending the packet will be chosen
between the range of minimum value and maximum value.
Configuration
Examples
Ruijie(conifig-if)# ipv6 nd ra-interval 110
Ruijie(config-if)# ipv6 nd ra-interval min-max 110 120
Command Description
show ipv6 interface Show the interface information.
ipv6 nd ra-lifetime Set the lifetime of the device.
ipv6 nd ra-hoplimit Set the hopfcount of the RA message.
Related
Commands
ipv6 nd ra-mtu Set the MTU of the RA message.
Platform
Description
N/A
Command Reference IPv6 Commands
ipv6 nd ra-lifetime
Use this command to set the device lifetime of the RA sent on the interface. Use the no form of this
command to restore it to the default setting.
ipv6 nd ra-lifetime seconds
no ipv6 nd ra-lifetime
Parameter Description Parameter
Description seconds Default life time of the device on the interface, 0-9000.
Defaults 1800s.
Command
Mode
Interface configuration mode.
Usage Guide The router lifetime field is available in each RA. It specifies the time during which the hosts along the
link of the interface can select the device as the default device. If the value is set to 0, the device will
not serve as the default device any longer. If it is not set to 0, it shall be larger than or equal to the
interval of sending the RA (ra-interval
Configuration
Examples
Ruijie(conifig-if)# ipv6 nd ra-lifetime 2000
Command Description
show ipv6 interface Show the interface information.
ipv6 nd ra-interval Set the interval of sending the RA.
ipv6 nd ra-hoplimit Set the hopcount of the RA.
Related
Commands
ipv6 nd ra-mtu Set the MTU of the RA.
Platform
Description
N/A
ipv6 nd ra-mtu
Use this command to set the MTU of the RA message. Use the no form of this command to restore it
to the default setting.
ipv6 nd ra-mtu value
no ipv6 nd ra-mtu
Parameter Description
value MTU value, 0-4294967295.
Parameter
Description
Defaults IPv6 MTU value of the network interface.
Command Reference IPv6 Commands
Command
Mode
Interface configuration mode.
Usage Guide If it is specified as 0, the RA will not have the MTU option
Configuration
Examples
Ruijie(config -if)# ipv6 nd ra-mtu 1400
Command Description Related
Commands show ipv6 interface Show the interface information.
ipv6 nd ra-lifetime Set the lifetime of the device.
ipv6 nd ra-interval Set the interval of sending the RA message.
ipv6 nd ra-hoplimit Set the hopcount of the RA message.
Platform
Description
N/A
ipv6 nd reachable-time
Use this command to set the reachable time after the interface checks the reachability of the neighbor
dynamically learned through NDP. Use the no form of this command to restore it to the default
setting.
ipv6 nd reachable-time milliseconds
no ipv6 nd reachable-time
Parameter Description Parameter
Description milliseconds Reachable time for the neighbor in the range 0 to 3600000 milliseconds.
Defaults The default value in RA is 0 (unspecified); the reachable time for the neighbor is 30000ms(30s) when
the device discovers the neighbor.
Command
Mode
Interface configuration mode.
Usage Guide The device checks the unreachable neighbor through the set time. A shorter time means that the
device can check the neighbor failure more quickly, but more network bandwidth and device resource
will be occupied. Therefore, it is not recommended to set a too short reachable time.
The configured value will be advertised through RA and will be used by the device itself. If the value is
set to 0, it indicates that the time is not specified, that is, the default value is used.
According to RFC4861, the actual time to reach neighbor is not consistent with the configured value,
ranging from 0.5*configured value to 1.5*configured value.
Configuration Ruijie(config-if)# ipv6 nd reachable-time 1000000
Command Reference IPv6 Commands
Examples
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
ipv6 nd suppress-ra
Use this command to disable the interface from sending the RA message. Use the no form of this
command to enable the function.
ipv6 nd suppress-ra
no ipv6 nd suppress-ra
Parameter Description Parameter
Description N/A N/A
Defaults The RA message is not sent on the IPv6 interface by default.
Command
Mode
Interface configuration mode.
Usage Guide This command suppresses the sending of the RA message on an interface.
Configuration
Examples
Ruijie(config-if)# ipv6 nd suppress-ra
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
ipv6 neighbor
Use this command to configure a static neighbor. Use the no form of this command to remove the
setting.
ipv6 neighbor ipv6-address interface-id hardware-address
no ipv6 neighbor ipv6-address interface-id
Parameter Description Parameter
Description ipv6-address IPv6 address of the neighbor. It must follow the address format defined
Command Reference IPv6 Commands
in RFC4291.
interface-id Network interface of the neighbor (including routed Port, L3 AP
interface, or SVI interface).
hardware-address Hardware address of the neighbor. It shall be a 48-bit MAC address in
the format of XXXX.XXXX.XXXX, where “X” is a hexadecimal number.
Defaults No static neighbor is configured.
Command
Mode
Global configuration mode.
Usage Guide Similar to the ARP command, the static neighbor can only be configured on an IPv6 protocol enabled
interface.
If the neighbor to be configured has been learned through NDP and has been stored in the neighbor
list, the dynamically generated neighbor will be automatically switched to a static one. The configured
static neighbor is always in the Reachable status.
Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP.
Use show ipv6 neighbors to view the neighbor information.
Configuration
Examples
Ruijie(config)# ipv6 neighbor 2001::1 vlan 1 00d0.f811.1111
Command Description
show ipv6 neighbors Show the neighbor information.
Related
Commands
clear ipv6 neighbors Clear the neighbors learned dynamically.
Platform
Description
N/A
ipv6 ns-linklocal-src
Use this command to set the local address of the link as the source IP address to send neighbor
requests. When no ipv6 ns-linklocal-src is executed, the global IP address will be taken as the
source address to send neighbor requests.
ipv6 ns-linklocal-src
no ipv6 ns-linklocal-src
Parameter Description Parameter
Description N/A N/A
Defaults The local address of the link is always used as the source address to send neighbor requests.
Command
Mode
Global configuration mode.
Command Reference IPv6 Commands
Usage Guide None.
Configuration
Examples
Ruijie(config)# no ipv6 ns-linklocal-src
Command Description Related
Commands N/A N/A
Platform
Description
N/A
ipv6 redirects
Use this command to control whether to send ICMPv6 redirect message when the switch receives
and forwards an IPv6 packet through an interface. Use the no form of this command to disable the
function.
ipv6 redirects
no ipv6 redirects
Parameter Description Parameter
Description N/A N/A
Defaults The ICMPv6 redirect message is permitted to be sent on the IPV6 interface.
Command
Mode
Interface configuration mode.
Usage Guide The transmission rate of any ICMPv6 error message is limited. By default, it is 10pps.
Configuration
Examples
Ruijie(config-if)# ipv6 redirects
Command Description Related
Commands show ipv6 interface Show the interface information.
Platform
Description
N/A
ipv6 route
Use this command to configure an IPv6 static route. Use the no form of this command to remove the
setting.
Command Reference IPv6 Commands
ipv6 route [ vrf vrf-name ] ipv6-prefix/prefix-length {ipv6-address [ nexthop-vrf { vrf-name1 |
default } ] | interface-id [ ipv6-address [ nexthop-vrf { vrf-name1 | default } ] ] } [distance ] [ weight
number ]
Parameter Description Parameter
Description ipv6-prefix
IPV6 network number following the format specified in RFC4291.
prefix-length: Length of the IPv6 prefix. “/” must be added in front of the prefix.
vrf-name
VRF in the routes, which must be the multi-protocol VRF with the IPv6 address
family configured.
ipv6-address
Next-hop IP address to the destination address. It shall be in the format defined in
RFC4291. The next-hop IP address and the next-hop outgoing interface can be
specified at the same time. Note that if the next-hop IP address is a link-local
address, the outgoing interface must be specified.
vrf-name1
VRF in the nexthop, which must be the multi-protocol VRF with the IPv6 address
family configured.
default The nexthop belongs to the global.
interface-id
The outgoing interface toward the destination network. If the static route is
configured with the outgoing interface but no next-hop address is specified, the
destination address will be considered on the link connected with the outgoing
interface; that is to say, the static route will be treated as a directly-connected
route. Note that if the destination network or next-hop address is a link-local
address, the outgoing interface must be specified.
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide
If the destination IP address or next-hop IP address is a link-local IP address, the outgoing interface
must be specified; if the destination address is a link-local IP address, the next-hop must be also a
link-local IP address. When configuring a route, the destination IP address and the next-hop IP
address shall not be a multicast address. If both the next hop IP address and the outgoing interface
are specified, the outgoing interface of the direct route that matches the next hop shall be the same
as the configured outgoing interface. 2.
Configuration
Examples
Ruijie(config)# ipv6 route 2001::/64 vlan 1 2005::1
Command Description Related
Commands show ipv6 route Show the IPv6 route information.
Platform
Description
N/A
Command Reference IPv6 Commands
ipv6 source-route
Use this command to forward the IPv6 packet with route header. The no form of this command
disables the forwarding.
ipv6 source-route
no ipv6 source-route
Parameter Description Parameter
Description N/A N/A
Defaults Disabled.
Command
Mode
Global configuration mode.
Usage Guide Because of the potential security of the header of type 0 route, it’s easy for the device to suffer from
the denial service attack. Therefore, forwarding the IPv6 packet with route header is disabled by
default. However, the IPv6 packet of route header with type 0 that destined to the local machine is
processed.
Configuration
Examples
Ruijie(config)# no ipv6 source-route
Command Description Related
Commands N/A N/A
Platform
Description
N/A
ping ipv6
Use this command to diagnose the connectivity of the IPv6 network.
ping ipv6 [ ipv6-address ]
Parameter Description Parameter
Description ipv6-address Destination IP address to be diagnosed.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide If no destination address is entered in the command, the user interaction mode is entered, and you
Command Reference IPv6 Commands
can specify the parameters. The following table shows the meanings of symbols returned by the ping
command:
Signs Meaning
! The response to each request sent is received.
. The response to the request sent is not received within a regulated time.
U The device has no route to the destination host.
R Parameter error.
F No system resource is available.
A The source IP address of the packet is not selected.
D The network interface is in the Down status, or the IPv6 function is disabled on the the
interface (for example, IP address collision is detected).
? Unknown error
Configuration
Examples
Ruijie# ping ipv6 fec0::1
Command Description Related
Commands N/A N/A
Platform
Description
N/A
show ipv6 general-prefix
Use this command to show the information of the general prefix.
show ipv6 general-prefix
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to show the information of the general prefix including the manually configured
and learned from the DHCPv6 agent.
Configuration
Examples
The following example shows the information of the general prefix
Ruijie# show ipv6 general-prefix
There is 1 general prefix.
Command Reference IPv6 Commands
IPv6 general prefix my-prefix, acquired via Manual configuration
2001:1111:2222::/48
2001:1111:3333::/48
Command Description Related
Commands ipv6 general-prefix Configure the general prefix.
Platform
Description
N/A
show ipv6 interface
Use this command to show the IPv6 interface information.
show ipv6 interface [ interface-id ] [ ra-info ]
Parameter Description
interface-id Interface (including Ethernet interface, aggregate port, or SVI)
Parameter
Description
ra-info Show the RA information of the interface.
Defaults N/A v
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to show the address configuration, ND configuration and other information of an
IPv6 interface.
Configuration
Examples
Ruijie# show ipv6 interface vlan 1
Interface vlan 1 is Up, ifindex: 2001
address(es):
Mac Address: 00:00:00:00:00:01
INET6: fe80::200:ff:fe00:1 , subnet is fe80::/64
Joined group address(es):
ff01:1::1
ff02:1::1
ff02:1::2
ff02:1::1:ff00:1
INET6: 2001::1 , subnet is 2001::/64 [TENTATIVE]
Joined group address(es):
ff01:1::1
ff02:1::1
ff02:1::2
ff02:1::1:ff00:1
Command Reference IPv6 Commands
MTU is 1500 bytes
ICMP error messages limited to one every 10 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds<240--160>
ND device advertisements live for 1800 seconds
The following line is included in the above information: 2001::1, subnet is 2001::/64 [TENTATIVE].
The flag bit in the [ ] following the INET6 address is explained as follows:
Flag Meaning
ANYCAST Indicate that the address is an anycast address.
TENTATIVE Indicate that the DAD is underway. The address is a tentative
before the DAD is completed.
DUPLICATED Indicate that a duplicate address exists.
DEPRECATED Indicate that the preferred lifetime of the address expires.
NODAD Indicate that no DAD is implemented for the address.
AUTOIFID Indicate that the interface ID of the address is automatically
generated by the system, which is usually an EUI-64 ID.
Ruijie# show ipv6 interface vlan 1 ra-info
vlan 1: DOWN
RA timer is stopped
waits: 0, initcount: 3
statistics: RA(out/in/inconsistent): 4/0/0, RS(input): 0
Link-layer address: 00:00:00:00:00:01
Physical MTU: 1500
ND device advertisements live for 1800 seconds
ND device advertisements are sent every 200 seconds<240--160>
Flags: !M!O, Adv MTU: 1500
ND advertised reachable time is 0 milliseconds
ND advertised retransmit time is 0 milliseconds
ND advertised CurHopLimit is 64
Prefixes: (total: 1)
fec0:1:1:1::/64(Def,Auto,vltime: 2592000, pltime: 604800, flags: LA)
Description of the fields in ra-info:
Field Meaning
Command Reference IPv6 Commands
RA timer is stopped (on) Indicate whether the RA timer is started.
waits Indicate that the RS is received but the number of the responses is
not available.
initcount Indicate the number of the RAs when the RA timer is restarted.
RA(out/in/ inconsistent)
out: Indicate the number of the RAs that are sent.
In: Indicate the number of the RAs that are received.
inconsistent: Indicate the number of the received RAs in which the
parameters are different from those contained in the RAs advertised
by the device.
RS(input) Indicate the number of the RSs that are received.
Link-layer address Link-layer address of the interface.
Physical MTU Link MTU of the interface.
!M | M !M indicates the managed-config-flag bit in the RA is not set.
M: Conversely
!O | O !O indicates the other-config-flag bit in the RA is not set.
O: Conversely
Description of the fields of the prefix list in ra-info:
Field Meaning
total The number of the prefixes of the interface.
fec0:1:1:1::/64 A specific prefix.
Def Indicate that the interfaces use the default prefix.
Auto | CFG
Auto: Indicate the prefix is automatically generated after the
interface is configured with the corresponding IPv6 address. CFG:
Indicate that the prefix is manually configured.
!Adv Indicate that the prefix will not be advertised.
vltime Valid lifetime of the prefix, measured in seconds.
pltime Preferred lifetime of the prefix, measured in seconds.
L | !L L: Indicate that the on-link in the prefix is set.
!L: Indicate that the on-link in the prefix is not set.
A | !A A: Indicate that the auto-configure in the prefix is set. !A: It indicates
that the auto-configure in the prefix is not set.
Command Description Related
Commands N/A N/A
Platform
Description
N/A
Command Reference IPv6 Commands
show ipv6 neighbors
Use this command to show the IPv6 neighbors.
show ipv6 neighbors [ vrf vrf-name ] [ verbose ] [ interface-id ] [ ipv6-address ]
show ipv6 neighbors static
Parameter Description
verbose Show the neighbor details.
static Show the validity status of static neighbors.
vrf-name VRF name
interface-id Show the neighbors of the specified interface.
Parameter
Description
ipv6-addres Show the neighbors of the specified IPv6 address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Show the neighbors on the SVI 1 interface:
Ruijie# show ipv6 neighbors vlan 1
IPv6 Address Linklayer Addr Interface
fa::1 00d0.0000.0002 vlan 1
fe80::200:ff:fe00:2 00d0.0000.0002 vlan 1
Show the neighbor details:
Ruijie# show ipv6 neighbors verbose
IPv6 Address Linklayer Addr Interface
2001::1 00d0.f800.0001 vlan 1
State: Reach/H Age: - asked: 0
fe80::200:ff:fe00:1 00d0.f800.0001 vlan 1
State: Reach/H Age: - asked: 0
Field Meaning
IPv6
Address IPv6 address of the Neighbor
Linklayer
Addr Link address, namely, MAC address. If it is not available, incomplete is displayed.
Interface Interface the neighbor locates.
State
State of the neighbor: state/H(R)
The values of STATE are as below:
INCMP (Incomplete): The address resolution of the neighbor is underway, the NS is
sent, but the NA is not received.
Command Reference IPv6 Commands
REACH (Reachable): The switch is connected with the neighbor. In this state, the
switch takes no additional action when sending packets to the neighbor.
STALE: The reachable time of the neighbor expires. In this state, the switch takes no
additional action; it only starts NUD (Neighbor Unreachability Detection) after a
packet is sent to the neighbor.
DELAY: A packet is sent to the neighbor in STALE state. If the STALE state changes
to DELAY, DELAY will be changed to PROBE if no neighbor reachability notification
is received within DELAY_FIRST_PROBE_TIME seconds (5s), the NS will be sent to
the neighbor to start NUD.
PROBE: The NUD is started to check the reachability of the neighbor. The NS
packets are sent to the neighbor at the interval of RetransTimer milliseconds until the
response from the neighbor is received or the number of the sent NSs hits
MAX_UNICAST_SOLICIT(3).
?: Unknown state.
/R—indicate the neighbor is considered as a device
/H: The neighbor is a host.
Age
The reachable time of the neighbor. ’-‘ indicates that the neighbor is always
reachable. Note that the reachability of a static neighbor depends on the actual
situation. ’expired’ indicates that the lifetime of the neighbor expires, and the
neighbor is waits for the triggering of NUD.
Asked The number of the NSs that are sent to the neighbor for the resolution of the link
address of the neighbor.
Configuration
Examples
Ruijie# show ipv6 neighbors
Command Description Related
Commands ipv6 neighbor Configure a neighbor.
Platform
Description
N/A
show ipv6 route
Use this command to show the IPv6 route information.
show ipv6 route [ vrf vrf-name ] [ static | local | connected ]
Parameter Description
static Show the static routes.
vrf-name VRF name
local Show the local routes.
Parameter
Description
connected Show the directly-connected routes.
Command Reference IPv6 Commands
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to view the routing table.
Configuration
Examples
Ruijie# show ipv6 route
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - IIS interarea
L ::1/128
via ::1, loopback 0
C fa::/64
via ::, vlan 1
L fa::1/128
via ::, loopback 0
C 2001::/64
via ::, vlan 2
L 2001::1/128
via ::, loopback 0
L fe80::/10
via ::1, Null0
C fe80::/64
via ::, vlan 1
L fe80::200:ff:fe00:1/128
via ::, loopback 0
C fe80::/64
via ::, vlan 2
Command Description Related
Commands ipv6 route Configure a static route.
Platform
Description
N/A
show ipv6 router
In the IPv6 network, some neighbor routers send out the advertisement messages. Use this
command to show the neighbor routers and the advertisement.
show ipv6 routers [ interface-type interface-number ]
Command Reference IPv6 Commands
Parameter Description Parameter
Description interface-type
interface-number ( Optional ) Show the routing advertisement of the specified interface.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to show the neighbor routers and the routing advertisement. If no interface is
specified, all the routing advertisement of this device will be displayed.
Configuration
Examples
The following example shows the IPv6 router
Ruijie# show ipv6 routers
Router FE80::2D0:F8FF:FEC1:C6E1 on VLAN 2, last update 62 sec
Hops 64, Lifetime 1800 sec, ManagedFlag=0, OtherFlag=0, MTU=1500
Preference=MEDIUM
Reachable time 0 msec, Retransmit time 0 msec
Prefix 6001:3::/64 onlink autoconfig
Valid lifetime 2592000 sec, preferred lifetime 604800 sec
Prefix 6001:2::/64 onlink autoconfig
Valid lifetime 2592000 sec, preferred lifetime 604800 sec
Command Description Related
Commands N/A N/A
Platform
Description
N/A
tunnel destination
Use this command to specify the destination address for the tunnel. Use the no form of this command
to remove the setting.
tunnel destination { ipv4-address | ipv6-address }
no tunnel destination
Parameter Description
ipv4-address Destination address of the tunnel, namely the IPv4 address in the
other side of the tunnel.
Parameter
Description
ipv6-address
Destination address of the tunnel. With the tunnel mode ipv6
configured, the destination address of the tunnel shall be the
IPv6 address. If the tunnel mode gre ipv6 is configured, the
Command Reference IPv6 Commands
destination address of the tunnel shall also be the IPv6 address.
Defaults The destination address encapsulated by the tunnel is not configured by default.
Command
Mode
Interface configuration mode.
Usage Guide A device shall not be configured multiple tunnels with the same encapsulation type, source address
and destination address.
Note: For auto tunnel 6to4 and isatap, the destination address shall not be configured.
Configuration
Examples
The following example configures an IPv6 manual tunnel.
Ruijie(config)# interface tunnel 1
Ruijie(config-if)# tunnel mode ipv6ip
Ruijie(config-if)# tunnel source vlan 1
Ruijie(config-if)# tunnel destination 192.168.5.1
Command Description
tunnel source Configure the source IP address of the tunnel.
tunnel mode Configure the mode of a tunnel.
Related
Commands
Tunnel ttl Configure the TTL of the tunnel.
Platform
Description
N/A
Command Reference DHCPv6 Relay Agent Commands
DHCPv6 Relay Agent Commands
show ipv6 dhcp relay destination
Use this command to display the destination addresses of the DHCPv6 Relay Agent.
show ipv6 dhcp relay destination
Parameter
Description Parameter Description
all Displays all destination addresses and interfaces.
interface interface-type
interface-number
Displays the destination addresses and interfaces configured for a
specified interface.
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide You can use this command to check that DHCPv6 packets received by the DHCPv6 Relay interface
are forwarded to specified destination addresses.
Configuration
Examples
The following example displays the configuration of all destination addresses on the Relay Agent.
Ruijie# show ipv6 dhcp relay destination all
Interface: Vlan1 // Interface where DHCPv6 Relay is enabled
Destination address(es) Output Interface
3001::2
FF02::1:2 Vlan2
//Specify the destination address. //Specify the outbound interface.
Related
Commands Command Description
N/A N/A
Platform
Description N/A
show ipv6 dhcp relay statistics
Use this command to view the statistics on transmitted packets after DHCPv6 Relay is enabled on a
device.
show ipv6 dhcp relay statistics
Command Reference DHCPv6 Relay Agent Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide You can use this command to view the statistics on transmitted packets after DHCPv6 Relay is
enabled on the device.
Configuration
Examples
The following example queries DHCPv6 Relay Agent statistics.
Ruijie# show ipv6 dhcp relay statistics
Packets dropped : 2 //Discard packets that are not processed
Error : 2 //Discard error packets
Excess of rate limit : 0 //Discard excessive packets
Packets received : 28 //Count the received DHCPv6 packets
SOLICIT : 0
REQUEST : 0
CONFIRM : 0
RENEW : 0
REBIND : 0
RELEASE : 0
DECLINE : 0
INFORMATION-REQUEST : 14
RELAY-FORWARD : 0
RELAY-REPLY : 14
Packets sent : 16 //Count the sent DHCPv6 packets
ADVERTISE : 0
RECONFIGURE : 0
REPLY : 8
RELAY-FORWARD : 8
RELAY-REPLY : 0
Related
Commands Command Description
clear ipv6 dhcp relay statistics Clears the statistics.
Platform
Description N/A
Command Reference DHCPv6 Relay Agent Commands
clear ipv6 dhcp relay statistics
Use this command to clear the statistics on transmitted packets after DHCPv6 Relay is enabled on a
device.
clear ipv6 dhcp relay statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide You can use this command to clear the statistics on transmitted packets after DHCPv6 Relay is
enabled on the device.
Configuration
Examples
The following example clears the statistics on DHCPv6 Relay Agent packets (all packets counts
become 0 after this command is executed).
Ruijie#clear ipv6 dhcp relay statistics
Related
Commands Command Description
show ipv6 dhcp relay statistics
Displays the statistics on DHCPv6 Relay
packets.
Platform
Description N/A
Command Reference DHCPv6 Commands
DHCPv6 Commands
dns-server
Use this command to set the DNS Server list information for the DHCPv6 Server. Use the no form of
this command to remove the configuration.
dns-server ipv6-address
no dns-server ipv6-address
Parameter Description Parameter
Description ipv6-address Set the IPv6 address or the DNS server.
Defaults By default, no DNS server list is configured.
Command
Mode
DHCPv6 pool configuration mode.
Usage Guide To configure several DNS Server addresses, use the dns-server command for several times. The
newly-configured DNS Server address will not overwrite the former ones.
Configuration
Examples Ruijie(config-dhcp)# dns-server 2008:1::1
Command Description Related
Commands domain-name Set the DHCPv6 domain name information.
ipv6 dhcp pool Set a DHCPv6 pool.
Platform
Description
N/A
domain-name
Use this command to set the domain name for the DHCPv6 server. Use the no form of this command
to remove the domain name.
domain-name domain
no domain-name domain
Parameter Description Parameter
Description domain Set the domain name.
Defaults By default, no domain name is configured.
Command Reference DHCPv6 Commands
Command
Mode
DHCPv6 pool configuration mode.
Usage Guide To configure several domain names, use the domain-name command for several times. The
newly-configured domain name will not overwrite the former ones.
Configuration
Examples
Ruijie(config-dhcp)# domain-name example.com
Command Description
dns-server Set the DHCPv6 DNS server list.
Related
Commands
ipv6 dhcp pool Set the DHCPv6 pool.
Platform
Description
N/A
iana-address prefix
Use this command to set the IA_NA address prefix for the DHCPv6 Server. Use the no form of this
command to remove the IA_NA address prefix.
iana-address prefix ipv6-prefix/prefix-length [ lifetime { valid-lifetime | preferred-lifetime } ]
no iana-address prefix
Parameter Description
ipv6-prefix/prefix-length Set the IPv6 prefix and prefix length.
lifetime
Set the lifetime of the address allocated to the client.
With the keyword lifetime configured, both parameters valid-lifetime
amd preferred-lifetime shall be configured.
valid-lifetime Set the valid lifetime of using the allocated address for the client.
Parameter
Description
preferred-lifetime Set the preferred lifetime of the address allocated to the client.
Defaults By default, no IA_NA address prefix is configured;
The default valid-lifetime is 3600s (1 hour).
The default preferred-lifetime is 3600s (1 hour).
Command
Mode
DHCPv6 pool configuration mode.
Usage Guide This command is used to set the IA_NA address prefix for the DHCPv6 Server, and allocate the
IA_NA address to the client.
The Server attempts to allocate a usable address within the IA_NA address prefix range to the client
upon receiving the IA_NA address request from the client. That address will be allocated to other
clients if the client no longer uses that address again.
Command Reference DHCPv6 Commands
Configuration
Examples
Ruijie(config-dhcp)# iana-address prefix 2008:50::/64 lifetime 2000
1000Ruijie(config-if)# ip verify urpf drop-rate notify
Command Description
ipv6 dhcp pool Set the DHCPv6 pool.
Related
Commands
show ipv6 dhcp pool Show the DHCPv6 pool information.
Platform
Description
N/A
ipv6 dhcp client pd
Use this command to enable the DHCPv6 client and request for the prefix address information. Use
the no form of this command to disable the prefix address request
ipv6 dhcp client pd prefix-name [ rapid-commit ]
no ipv6 dhcp client pd
Parameter Description
prefix-name Define the IPv6 prefix name.
rapid-commit Allow the simplified interaction process.
Parameter
Description
Defaults Disabled
Command
Mode
Interface configuration mode.
Usage Guide With the DHCPv6 client mode disabled, use this command to enable the DHCPv6 client mode on the
interface.
With the ipv6 dhcp client pd command enabled, the DHCPv6 client sends the prefix request to the
DHCPv6 server
The keyword rapid-commit allows the client and the server two-message interaction process. With
this keyword configured, the solicit message sent by the client includes the rapid-commit item.
Configuration
Examples
The following example shows how to enable the prefix information request on the interface:
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp client pd pd_name
Command Description Related
Commands clear ipv6 dhcp client
Reset the DHCPv6 client function on the
interface.
show ipv6 dhcp interface Show the DHCPv6 interface configuration.
Command Reference DHCPv6 Commands
Platform
Description
N/A
ipv6 dhcp pool
Use this command to set the DHCPv6 server pool. Use the no form of this command to remove the
information pool.
ipv6 dhcp pool poolname
no ipv6 dhcp pool poolname
Parameter Description Parameter
Description poolname Define the DHCPv6 pool name.
Defaults By default, the DHCPv6 server information pool is not configured
Command
Mode
Global configuration mode.
Usage Guide This command is used to create a DHCPv6 Server configuration pool. After configuring this
command, it enters the DHCPv6 pool configuration mode, in which the administrator can set the pool
parameters, such as the prefix and the DNS Server information, ect.
After creating the DHCPv6 Server configuration pool, use the ipv6 dhcp server command to
associate the pool and the DHCPv6 Server on one interface.
Configuration
Examples
Ruijie# configure terminal
Ruijie(config)# ipv6 dhcp pool pool1
Ruijie(config-dhcp)#
Command Description Related
Commands ipv6 dhcp server
Enable the DHCPv6 server function on the
interface.
show ipv6 dhcp pool Show the DHCPv6 pool information.
Platform
Description
N/A
ipv6 dhcp relay destination
Use this command to enable the DHCPv6 relay service and configure the destination address to
which the messages are forwarded. Use the no form of this command to delete the forwarding
address configuration or delete the output interface configuration of the forwarding address.
ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]
no ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]
Command Reference DHCPv6 Commands
Parameter Description
ipv6-address Set the DHCPv6 relay destination address.
Parameter
Description
interface-type
interface-number
Specify the forwarding output interface if the forwarding address is
the local link address.
Defaults The relay and forward function is disabled, and the forwarding destination address and the output
interface are not configured.
Command
Mode
Interface configuration mode.
Usage Guide With the DHCPv6 relay service enabled on the interface, the DHCPv6 message received on the
interface can be forwarded to all configured destination addresses. Those received DHCPv6
messages can be from the client, or from another DHCPv6 relay service.
The forwarding output interface configuration is mandatory if the forwarding address is the local link
address or the multicast address. And the forwarding output interface configuration is optional if the
forwarding address is global or station unicast or multicast address.
Without the forwarding output interface configured, the interface is selected according to the unicast
or multicast routing protocol.
The relay reply message can be forwarded without the relay function enabled on the interface.
The DHCPv6 Relay Destination command can only be enabled on layer-3 interface.
When Destination is configured as multicast address, it must be followed by outgoing
interface ID.
Configuration
Examples
The following example shows how to set the relay destination address on the interface:
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp relay destination 2008:1::1
The following example specifies the destination as 3001::2 while enabling DHCPv6 Relay service on
the interface Interface VLAN1.
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#interface vlan 1
Ruijie(config-if)#ipv6 dhcp relay destination 3001::2
Ruijie(config-if)#end
Command Description Related
Commands show ipv6 dhcp interface Show the DHCPv6 interface information.
show ipv6 dhcp relay destination { all |
interface interface-type interface-number }
Show the destination address list of the current
Relay.
Command Reference DHCPv6 Commands
Platform
Description
N/A
ipv6 dhcp server
Use this command to enable the DHCPv6 server on the interface. Use the no form of this command
to disable this function.
ipv6 dhcp server poolname [ rapid-commit ] [ preference value ]
no ipv6 dhcp server
Parameter Description
poolname Define the DHCPv6 pool name.
Parameter
Description
rapid-commit Allow to use the two-message interaction process.
preference value
Set the preference level for the advertise message. The valid range is
1-100 and the default value is 0.
Defaults Disabled
Command
Mode
Interface configuration mode.
Usage Guide Use the ipv6 dhcp server command to enable the DHCPv6 service.
Configuring the keyword rapid-commit allows the two-message interaction for the server and the
client when allocating the address prefix and setting other configurations. With this keyword
configured, if the client solicit message includes the rapid-commit item, the DHCPv6 Server will send
the Reply message immediately.
DHCPv6 Server carries with the preference value when sending the advertise message if the
preference level is not 0.
If the preference level is 0, the advertise message will not include this field. If the preference value is
255, the client sends the request message to the server to obtain the configurations.
DHCPv6 Client, Server and Relay functions are exclusive, and only one of the functions can be
configured on the interface.
Configuration
Examples
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp server pool1
Command Description
ipv6 dhcp pool Set the DHCPv6 pool.
Related
Commands
show ipv6 dhcp pool Show the DHCPv6 pool information.
Platform
Description
N/A
Command Reference DHCPv6 Commands
prefix-delegation
Use this command to set the static binding address prefix information for the DHCPv6 server. Use the
no form of this command to delete the address prefix information.
prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]
no prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]
Parameter Description
ipv6-prefix/prefix-length Set the IPv6 address prefix and the prefix length.
client-DUID Set the client DUID.
Parameter
Description
lifetime Set the interval of using the prefix by the client.
Defaults By default, no address prefix information is configured.
Command
Mode
DHCPv6 pool configuration mode.
Usage Guide The administrator uses this command to manually set the address prefix information list for the client
IA_PD and set the valid lifetime for those prefixes.
The parameter client-DUID allocates the address prefix to the first IA_PD in the specified client.
Before receiving the request message for the address prefix from the client, DHCPv6 Server
searches for the corresponding static binding first. If it succeeds, the server returns to the static
binding; otherwise, the server will attempt to allocate the address prefix from other prefix information
sources.
Configuration
Examples
Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac
Command Description
ipv6 dhcp pool Set a DHCPv6 pool.
ipv6 local pool Set a local prefix pool.
Related
Commands
prefix-delegation pool Specify the DHCPv6 local prefix pool.
show ipv6 dhcp pool Show the DHCPv6 pool information.
Platform
Description
N/A
prefix-delegation pool
Use this command to specify the local prefix pool for the DHCPv6 server. Use the no form of this
command to remove the local prefix pool.
prefix-delegation pool poolname [ lifetime { valid-lifetime | preferred-lifetime } ]
no prefix-delegation pool poolname
Command Reference DHCPv6 Commands
Parameter Description Parameter
Description poolname Set the local prefix pool name.
lifetime
Set the lifetime of the address prefix allocated to the client.
With the keyword lifetime configured, both parameters valid-lifetime and
preferred-lifetime shall be configured.
valid-lifetime Set the valid lifetime of using the allocated address prefix for the client.
preferred-lifetime Set the preferred lifetime of the address prefix allocated to the client.
Defaults By default, no address prefix pool is specified.
The default valid-lifetime is 3600s (1 hour).
The default preferred-lifetime is 3600s (1 hour).
Command
Mode
DHCPv6 pool configuration mode.
Usage Guide Use the prefix-delegation pool command to set the prefix pool for the DHCPv6 Server and allocate
the prefix to the client. Use the ipv6 local pool command to set the prefix pool.
The Server attempts to allocate a usable prefix from the prefix pool to the client upon receiving the
prefix request from the client. That prefix will be allocated to other clients if the client no longer uses
that prefix again.
Configuration
Examples
Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime 2000
1000
Command Description
ipv6 dhcp pool Set a DHCPv6 pool.
ipv6 local pool Set a local prefix pool.
prefix-delegation Statically bind the client with the address prefix.
Related
Commands
show ipv6 dhcp pool Show the DHCPv6 pool information.
Platform
Description
N/A
show ipv6 dhcp
Use this command to show the device DUID.
show ipv6 dhcp
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command Reference DHCPv6 Commands
Command
Mode
Privileged EXEC mode.
Usage Guide The server, client and relay on the same device share a DUID.
Configuration
Examples
Ruijie# show ipv6 dhcp
This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0
Command Description
N/A N/A
Related
Commands
Platform
Description
N/A
show ipv6 dhcp binding
Use this command to show the address binding information for the DHCPv6 server.
show ipv6 dhcp binding [ ipv6-address ]
Parameter Description Parameter
Description ipv6-address Set the IPv6 address or the prefix.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide If the ipv6-address is not specified, all prefixes dynamically assigned to the client and IANA address
binding information are shown. If the ipv6-address is specified, the binding information for the
specified address is shown.
Configuration
Examples
Ruijie# show ipv6 dhcp binding
Client DUID: 00:03:00:01:00:d0:f8:22:33:ac
IAPD: iaid 0, T1 1800, T2 2880
Prefix: 2001:20::/72
preferred lifetime 3600, valid lifetime 3600
expires at Jan 1 2008 2:23 (3600 seconds)
Command Description Related
Commands N/A N/A
Platform
Description
N/A
Command Reference DHCPv6 Commands
show ipv6 dhcp conflict
Use this command to show the DHCPv6 address conflicts.
show ipv6 dhcp conflict
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show ipv6 dhcp conflict
2008:50::2 declined
2108:50::2 declined
2008:50::3 declined
2008:50::4 declined
2108:50::4 declined
2008:50::5 declined
Command Description
clear ipv6 dhcp conflict Clear address conflicts.
Related
Commands
Platform
Description
N/A
show ipv6 dhcp interface
Use this command to show the DHCPv6 interface information.
show ipv6 dhcp interface [ interface-name ]
Parameter Description Parameter
Description interface-name Set the interface name.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide If the interface-name is not specified, all DHCPv6 interface information is shown. If the
Command Reference DHCPv6 Commands
interface-name is specified, the specified interface information is shown.
Configuration
Examples
Ruijie# show ipv6 dhcp interface
VLAN 1 is in server mode
Server pool dhcp-pool
Rapid-Commit: disable
Command Description Related
Commands N/A N/A
Platform
Description
N/A
show ipv6 dhcp pool
Use this command to show the DHCPv6 pool information
show ipv6 dhcp pool [ poolname ]
Parameter Description Parameter
Description poolname Define the DHCPv6 pool name.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide If the poolname is not specified, all DHCPv6 interface information is shown. If the poolname is
specified, the specified interface information is shown.
Configuration
Examples
Ruijie# show ipv6 dhcp pool
DHCPv6 pool: dhcp-pool
DNS server: 2011:1::1
DNS server: 2011:1::2
Domain name: example.com
Command Description Related
Commands N/A N/A
Platform
Description
N/A
Command Reference DHCPv6 Commands
show ipv6 dhcp relay destination
Use this command to show the destination information about DHCPv6 Relay Agent.
show ipv6 dhcp relay destination
Parameter Description Parameter
description all
Show information about all configured destination addresses and
relay exits.
interface interface-type
interface-number
Show the relay destination address and relay exit configured for a
specified interface.
Defaults -
Command
mode
Privileged mode
Usage
guideline
Use this command to show the relay destination address to which DHCPv6 packets sent from a client
are forwarded through a specified relay exit (optional) by an interface for which the relay function has
been enabled by Relay Agent.
Examples The example below shows all the relay destination addresses.
Ruijie# show ipv6 dhcp relay destination all
Interface: Vlan1 //interface for which the relay function has been enabled
Destination address(es) Output Interface
3001::2
FF02::1:2 //specified destination address Vlan2 //specified
relay exit
Command Description Related
commands N/A N/A
Platform
description
N/A
show ipv6 dhcp relay statistics
Use this command to show the packet sending and receiving condition with the DHCPv6 Relay
function enabled.
show ipv6 dhcp relay statistics
Parameter Description Parameter
Description N/A. N/A.
Command Reference DHCPv6 Commands
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A.
Configuration
Examples
Ruijie# show ipv6 dhcp relay statistics
Packets dropped : 2
Error : 2
Excess of rate limit : 0
Packets received : 28
SOLICIT : 0
REQUEST : 0
CONFIRM : 0
RENEW : 0
REBIND : 0
RELEASE : 0
DECLINE : 0
INFORMATION-REQUEST : 14
RELAY-FORWARD : 0
RELAY-REPLY : 14
Packets sent : 16
ADVERTISE : 0
RECONFIGURE : 0
REPLY : 8
RELAY-FORWARD : 8
RELAY-REPLY : 0
Command Description Related
Commands clear ipv6 dhcp relay statistics Clear the statistical information.
Platform
Description
N/A
show ipv6 dhcp server statistics
Use this command to show the DHCPv6 server statistics.
show ipv6 dhcp server statistics
Parameter Description Parameter
Description N/A N/A
Command Reference DHCPv6 Commands
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide This command is used to show the DHCPv6 server statistics.
Configuration
Examples
Ruijie# show ipv6 dhcp server statistics
DHCPv6 server statistics:
Packet statistics:
DHCPv6 packets received: 7
Solicit received: 7
Request received: 0
Confirm received: 0
Renew received: 0
Rebind received: 0
Release received: 0
Decline received: 0
Relay-forward received: 0
Information-request received: 0
Unknown message type received: 0
Error message received: 0
DHCPv6 packet sent: 0
Advertise sent: 0
Reply sent: 0
Relay-reply sent: 0
Send reply error: 0
Send packet error: 0
Binding statistics:
Bindings generated: 0
IAPD assigned: 0
IANA assigned: 0
Configuration statistics:
DHCPv6 server interface: 1
DHCPv6 pool: 0
DHCPv6 iapd binding: 0
Command Description Related
Commands ipv6 dhcp pool Set a DHCPv6 pool.
Command Reference DHCPv6 Commands
Platform
Description
N/A
Command Reference DHCPv6 Server Commands
DHCPv6 Server Commands
clear ipv6 dhcp binding
use the clear ipv6 dhcp binding command to delete a DHCPv6 binding. .
clear ipv6 dhcp binding [ipv6-address]
Parameter Description Parameter
Description ipv6-address IPv6 address or prefix
Defaults N/A
Command
Mode Privileged EXEC mode
Function
Description
If you do not specify ipv6-address, all DHCPv6 bindings will be deleted. If you specify ipv6-address,
only the DHCPv6 binding for the specified IPv6 address will be deleted.
Configuration
Examples
The following example deletes a DHCPv6 binding.
Ruijie# clear ipv6 dhcp binding
Command Description Related
Commands N/A N/A
Platform
Description N/A
dns-server
Use this command in DHCPv6 pool configuration mode to configure a DNS server list for the
DHCPv6 server.
Use the no form of this command to delete a DNS server list.
dns-server ipv6-address
no dns-server ipv6-address
Parameter Parameter Description
Command Reference DHCPv6 Server Commands
Description ipv6-address IP address of a DNS server
Defaults No DNS server list is configured along with the DHCPv6 server configuration pool.
Command
Mode DHCPv6 pool configuration mode
Function
Description
You can use the dns-server command for multiple times to configure multiple DNS server
addresses. Old DNS server addresses will not be overwritten by new ones.
Configuration
Examples
The following example configures a DNS server address.
Ruijie(config-dhcp)# dns-server 2008:1::1
Command Description Related
Commands domain-name Configures the domain name of the DHCPv6 server.
ipv6 dhcp pool Configures a DHCPv6 pool.
Platform
Description N/A
domain-name
Use this command in DHCPv6 pool configuration mode to configure the domain name of a
DHCPv6 server.
Use the no form of this command to delete a domain name.
domain-name domain
no domain-name domain
Parameter Description Parameter
Description domain Domain name to be assigned to a user
Defaults No domain name is configured along with the DCHPv6 server configuration pool.
Command
Mode DHCPv6 pool configuration mode
Function
Description
You can use the domain-name command for multiple times to create multiple domain names. Old
domain names will not be overwritten by new ones.
Command Reference DHCPv6 Server Commands
Configuration
Examples
The following example creates a domain name.
Ruijie(config-dhcp)# domain-name example.com
Command Description Related
Commands dns-server Configures a DNS server list for the DHCPv6 server.
ipv6 dhcp pool Configures a DHCPv6 pool.
Platform
Description N/A
iana-address prefix
Use this command to configure an IA_NA address prefix for a DHCPv6 server.
Use the no form of this command to delete an IA_NA address prefix.
iana-address prefix ipv6-prefix/prefix-length [lifetime {valid-lifetime | preferred-lifetime}]
no iana-address prefix
Parameter Description
ipv6-prefix/prefix-length Prefix and prefix length of an IPv6 address
lifetime
Validity time of the address assigned to a client. This
keyword must be configured together with valid-lifetime
and preferred-lifetime.
valid-lifetime Remaining validity time of an address
Parameter
Description
preferred-lifetime Time, in which an address is preferentially assigned to a
client
Default
Configuration
The IA_NA address prefix is not configured by default.
The default value of valid-lifetime is 3600(s) (an hour).
The default value of preferred-lifetime is 3600(s) (an hour).
Command
Mode DHCPv6 pool configuration mode
Function
Description
You can use the iana-address prefix command to configure IA_NA address prefixes for a
DHCPv6 server, some of which are assigned to clients.
When receiving an IA_NA address request from a client, the DHCPv6 server selects an available
address according to the IA_NA address prefix range to the client. When the client does not use
this address, the DHCPv6 server assigns the address to another client.
Command Reference DHCPv6 Server Commands
Configuration
Examples
The following example configures an IA_NA address prefix for the DHCPv6 server.
Ruijie(config-dhcp)# iana-address prefix 2008:50::/64 lifetime 2000 1000
Command Description Related
Commands ipv6 dhcp pool Configures a DHCPv6 pool.
show ipv6 dhcp pool Displays the information of the DHCPv6 pool
Platform
Description N/A
ipv6 dhcp server
Use this command to enable the DHCPv6 server service on an interface.
Use the no form of this command to disable the DHCPv6 server service on the interface.
ipv6 dhcp server poolname [rapid-commit] [preference value]
no ipv6 dhcp server
Parameter Description
poolname Name of a DHCPv6 pool
rapid-commit Two-message interaction permitted
Parameter
Description
preference value Priority of an advertise message. The value range is 1 to
100, with 0 as the default value.
Default
Configuration The DHCPv6 server service is disabled by default.
Command
Mode Interface configuration mode
Function
Description
Use the ipv6 dhcp server command to enable the DHCPv6 service on an interface.
When the rapid-commit keyword is configured, two-message interaction with a client is permitted
when address prefixes or other configuration is being allocated. If the Solicit packet from a client
contains the rapid-commit option, the DHCPv6 server will respond with a Reply message directly.
When preference is set to a non-zero value, the advertise message sent by the DHCPv6 server
will contain the preference option. The preference option determines whether a DHCPv6 server will
be selected. If an advertise message does not contain this option, the client regards that the
preference of the DHCPv6 server is 0. If the preference of a DHCPv6 server is 255, the client
directly sends a request message to the server.
The DHCPv6 Client, Server, and Relay are mutually exclusive. An interface can work only in one
Command Reference DHCPv6 Server Commands
mode at the same time.
Configuration
Examples
The following example configures the DHCPv6 Server service on an interface.
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp server pool1
Command Description Related
Commands ipv6 dhcp pool Configures a DHCPv6 pool.
show ipv6 dhcp interface Displays the DHCPv6 interface information.
Platform
Description N/A
ipv6 dhcp pool
Use this command to configure a DHCPv6 server configuration pool.
Use the no form of this command to delete a configuration pool.
ipv6 dhcp pool poolname
no ipv6 dhcp pool poolname
Parameter Description Parameter
Description poolname Name of a DHCPv6 pool
Default
Configuration No DHCPv6 server configuration pool is configured by default.
Command
Mode Global configuration mode
Function
Description
You can use the ipv6 dhcp pool command to create a DHCPv6 server configuration pool. After
using this command, you may enter DHCPv6 pool configuration mode, in which you can set the
pool parameters such as the prefix and DNS server.
After creating a DHCPv6 server configuration pool, you can use the ipv6 dhcp server command to
associate the pool with the DHCPv6 Server service on an interface.
Configuration
Examples
The following example creates a DHCPv6 server configuration pool.
Ruijie# configure terminal
Ruijie(config)# ipv6 dhcp pool pool1
Ruijie(config-dhcp)#
Command Reference DHCPv6 Server Commands
Command Description Related
Commands ipv6 dhcp server Enables the DHCPv6 Server service on an interface.
show ipv6 dhcp pool Displays the information of the DHCPv6 pool.
Platform
Description N/A
prefix-delegation
Use this command to configure the address prefix for a static binding on the DHCPv6 server.
Use the no form of this command to delete an address prefix.
prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]
no prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]
Parameter Description
ipv6-prefix/prefix-length Prefix and prefix length of an IPv6 address
client-DUID DUID of a client
Parameter
Description
lifetime Time interval, at which a client is delegated to use a prefix
Default
Configuration No address prefix is configured by default.
Command
Mode DHCPv6 pool configuration mode
Function
Description
You can use the prefix-delegation command to manually configure a prefix list for an IA_PD of a
client and specify the validity time of these prefixes.
The client-DUID parameter specifies the client, to which an address prefix is assigned. The
address prefix will be assigned to the first IA_PD of the client.
When receiving a request for a prefix from a client, the DHCPv6 server queries whether the
corresponding static binding exists. If the static binding exists, the DHCPv6 server returns it to the
client; otherwise, the DHCPv6 server assigns an address prefix to the client.
Configuration
Examples
The following example configures an address prefix for a client.
Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac
Related Command Description
Command Reference DHCPv6 Server Commands
Commands ipv6 dhcp pool Configures a DHCPv6 pool.
ipv6 local pool Configures a local prefix pool.
prefix-delegation pool Assigns a local prefix pool for a DHCPv6 client.
show ipv6 dhcp pool Displays the information of the DHCPv6 pool.
Platform
Description N/A
prefix-delegation pool
Use this command to specify a local prefix pool for a DHCPv6 server.
Use the no form of this command to delete a local prefix pool.
prefix-delegation pool poolname [lifetime {valid-lifetime | preferred-lifetime}]
no prefix-delegation pool poolname
Parameter Description
poolname Name of a user-defined local prefix pool
lifetime
Validity time of the prefix assigned to a client. This keyword
must be configured together with valid-lifetime and
preferred-lifetime.
valid-lifetime Remaining validity time of a prefix
Parameter
Description
preferred-lifetime Time, in which a prefix is preferentially assigned to a client
Default
Configuration
No address prefix pool is configured by default.
The default value of valid-lifetime is 3600(s) (an hour).
The default value of preferred-lifetime is 3600(s) (an hour).
Command
Mode DHCPv6 pool configuration mode
Function
Description
You can use prefix-delegation pool command to configure a prefix pool for a DHCPv6 server.
Then the DHCPv6 server assigns prefixes to clients. The ipv6 local pool command is used to
configure a prefix pool.
When receiving a prefix request from a client, the DHCPv6 server selects an available prefix from
the prefix pool and assigns it to the client. When the client does not use this prefix, the DHCPv6
server assigns the prefix to another client.
Configuration
Examples
The following example configures a prefix pool for a DHCPv6 server.
Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime
Command Reference DHCPv6 Server Commands
2000 1000
Command Description Related
Commands ipv6 dhcp pool Configures a DHCPv6 pool.
ipv6 local pool Configures a local prefix pool.
prefix-delegation Statically binds an address prefix for a client.
show ipv6 dhcp pool Displays the information of the DHCPv6 pool.
Platform
Description N/A
show ipv6 dhcp
Use this command to display the DUID of a device.
show ipv6 dhcp
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode Privileged EXEC mode
Function
Description The DHCPv6 server, client, and relay on the same device share a DUID.
Configuration
Examples
The following example displays the DUID of a device.
Ruijie# show ipv6 dhcp
This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0
Command Description Related
Commands N/A N/A
Platform
Description N/A
Command Reference DHCPv6 Server Commands
show ipv6 dhcp binding
Use this command to display the address bindings of a DHCPv6 server.
show ipv6 dhcp binding [ipv6-address]
Parameter Description Parameter
Description ipv6-address IPv6 address or prefix
Default
Configuration N/A
Command
Mode Privileged EXEC mode
Function
Description
If you do not specify ipv6-address, all the prefixes dynamically assigned to clients and IANA
address bindings are displayed. If you specify ipv6-address, only the DHCPv6 binding for the
specified IPv6 address will be displayed.
Configuration
Examples
The following example displays DHCPv6 bindings.
Ruijie# show ipv6 dhcp binding
Client DUID: 00:03:00:01:00:d0:f8:22:33:ac
IAPD: iaid 0, T1 1800, T2 2880
Prefix: 2001:20::/72
preferred lifetime 3600, valid lifetime 3600
expires at Jan 1 2008 2:23 (3600 seconds)
Command Description Related
Commands N/A N/A
Platform
Description N/A
show ipv6 dhcp interface
Use this command to display the DHCPv6 interface information.
show ipv6 dhcp interface [interface-name]
Parameter Parameter Description
Command Reference DHCPv6 Server Commands
Description interface-name Interface name
Default
Configuration N/A
Command
Mode Privileged EXEC mode
Function
Description
If you do not specify interface-name, all DHCPv6 interfaces will be displayed. If you specify
interface-name, only information of the specified interface will be displayed.
Configuration
Examples
The following example displays DHCPv6 interfaces.
Ruijie# show ipv6 dhcp interface
VLAN 1 is in server mode
Server pool dhcp-pool
Rapid-Commit: disable
Command Description Related
Commands N/A N/A
Platform
Description N/A
show ipv6 dhcp pool
Use this command to display the DHCPv6 pool information.
show ipv6 dhcp pool [poolname]
Parameter Description Parameter
Description poolname Name of a DHCPv6 pool
Default
Configuration N/A
Command
Mode Privileged EXEC mode
Function If you do not specify poolname, all DHCPv6 pools will be displayed. If you specify poolname, only
Command Reference DHCPv6 Server Commands
Description information of the specified pool will be displayed.
Configuration
Examples
The following example displays DHCPv6 pools.
Ruijie# show ipv6 dhcp pool
DHCPv6 pool: dhcp-pool
DNS server: 2011:1::1
DNS server: 2011:1::2
Domain name: example.com
Command Description Related
Commands ipv6 dhcp pool Configures a DHCPv6 pool.
Platform
Description N/A
Command Reference Port-based Flow Control Commands
Port-based Flow Control Commands
arp-check
Use this command to enable the ARP check function to avoid arp-spoofing in the network. Use the no
form of this command to disable the ARP check function.
arp-check
no arp-check
Parameter
Description Parameter Description
arp-check Enables the ARP check function.
Defaults The ARP check function on the interface is disabled by default.
Command
Mode
Interface configuration mode and WLANSEC configuration mode.
Usage Guide Firstly, the ARP check function generates the trusted user information (IP or IP+MAC). Then it checks
whether the Sender IP field or the <Sender IP, Sender MAC> field of all ARP packets on the logic
interface matches with the trusted user information, and the ARP packets that not match with the
trusted user information will be discarded.
Configuration
Examples
The following example shows how to enable the ARP check function in interface configuration mode:
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# switchport port-security
The following example shows how to enable the ARP check function in WLANSEC configuration
mode:
Ruijie(config)#wlansec 1
Ruijie(config-wlansec)#arp-check
Related
Commands Command Description
show arp-check list Displays the ARP check entries.
Platform
Description
N/A.
show arp-check list
Use this command to show the ARP check entries.
Command Reference Port-based Flow Control Commands
show interface { interface-type interface-number } arp-check list
Parameter
Description Parameter Description
interface-type
interface-number
Displays the ARP check entries of a designated interface.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide If the parameter is not specified, all ARP check entries will be displayed.
Configuration
Examples
The following example shows how to display the ARP check entries on the interface:
Ruijie#show interfaces arp-check list:
Interface Sender MAC Sender IP Policy Source
---------- -------------- --------------- --------------------
Gi 0/1 00D0.F800.0003 192.168.1.3 address-bind
The following example shows how to display the ARP check entries in the WLANSEC configuration
mode:
Ruijie#show interfaces arp list
Interface Sender MAC Sender IP Policy Source
---------- -------------- --------------- --------------------
WLAN 1 0026.c79f.6e4c 172.168.131.1 web-auth
Related
Commands Command Description
arp-check Enables the ARP check function.
Platform
Description
N/A
Command Reference 802.1X Commands
802.1X Commands
dot1x auto-req
Use this command to configure 802.1X active authentication function in the global configuration
command. The no form of this command disables the automatic authentication function.
dot1x auto-req
no dot1x auto-req
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled
Command
Mode
Global configuration mode.
Usage Guide This command is used to actively initiate 802.1x authentication on the device. Use the show dot1x
auto-req command to view the setting of this function.
Configuration
Examples
The following example sets the device to automatically initiate 802.1x authentication:
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req
Ruijie(config)# end
Ruijie(config)# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Second
Related
Commands Command Description
show dot1x auto-req
Shows the automatic authentication request
information.
Platform
Description
N/A
Command Reference 802.1X Commands
dot1x auto-req packet-num
Use this command to set the number of authentication request messages that the device
automatically sends. The no form is used to specify the default value.
dot1x auto-req packet-num num
no dot1x auto-req packet-num
Parameter
Description Parameter Description
num
Number of authentication request messages that the device sends
automatically.
Defaults num = 0; namely the packets are sent continuously
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x auto-req command to view the setting of this function.
Configuration
Examples
The following example sets the device to automatically initiate 802.1x authentication continuously:
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req packet-num 0
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Second
Related
Commands Command Description
show dot1x auto-req
Shows the automatic authentication request
information.
Platform
Description
N/A
Command Reference 802.1X Commands
dot1x auto-req req-interval
Use this command to set the interval of sending authentication request messages. The no form is
used to specify the default value
dot1x auto-req req-interval interval
no dot1x auto-req req-interval
Parameter
Description Parameter Description
interval
The time interval of actively sending authentication request
messages by the device, in second.
Defaults 30 seconds
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x auto-req command to view the setting of this function.
Configuration
Examples
The following example sets the time interval of sending authentication request message to 60s:
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req req-interval 60
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 60 Second
Related
Commands Command Description
show dot1x auto-req Shows the authentication request information.
Platform
Description
N/A
dot1x auto-req user-detect
Use this command to disable the device to send authentication request message after receiving the
response. The no form is used to specify the default value.
Command Reference 802.1X Commands
dot1x auto-req user-detect
no dot1x auto-req user-detect
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x auto-req command to view the setting of this function.
Configuration
Examples
The following example sets the device to stop sending authentication request messages after the
user gets on line:
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req user-detect
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 60 Second
Related
Commands Command Description
show dot1x auto-req Shows the authentication request information.
Platform
Description
N/A
dot1x timeout quiet-period
Use this command to set the time (in seconds) for the device to wait before reauthentication after the
authentication failure (for example, incorrect authentication password). Use the no form of the
command to restore it tothe default setting.
dot1x timeout quiet-period seconds
no dot1x timeout quiet-period
Parameter
Description Parameter Description
seconds Time (in seconds) for the device to wait before reauthentication after
Command Reference 802.1X Commands
the authentication failure The range is from 0 to 65535, in seconds.
Defaults 10 seconds.
Command
Mode
Global configuration mode.
Usage Guide When authentication fails, the solicitator must wait for a period of time before reauthentication.
Configuration
Examples
The following example sets the time for waiting re-authentication to 1000s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout quiet-period 1000
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode: EAP-MD5
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 3600 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 3 sec
Supplicant Timeout: 3 sec
Server Timeout: 5 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x timeout re-authperiod
Use this command to set re-authentication interval when re-authentication is enabled. Use the no
form of the command to restore it to the default value.
dot1x timeout re-authperiod seconds
Command Reference 802.1X Commands
no dot1x timeout re-authperiod
Parameter
Description Parameter Description
seconds Period of authentication. The range is from 0 to 65535 seconds.
Defaults 3600 seconds
Command
Mode
Global configuration mode.
Usage Guide Use show dot1x command to show the 802.1X configuration.
Configuration
Examples
The following example sets the period of re-authentication to 1000s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout re-authperiod 1000
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode EAP-MD5
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 3 sec
Supplicant Timeout: 3 sec
Server Timeout: 5 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
Command Reference 802.1X Commands
dot1x timeout server-timeout
Use this command to set the authentication timeout between the device and the authentication
server. Use the no form of the command to restore it to the default setting.
dot1x timeout server-timeout seconds
no dot1x timeout server-timeout
Parameter
Description Parameter Description
seconds
Authentication timeout between the device and the authentication
server. The range is 0 to 65535 seconds.
Defaults 5 seconds.
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show 802.1X configuration.
Configuration
Examples
The following example sets the authentication timeout of the authentication server to 10s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout server-timeout 10
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode: EAP-MD5
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 3 sec
Supplicant Timeout: 3 sec
Server Timeout: 10 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
Command Reference 802.1X Commands
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x timeout supp-timeout
Use this command to set the authentication timeout between the device and the supplicant. Use the
no form of the command to restore it to the default setting.
dot1x timeout supp-timeout seconds
no dot1x timeout supp-timeout
Parameter
Description Parameter Description
seconds
Authentication timeout between the device and the supplicant The
range is from 0 to 65535 seconds.
Defaults 3 seconds.
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show 802.1X configuration.
Configuration
Examples
The following example sets the authentication timeout between the device and
the supplicant to 10s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout supp-timeout 10
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication Mode: EAP-MD5
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 3 sec
Supplicant Timeout: 10 sec
Server Timeout: 10 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Command Reference 802.1X Commands
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x timeout tx-period
Use this command to set the interval of transmitting packets after the maximum number of
retransmission times is configured. Use the no form of the command to restore it to the default
setting.
dot1x timeout tx-period seconds
no dot1x timeout tx-period
Parameter
Description Parameter Description
seconds
Authentication timeout between the device and the supplicant The
range is from 0 to 65535 seconds.
Defaults 3 seconds.
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show 802.1X configuration.
Configuration
Examples
The following example sets the interval of retransmission to 10s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout tx-period 10
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode: EAP-MD5
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 10 sec
Command Reference 802.1X Commands
Supplicant Timeout: 10 sec
Server Timeout: 10 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x re-authentication
Use this command to enable periodic re-authentication. Use the no form of the command to restore it
to the the default setting.
dot1x re-authentication
no dot1x re-authentication
Parameter
Description Parameter Description
N/A N/A
Defaults By default, it is not required to re-authenticate the supplicant periodically.
Command
Mode
Global configuration mode.
Usage Guide This command will reauthenticate the supplicant periodically after he passes the authentication. Use
show dot1x command to show 802.1X configuration.
Configuration
Examples
The following example enables the re-authentication function:
Ruijie# configure terminal
Ruijie(config)# dot1x re-authentication
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode: EAP-MD5
Command Reference 802.1X Commands
Authed User Number: 0
Re-authen Enabled: Enabled
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 10 sec
Supplicant Timeout: 10 sec
Server Timeout: 10 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x reauth-max
Use this command to set the maximum number of supplicant reauthentication. Use the no form of
the command to restore it to the default value.
dot1x reauth-max count
no dot1x reauth-max
Parameter
Description Parameter Description
count Maximum number of re-authentications
Defaults The default value is 3.
Command
Mode
Global configuration mode.
Usage Guide Use this command to specify the maximum number of supplicant reauthentications. Use show dot1x
command to show 802.1X configuration.
Configuration
Examples
The following example sets the maximum number of re-authentications:
Ruijie# configure terminal
Command Reference 802.1X Commands
Ruijie(config)# dot1x reauth-max 5
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status: Enabled
Authentication mode: EAP-MD5
Authed User Number: 0
Re-authen Enabled: Enable
Re-authen Period: 1000 sec
Quiet Timer Period: 1000 sec
Tx Timer Period: 10 sec
Supplicant Timeout: 10 sec
Server Timeout: 10 sec
Re-authen Max: 5 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x authentication
In case the AAA is enabled, the authentication with the AAA server must be performed for logon.
Use this command to associate logon authentication method list. The no form of this command is
used to delete the logon authentication method list.
dot1x authentication {default | list-name}
no dot1x authentication {default | list-name}
Parameter
Description Parameter Description
default Name of the default authentication method list
list-name Name of the method list available
Defaults If AAA is enabled, the AAA service is used for login authentication by default.
Command
Mode
Global configuration mode.
Command Reference 802.1X Commands
Usage Guide If the AAA security server is enabled, this command is used for the login authentication with the
specified method list.
Configuration
Examples
The following command demonstrates how to associate a method list on the interface and use group
radius for authentication.
Ruijie# configure terminal
Ruijie(config)# aaa new-model
Ruijie(config)# aaa authentication dot1x default group radius
Ruijie(config)# interface fastEthernet0/1
Ruijie(config-if)# dot1x authentication default
Ruijie(config-if)# end
Ruijie#
Related
Commands Command Description
aaa new-model Enables the AAA security service.
aaa authentication dot1x
Configures the logon authentication method
list.
Platform
Description
N/A
dot1x auth-mode
Use this command to specify the 802.1x authentication mode.
dot1x auth-mode {eap-md5 | chap | pap}
no dot1x auth-mode
Parameter
Description Parameter Description
eap-md5 Uses EAP-MD5 for authentication.
chap Uses CHAP for authentication.
pap Uses PAP for authentication.
Defaults EAP-MD5 mode.
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show the 802.1X configurations.
Command Reference 802.1X Commands
Configuration
Examples
This example shows how to configure the 802.1X authentication mode:
Ruijie# configure terminal
Ruijie(config)# dot1x auth-mode chap
Ruijie(config)# end
Ruijie#
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x default
Use this command to restore part of 802.1x parameters to the default value.
dot1x default }
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show the 802.1X configurations.
Configuration
Examples
The following example sets the default parameters of 802.1x:
Ruijie# configure terminal
Ruijie(config)# dot1x default
Ruijie(config)# end
Ruijie# end
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform N/A
Command Reference 802.1X Commands
Description
dot1x dhcp-before-acct enable
Use this command to enable the accounting function after the IP address is obtained in global
configuration mode. Use the no form of this command to restore the default settings.
dot1x dhcp-before-acct enable
no dot1x dhcp-before-acct enable
Parameter
Description Parameter Description
N/A N/A
Defaults This function is disabled by default.
Command
Mode
Global configuration mode.
Usage Guide Use the show running-config command to view the setting.
Configuration
Examples
The following example only uses a private client :
Ruijie# configure t
Ruijie(config)# dot1x dhcp-before-acct enable
Ruijie(config)# end
Ruijie#
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x dhcp-before-acct timeout time
Use this command in global configuration mode to configure the timeout period of the accounting
function which is enabled after the IP address is obtained. Use the no form of this command to
restore the default settings.
dot1x dhcp-before-acct timeout time
no dot1x dhcp-before-acct timeout
Command Reference 802.1X Commands
Parameter
Description Parameter Description
time Timeout time, 5 minutes by default.
Defaults The timeout time is 5 minutes by default. This function takes effect when the accounting function is
enabled after the IP address is obtained.
Command
Mode
Global configuration mode.
Usage Guide Use the show running-config command to view the setting.
Configuration
Examples
The following settings use a private client only:
Ruijie# configure t
Ruijie(config)# dot1x dhcp-before-acct timeout 1
Ruijie(config)# end
Ruijie#
Related
Commands Command Description
show running-config Views the settings.
Platform
Description
N/A
dot1x max-req
During interaction between the dot1x and the server, the dot1x will send a request to the server
again if it does not receive a response from the server within a certain period of time. Use this
command to set the maximum number of authentication requests sent to the server. Use the no form
of the command to restore it to the default value.
dot1x max-req count
no dot1x max-req
Parameter
Description Parameter Description
count Maximum number of authentication requests sent to the server.
Defaults The default value is 3.
Command
Mode
Global configuration mode.
Usage Guide Use the show dot1x command to show the 802.1X configuration.
Command Reference 802.1X Commands
Configuration
Examples
The following example demonstrates how to set the maximum number of authentication requests to
7:
Ruijie# configure terminal
Ruijie(config)# dot1x max-req 7
Ruijie(config)# end
Ruijie#
Related
Commands Command Description
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x offline-detect
The low flow detect is used to detect whether the flow of the terminal is lower than the designated
threshold value. If it is, the terminal is logged out. By default, this function is enabled. The default
detect time is 15 minutes and the detect flow is 0 byte. Use the no option of this command to restore
the setting as the default value.
dot1x offline-detect flow interval val flow num
no dot1x offline-detect
Parameter
Description Parameter Description
val This parameter detects the period.
num This parameter detects the threshold value.
Defaults The default values are 15 minutes and 0 byte.
Command
Mode
Global configuration mode and WLANSEC configuration mode.
Usage Guide By default, this function is enabled. It is helpful to solve wrong fee-deduction problems due to
abnormal terminal offline.
Configuration
Examples
The following example demonstrates how to set the 802.1x flow detect:
Ruijie# configure terminal
Ruijie(config)# wlansec 1
Ruijie(config-wlansec)dot1x offline-detect interval 10 flow 10
Ruijie(config-wlansec)# end
Related Command Description
Command Reference 802.1X Commands
Commands
show dot1x Shows the information about 802.1x.
Platform
Description
N/A
dot1x redirect url
Use this command to set the redirect url. Before the 802.1x authentication success/failure for the
terminal user, if the browser is used to access the network, the switch will redirect the URL accessed
by the user to the configured URL, which is began with http://, take http://ruijie.net/web for example.
It is worth mentioning that only http:// is supported and only one redirection address can be
configured. The latter url address will cover the former one. Use the no form of this command to
delete the redirect url address.
dot1x redirect url [url-string]
no dot1x redirect url
Parameter
Description Parameter Description
url-string The URL address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example redirects the network address: ruijie.net/web:
Ruijie# configure terminal
Ruijie(config)# dot1x redirect url http://ruijie.net/web
Related
Commands Command Description
dot1x redirect for special tcp-destination port
Sets the specific destination port and redirect
the web request for the destination IP.
dot1x redirect time-out
Sets the timeout time maintaining the redirect
connection.
dot1x redirect num for special source-ip
Sets the allowed number of redirect connection
of the same source.
show dot1x Shows the dot1x redirection information.
Platform N/A
Command Reference 802.1X Commands
Description
dot1x redirect for special tcp-destination port
Use this command to set the specific destination port and redirect the web request for the destiantion
IP. Except for the port number 80 and 8080, up to 16 TCP destination ports are supported. Use the
no form of this command to delete the configured redirect port numbers.
dot1x redirect for special tcp-destination port port num
no dot1x redirect for special tcp-destination port port num
Parameter
Description Parameter Description
port-num TCP destination port number.
Defaults The default TCP destination port number is 80 and 8080.
Command
Mode
Privileged EXEC mode.
Usage Guide The valid TCP port number range is 1-65535.
Configuration
Examples
The following example sets the redirect tcp destination port as 8443:
Ruijie# configure terminal
Ruijie(config)# dot1x redirect for special tcp-destination port 8443
Related
Commands Command Description
dot1x redirect url Sets the redirect url address.
dot1x redirect time-out
Sets the timeout time maintaining the redirect
connection.
dot1x redirect num for special source-ip
Sets the allowed number of redirect connection
of the same source.
show dot1x Shows the dot1x redirection information.
Platform
Description
N/A
dot1x redirect time-out
Use this command to set the timeout time maintaining the redirect connection. Use the no form of
this command to restore to the default value.
Command Reference 802.1X Commands
dot1x redirect time-out port time-out-interval
no dot1x redirect time-out port
Parameter
Description Parameter Description
time-out-interval The timeout time, in seconds. The valid range is 1-10s.
Defaults The default value is 3.
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example set the redirect timeout time as 5s:
Ruijie(config)# dot1x redirect time-out 5
Related
Commands Command Description
dot1x redirect url Sets the redirect url address.
dot1x redirect for special tcp-destination port
Sets the specific destination port and redirect
the web request for the destination IP.
dot1x redirect num for special source-ip
Sets the allowed number of redirect connection
of the same source.
show dot1x Shows the dot1x redirection information.
Platform
Description
N/A
dot1x redirect num for special source-ip
Use this command to set the allowed number of redirect connection of the same source. Use the no
form of this command to restore to the default value.
dot1x redirect num for special source-ip num
no dot1x redirect num for special source-ip
Parameter
Description Parameter Description
num The redirect connection number. The valid range is 1-10.
Defaults The default value is 1.
Command Reference 802.1X Commands
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example set the redirect connection number as 3:
Ruijie(config)# dot1x redirect num for special source-ip 3
Related
Commands Command Description
dot1x redirect url Sets the redirect url address.
dot1x redirect for special tcp-destination port
Sets the specific destination port and redirect
the web request for the destination IP.
dot1x redirect time-out
Sets the timeout time maintaining the redirect
connection.
show dot1x Shows the dot1x redirection information.
Platform
Description
N/A
show dot1x
Use this command to display the information about 802.1x setting.
show dot1x
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about 802.1x: Ruijie# show dot1x
802.1X Status: Enabled
Authentication Mode: EAP-MD5
Command Reference 802.1X Commands
Authed User Number: 0
Re-authen Enabled: Disabled
Re-authen Period: 3600 sec
Quiet Timer Period: 10 sec
Tx Timer Period: 3 sec
Supplicant Timeout: 3 sec
Server Timeout: 5 sec
Re-authen Max: 3 times
Maximum Request: 3 times
Filter Non-RG Supp: Disabled
Client Oline Probe: Disabled
Eapol Tag Enable: Disabled
Authorization Mode: Group Server
Ruijie#
Related
Commands Command Description
dot1x auth-mode Sets the 802.1x authentication mode.
dot1x max-req
Sets the maximum number of authentication
request retransmissions.
dot1x port-control auto Sets the port to participate in authentication.
dot1x reauth-max
Sets the maximum number of the supplicant
re-authentications.
dot1x re-authentication Sets the re-authentication attribute.
dot1x timeout quiet-period
Sets the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Sets the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Sets the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Sets the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Sets the retransmission period.
Platform
Description
N/A
show dot1x auto-req
Use this command to show the configuration information of automatic 802.1x authentication.
show dot1x auto-req
Command Reference 802.1X Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about automatic 802.1x authentication:
Ruijie# show dot1x auto-req
Auto-Req: Disabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Seconds
Ruijie#
Related
Commands Command Description
dot1x auth-mode Setsthe 802.1x authentication mode.
dot1x max-req
Sets the maximum number of authentication
request retransmissions.
dot1x port-control auto Sets the port to participate in authentication.
dot1x reauth-max
Sets the maximum number of the supplicant
re-authentications.
dot1x re-authentication Sets the re-authentication attribute.
dot1x timeout quiet-period
Sets the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Sets the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Sets the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Sets the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Sets the retransmission period.
Platform
Description
N/A
Command Reference 802.1X Commands
show dot1x max-req
Use this command to show the maximum number of authentication request retransmissions to the
client.
show dot1x max-req
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about the private supplicant:
Ruijie# show dot1x private-supplicant-only
private-supplicant-only:: disabled
Ruijie#
Related
Commands Command Description
dot1x auth-mode Set the 802.1x authentication mode.
dot1x max-req
Set the maximum number of authentication
request retransmissions.
dot1x port-control auto Set the port to participate in authentication.
dot1x reauth-max
Set the maximum number of the supplicant
re-authentications.
dot1x re-authentication Set the re-authentication attribute.
dot1x timeout quiet-period
Set the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Set the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Set the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Set the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Set the retransmission period.
Platform N/A
Command Reference 802.1X Commands
Description
show dot1x probe-timer
Use this command to show the online probing configurations.
show dot1x probe-timer
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the online probing configuration:
Ruijie# show dot1x probe-timer
Hello Interval: 20 Seconds
Hello Alive: 250 Seconds
Ruijie#
Related
Commands Command Description
dot1x auth-mode Set the 802.1x authentication mode.
dot1x max-req
Set the maximum number of authentication
request retransmissions.
dot1x port-control auto Set the port to participate in authentication.
dot1x reauth-max
Set the maximum number of the supplicant
re-authentications.
dot1x re-authentication Set the re-authentication attribute.
dot1x timeout quiet-period
Set the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Set the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Set the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Set the authentication timeout between the
device and the supplicant.
Command Reference 802.1X Commands
dot1x timeout tx-period Set the retransmission period.
Platform
Description
N/A
show dot1x re-authentication
Use this command to show re-authentication configuration.
show dot1x re-authentication
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about reauthentication:
Ruijie# show dot1x re-authentication
eauth-enabled: disabled
Ruijie#
Related
Commands Command Description
dot1x auth-mode Set the 802.1x authentication mode.
dot1x max-req
Set the maximum number of authentication
request retransmissions.
dot1x port-control auto Set the port to participate in authentication.
dot1x reauth-max
Set the maximum number of the supplicant
re-authentications.
dot1x re-authentication Set the re-authentication attribute.
dot1x timeout quiet-period
Set the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Set the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Set the authentication timeout between the
device and authentication server.
Command Reference 802.1X Commands
dot1x timeout supp-timeout
Set the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Set the retransmission period.
Platform
Description
N/A
show dot1x reauth-max
Use this command to show the maximum number of re-authentications.
show dot1x reauth-max
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about the maximum number of re-authentications:
Ruijie# show dot1x reauth-max
reauth-max: 2 times
Ruijie#
Related
Commands Command Description
dot1x auth-mode Set the 802.1x authentication mode.
dot1x max-req
Set the maximum number of authentication
request retransmissions.
dot1x port-control auto Set the port to participate in authentication.
dot1x reauth-max
Set the maximum number of the supplicant
re-authentications.
dot1x re-authentication Set the re-authentication attribute.
dot1x timeout quiet-period
Set the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Set the re-authentication period for the
supplicant.
Command Reference 802.1X Commands
dot1x timeout server-timeout
Set the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Set the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Set the retransmission period.
Platform
Description
N/A
show dot1x summary
Use this command to display the 802.1X authentication summary.
show dot1x summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the summary of 802.1x authentication:
Ruijie# show dot1x summary
ID User MAC Interface VLAN Auth-State
Backend-State Port-Status User-Type Time
-------- ---------- -------------- --------- ---- ---------------
------------- ----------- --------- ------------------
2 ts-user 0023.aeaa.4286 Fa0/5 1 Authenticated
Idle Authed static 0days 0h 8m 8s
Ruijie#
Related
Commands Command Description
dot1x auth-mode Sets the 802.1x authentication mode.
dot1x max-req
Sets the maximum number of authentication
request retransmissions.
dot1x port-control auto Sets the port to participate in authentication.
Command Reference 802.1X Commands
dot1x reauth-max
Sets the maximum number of the supplicant
re-authentications.
dot1x re-authentication Sets the re-authentication attribute.
dot1x timeout quiet-period
Sets the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Sets the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Sets the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Sets the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Sets the retransmission period.
Platform
Description
N/A
show dot1x timeout
The commands show the information about the 802.1X timeout.
show dot1x timeout quiet-period
show dot1x timeout re-authperiod
show dot1x timeout server-timeout
show dot1x timeout supp-timeout
show dot1x timeout tx-period
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the information about the time for the device to wait before
reauthentication:
Ruijie# show dot1x timeout quiet-period
quiet-period: 60 sec
Ruijie#
Command Reference 802.1X Commands
Related
Commands Command Description
dot1x auth-mode Sets the 802.1x authentication mode.
dot1x max-req
Sets the maximum number of authentication
request retransmissions.
dot1x port-control auto Sets the port to participate in authentication.
dot1x reauth-max
Sets the maximum number of the supplicant
re-authentications.
dot1x re-authentication Sets the re-authentication attribute.
dot1x timeout quiet-period
Sets the time the device waits before
reauthentication.
dot1x timeout re-authperiod
Sets the re-authentication period for the
supplicant.
dot1x timeout server-timeout
Sets the authentication timeout between the
device and authentication server.
dot1x timeout supp-timeout
Sets the authentication timeout between the
device and the supplicant.
dot1x timeout tx-period Sets the retransmission period.
Platform
Description
N/A
Command Reference Web Authentication Commands
Web Authentication Commands
http redirect
In global configuration mode, use this command to configure the IP address of the HTTP redirection,
which is the IP address of the first generation Portal server deployed on the network. Use the no form
of this command to remove the IP address of the HTTP redirection.
http redirects ip-address
no http redirect
Parameter
Description Parameter Description
ip-address The IPv4 address of the HTTP redirection.
Defaults By default, the IP address of the HTTP redirection is not configured.
Command
mode
Global configuration mode
Usage Guide This command configuration is for the first generation Web authentication Portal server address, not
for the second generation Web authentication.
Configuration
Examples
#Designate the IPv4 address of the HTTP redirection as 172.16.0.1.
Ruijie(config)# http redirect 172.16.0.1
Related
Commands Command Description
show http redirect Shows the configurations of HTTP redirection.
http redirect homepage
Sets the homepage IP address of the
authentication page.
Platform
Description
N/A
http redirect direct-site
Use this command to set the scope of authentication-free network resources. Use the no form of this
command to delete the scope of authentication-free network resources.
http redirects direct-site ipv6-address | { ip-address [ ip-mask ] [ arp ] }
no http redirects direct-site ipv6-address | { ip-address [ ip-mask ] }
Command Reference Web Authentication Commands
Parameter
Description Parameter Description
ip-address
The parameter indicates the IP address of an authentication-free
network resource.
ipv6-address IPv6 address of an authentication-free network resource.
ip-mask
(Optional) The parameter indicates the IP address mask of an
authentication-free network resource.
arp
(Optional) If the ARP CHECK function is enabled on the access
device, the IP address, including the VRRP address of the gateway
uplinked with terminal users must be configured as
authentication-free resource with the keyword arp. Other
authentication-free resources do not need to carry the keyword arp.
Defaults By default, no authentication-free network resource is configured.
Command
mode
Global configuration mode
Usage Guide After Web authentication is enabled, all users need to pass Web authentication for accessing the
network resources. To open certain network resources to the unauthenticated users, run this
command. When a Website is an authentication-free network resource, all users can access the
Website.
You can configure a maximum of 100 authentication-free network resources.
Configuration
Examples
#Set the Website with the IP address of 172.16.0.0 as an authentication-free network resource.
Ruijie(config)# http redirect direct-site 172.16.0.1
Related
Commands Command Description
show http redirect Shows the configuration of HTTP redirection.
Platform
Description
N/A
http redirect direct-arp
Use this command to configure the address range of direct ARP. Use the no form of this command to
remove the configuration.
http redirects direct-arp { ip-address [ ip-mask ] | local-address }
no http redirects direct-arp { ip-address [ ip-mask ] | local-address }
Parameter
Description Parameter Description
Command Reference Web Authentication Commands
ip-address This parameter indicates the IP address range of direct ARP.
ip-mask (Optional) This parameter indicates the IP address mask of direct
ARP.
local-address This parameter indicates the configuration of the local direct ARP.
Defaults By default, no direct arp resource is configured.
Command
mode
Global configuration mode
Usage Guide After web authentication and ARP check are enabled, ARP messages of unauthenticated terminals
will be intercepted. The terminal cannot learn the gateway arp or initiate HTTP requests. This
command discharges the ARP messages with the specified IP address to help the terminal learn the
gateway ARP.
In general, while using the external web authentication, configure the released gateway arp; while
using the built-in web authentication, configure the released host arp.
Configuration
Examples
#Configure the direct gateway ARP with the IP address 172.16.0.1.
Ruijie(config)# http redirect direct-arp 172.16.0.1
Related
Commands Command Description
show http redirect Shows the configuration of HTTP redirection.
Platform
Description
N/A
http redirect homepage
Use this command to set the authentication homepage address of the Portal server. Use the no form
of this command to delete the address of the authentication homepage.
http redirects homepage url-string
no http redirect homepage
Parameter
Description Parameter Description
url-string
The homepage address must begin with http:// or https://. Otherwise,
the system prompts configuration failure. The maximum length of the
homepage address is 255 characters.
Defaults By default, the homepage address of the authentication page is not specified.
Command
mode
Global configuration mode
Command Reference Web Authentication Commands
Usage Guide To apply Ruijie first generation Web authentication function successfully, you need to configure the
homepage address of the authentication page.
Configuration
Examples
#Set the homepage address of the authentication page to http://www.ruijie-eportal.net:8080/login
Ruijie(config)#
http redirect homepage http://www.ruijie-eportal.net:8080/login
Related
Commands Command Description
show http redirect Shows the configuration of HTTP redirection.
http redirect
Sets the IP address for the authentication
server.
Platform
Description
N/A
http redirect port
Use this command is used to redirect the Web request of the HTTP that a terminal sends to a specific
destination port. Use the no form of this command to remove the redirection of the Web request of the
HTTP to a specific destination port.
http redirects port port-num
no http redirects port port-num
Parameter
Description Parameter Description
port-num
The parameter indicates the destination port number of the Web
request of the HTTP.
Defaults By default, the HTTP requests sent to the destination port 80 and port 8081 are intercepted.
Command
mode Global configuration mode
Usage Guide N/A
Configuration
Examples
#Redirect the Web request of the HTTP that the user initiates to the port 8080.
Ruijie(config)# http redirect port 8080
#Remove the redirection the Web request of the HTTP that the user initiates to the port 80.
Ruijie(config)# no http redirect port 80
Related
Commands Command Description
Command Reference Web Authentication Commands
show http redirect Shows the configuration of HTTP redirection.
Platform
Description N/A
http redirect session-limit
Use this command to set the maximum number of HTTP sessions for each unauthenticated user or
the total number of HTTP sessions for all users under each port. Use the no form of the command to
restore the default value.
http redirect session-limit session-num [ port port-session-num ]
no http redirects session-limit
Parameter
Description Parameter Description
session-num
The parameter indicates the maximum number of HTTP sessions for
the same global unauthenticated user, which ranges from 1 to 255.
port-session-num
(Optional) The parameter indicates the total number of HTTP
sessions for unauthenticated users under each port, which ranges
from 1 to 65535.
Defaults By default, the maximum number of HTTP sessions for each global unauthenticated user is 255 and
the total number of HTTP sessions for unauthenticated users under each port is 1000.
The description of the port on the wireless device is as follows:
In the fit AP mode, the CTI port on AC (CAPWAP TUNNEL INTERFACE, the CAPWAP
tunnel port between the AP and the AC).
In the fat AP, the radio port.
Command
mode Global configuration mode
Usage Guide You need to limit the maximum number of HTTP sessions for unauthenticated users on the access
device. Otherwise, unauthenticated users may initiate an HTTP attack, thus exhausting the TCP
connections of the access device.
When a user is authenticated, one HTTP session is occupied and other applications of the user may
also occupy HTTP sessions. Therefore, it is not recommended to set the maximum number of HTTP
sessions for unauthenticated users to 1.
Configuration
Examples
#Set the maximum number of HTTP sessions for an unauthenticated user to 4.
Ruijie(config)# http redirect session-limit 4
Command Reference Web Authentication Commands
Related
Commands Command Description
show http redirect Shows the configurations of HTTP redirection.
Platform
Description
N/A
http redirect timeout
Use this command to set the timeout period that maintains the redirection connection. Use the no
form of this command to restore the timeout period for maintaining the redirection connection to 3
seconds.
http redirect timeout seconds
no http redirect timeout
Parameter
Description Parameter Description
seconds
The parameter indicates the timeout period that maintains the
redirection connection, which ranges from 1 to 10 (seconds).
Defaults 3 seconds by default
Command
mode
Global configuration mode
Usage Guide The command is used to set the timeout period that maintains the redirection connection. After three
handshakes succeeded, the system needs to wait for the HTTP GET/HEAD message sent by the
user and then return the HTTP redirection message before the connection is disabled. If the timeout
period is not set, the user may occupy the TCP connection for a long time but not send the
GET/HEAD message.
Configuration
Examples
#Set the timeout period that maintains the redirection connection to 4 seconds.
Ruijie(config)# http redirect timeout 4
Related
Commands Command Description
show http redirect Shows the configuration of HTTP redirection.
Platform
Description
N/A
Command Reference Web Authentication Commands
iportal service
Use this command to set the names of the intranet and extranet service types of the built-in Portal
server.
iportal service { internet service-name | local service-name }
no iportal service { internet | local }
Parameter
Description Parameter Description
service-name The parameter indicates the name of the service, which is a string of
characters.
Defaults By default, the name of the Internet service is “internet”, and the name of local service is “local”.
Command
mode
Global configuration mode
Usage Guide The field must be identical with the intranet and extranet service names configured on SAM. By
default, they can be used mutually. You need to configure the same name as the SAM when the
device is self-defined.
Configuration
Examples
#Set the service name of the extranet as intranet.
Ruijie(config)# iportal service internet intranet
Related
Commands Command Description
show running-config Shows the system configuration.
Platform
Description
N/A
iportal user-agent
Use this command to configure the terminal identification policy and identify a specific terminal as a
mobile terminal based on the feature string.
iportal user-agent name type mobile strin
no iportal user-agent name
Parameter
Description Parameter Description
name This parameter indicates the name specified for the UA configured.
string This parameter indicates the UA feature string for identification.
Command Reference Web Authentication Commands
Defaults N/A
Command
mode
Global configuration mode
Usage Guide Use this command to specify a terminal type as a mobile terminal.
The feature string of the terminal type in UA requests is configured in string. The field name is used to
identify a self-defined terminal. Different self-defined terminals cannot share the same name.
Configuration
Examples
#Add an ipod terminal with “ipod” as its feature string.
Ruijie(config)# iportal user-agent ipod type mobile ipod
Related
Commands Command Description
show running-config Shows the system configuration.
Platform
Description
N/A
iportal retransmit
Use this command to set the message retransmission count for the built-in Portal server.
iportal retransmit times
no iportal retransmit
Parameter
Description Parameter Description
times Sets the page retransmission count for the built-in Portal server,
which ranges from 1 to 13.
Defaults By default, the count is 3.
Command
mode
Global configuration mode
Usage Guide The configuration of this command depends on network environment. It is not recommended to
modify this parameter except that it is in special environment.
Excessive messages retransmissions may cause low message processing efficiency, while few
messages retransmissions may cause message transmission failure in bad network environment.
Configuration
Examples
#Set the count of time-out retransmission to 4.
Ruijie(config)# iportal retransmit 4
Related Command Description
Command Reference Web Authentication Commands
Commands
show running-config Shows the system configuration.
Platform
Description
N/A
portal-server
Use this command to configure the Portal Server used in the second-generation web authentication,
including the name, IP address, URL of authentication page, and UDP monitoring port of the server.
Use the no form of this command to clear configurations of Portal Server.
portal-server { eportalv2 | portal-name } [ type v2 ] ip { ip-address | ipv6-address } [ port port-num ]
[ url url-string ]
portal-server { iportal | portal-name } type intra [ page-suite pagename ] [ authentication mlist1 ]
[ accounting mlist2 ]
portal-server { iportal | portal-name } announcement-page { url-string }
portal-server { iportal | portal-name } homepage { url-string }
{ no | default } portal-server { eportalv2 | iportal | portal-name }
Parameter
Description Parameter Description
portal-name
The server name serves as the index and unique identifier of a Ruijie
second-generation Portal Server. Naming restrictions are as follows:
The name cannot be the same as the keyword.
The name can be a combination of uppercase/lowercase English
letters, digits and special symbols. The following special symbols are
supported (partitioned by comma): _, @, $, -, # and *.
The length of the name ranges from 1 to 63 bytes.
ip-address IPv4 address of the server.
ipv6-address IPv6 address of the server.
url-string (Optional) Page URL, which ranges from 10 to 255 bytes.
port-num
(Optional) UDP listening port of the server, which ranges from 1 to
65535.
pagename Name of the customized page package.
mlist1
Authentication method list specified by the server, which ranges from
1 to 63
mlist2
Accounting method list specified by the server, which ranges from 1
to 63
Defaults In the second-generation authentication, the URL of authentication page uses the root page of the
server's HTTP service based on its IP address by default. For example, if the server IP is 172.20.1.1,
the default authentication page URL will be: http://172.20.1.1/.
In the second-generation authentication, the default UDP listening port of the server is 50100.
Command Reference Web Authentication Commands
In the built-in authentication, the system uses the default page and default method list, and the default
HTTP port is 8081.
By default, there are different default names for different portal servers:
The name of V1 server: eportalv1
The name of V2 server: eportalv2
The name of built-in server: iportal
Although the parameters of the default server can be altered or reset, the parameters cannot be
deleted.
Command
mode
Global configuration mode.
Usage Guide To successfully deploy Ruijie second-generation or built-in portal web authentication, you must
properly configure Ruijie second-generation or built-in portal server.
The no form of a single command is not supported currently.
Configuration
Examples
#Enable the second-generation web authentication and configure the second-generation portal
server named edu_portal, with 172.20.1.1 as the IPv4 address and http://172.20.1.1:7080/login.php
as the authentication page URL.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#portal-server edu_portal ip 172.20.1.1 url
http://172.20.1.1:7080/login.php
Related
Commands Command Description
show web-auth portal
Shows the information about Ruijie
second-generation portal server.
Platform
Description
This command is only supported by wireless products.
web-auth accounting v2
Use this command to specify the accounting method list used for Ruijie second-generation web
authentication. This command is supported in both global mode and WLAN security mode. Use the
no form of this command to restore the default settings.
web-auth accounting v2 list-name
no web-auth accounting v2
Parameter Parameter Description
Command Reference Web Authentication Commands
Description
list-name
This parameter indicates the network-related AAA accounting method
list. Please refer to the section of AAA for specific description.
Defaults By default, the global accounting method list is named "default" and it is used by the WLAN.
Command
mode
Global configuration mode and WLAN security configuration mode.
Usage Guide
You can specify different accounting methods for different WLANs.
While configuring and using the specified accounting method list, make sure the
corresponding AAA accounting method list has been configured, or else the global
accounting method list for the corresponding type will be used.
Configuration
Examples
#Configure a network-related AAA accounting method list named "comm_acct", use the default
RADIUS server group named "radius" and apply it to the accounting method list for Ruijie
second-generation web authentication based on WLAN 100.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# aaa accounting network comm_acct start-stop group radius
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth accounting v2 comm_acct
Ruijie(wlansec)# exit
Related
Commands Command Description
aaa accounting network
Configures the network-related AAA accounting
method list.
Platform
Description
This command is supported only on wireless products.
web-auth acct-update-interval
Use this command to configure the default accounting update interval for web authentication. Use the
no form of this command to restore the default settings.
web-auth acct-update-interval minutes
no web-auth acct-update-interval
Command Reference Web Authentication Commands
Parameter
Description Parameter Description
minutes
This parameter indicates the accounting update interval in minutes,
which ranges from 0 to 60 minutes. The default value is 0, indicating
no accounting update.
Defaults 0 minutes by default.
Command
mode
Global configuration mode
Usage Guide
If the Access-Accept message replied by the server carries the attribute of accounting
update interval and the attribute value is not 0, this value will be used as the accounting
update interval, or else the accounting update interval configured on the device will be
used.
This command can only be displayed and supported after the second-generation web
authentication has been enabled.
Configuration
Examples
#Configure the accounting update interval for Ruijie second-generation web authentication as 3
minutes.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# web-auth acct-update-interval 3
Related
Commands Command Description
show web-auth portal parameters
Shows parameters of the second-generation
web authentication.
Platform
Description
This command is supported only on wireless products.
web-auth accounting jitter-off
The web authentication accounting jitter-off function is disabled by default. When this function is
enabled, the checking time will not be counted in the users’ on-line time if users drop due to signal
problems or traffic problems. Use the no form of this command to include the checking time in the
Command Reference Web Authentication Commands
users’ on-line time.
web-auth accounting jitter-off
no web-auth accounting jitter-off
Parameter
Description Parameter Description
N/A N/A
Defaults By default, the checking time will not be counted in the users’ on-line time.
Command
mode
Global configuration mode.
Usage Guide 1. This function is only for counting time.
2. The default configuration is recommended.
3. Please refer to Wireless Security Configuration for the details of this function.
Configuration
Examples
# Include the checking time in the on-line time.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# web-auth accounting jitter-off
Related
Commands Command Description
webauth prevent-jitter Configures WEB authentication jitter-off time.
web-auth offline-detect flow Enables the traffic detection.
Platform
Description
This command is supported only on wireless products.
web-auth authen-mode
Use this command to configure controlled mode for web authentication. IPv4 controlled is configured
by default, which means the device only intercept IPv4 packets and deliver IPv6 packets by default.
Use the no or default form of this command to restore the default configuration.
web-auth authen-mode { ipv4 | ipv6 | both }
no web-auth authen-mode
Parameter
Description Parameter Description
ipv4 Configures the web authentication as IPv4 controlled.
ipv6 Configures the web authentication as IPv6 controlled.
both Configures the web authentication as both IPv4 and IPv6 controlled.
Command Reference Web Authentication Commands
Defaults The web authentication is IPv4 controlled by default.
Command
mode
WLAN security configuration mode
Usage Guide This command can be configured only after the web authentication is disabled in WLAN security
mode.
Configuration
Examples
#Configure only IPv6 authentication mode in WLAN 100.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth authen-mode ipv6
Ruijie(wlansec)# exit
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only on wireless products.
web-auth dhcp-check
Use this command to enable the dhcp resource check function. Use the no form of this command to
disable this function.
web-auth dhcp-check
no web-auth dhcp-check
Parameter
Description Parameter Description
N/A N/A
Defaults The dhcp resource check function is disabled by default.
Command
mode
Global configuration mode.
Usage Guide This command supports only the IPv4.
This command takes effect only after the DHCP Snooping is enabled.
Configuration
Examples
# Enable the dhcp resource check function.
Ruijie# configure terminal
Command Reference Web Authentication Commands
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth dhcp-check
%Warning: web-auth dhcp-check will not take effect until dhcp-snooping
is enabled.
Ruijie(config)#ip dhcp snooping
Ruijie(config)#
Related
Commands Command Description
ip dhcp snooping Enables the DHCP Snooping function.
Platform
Description
This command is supported only on wireless products.
web-auth authentication v2
Use this command to specify the authentication method list used for Ruijie second-generation web
authentication. This command is supported in both the global mode and WLAN security mode. Use
the no form of this command to restore the default settings.
web-auth authentication v2 list-name
no web-auth authentication v2
Parameter
Description Parameter Description
list-name
AAA method list for web authentication. Please refer to the section of
AAA for specific description.
Defaults By default, the global authentication method list for the corresponding type is used.
Command
mode
WLAN security configuration mode.
Usage Guide
Relevant options can only be displayed and supported after the second-generation web
authentication has been enabled.
While configuring to use the specified authentication method list, make sure the
corresponding authentication method list has been configured in AAA, or the global
authentication method list for the corresponding type will be used.
Configuration
Examples
# Configure an AAA authentication method list named "edu_authen", use the default RADIUS server
group named "radius" and apply it to the authentication method list for WLAN 100.
Ruijie# configure terminal
Command Reference Web Authentication Commands
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# aaa authentication web-auth edu_authen group radius
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth authentication v2 edu_authen
Ruijie(wlansec)# exit
Related
Commands Command Description
aaa authentication web-auth
Configures AAA authentication method list for
web authentication.
Platform
Description
This command is supported only on wireless products.
web-auth direct-host
Use this command to the set the scope of the IP addresses free from authentication. Use the no form
of this command to delete authentication-free IP addresses.
web-auth direct-host ipv6-address | { ip-address [ ip-mask ] [ port interface-name ] [ arp ] }
no web-auth direct-host ipv6-address | ip-address
Parameter
Description Parameter Description
ip-address
The parameter indicates the address of an authentication-free IP
address.
ipv6-address IPv6 address free from authentication.
ip-mask
(Optional) The parameter indicates the IP address mask of an
authentication-free user.
arp
(Optional) If the ARP CHECK functionality is enabled on the access
device, the IP address, including the VRRP address of the gateway
uplinked with terminal users must be configured as
authentication-free resource with the keyword arp. Other
authentication-free resources do not need to carry the keyword arp.
Defaults By default, the authentication-free users are not set, that is, all IPs must pass the Web authentication
before accessing the restricted network resources.
Command
mode
Global configuration mode
Usage Guide If you set an IP as authentication-free, the IP can access all reachable network resources without
undergoing the Web authentication.
Up to 100 authentication-free IPs are allowed.
Command Reference Web Authentication Commands
Configuration
Examples
#Set the user with the IP address of 172.16.0.1 as an authentication-free user.
Ruijie(config)# web-auth direct-host 172.16.0.1
Related
Commands Command Description
show web-auth direct-host
Shows the IP address scope free of web
authentication.
Platform
Description
N/A
web-auth httprd-guard
Use this command to the configure the Web authentication redirection guard. Use the no form of this
command to disable the Web authentication redirection guard.
web-auth httprd-guard {enable | {redirect-count count silence-period period interval interval}
no web-auth httprd-guard [enable]
Parameter
Description Parameter Description
count
The parameter indicates the redirection count. The default count is
10.
period The parameter indicates the time to forbid redirection after the
redirection times exceed the configured value. The default period is 3
seconds.
interval
The parameter indicates the interval for redirection attack detection.
The default interval is 5 seconds.
Defaults By default, redirection guard is disabled.
Command
mode
Global configuration mode
Usage Guide Use the web-auth httprd-guard enable command to enable the Web authenticaiton redirection
guard. Then you can configure the detection parameters using the web-auth httprd-guard
redirect-count count silence-period period interval interval command.
Configuration
Examples
#Configure the Web authentication redirection guard.
Ruijie(config)# web-auth httprd-guard enable
Ruijie(config)# web-auth httprd-guard redirect-count 20 silence-period 5
interval 10
Related
Commands Command Description
Command Reference Web Authentication Commands
show web-auth httprd-guard user
Shows the redirection attack user and
configuration.
Platform
Description
N/A
web-auth offline-detect flow
Use this command to configure the traffic detection functionality. After the setting, if a user’s traffic in
the specified time is lower than a specified threshold value, the user will be assumed as not online
and forced to be offline. Use the no form of this command to restore the default value of the traffic
detection functionality.
web-auth offline-detect flow [ idle-timeout minutes ] [ threshold bytes ]
no web-auth offline-detect flow [ idle-timeout ] [ threshold ]
Parameter
Description Parameter Description
bytes
This parameter specifies the detection threshold, which ranges from 0
to 4294967294 bytes. 0 byte is the default value.
bytes
This parameter specifies the detection threshold, which ranges from 0
to 4294967294 bytes. 0 byte is the default value.
Defaults By default, when the traffic detection is enabled, the default parameters are 15 minutes and 0 byte.
Command
mode Global configuration mode
Usage Guide N/A
Configuration
Examples
#Enable the traffic detection function, and set the detection interval as 3 minutes, and the detection
threshold as 1024 bytes.
Ruijie(config)# web-auth offline-detect flow idle-timeout 3 threshold 1024
Related
Commands Command Description
show web-auth user
Shows online information about all users or
specified users.
Platform
Description
N/A
Command Reference Web Authentication Commands
web-auth portal key
Use this command to set communication key used between the device and portal server. Use the no
form of this command to delete the key for communication between new Web requests and the
authentication server after the HTTP Web request is redirected.
web-auth portal key key-string
no web-auth portal key
Parameter
Description Parameter Description
key-string This parameter indicates the communication key used between the
device and the authentication server, the maximum length is 255
bytes.
Defaults By default, no key is set.
Command
mode
Global configuration mode
Usage Guide Configuration of this parameter is required for the first generation Web authentication
Configuration
Examples
#Set the communication key used between device and authentication server as ruijie.
Ruijie(config)# web-auth portal key ruijie
Related
Commands Command Description
http redirect
Sets IP address of Ruijie first generation portal
server.
http redirect homepage
Sets authentication homepage address of
Ruijie first generation portal server.
webauth Initiates Web authentication on WLAN.
Platform
Description
N/A
web-auth portal
Use this command to configure the web authentication version. In the case of the second-generation
web authentication, specify the name of Portal Server as well. Use the no form of this command to
restore the default settings. This command supports both the global mode and the WLAN security
mode. If no version is specified in the WLAN security mode, the system will by default use the version
configured in the global mode.
web-auth portal { eportalv1 | eportalv2 | iportal | portal-name }
Command Reference Web Authentication Commands
no web-auth portal
To be compatible with the old command, the device also supports the following hidden command:
web-auth portal-type { v1 | v2 portal-name }
Parameter
Description Parameter Description
eportalv1 Ruijie first-generation web authentication
eportalv2 Ruijie second-generation web authentication
iportal Ruijie built-in portal auth
portal-name
Name of Portal Server. The portal-name must have been created
using the portal-server command.
Defaults First-generation web authentication
Command
mode Global configuration mode and WLAN security configuration mode.
Usage Guide Both the portal and portal-type keywords can be applied to the portal server, but portal-type
keyword is not recommended and will be abandoned gradually.
At most, five commands can be configured in the WLAN security configuration mode. Portal-name
must be created using the portal-server command, and it is required that every portal-name is
different. The system will choose the first configured portal-name as the master authentication server
and followings as back-ups by priority. The priority level decreases based on the configuration
sequence.
If this command is configured in the WLAN safe configuration mode, the global commands will not
take effect in the WLAN security configuration.
Configuration
Examples
#Enable Ruijie second-generation web authentication, configure the name of Portal Server as
"edu-portal" and specify this server as the Portal Server for WLAN 100.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#portal-server edu-portal ip 172.20.1.1 url
http://172.20.1.1:7080/index.php
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth portal edu-portal
Related
Commands Command Description
portal-server
Creates the information about the Portal Server
for the second-generation web authentication.
Platform
Description
This command is supported only on wireless products.
Command Reference Web Authentication Commands
web-auth portal-check
Use this command to configure the function which detects whether the portal created by the portal
server command is available or not. Use the no form of this command to disable this function.
web-auth portal-check [ interval intsec ] [ timeout tosec ] [ retransmit retries ]
no web-auth portal [ interval ] [ timeout ] [ retransmit ]
Parameter
Description Parameter Description
interval
This parameter indicates the interval for the Portal server to send the
detection information, which ranges from 1 to 1000 seconds. 10
seconds is the default value.
timeout
This parameter indicates the maximum timeout period for waiting the
detection reply; which ranges from 1 to 1000 seconds. 5 seconds is
the default value.
retransmit
This parameter indicates the times for a portal to retransmit from
normal state to dead state, and the times for the portal receives
replied messages to recover from the dead state to the normal state,
which ranges from 1 to 100; the default is 3 times.
Defaults By default, the portal-based detection is disabled. If it is enabled, the interval is 10 seconds, the
timeout is 5 seconds and the retransmission time is 3 times.
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
#Enable portal detection, and configure the detection interval as 5 seconds, information reply-waiting
timeout as 2 seconds and retransmission time as 4 times.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth portal-check interval 5 timeout 2 retransmit 4
Related
Commands Command Description
portal-server
Configures the Portal Server information for the
second-generation web authentication.
Platform
Description
This command is supported only on wireless products.
Command Reference Web Authentication Commands
web-auth portal-escape
Use this command to enable portal escape. Use the no form of this command to disable portal
escape.
web-auth portal-escape
no web-auth portal-escape
Parameter
Description Parameter Description
N/A N/A
Defaults By default, portal escape is disabled.
Command
mode
Global configuration mode
Usage Guide N/A
Configuration
Examples
#Enable portal escape.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth portal-escape
Related
Commands Command Description
portal-server
Configures the Portal Server information for the
second-generation web authentication.
Platform
Description
This command is supported only on wireless products.
web-auth sta-leave detection
Use this command to configure the link detection functionality. Use the no form of this command to
disable this function.
web-auth sta-leave detection
no web-auth sta-leave detection
Parameter
Description Parameter Description
N/A N/A
Defaults By default, the wireless link failure detection is enabled on the device.
Command Reference Web Authentication Commands
Command
mode
Global configuration mode.
Usage Guide When the wireless network environment is good (good signal and minor interference), it is suggested
to enable the wireless link failure detection so that the device can instantly detect the link failure of
users.
When the wireless network environment is poor (excessive interference), the user's wireless terminal
may log out and log in frequently. In such a case, it is suggested to disable this function and enable
the traffic detection function to detect whether the user has logged out, thus enhancing the user's
surfing experience.
Configuration
Examples
#Disable link detection and enable traffic detection.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# no web-auth sta-leave detection
Ruijie(config)# web-auth offline-detect flow
Related
Commands Command Description
web-auth offline-detect flow Low-traffic and connection failure detection.
Platform
Description
This command is supported only on wireless products.
web-auth update-interval
Use this command to set the interval of updating the online user information. Use the no form of this
command to restore the interval of updating the online user’s information to the default value.
web-auth update-interval seconds
no web-auth update-interval
Parameter
Description Parameter Description
seconds The parameter indicates the update interval, which ranges from 30 to
3,600 seconds.
Defaults 180 seconds by default
Command
mode
Global configuration mode
Usage Guide N/A
Command Reference Web Authentication Commands
Configuration
Examples
#Set the interval of updating the online user’s information to 120 seconds.
Ruijie(config)# web-auth update-interval 120
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
webauth-proxy enable
Use this command to enable proxy detection. Use the no form of this command to disable proxy
detection.
Webauth-proxy enable
no webauth-proxy enable
Parameter
Description Parameter Description
N/A N/A
Defaults Proxy detection is disabled by default.
Command
mode
Global configuration mode
Usage Guide If the proxy option has been configured on the browser of a terminal on network, this function must be
enabled so that the web authentication of the terminals can be performed.
Configuration
Examples
#Enable proxy detection.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# webauth-proxy enable
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only on wireless products.
Command Reference Web Authentication Commands
webauth
Use this command to enable Web authentication on WLAN. Use the no form of this command to
disable the Web authentication.
webauth
no webauth
Parameter
Description Parameter Description
N/A N/A
Defaults By default, Web authentication on WLAN is disabled.
Command
mode
WLAN security configuration mode.
Usage Guide By default, the first generation Web authentication is used after being enabled.
Configuration
Examples
# Enable the Web authentication function on port WLAN 1, and use Ruijie first generation portal
server to perform authentication. The IP address of the portal server is 172.20.1.1, the authentication
page URL is http://172.20.1.1/eportal.htm, the key is ruijie. The device communicates with ePortal
through SNMP. The device and the ePortal both belong to the community named public.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# snmp-server community public rw
Ruijie(config)# snmp-server enable traps web-auth
Ruijie(config)# snmp-server host 172.20.1.1 inform version 2c public web-auth
Ruijie(config)# http redirect 172.20.1.1
Ruijie(config)# http redirect homepage http://172.20.1.1/eportal.htm
Ruijie(config)# web-auth portal key ruijie
Ruijie(config)# wlansec 1
Ruijie(wlansec)# webauth
Ruijie(wlansec)# exit
Related
Commands Command Description
show web-auth control
Shows the Web authentication information
corresponding to WLAN.
http redirect
Sets IP address for Ruijie first generation portal
server.
http redirect homepage
Sets homepage address of Ruijie first
generation portal server.
web-auth portal key
Sets communication key used between the
device and Ruijie first generation portal server.
Command Reference Web Authentication Commands
aaa new-model Switches on or off the AAA functionality.
aaa accounting network
Configures the AAA network-related accounting
method list.
Platform
Description
This command is supported only on wireless products.
clear web-auth portal statistics
Use this command to clear the statistics of Ruijie second-generation and built-in portal web
authentication.
clear web-auth portal statistics
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide The user can use this command to clear the statistics of Ruijie second-generation web authentication
and restart statistics.
Configuration
Examples
#Clear statistics of Ruijie second-generation web authentication on the device.
Ruijie# clear web-auth portal statistics Ruijie(config-interface-vfc)#bind
mac-address 001d.0928.b62f
Related
Commands Command Description
show web-auth portal
Shows relevant configuration and statistics
about the second-generation web
authentication.
Platform
Description
This command is supported only on wireless products.
clear web-auth user
Use this command to log out the user according to IP address, MAC address, username or AAA
index.
Command Reference Web Authentication Commands
clear web-auth user by { ip { ip-address | ipv6-address } | mac mac-address | name name-string | id
id }
Parameter
Description Parameter Description
ip Logs out the user through IP address.
ip-address Specifies the IPv4 address.
ipv6-address Specifies the IPv6 address.
mac Logs out the user through MAC address.
mac-address Specifies user's MAC address.
name Logs out the user through username.
name-string Specifies the username.
aaa-id Logs out the online user through AAA session identifier.
id AAA session ID.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide The administrator can log out the online user through the above commands.
If the server allows users with different IP addresses to get authenticated with the same
username, then using the username to log out the user may cause multiple online users
with the specified username to be forced to log out.
Configuration
Examples
#Log out the web authenticated user with the IP address 172.250.22.14.
Ruijie# clear web-auth user by ip 172.250.22.14
Related
Commands Command Description
show web-auth user
Shows the information about a Web
authenticated user.
Platform
Description
N/A
show http redirect
Use this command to show the configuration of HTTP redirection.
display http redirect
Command Reference Web Authentication Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide You can show the configurations such as HTTP redirection server, interception port, direct user and
direct destination IP address by this command.
Configuration
Examples
#Show the configuration of HTTP redirection.
Ruijie# display http redirect
HTTP redirection settings:
server: 192.168.32.123
port: 80 8000
homepage: http://192.168.32.123:8888/ePortal/index.jsp
session-limit: 10
timeout: 5
Direct sites:
Address MASK ARP Binding
---------------- ---------------- -----------
61.233.3.215 255.255.255.255 On
61.233.3.220 255.255.255.255 Off
192.168.5.140 255.255.255.255 Off
218.30.66.101 255.255.0.0 Off
218.30.66.101 255.255.255.255 Off
Direct hosts:
Address Mask Port ARP Binding
---------------- ---------------- ---------- ------------
192.168.1.1 255.255.255.255 Fa0/1 On
Field Description
HTTP redirection settings The field indicates the global redirection
configuration.
server The field indicates the IP address of the redirection
server.
port The field indicates the list of redirection HTTP ports.
homepage The field indicates the homepage address of the
redirection page.
session-limit The field indicates the maximum number of HTTP
sessions for the same unauthenticated user.
Command Reference Web Authentication Commands
timeout The filed indicates the timeout period that maintains
the redirection connection.
Direct sites The field indicates the direct destination IP of an
authentication-free network resource.
Direct arp addresses The field indicates the direct ARP address.
Address The field indicates the IP address of an
authentication-free network resource.
Mask The field indicates the IP address mask of an
authentication-free network resource.
ARP Binding (Optional) The field indicates whether ARP binding is
enabled.
Direct hosts The field indicates the direct authentication-free user.
Address The field indicates the IP address of an
authentication-free user.
Mask The field indicates the IP address mask of an
authentication-free user.
Port (Optional) The field indicates the port of the access
device bound to the IP address of the user.
ARP Binding (Optional) The field indicates whether ARP binding is
enabled.
Related
Commands Command Description
http redirect Sets the IP address of an authentication server.
http redirect direct-site
Sets the scope of authentication-free network
resources.
http redirect homepage
Sets the homepage address of the
authentication page.
http redirect port
Redirects the Web request of the HTTP that the
user initiates to a specific port number.
http redirect session-limit
Indicates the maximum number of HTTP
sessions for the same unauthenticated user.
http redirect timeout
Sets the timeout period that maintains the
redirection connection.
web-auth direct-host
Sets the information of direct
authentication-free users.
Platform
Description
N/A
Command Reference Web Authentication Commands
show httprd-guard user
Use this command to show the redirection attack user and configuration.
show httprd-guard user
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Show the redirection attack user and conifguration.
Ruijie#show httprd-guard user
Redirect count: 10
Silence period: 3
Interval : 5
Timer pending : NO
Current time : 2014-7-11 11:02:07
Http redirect guard user number 1:
Wlan IP MAC guard-time
--------- ------------------- -------------- -------------------
10 192.168.1.1 FFFF:FFFF:FFFF 2014-7-11 11:02:07
--------- ------------------- -------------- -------------------
Related
Commands Command Description
web-auth httprd-guard
Configures the Web authentication redirection
guard.
Platform
Description
N/A
show web-auth portal
Use this command to show relevant configuration and statistics of Ruijie second-generation portal
Command Reference Web Authentication Commands
web authentication.
show web-auth portal [ v2 [ parameters | aaa | statistics | by-name { eportalv2 | portal-name } ] |
intra [ parameters | statistics | by-name portal-name ] ]
Parameter
Description Parameter Description
parameters
(Optional) Shows relevant parameters of Ruijie second-generation
web authentication.
aaa
(Optional) Shows the configuration of the global AAA method list for
Ruijie second-generation web authentication.
statistics
(Optional) Shows statistics of Ruijie second-generation web
authentication.
by-name
(Optional) Shows the information of a specified Ruijie
second-generation Portal Server.
portal-name
(Optional) Shows the information of the specified Portal Server for
Ruijie second-generation web authentication.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Show statistics about Ruijie second-generation web authentication.
Ruijie# display web-auth portal v2 statistics
V2 Portal User Statistics
Current Online User Count: 20
Max. Online User Count: 23000
Online User Limit: 24576
V2 Portal Communication Statistics
Challenge Req Count: 67000
Challenge Rsp Count: 67000
Challenge Passed Count: 66950
Challenge Failure Count: 50
Challenge Rsp Send Succ Count: 67000
Auth Req Count: 66950
Auth Rsp Count: 66950
Auth Passed Count: 57000
Auth Failure Count: 9950
Auth Rsp Send Succ Count: 66950
Field Description
Command Reference Web Authentication Commands
V2 Portal User Statistics Statistics of Ruijie second-generation web
authentication users.
Current Online User Count Total amount of current online users.
Max. Online User Count Maximum number of online users.
Online User Limit Upper limit of online users.
V2 Portal Communication Statistics
Statistics of the communication between the
device and Ruijie second-generation Portal
Server.
Challenge Req Count Total amount of Challenge requests received by
the device.
Challenge Rsp Count Total amount of Challenge responses sent by the
device.
Challenge Passed Count Total amount of passed challenge requests.
Challenge Failure Count Total amount of failed challenge requests.
Challenge Rsp Send Succ Count Total challenge responses successfully sent by
the device.
Auth Req Count Total amount of authentication requests received
by the device.
Auth Rsp Count Total amount of authentication responses sent by
the device.
Auth Passed Count Total amount of passed authentication requests.
Auth Failure Count Total amount of failed authentication requests
Auth Rsp Send Succ Count Total amount of authentication responses
successfully sent by the device.
Ruijie(config)#interface vfc 2
Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f
Related
Commands Command Description
clear web-auth portal statistics
Clears the statistics about Ruijie
second-generation web authentication.
Platform
Description
This command is supported only on wireless products.
show web-auth direct-host
Use this command to show the configuration of Web-authentication-free users (direct users).
show web-auth direct-host
Command Reference Web Authentication Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Display the authentication-free users.
Ruijie# display web-auth direct-host
Direct hosts:
Address Mask Port ARP Binding
---------------- ---------------- ---------- ------------
192.168.0.1 255.255.255.255 Fa0/2 On
192.168.4.11 255.255.255.255 Fa0/10 On
192.168.5.0 255.255.255.0 Fa0/16 Off
Field Description
Address The field indicates the IP address of an authentication-free user.
Mask The field indicates the IP address mask of an authentication-free
user.
Port The field indicates the port of the access device bound to the IP
address of the user.
ARP Binding The field indicates whether ARP binding is enabled.
Related
Commands Command Description
web-auth direct-host
Sets the IP addresses of the authentication-free
users.
Platform
Description
N/A
show web-auth control
Use this command to show the authentication configuration and statistics of a basic controlled unit
(the controlled unit is WLAN on a wireless device)
show web-auth port-control
Command Reference Web Authentication Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Use this command to show the status of web authentication.
Configuration
Examples
#Show the authentication configuration and statistics on an interface.
Ruijie#show web-auth control
Port Control Server Name Authentication mode
Online User Count
------------------------- -------- --------------------- -----------------
Wlan 1 On gateway 0
......
Field Description
Port The parameter indicates a basic controlled unit.
Control The parameter indicates whether Web authentication of the
controlled unit is enabled.
Authentication Mode Controlled type of Web authentication of the controlled unit.
Online User Count The parameter indicates the number of current online users of the
controlled unit.
Related
Commands Command Description
webauth Enables Web authentication on WLAN.
Platform
Description
N/A
show web-auth user
Use this command to show the online information (including the IP address, interface, and online
hours) of all users or specified users
show web-auth user { { { all | intra | v1 | v2 } [ online-only ] [ start-from index ] [ display-amount ] } |
statistics | ip-address { ip-address | ipv6-address } }
Parameter
Description Parameter Description
Command Reference Web Authentication Commands
all Shows all types of Web authentication users.
v1 Shows all Ruijie first generation Web authentication users.
Online-only (Optional) Shows only online users.
v2
Shows all Ruijie second generation portal Web authentication
users.
intra Shows all Ruijie built-in portal Web authentication users.
start-from (Optional) Shows users starting from the index user.
index (Optional) Specifies from which user to display
display-amount (Optional) Specifies the maximum number of users displayed
statistics Shows statistics of Web authentication users.
ip-address Shows information about users with a specified IP.
ipv6-address Shows information about users with a specified IP.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
#Show all Web authentication users.
Ruijie# display web-auth user all
Statistics:
Type Online Total Accumulation
-------------- ------- ------- ------------
V1 Portal 2 4 10
V2 Portal 0 1 39
-------------- ------- ------- ------------
Total 2 5 49
V1 Portal Authentication Users
---------------------------------------------------
Index Address Online Time Limit Time Used Status
----- ------------- ------ ------------- ------------- 1 192.168.0.11 On
0d 01:00:00 0d 00:15:10 Active
2 192.168.0.13 On 0d 00:00:00 0d 00:00:59 Active
3 192.168.0.25 Off 0d 00:00:00 0d 00:00:00 Create
4 192.168.0.46 Off 0d 01:00:00 0d 01:00:00 Destroy
---------------------------------------------------
V2 Portal Authentication Users
---------------------------------------------------
Index Address Online Time Limit Time Used Status
----- ------------- ------ ----------- ----------
1 172.16.20.2 Off 0d 00:00:00 0d 00:00:00 Authenticating
Command Reference Web Authentication Commands
---------------------------------------------------
Users get online and offline during the check, therefore, the statistics of current user
number might be different from the following list of detailed user status.
#Show users with the IP addresses 172.250.22.14 and 172.16.20.2
Ruijie# display web-auth user 172.16.20.2
Type : V2 Portal
Address : 172.16.20.2
Mac : 00d0.f800.2234
Wlan : 200
Online : Off
Time Limit : 0d 00:00:00
Time Used : 0d 00:00:00
Time Start : N/A
Flow used : xxxx Bytes
FLOW limit : xxxx Bytes
Status : Authenticating
AAA Id : 0
Username : N/A
Field Description
Statistics: Statistics of Web authentication users
Type Web authentication type
Online Number of currently online users
Total Total number of current users (offline included)
Accumulation Accumulated number of online users
V1 Portal
Authentication Users
Information about Ruijie first generation Web authentication users.
V2 Portal
Authentication Users
Information about Ruijie second generation Web authentication users.
Index Index number of current display
Address IP addresses of users
Online The status of users, which can be displayed as “on” or “off”.
Time Limit Online hours available to users, only applicable for online users. For
online users, "0d 00:00:00” means unlimited online hours.
Time Used Used online hours, only applicable for online users.
Status
The specific status of users
The specific status of Ruijie first authentication users is as follows:
Active: meaning users are normally online
Create: meaning users have been just created and configuration has not
been finished
Destroy: meaning users have been just deleted and configuration has not
been deleted
Command Reference Web Authentication Commands
The specific status of Ruijie second authentication users is as follows:
Initialized: the device has been initialized and is waiting for user
authentication.
Chap: Central moving portal is performing the user CHAP authentication
with device.
Authenticating: Authentication is in progress.
WaitAffAckAuth: Authentication succeeds; the result has been reported
to Ruijie second generation Portal and the device is waiting for Portal
confirmation.
Authenticated: Users’ authentication succeeds, and users are online.
WaitAckLogout: The device logs out the user, and has reported to Portal.
The device is waiting for confirmation from the Portal .
StopAcct: The accounting is suspended.
WaitDelete: Users are in the status of waiting to be deleted, during which,
if HTTP redirection happens or users send authentication requests, users
can be reactivated.
Time start The time that a user pass the authentication and be online
AAA id Internal AAA identification index of Ruijie second generation Web
authentication users’ device.
Username Username of a Ruijie second generation Web authentication online user.
Related
Commands Command Description
N/A N/A
Platform
Description
This command is supported only on wireless products.
Command Reference AAA Commands
AAA Commands
aaa authentication dot1x
Use this command to enable AAA authentication 802.1x and configure an 802.1x user authentication
method list in global configuration mode.
Use the no form of this command to delete the 802.1x user authentication method list.
aaa authentication dot1x { default | list-name } method1 [ method2...]
no aaa authentication dot1x { default | list-name }
Parameter Description Parameter
Description default
When this parameter is used, the following defined 802.1x user authentication
method list is used as the default method of user authentication.
list-name
Specifies the name of an 802.1x user authentication method list, which can be
any character string.
method
It must be one of the keywords: local, none, and group. One method list can
contain up to four methods.
local Uses the local user name database for authentication.
none Authentication is not performed.
group
Uses a server group for authentication. Currently, the RADIUS server group is
supported.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide If the AAA 802.1x security service is enabled on equipment, AAA is required for 802.1x user
authentication negotiation. Use the aaa authentication dot1x command to configure a default or
an optional method list of 802.1x user authentication.
The next method can be used for authentication only when the current method does not respond.
Configuration
Examples
The following example defines an AAA 802.1x user authentication method list named rds_d1x. In
the authentication method list, the RADIUS security server is used for authentication first. If the
RADIUS security server does not respond within the specified period of time, the local user database
is used for authentication..
Ruijie(config)# aaa authentication dot1x rds_d1x group radius local
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
dot1x authentication Associates a specific method list with the 802.1x user.
Command Reference AAA Commands
username Defines a local user database.
Platform
Description
N/A
aaa authentication enable
Use this command to enable AAA Enable authentication and configure an Enable authentication
method list in global configuration mode.
Use the no form of this command to delete the user authentication method list.
aaa authentication enable default method1 [method2...]
no aaa authentication enable default
Parameter Description
default
When this parameter is used, the following defined
authentication method list is used as the default method of
Enable authentication. Enable authentication is global
authentication. Currently, only configuration of a default
authentication method list is supported.
method It must be one of the keywords: local, none, and group.
One method list can contain up to four methods.
Parameter
Description
local Uses the local user name database for authentication.
none Authentication is not performed.
group
Uses a server group for authentication. Currently, the
RADIUS and TACACS+ server groups are supported.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide If the AAA Enable authentication service is enabled on equipment, AAA is required for Enable
authentication negotiation. Use the aaa authentication enable command to configure a default
method list of Enable authentication.
The next method can be used for authentication only when the current method does not respond.
The Enable authentication function automatically takes effect after the Enable authentication method
list is configured.
Configuration
Examples
The following example defines an AAA Enable authentication method list. In the authentication
method list, the RADIUS security server is used for authentication first. If the RADIUS security server
does not respond with the specified period of time, the local user database is used for authentication.
Ruijie(config)# aaa authentication enable default group radius local
Related Command Description
Command Reference AAA Commands
aaa new-model Enables the AAA security service.
enable Switches the user level.
username Defines a local user database.
Commands
Platform
Description
N/A
aaa authentication login
Use this command to enable AAA login authentication and configure a login authentication method
list in global configuration mode.
Use the no form of this command to delete the authentication method list.
aaa authentication login { default | list-name } method1 [ method2..]
no aaa authentication login { default | list-name }
Parameter Description
default When this parameter is used, the following defined authentication
method list is used as the default method of login authentication.
list-name Specifies the name of a login authentication method list, which can be
any character strings.
Parameter
Description
method It must be one of the keywords: local, none, and group. One
method list can contain up to four methods.
local Uses the local user name database for authentication.
none Identify authentication is not performed.
group
Uses a server group for authentication. Currently, the RADIUS and
TACACS+ server groups are supported.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide If the AAA login authentication security service is enabled on equipment, AAA is required for login
authentication negotiation. Use the aaa authentication login command to configure a default or
an optional method list of login authentication.
The next method can be used for authentication only when the current method does not respond.
You must apply the configured login authentication method to the terminal line that requires login
authentication; otherwise, the configured login authentication method is ineffective.
Configuration
Examples
The following example defines an AAA login authentication method list named list-1. In the
authentication method list, the RADIUS security server is used for authentication first. If the RADIUS
security server does not respond within the specified period of time, the local user database is used
for authentication.
Command Reference AAA Commands
Ruijie(config)# aaa authentication login list-1 group radius local
Command Description
aaa new-model Enables the AAA security service.
username Defines a local user database.
Related
Commands
login authentication Applies the login authentication method to a terminal line.
Platform
Description
N/A
aaa authentication ppp
Use this command to enable AAA PPP user authentication and configure a PPP user authentication
method list in global configuration mode.
Use the no form of this command to delete the authentication method list.
aaa authentication ppp { default | list-name } method1 [ method2...]
no aaa authentication ppp { default | list-name }
Parameter Description
default
When this parameter is used, the following defined authentication
method list is used as the default method of PPP user
authentication.
Parameter
Description
list-name Specifies the name of a PPP user authentication method list, which
can be any character strings.
method
It must be one of the keywords: local, none, and group. One
method list can contain up to four methods.
local Uses the local user name database for authentication.
none Identity authentication is not performed.
group
Uses a server group for authentication. Currently, the RADIUS and
TACACS+ server groups are supported.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide If the AAA PPP security service is enabled on equipment, AAA is required for PPP authentication
negotiation. Use the aaa authentication ppp command to configure a default or an optional
method list of PPP user authentication.
The next method can be used for authentication only when the current method does not respond.
Configuration
Examples
The following example defines an AAA PPP authentication method list named rds_ppp. In the
authentication method list, the RADIUS security server is used for authentication first. If the RADIUS
Command Reference AAA Commands
security server does not respond within the specified period of time, the local user database is used
for authentication.
Ruijie(config)# aaa authentication ppp rds_ppp group radius local
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
ppp authentication Associates a specific method list with a PPP user.
username Defines a local user database.
Platform
Description
N/A
login authentication
Use this command to apply a login authentication method list to the specified terminal line.
Use the no form of this command to remove the application of the login authentication method list.
login authentication {default | list-name}
no login authentication
Parameter Description
default Applies the default login authentication method list.
Parameter
Description
list-name Applies a defined login authentication method list.
Defaults N/A
Command
Mode
Line configuration mode
Usage Guide Once the default login authentication method list has been configured, it will be applied to all terminals
automatically. If a non-default login authentication method list has been applied to a terminal, it will
replace the default one. If you attempt to apply an undefined method list, you will be notified that the
login authentication on this line is ineffective until the method list is defined.
Configuration
Examples
The following example defines an AAA login authentication method list named list-1. In the
authentication method list, the local user database is used for authentication first. Then, apply this
method to VTY 0-4.
Ruijie(config)# aaa authentication login list-1 local
Ruijie(config)# line vty 0 4
Ruijie(config-line)# login authentication list-1
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
username Defines a local user database.
Command Reference AAA Commands
login authentication Configures a login authentication method list.
Platform
Description
N/A
aaa authorization commands
Use this command to authorize the commands executed by users that have logged in to the network
access server (NAS) command-line interface (CLI).
Use the no form of this command to disable the AAA command authorization function.
aaa authorization commands level { default | list-name} method1 [method2...]
no aaa authorization commands level { default | list-name}
Parameter Description
level Specifies the command level to be authorized, in the range from 0 to 15. You can
run this command after the authorization of a specific command level is passed.
default When this parameter is used, the following defined method list is used as the
default method of command authorization.
Parameter
Description
list-name Specifies the name of a command authorization method list, which can be any
character strings.
method It must be one of the keywords: local, none, and group. One method list can
contain up to four methods.
none Authorization is not performed.
group Uses a server group for authorization. Currently, the TACACS+ server group is
supported
Defaults AAA command authorization is disabled by default.
Command
Mode
Global configuration mode
Usage Guide RGOS supports authorization of the commands executed by users. When a user inputs and attempts
to run a command, AAA sends this command to the security server. This command will be executed if
the security server allows command execution; otherwise, it will prompt command execution denial.
You are required to specify the command level when configuring command authorization. This
specified command level is the default command level (for example, the default level of a command is
14 when the command is visible for users above level 14).
You must apply the configured command authorization method to the terminal line that requires
command authorization; otherwise, the configured command authorization method is ineffective.
Configuration
Examples
The following example uses the TACACS+ server to authorize level 15 commands.
Ruijie(config)# aaa authorization commands 15 default group tacacs+
Command Reference AAA Commands
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa authorization commands Applies command authorization to a terminal line.
Platform
Description
N/A
aaa authorization config-commands
Use this command to authorize configuration commands (including in global configuration mode and
its sub-mode) through AAA.
Use the no form of this command to disable the AAA authorization function for configuration
commands.
aaa authorization config-commands
no aaa authorization config-commands
Parameter Description Parameter
Description N/A N/A
Defaults Configruation command authorization is disabled by default.
Command
Mode
Global configuration mode
Usage Guide If you only need to authorize commands in non-configuration mode (for example, in privileged EXEC
mode), use the no form of this command to disable the authorization function in configuration mode.
This action allows you to run commands in configuration mode and its sub-mode without command
authorization.
Configuration
Examples
The following example enables the configuration command authorization function.
Ruijie(config)# aaa authorization config-commands
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa authorization commands Defines AAA command authorization.
Platform
Description
N/A
aaa authorization console
Use this command to authorize the commands executed by users that log in from the console in
global configuration mode.
Command Reference AAA Commands
Use the no form of this command to disable the AAA command authorization function.
aaa authorization console
no aaa authorization console
Parameter Description
N/A N/A
Parameter
Description
Defaults Command authorization for users on the console is disabled by default.
Command
Mode
Global configuration mode
Usage Guide RGOS supports identifying users that log in from the console and from other terminals. You can
configure whether to authorize the commands executed by users that log in from the console. If the
command authorization function is disabled on the console, the command authorization method list
applied to the console line is ineffective.
Configuration
Examples
The following example enables the command authorization function for users that log in from the
console.
Ruijie(config)# aaa authorization console
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa authorization commands Defines AAA command authorization.
authorization commands Applies command authorization to a terminal line.
Platform
Description
N/A
aaa authorization exec
Use this command to perform AAA EXEC authorization on users that have logged in to the NAS CLI
and assign authority levels.
Use the no form of this command to disable the AAA EXEC authorization function.
aaa authorization exec { default | list-name } method1 [ method2...]
no aaa authorization exec { default | list-name }
Parameter Description Parameter
Description default
When this parameter is used, the following defined method list is used as the default
method of EXEC authorization.
list-name
Specifies the name of an EXEC authorization method list, which can be any
character strings.
method It must be one of the keywords: local, none, and group.. One method list can
Command Reference AAA Commands
contain up to four methods.
local Uses the local user name database for authorization.
none Authorization is not performed.
group
Uses a server group for authorization. Currently, the RADIUS and TACACS+ server
groups are supported.
Defaults AAA EXEC authorization is disabled by default.
Command
Mode
Global configuration mode
Usage Guide RGOS supports authorization of users that have logged in to the NAS CLI and assignment of CLI
authority levels (in the range from 0 to 15). The EXEC authorization function is effective only for users
that pass login authentication. Users cannot enter the CLI if EXEC authorization fails.
You must apply the configured EXEC authorization method to the terminal line that requires EXEC
authorization; otherwise the configured method is ineffective.
Configuration
Examples
The following example uses the RADIUS server to implement EXEC authorization.
Ruijie(config)# aaa authorization exec default group radius
Command Description Related
Commands aaa
new-model Enables the AAA security service.
authorization
exec Applies authorization to a terminal line.
username Defines a local user database.
Platform
Description
N/A
aaa authorization network
Use this command to perform AAA authorization on the service requests (including such protocols as
PPP and SLIP) from users that access networks in global configuration mode.
Use the no form of this command to disable the AAA authorization function.
aaa authorization network { default | list-name } method1 [ method2...]
no aaa authorization network { default | list-name }
Parameter Description Parameter
Description default
When this parameter is used, the following defined method list is used
as the default method of network authorization.
method
It must be one of the keywords: none and group. One method list can
contain up to four methods.
Command Reference AAA Commands
none Network authorization is not performed.
group
Uses a server group for authorization. Currently, the RADIUS and
TACACS+ server groups are supported.
Defaults AAA network authorization is disabled by default.
Command
Mode
Global configuration mode
Usage Guide RGOS supports authorization of all network-related service requests, such as PPP and SLIP. If
authorization is configured, all authenticated users or interfaces will be authorized automatically.
Three different authorization methods can be specified. Like identity authentication, the next method
can be used for authorization only when the current authorization method does not respond. If the
current authorization method fails, the subsequent authorization method is not used.
The RADIUS or TACACS+ server authorizes authenticated users by returning a series of attributes.
Therefore, network authorization is based on autheitcation. Network authorization is performed only
on authenticated users.
Configuration
Examples
The following example uses the RADIUS server to authorize network services.
Ruijie(config)# aaa authorization network default group radius
Command Description
aaa new-model Enables the AAA security service.
aaa accounting Defines AAA accounting.
Related
Commands
aaa authentication Defines AAA identity authentication.
username Defines a local user database.
Platform
Description
N/A
authorization commands
Use this command to apply a command authorization method list to the specified terminal line in line
configuration mode.
Use the no form of this command to remove the application of the command authentication method
list.
authorization commands level { default | list-name}
no authorization commands level
Parameter Description Parameter
Description
level
Specifies the command level to be authorized, in the range from 0 to 15. You
can run this command after the authorization of a specific command level is
passed
Command Reference AAA Commands
default When this parameter is used, the following defined method list is used as the
default method of command authorization.
list-name Applies a defined command authorization method list.
Defaults AAA command authorization is disabled by default.
Command
Mode
Line configuration mode
Usage Guide Once the default command authorization method list has been configured, it will be applied to all
terminals automatically. If a non-default command authorization method list is applied to a terminal, it
will replace the default one. If you attempt to apply an undefined method list, you will be notified that
the command authorization on this line is ineffective until the method list is defined.
Configuration
Examples
The following example defines a command authorization method list named cmd to authorize level 15
commands, and uses TACACS+ as the security server. The none method will be used if the server
does not respond. The configured method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa authorization commands 15 cmd group tacacs+ none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# authorization commands 15 cmd
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
authorization commands Applies the AAA command authorization method list.
Platform
Description
N/A
authorization exec
Use this command to apply an EXEC authorization method list to the specified terminal line.
Use the no form of this command to remove the application of the EXEC authentication method list.
authorization exec { default | list-name }
no authorization exec
Parameter Description
default Applies the default EXEC authorization method.
Parameter
Description
list-name Applies a defined EXEC authorization method list.
Defaults No default AAA EXEC authentication method list is configured.
Command
Mode
Line configuration mode.
Command Reference AAA Commands
Usage Guide Once the default EXEC authorization method list has been configured, it will be applied to all
terminals automatically. If a non-default EXEC authorization method list is applied to a line, it will
replace the default one. If you attempt to apply an undefined method list, you will be notified that the
EXEC authorization on this line is ineffective until the method list is defined.
Configuration
Examples
The following example defines an EXEC authorization method list named exec-1, and uses RADIUS
as the security server. The none method will be used if the server does not respond. The configured
method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa authorization exec exec-1 group radius none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# authorization exec exec-1
Command Description Related
Commands aaa new-model Enables the AAA security service.
aaa authorization commands Defines an AAA EXEC authorization method list.
Platform
Description
N/A
aaa accounting commands
Use this command to perform accounting on the command activities of users that have logged in to
the NAS in global configuration mode in order to manage user activities.
Use the no form of this command to disable the command accounting function.
aaa accounting commands level { default | list-name} start-stop method1 [method2...]
no aaa accounting commands level { default | list-name}
Parameter Description
level Specifies the command level for accounting, in the range from 0 to 15. Related
messages are recorded when you determine which command level is executed.
default When this parameter is used, the following defined method list is used as the default
method of command accounting.
list-name Speficies the name of a command accounting method list, which can be any
character strings.
method It must be one of the keywords none and group. One method list can contain up to
four methods:
Parameter
Description
none Accounting is not performed.
group
Uses a server group for accounting. Currently, the TACACS+ server group is
supported.
Defaults Accounting is disabled by default.
Command Global configuration mode
Command Reference AAA Commands
Mode
Usage Guide RGOS enables the command accounting function only after users pass login authentication.
Command accounting is not performed when users are not anthenticated upon login or the none
authentication method is used. After the accounting function is enabled, command information is sent
to the security service each time when users run the specified level of commands.
You must apply the configured command accounting method to the terminal line that requires
command accounting; otherwise, the configured command accounting method is ineffective.
Configuration
Examples
The following example performs accounting on the command requests from usersby using
TACACS+, and configures the accounting command level to 15.
Ruijie(config)# aaa accounting commands 15 default start-stop group tacacs+
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa authentication Defines AAA identity authentication.
accounting commands Applies command accounting to a terminal line.
Platform
Description
N/A
aaa accounting exec
Use this command to perform accounting on the access activities of users that log in to the NAS in
global configuration mode in order to manage user activities.
Use the no form of this command to disable the EXEC accounting function.
aaa accounting exec { default | list-name } start-stop method1 [ method2... ]
no aaa accounting exec { default | list-name }
Parameter Description
default When this parameter is used, the following defined method list is used as
the default method of EXEC accounting.
list-name Specifies the name of an EXEC accounting method list, which can be any
character strings.
method It must be one of the keywords: none and group. One method list can
contain up to four methods.
Parameter
Description
none Accounting is not performed.
group
Uses a server group for accounting. Currently, the RADIUS and
TACACS+ server groups are supported.
Defaults Accounting is disabled by default.
Command Global configuration mode
Command Reference AAA Commands
Mode
Usage Guide RGOS enables the EXEC accounting function only after users pass login authentication. EXEC
accounting is not performed when users are not anthenticated upon login or the none authentication
method is used.
After the accounting function is enabled, an accounting start message is sent to the security server
when a user logs in to the NAS CLI, and an accounting stop message is sent to the security server
when the user logs out. If an accounting start message is not sent to the security server when a user
logs in, an accounting stop message is not sent to the security server when the user logs out.
You must apply the configured EXEC accounting method to the terminal line that requires command
accounting; otherwise, the configured EXEC accounting method is ineffective..
Configuration
Examples
The following example performs accounting on users' NAS login activities by using RADIUS, and
sends accounting messages at the start time and end time of access.
Ruijie(config)# aaa accounting exec default start-stop group radius
Command Description Related
Commands aaa new-model Enables the AAA security service.
aaa authentication Defines AAA identity authentication.
accounting commands Applies EXEC accounting to a terminal line.
Platform
Description
N/A
aaa accounting network
Use this command to perform accounting on users' access activities in global configuration mode in
order to count network access fees or manage user activities.
Use the no form of this command to disable the network accounting function.
aaa accounting network { default | list-name } start-stop method1 [ method2... ]
no aaa accounting network { default | list-name }
Parameter Description
default When this parameter is used, the following defined method list is used as the
default method of network accounting.
list-name Specifies the name of an accounting method list.
start-stop
Sends accounting messages at both the start time and end time of users'
network access. Users are allowed to access networks regardless of
whether the accounting start message enables accounting successfully.
method It must be one of the keywords: none and group. One method list can
contain up to four methods.
none Accounting is not performed.
Parameter
Description
group Uses a server group for accounting. Currently, the RADIUS and TACACS+
Command Reference AAA Commands
server groups are supported.
Defaults Accounting is disabled by default.
Command
Mode
Global configuration mode
Usage Guide RGOS performs accounting on user activities by sending record attributes to the security server. Use
the start-stop keyword to set the user accounting option.
Configuration
Examples
The following example performs accounting on the network service requests from users by using
RADIUS, and sends accounting messages at the start time and end time of network access:
Ruijie(config)# aaa accounting network default start-stop group radius
Command Description
aaa new-model Enables the AAA security service.
aaa authorization
network Defines AAA network authorization.
aaa authentication Defines AAA identity authentication.
Related
Commands
username Defines a local user database.
Platform
Description
N/A
aaa accounting update
Use this command to enable the accounting update function in global configuration mode.
Use the no form of this command to disable the accounting update function.
aaa accounting update
no aaa accounting update
Parameter Description Parameter
Description N/A N/A
Defaults Accounting update is disabled by default.
Command
Mode
Global configuration mode
Usage Guide If the AAA security service is not enabled, the accounting update function cannot be used. This
command is used to set the accounting update function after the AAA security service is enabled.
Configuration
Examples
The following example enables the accounting update function.
Ruijie(config)# aaa new-model
Command Reference AAA Commands
Ruijie(config)# aaa accounting updatee
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa accounting network Defines a network accounting method list.
Platform
Description
N/A
aaa accounting update periodic
Use this command to set the accounting update interval in global confguration mode after the
accounting update function is enabled.
Use the no form of this command to restore the accounting update interval to the default value.
aaa accounting update periodic interval
no aaa accounting update periodic
Parameter Description Parameter
Description interval
Specifies the accounting update interval, in minutes.
The shortest interval is one minute.
Defaults The default accounting update interval is five minutes.
Command
Mode
Global configuration mode
Usage Guide If the AAA security service is not enabled, the accounting update function cannot be used. This
command is used to set the accounting update interval after the AAA security service is enabled.
Configuration
Examples
The following example sets the accounting update interval to one minute.
Ruijie(config)# aaa new-model
Ruijie(config)# aaa accounting update
Ruijie(config)# aaa accounting update periodic 1
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa accounting network Defines a network accounting method list.
Platform
Description
N/A
Command Reference AAA Commands
accounting commands
Use this command to apply a command accounting list to the specified terminal line in line
configruation mode.
Use the no form of this command to disable the command accounting function on the terminal line.
accounting commands level { default | list-name }
no accounting commands level
Parameter Description
level Specifies the command level for accounting, in the range from 0 to 15.
default Applies the default command accounting method.
Parameter
Description
list-name Uses a defined command accounting method list.
Defaults Accounting is disabled by default.
Command
Mode
Line configuration mode
Usage Guide Once the default command accounting method list has been configured, it will be applied to all
terminals automatically. If a non-default command accounting method list has been applied to a line,
it will replace the default one. If you attempt to apply an undefined method list, you will be notified that
the command accounting on this line is ineffective until the method list is defined.
Configuration
Examples
The following example defines a command accounting method list named cmd to authorize level 15
commands, and uses TACACS+ as the security server. The none method will be used if the server
does not respond. The configured method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa accounting commands 15 cmd group tacacs+ none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# accounting commands 15 cmd
Command Description
aaa new-model Enables the AAA security service.
Related
Commands
aaa accouting commands Defines an AAA command accounting method list.
Platform
Description
N/A
accounting exec
Use this command to apply an EXEC accouting method list to the specified terminal line in line
configuration mode.
Use the no form of this command to disable the EXEC accounting function on the terminal line.
accounting exec { default | list-name }
Command Reference AAA Commands
no accounting exec
Parameter Description
default Applies the default EXEC accounting method.
Parameter
Description
list-name Uses a defined EXEC accounting method list.
Default Accounting is disabled by defaults.
Command
Mode
Line configuration mode
Usage Guide Once the default EXEC accounting method list has been configured, it will be applied to all terminals
automatically. If a non-default EXEC accounting method list has been applied to a line, it will replace
the default one. If you attempt to apply an undefined method list, you will be notified that the EXEC
accounting on this line is ineffective until the method list is defined.
Configuration
Examples
The following example defines an EXEC accounting method list named exec-1, and uses RADIUS as
the security server. The none method will be used if the server does not respond. The configured
method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa accounting exec exec-1 group radius none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# accounting exec exec-1
Command Description
aaa new-model Enables the AAA security service. Related
Commands aaa accouting commands Defines an AAA EXEC accouting method list.
Platform
Description
N/A
aaa domain
Use this command to enter domain configuation mode and configure domain attributes.
Use the no form of this command to remove the setting.
aaa domain { default | domain-name }
no aaa domain { default | domain-name }
Parameter Description
default Configures the default domain.
Parameter
Description
domain-name Specifies the name of a domain.
Defaults No domain is configured by default.
Command Reference AAA Commands
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the domain name-based AAA service. The default parameter is used
to configure the default domain. That is the method list used by network equipment if users do not
carry domain information. The domain-name parameter is used to configure the specified domain
name. If users carry this domain name, the method lists associated with this domain are used.
Currently, the system can configure up to 32 domains.
Configuration
Examples
The following example configures a domain name.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)#
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Platform
Description
N/A
aaa doman enable
Use this command to enable the domain name-based AAA service, which is disabled by default.
When the domain name-based AAA service is enabled, the domain name-based AAA service
configuration is preferred.
Use the no form of this command to disable the domain name-based AAA service.
aaa domain enable
no aaa domain enable
Parameter Description
N/A N/A
Parameter
Description
Defaults The domain name-based AAA service is disabled by default.
Command
Mode
Global configuration mode
Usage Guide Use this command to enable the domain name-based AAA service when you perform domain
name-based AAA service configuration.
Configuration
Examples
The following example enables the domain name-based AAA service.
Ruijie(config)# aaa domain enable
Command Reference AAA Commands
Command Description
aaa new-model Enables the AAA security service.
show aaa doamain Displays domain configuration.
Related
Commands
Platform
Description
N/A
access-limit
Use this command to configure the maximum number of users for domains, which is valid only for
IEEE802.1x users.
Use the no form of this command to remove the setting.
access-limit num
no access-limit
Parameter Description Parameter
Description num Maximum number of users for domains, which is valid only for IEEE802.1x users
Defaults The number of users is not limited by default.
Command
Mode
Domain configuration mode
Usage Guide Use this command to configure the maximum number of users for domains.
Configuration
Examples
The following example sets the maximum number of users to 20 for the domain named ruijie.com.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# access-limit 20
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Platform
Description
N/A
accounting network
Use this command to configure a network accounting method list in domain conifguration mode.
Use the no form of this command to remove the setting.
accounting network { default | list-name }
Command Reference AAA Commands
no accounting network
Parameter Description
default Specifies the default method list.
Parameter
Description
list-name Specifies the name of a method list.
Defaults With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Mode Domain configuration mode
Usage Guide Use this command to configure a network accounting method list for a domain.
Configuration
Examples
The following example configures a network accounting method list for a domain.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# accounting network default
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Platform
Description
N/A
authentication dot1x
Use this command to configure an IEEE802.1x authentication method list in domain configuration
mode.
Use the no form of this command to remove the setting.
authentication dot1x { default | list-name }
no authentication dot1x
Parameter Description
default Specifies the default method list.
Parameter
Description
list-name Specifies the name of a method list.
Defaults With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Mode Domain configuration mode
Command Reference AAA Commands
Usage Guide Use this command to configure an IEEE802.1x authentication method list for a domain.
Configuration
Examples
The following example configures an IEEE802.1x authentication method list for a domain.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# authentication dot1x default
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Platform
Description
N/A
authorization network
Use this command to configure a network authorization list in domain configuration mode.
Use the no form of this command to remove the setting.
authorization network { default | list-name }
no authorization network
Parameter Description
default Specifies the default method list.
Parameter
Description
list-name Specifies the name of a method list.
Defaults With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Mode
Domain configuration mode
Usage Guide Use this command to configure a network authorization list for a domain.
Configuration
Examples
The following example configures a network authorization list for a domain.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# authorization network default
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Command Reference AAA Commands
Platform
Description
N/A
state
Use this command to set whether the configured domain is valid.
Use the no form of this command to restore to the default setting.
state { block | active }
no state
Parameter Description
block The configured domain is invalid.
Parameter
Description
active The configured domain is valid.
Defaults The configured domain is valid by default.
Command
Mode
Domain configuration mode
Usage Guide Use this command to set whether the specified configured domain is valid.
Configuration
Examples
The following example sets the configured domain to be invalid.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# state block
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain enable Displays domain configuration .
Platform
Description
N/A
show aaa domain
Use this command to query all current domain information
show aaa domain [ default | domain-name ]
Parameter Description
default Displays the default domain information. Parameter
Description domain-name Displays information about the specified domain.
Defaults N/A
Command Reference AAA Commands
Command
Mode
Privileged EXEC mode
Usage Guide If no domain name is specified, all domain information will be displayed.
Configuration
Examples
The following example displays the domain named domain.com.
Ruijie# show aaa domain domain.com
=============Domain domain.com=============
State: Active
Username format: Without-domain
Access limit: No limit
802.1X Access statistic: 0
Selected method list:
authentication dot1x default
Command Description
aaa new-model Enables the AAA security service. Related
Commands aaa domain enable Enables the domain name-based AAA service.
Platform
Description
N/A
username-format
Use this command to configure whether user names carry domain information when the NAS
interacts with servers.
Use the no form of this command restores to the default setting.
username-format { without-domain | with-domain }
no username-format
Parameter Description
without-domain Domain information is removed from user names. Parameter
Description with-domain Domain information is retained in user names.
Defaults Domain information is retained in user names by default.
Command
Mode
Domain configuration mode
Usage Guide Use this command to configure whether user names carry domain information when the NAS
interacts with servers.
Command Reference AAA Commands
Configuration
Examples
The following example configures a user name to remove domain information.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# username-domain without-domain
Command Description
aaa new-model Enables the AAA security service.
aaa domain enable Enables the domain name-based AAA service.
Related
Commands
show aaa domain Displays domain configuration.
Platform
Description
N/A
aaa group server
Use this command to enter AAA server group comfiguration mode.
Use the no form of this command to delete server groups.
aaa group server { radius | tacacs+ } name
no aaa group server { radius | tacacs+ } name
Parameter Description Parameter
Description name
Name of a server group. It cannot be the keywords radius or tacacs+
because RADIUS and TACACS+ are the default server group names.
Defaults N/A
Command
Mode
Global configuration mode
Usage Guide Use this command to confgure AAA server groups. Currently, the RADIUS and TACACS+ server
groups are supported.
Configuration
Examples
The following example configures an AAA server group.
Ruijie(config)# aaa group server radius ss
Ruijie(config-gs-radius)# end
Ruijie# show aaa group
Group Name: ss
Group Type: radius
Referred: 1
Server List:
Command Description Related
Commands show aaa group Displays AAA server group information.
Platform N/A
Command Reference AAA Commands
Description
ip vrf forwarding
Use this command to select VPN routing and forwarding (VRF) for an AAA server group.
Use the no form of this command to remove the setting.
ip vrf forwarding vrf_name
no ip vrf forwarding
Parameter Description Parameter
Description vrf_name VRF name
Defaults N/A
Command
Mode Server group configuration mode
Usage Guide Use this command to select VRF for the specified server group.
Configuration
Examples
The following example selects VRF for a server group.
Ruijie(config)# aaa group server radius ss
Ruijie(config-gs-radius)# server 192.168.4.12
Ruijie(config-gs-radius)# server 192.168.4.13
Ruijie(config-gs-radius)# ip vrf forwarding vrf_name
Ruijie(config-gs-radius)# end
Command Description
aaa group server Configures an AAA server group. Related
Commands show aaa group Displays AAA server group information.
Platform
Description
N/A
server
Use this command to add a server to an AAA server group.
Use the no form to delete a server.
server ip-addr [ auth-port port1 ] [ acct-port port2 ]
no server ip-addr [ auth-port port1 ] [ acct-port port2 ]
Parameter Description
ip-addr IP address of a server
Parameter
Description
port1 Authentication port of a server (which is supported only by the
Command Reference AAA Commands
RADIUS server group)
port2 Accounting port of a server (which is supported only by the RADIUS
server group)
Defaults No server is configured by default.
Command
Mode Server group configuration mode
Usage Guide Use this command to add a server to the specified server group. The default value is used if no port is
specified.
Configuration
Examples
The following example adds a server to a server group.
Ruijie(config)# aaa group server radius ss
Ruijie(config-gs-radius)# server 192.168.4.12 acct-port 5 auth-port 6
Ruijie(config-gs-radius)# end
Ruijie# show aaa group
Ruijie# show aaa group
Type Reference Name
---------- ---------- ----------
radius 1 radius
tacacs+ 1 tacacs+
radius 1 ss
Command Description
aaa group server Configures an AAA server group. Related
Commands show aaa group Displays AAA server group information.
Platform
Description
N/A
show aaa group
Use this command to query all the server groups configured for AAA.
show aaa group
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Command Reference AAA Commands
Usage Guide Use this command to query all the server groups configured for AAA.
Configuration
Examples
The following example displays all the server groups configured for AAA.
Ruijie# show aaa group
Type Reference Name
---------- ---------- ----------
radius 1 radius
tacacs+ 1 tacacs+
radius 1 dot1x_group
radius 1 login_group
radius 1 enable_group
Command Description Related
Commands aaa group server Configures an AAA server group.
Platform
Description
N/A
aaa local authentication attempts
Use this command to configure the maximum number of login attempt times.
aaa local authentication attempts max-attempts
Parameter Description Parameter
Description max-attempts Maximum number of login attempt times, in the range from 1 to 2147483647
Defaults The default value is 3.
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the maximum login attempt times.
The following example sets the maximum login attempt times to 6.
Configuration
Examples
Ruijie# configure terminal
Ruijie(config)# aaa local authentication attempts 6
Command Description
show running-config Displays the current equipment configuration.
Related
Commands
show aaa lockout Displays the lockout configuration parameter of the current login.
Platform
Description
N/A
Command Reference AAA Commands
aaa local authentication lockout-time
Use this command to configure the length of lockout-time when the maximum login attempt times are
exceeded.
aaa local authentication lockout-time lockout-time
Parameter Description Parameter
Description lockout-time Length of lockout-time, in the range from 1 to 2147483647.
Defaults 15 hours.
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the length of lockout-time when the maximum login attempt times are
exceeded.
The following example sets the length of lockout-time to 5 hours.
Configuration
Examples
Ruijie# configure terminal
Ruijie(config)# aaa local authentication lockout-time 5
Command Description Related
Commands show running-config Displays the current equipment configuration.
show aaa lockout Displays the lockout configuration parameter of the current login.
Platform
Description
N/A
aaa new-model
Use this command to enable the RGOS AAA security service in global configuration mode.
Use the no form of this command to disable the AAA security service.
aaa new-model
no aaa new-model
Parameter Description Parameter
Description N/A N/A
Defaults The AAA security service is disabled by default.
Command
Mode
Global configuration mode
Command Reference AAA Commands
Usage Guide Use this command to enable AAA. If AAA is not enabled, none of the AAA commands can be
configured.
Configuratio
n Examples
The following example enables the AAA security service.
Ruijie(config)# aaa new-model
Command Description
aaa authentication Defines a user authentication method list.
aaa authorization Defines a user authorization method list.
Related
Commands
aaa accounting Defines a user accounting method list.
Platform
Description
N/A
clear aaa local user lockout
Use this command to clear a lockout user list.
clear aaa local user lockout {all | user-name <word>}
Parameter Description Parameter
Description <word> User ID
Defaults N/A.
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to clear all lockout user lists or the specified lockout user list.
Configuration
Examples
The following example clears all lockout user lists
Ruijie# clear aaa local user lockout all
Command Description
show running-config Displays the current equipment configuration. Related
Commands show aaa lockout Displays the lockout configuration parameter of the current login.
Platform
Description
N/A
debug aaa
Use this command to enable the AAA service debugging switch.
Use the no form of this command to disable the debugging switch.
Command Reference AAA Commands
debug aaa event
no debug aaa event
Parameter Description Parameter
Description N/A N/A
Defaults N/A.
Command
Mode Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
N/A
Command Description Related
Commands N/A N/A
Platform
Description
N/A
show aaa method-list
Use this command to query all AAA method lists.
show aaa method-list
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query all AAA method lists.
Configuratin
Examples
The following example displays AAA method lists.
Ruijie# show aaa method-list
Authentication method-list
aaa authentication login default group radius
aaa authentication ppp default group radius
aaa authentication dot1x default group radius
Command Reference AAA Commands
aaa authentication dot1x san-f local group angel group rain none
aaa authentication enable default group radius
Accounting method-list
aaa accounting network default start-stop group radius
Authorization method-list
aaa authorizating network default group radius
Command Description
aaa authentication Defines a user authentication method list.
aaa authorization Defines a user authorization method list.
Related
Commands
aaa accounting Defines a user accounting method list.
Platform
Description
N/A
show aaa user lockout
Use this command to query the current lockout user list.
show aaa user lockout
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode Privileged EXEC mode
Usage Guide Use this command to query the current lockout user list and the length of lockout-time.
Configuration
Examples
The following example displays the current lockout user list.
Ruijie# show aaa user lockout
Command Description
show running-config Displays the current equipment configuration. Related
Commands show aaa lockout Displays the lockout configuration parameter of the current login.
Platform
Description
N/A
Command Reference RADIUS Commands
RADIUS Commands
ip radius source-interface
Use this command to specify the source IP address of the RADIUS packet in global configuration
mode.
Use the no form of this command to delete the source IP address of the RADIUS packet.
ip radius source-interface interface
no radius source-interface
Parameter Description Parameter
Description Interface Interface that the source IP address of the RADIUS packet belongs to
Defaults The source IP address of the RADIUS packet is set by the network layer by default.
Command
Mode
Global configuration mode
Usage Guide In order to reduce the NAS information to be maintained on the RADIUS server, use this
command to set the source IP address of the RADIUS packet. This command uses the first IP
address of the specified interface as the source IP address of the RADIUS packet. This command
is used on Layer 3 devices.
Configuration
Examples
The following example specifies that the RADIUS packet obtains an IP address from the
fastEthernet 0/0 interface and uses it as the source IP address of the RADIUS packet.
Ruijie(config)# ip radius source-interface
fastEthernet 0/0
Command Description
radius-server host Defines the RADIUS server.
Related
Commands
ip address Configures the IP address of an interface.
Platform
Description
N/A
Command Reference RADIUS Commands
radius attribute
radius attribute {id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type type
no radius attribute { id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type
Parameter Description
id Function ID in the range from 1 to 255
Parameter
Description
type Private attribute type
Defaults Only the default configuration of private attributes in Ruijie is recognized.
id Function Type
1 max down-rate 1
2 qos 2
3 user ip 3
4 vlan-id 4
5 version to client 5
6 net ip 6
7 user name 7
8 password 8
9 file-directory 9
10 file-count 10
11 file-name-0 11
12 file-name-1 12
13 file-name-2 13
14 file-name-3 14
15 file-name-4 15
16 max up-rate 16
17 version to server 17
18 flux-max-high32 18
19 flux-max-low32 19
20 proxy-avoid 20
21 dialup-avoid 21
22 ip privilege 22
23 login privilege 42
Extended attributes:
id Function Type
1 max down-rate 76
2 qos 77
3 user ip 3
4 vlan-id. 4
5 version to client 5
6 net ip 6
7 user name 7
Command Reference RADIUS Commands
8 password 8
9 file-directory 9
10 file-count 10
11 file-name-0 11
12 file-name-1 12
13 file-name-2 13
14 file-name-3 14
15 file-name-4 15
16 max up-rate 75
17 version to server 17
18 flux-max-high32 18
19 flux-max-low32 19
20 proxy-avoid 20
21 dialup-avoid 21
22 ip privilege 22
23 login privilege 42
24 limit to user number 50
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the type value of a private attribute.
Configuration
Examples
The following example sets the type of max up-rate to 211.
Ruijie(config)# radius attribute 16 vendor-type 211
Command Description Related
Commands radius set qos cos Sets the qos value sent by the RADIUS server as the cos
value of the interface.
Platform
Description
N/A
radius-server attribute 31
Use this command to specify the MAC-based format of the RADIUS Calling-Station-ID attribute in
global configuration mode.
Use the no form of this command to restore to the default value.
radius-server attribute 31 mac format {ietf | normal | unformatted}
no radius-server attribute 31 mac format
Parameter Description Parameter
Description ietf Standard format specified by the IETF (RFC3580). The
Command Reference RADIUS Commands
hyphen (-) is used as the separator, for example:
00-D0-F8-33-22-AC.
normal Normal format representing the MAC address. The hyphen
(-) is used as the separator. For example: 00d0.f833.22ac.
unformatted No format and separator, which is used by default, for
example: 00d0f83322ac
Defaults The default format is unformatted.
Command
Mode
Global configuration mode
Usage Guide Some RADIUS security servers (mainly used in 802.1x authentication) may identify only the IETF
format. In this case, the RADIUS Calling-Station-ID attribute must be set to the IETF format type.
Configuration
Examples
The following example defines the RADIUS Calling-Station-ID attribute as the IETF format.
Ruijie(config)# radius-server attribute 31 mac format ietf
Command Description Related
Commands N/A N/A
Platform
Description N/A
radius-server dead-ctriteria
Use this command to configure criteria on a device to determine that the RADIUS security server
is unreachable in global configuration mode.
Use the no form of this command to restore to the default value.
radius-server dead-criteria {time seconds [tries number] | tries number}
no radius-server dead-criteria {time seconds [tries number] | tries number}
Parameter Description
time seconds Configures the timeout period. If a device does not receive a correct
response packet from the RADIUS security server within the
specified time, the RADIUS security server is considered to be
unreachable. The value ranges from 1s to 120s.
Parameter
Description
tries number Configures the successive timeout times. When sending a request
from a device to the same RADIUS security server times out for the
specified times successively, the device considers the RADIUS
security server to be unreachable. The value ranges from 1 to 100.
Defaults time seconds: 60s
tries number: 10
Command Reference RADIUS Commands
Command
Mode
Global configuration mode
Usage Guide If a RADIUS security server meets the timeout period and successive timeout times at the same
time, the device considers the RADIUS security server to be unreachable. You can use this
command to adjust the parameters of the timeout period and successive timeout times.
Configuration
Examples
The following example sets the timeout period to 120s and the successive timeout times to 20.
Ruijie(config)# radius-server dead-criteria time 120 tries 20
Command Description
radius-server host Defines the host of the RADIUS security server.
radius-server deadtime Defines the duration when a device stops sending any
requests to an unreachable RADIUS security server.
Related
commands
radius-server timeout Defines the timeout period of RADIUS packet
retransmission.
Platform
Description
N/A
radius-server deadtime
Use this command to configure the duration when a device stops sending any requests to an
unreachable RADIUS security server in global configuration mode.
Use the no form of this command to return to the default value.
radius-server deadtime minnutes
no radius-server deadtime
Parameter Description Parameter
Description minutes Defines the duration (in minutes) when a device stops sending any
requests to the unreachable RADIUS security server. The value
ranges from 1 minute to 1440 minute (24 hours).
Defaults The default value of the minutes parameter is 0 minutes. That is, a device keeps sending requests
to the unreachable RADIUS security server.
Command
Mode
Global configuration mode
Usage Guide If active RADIUS server detection is enabled on a device, the minutes parameter of this command
does not take effect on the RADIUS server. Otherwise, the RADIUS server becomes reachable
when the duration set by this command is shorter than the unreachable time.
Command Reference RADIUS Commands
Configuration
Examples
The following example sets the duration when a device stops sending requests to a RADIUS
server to 1 minute.
Ruijie(config)# radius-server deadtime 1
Command Description Related
Commands radius-server dead-criteria Defines the criteria of determining that a RADIUS
server is unreachable.
radius-server host Defines host information of the RADIUS security server.
Platform
Description
N/A
radius-server host
Use this command to specify a RADIUS security server host in global configuration mode.
Use the no form of this command to delete the RADIUS security server host.
radius-server host { ipv4-address | ipv6-address} [auth-port port-number] [acct-port
port-number] [test username name [idle-time time] [ignore-auth-port] [ignore-acct-port]]
no radius-server host { ipv4-address | ipv6-address}
Parameter Description
ipv4-address IPv4 address of the RADIUS security server host
ipv6-address IPv6 address of the RADIUS security server host
auth-port UDP port for RADIUS authentication
port-number Number of the UDP port used for RADIUS authentication. If it is set to 0,
the host does not perform authentication.
acct-port UDP port for RADIUS accounting
port-number Number of the UDP port for RADIUS accounting. If it is set to 0, the host
does not perform accounting.
test username
name
(Optional) Enables active detection of the RADIUS security server and
specifies the user name used by active detection.
idle-time time (Optional) Sets the interval of sending test packets to the reachable
RADIUS security server, which is 60 minutes by default and in minute the
range from 1 to 1440 minutes (namely 24 hours).
ignore-auth-port (Optional) Disables detection of the authentication port on the RADIUS
security server. It is enabled by default.
Parameter
Description
ignore-acct-port (Optional) Disables detection of the accounting port on the RADIUS
security server. It is enabled by default.
Defaults No RADIUS host is specified by default.
Command
Mode
Global configuration mode
Command Reference RADIUS Commands
Usage Guide In order to implement the AAA security service using RADIUS, you must define a RADIUS
security server. You can define one or more RADIUS security servers by using this command.
Configuration
Examples
The following example defines an IPv4 RADIUS security server host.
Ruijie(config)# radius-server host 192.168.12.1
The following example defines an IPv4 RADIUS security server host, enables active detection
with the detection interval 60 minutes, and disables accounting UDP port detection.
Ruijie(config)# radius-server host 192.168.100.1 test username viven
idle-time 60 ignore-acct-port
The following example defines an IPv6 RADIUS security server host.
Ruijie(config)# radius-server host 3000::100
Command Description
aaa authentication Defines the AAA identity authentication method list.
radius-server key Defines a shared password for the RADIUS security
server.
radius-server retransmit Define the RADIUS packet retransmission times.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet
retransmission.
radius-server dead-criteria Defines the criteria of determining that a RADIUS
server is unreachable.
radius-server deadtime Defines the duration when a device stops sending any
requests to an unreachable RADIUS security server.
Platform
Description
N/A
radius-server key
Use this command to define a shared password for the network access server (a router) to
communicate with the RADIUS security server.
Use the no form of this command to remove the shared password.
radius-server key [0 | 7] text-string
no radius-server key
Parameter Description
text-string Text of the shared password
Parameter
Description
0 | 7 Password encryption type
0: no encryption
7: simple encryption
Command Reference RADIUS Commands
Defaults No shared password is specified by default.
Command
Mode
Global configuration mode
Usage Guide A shared password is the basis for communication between a device and the RADIUS security
server. In order to allow the device to communicate with the RADIUS security server, define the
same shared password on the device and the RADIUS security server.
Configuration
Examples
The following example defines the shared password aaa for the RADIUS security server.
Ruijie(config)# radius-server key aaa
Command Description
radius-server host Defines the RADIUS security server host.
radius-server retransmit Defines the RADIUS packet retransmission times.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
radius-server retransmit
Use this command to configure the packet retransmission times before a device determines that
the RADIUS security server fails to respond.
Use the no form of this command to restore to the default setting.
radius-server retransmit retries
no radius-server retransmit
Parameter Description Parameter
Description retries Retransmission times
Defaults The default retransmission times are 3.
Command
Mode
Global configuration mode
Usage Guide AAA uses the next method to authenticate users only when the current security server for
authentication does not respond. When a device retransmits the RADIUS packet for the specified
times and the interval between every two retries times out, the device considers that the security
sever fails to respond.
Configuration
Examples
The following example sets the retransmission times to 4.
Ruijie(config)# radius-server retransmit 4
Command Reference RADIUS Commands
Command Description
radius-server host Defines the RADIUS security server host.
radius-server key Define a shared password for the RADIUS server.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
radius-server timeout
Use this command to set the time for a device to wait for a response from the security server
before retransmitting the RADIUS packet.
Use the no form of this command to restore to the default setting.
radius-server timeout seconds
no radius-server timeout
Parameter Description Parameter
Description seconds Timeout period in the range from 1 second to1000 seconds
Defaults The default timeout period is five seconds.
Command
Mode
Global configuration mode
Usage Guide Use this command to change the timeout period of packet retransmission.
Configuration
Examples
The following example sets the timeout period to 10 seconds.
Ruijie(config)# radius-server timeout 10
Command Description
radius-server host Defines the RADIUS security server host.
radius-server retransmit Defines the RADIUS packet retransmission times.
Related
Commands
radius-server key Defines a shared password for the RADIUS server.
Platform
Description
N/A
radius set qos cos
Use this command to set the qos value sent by the RADIUS server as the cos value of an
interface.
Command Reference RADIUS Commands
radius set qos cos
no radius set qos cos
Parameter Description Parameter
Description N/A N/A
Defaults The qos value sent by the RADIUS server is set to the dscp value by default.
Command
Mode
Global configuration mode
Usage Guide Use this command to set the qos value sent by the RADIUS server to the cos value. The qos
value sent by the RADIUS server is set to the dscp value by default.
Configuration
Examples
The following example sets the qos value sent by the RADIUS server to the cos value of an
interface.
Ruijie(config)# radius set qos cos
Command Description Related
Commands radius vendor-specific extend RADIUS is extended not to differentiate the IDs of
private vendors.
Platform
Description
N/A
radius vendor-specific extend
Use this command to extend RADIUS not to differentiate the IDs of private vendors.radius
vendor-specific extend
no radius vendor-specific extend
Parameter Description Parameter
Description N/A N/A
Defaults Only the private vendor IDs of Ruijie are recognized by default.
Command
Mode
Global configuration mode
Usage Guide Use this command to identify the attributes of all vendor IDs by type.
Configuration The following example extends RADIUS not to differentiate the IDs of private vendors.
Command Reference RADIUS Commands
Examples Ruijie(config)# radius vendor-specific extend
Command Description
radius attribute Configures the private vendor type.
Related
Commands
radius set qos cos Configures whether the qos value sent by the
RADIUS server to the cos value of an interface.
Platform
Description
N/A
debug radius
Use this command to turn on the RADIUS debugging switch.
Use the no form of this command to turn off the RADIUS debugging switch.
debug radius {event | detail}
no debug radius {event | detail}
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC configuration mode
Usage
Guide
N/A
Configurati
on
Examples
N/A
Command Description Related
Commands N/A N/A
Platform
Description
N/A
show radius parameter
Use this command to query the global parameters of the RADIUS server.
show radius parameter
Command Reference RADIUS Commands
Parameter Description Parameter
Description N/A N/A
Defaults N/A.
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the global parameters of the RADIUS server.
Configuration
Examples
Ruijie# show radius parameter
Server Timout: 5 Seconds
Server Deadtime: 0 Minutes
Server Retries: 3
Server Dead Critera:
Time: 10 Seconds
Tries: 10
Command Description
radius-server host Defines the RADIUS security server host.
radius-server retransmit Defines the RADIUS packet retransmission times.
radius-server key Defines a shared password for the RADIUS server.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet retransmission
radius-server dead-criteria Defines the criteria of determining that a RADIUS server is
unreachable.
radius-server deadtime Defines the duration when a device stops sending any requests
to an unreachable RADIUS security server.
Platform
Description
N/A
show radius server
Use this command to query the configuration of the RADIUS server.
show radius server
Parameter Description Parameter
Description N/A N/A
Defaults N/A.
Command Reference RADIUS Commands
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the configuration of the RADIUS server.
Configuration
Examples
Ruijie# show radius server
Server IP: 192.168.4.12
Accounting Port: 23
Authen Port: 77
Test Username: viven
Test Idle Time: 10 Minutes
Test Ports: Authen
Server State: Active
Current duration 765s, previous duration 0s
Dead: total time 0s, count 0
Statistics:
Authen: request 15, timeouts 1
Author: request 0, timeouts 0
Account: request 0, timeouts 0
Server IP: 192.168.4.13
Accounting Port: 45
Authen Port: 74
Test Username: <Not Configured>
Test Idle Time: 60 Minutes
Test Ports: Authen and Accounting
Server State: Active
Current duration 765s, previous duration 0s
Dead: total time 0s, count 0
Statistics:
Authen: request 0, timeouts 0
Author: request 0, timeouts 0
Account: request 20, timeouts 0
Command Description
radius-server host Defines the RADIUS security server host.
radius-server retransmit Defines the RADIUS packet retransmission times.
radius-server key Defines a shared password for the RADIUS server.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
Command Reference RADIUS Commands
show radius vendor-specific
Use this command to query the configuration of the private attribute types of RADIUS.
show radius vendor-specific
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the configuration of the private attribute types of RADIUS.
Configuration
Examples
Ruijie# show radius vendor-specific
Ruijie#show radius vendor-specific
id vendor-specific type-value
----- -------------------- ----------
1 max-down-rate 1
2 port-priority 2
3 user-ip 3
4 vlan-id 4
5 last-supplicant-vers 5
ion
6 net-ip 6
7 user-name 7
8 password 8
9 file-directory 9
10 file-count 10
11 file-name-0 11
12 file-name-1 12
13 file-name-2 13
14 file-name-3 14
15 file-name-4 15
16 max-up-rate 16
17 current-supplicant-v 17
ersion
18 flux-max-high32 18
19 flux-max-low32 19
20 proxy-avoid 20
21 dialup-avoid 21
22 ip-privilege 22
Command Reference RADIUS Commands
23 login-privilege 42
26 ipv6-multicast-addre 79
ss
27 ipv4-multicast-addre 87
ss
Command Description
radius-server host Defines the RADIUS security server host.
radius-server retransmit Defines the RADIUS packet retransmission times.
radius-server key Defines a shared password for the RADIUS server.
Related
Commands
radius-server timeout Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
Command Reference TACACS+ Commands
TACACS+ Commands
aaa group server tacacs+
Use this command to configure TACACS+ group server, dividing different TACACS+ servers to
different groups.
aaa group server tacacs+ group-name
no aaa group server tacacs+ group-name
Parameter
Description Parameter Description
group-name The TACACS+ server group name.
Defaults No TACACS+ server group is configured.
Command
Mode
Global configuration mode.
Usage Guide By dividing TACACS+ servers into several groups, the tasks of anthentication, authorization and
accounting can be implemented by different server groups.
Configuration
Examples
The following example configures a TACACS+ server group named tac1 and a TACACS+ server
address 1.1.1.1 in this group:
Ruijie(config)#aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)# server 1.1.1.1
Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1
Related
Commands Command Description
server
Configures the server list of a TACACS+ server
group.
ip vrf forwarding
Configures a VRF name supported by
TACACS+ server group.
Platform
Description
N/A
debug tacacs+
Use this command to turn on the TACACS+ debugging switch. The no form of this command turns off
the TACACS+ debugging switch.
Command Reference TACACS+ Commands
debug tacacs+
no debug tacacs+
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
N/A
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ip tacacs source-interface
Use this command to configure the source IP address of TACACS+ packet.
ip tacacs source-interface interface
no ip tacacs source-interface
Parameter
Description Parameter Description
interface Source IP address interface of the TACACS+ packets
Defaults Source IP address of TACACS+ packets is set on the network layer.
Command
Mode
Global configuration mode.
Usage Guide To decrease the work of maintaining massive NAS messages in the TACACS+ server, use this
command to set the source IP address of TACACS+ packets. This command specifies the first ip
address of the specified interface as the source IP address of TACACS+ packets and is used on L3
devices.
Command Reference TACACS+ Commands
Configuration
Examples
The following example specifies TACACS+ packet to obtain ip address from fastEthernet 0/0 as the
source IP address of TACACS+ packets:
Ruijie(config)# ip tacacs source-interface fastEthernet 0/0
Related
Commands Command Description
tacacs-server host Defines a TACACS+ server.
ip address Configures the ip address of the interface.
Platform
Description
This command is not supported on AP110-W.
ip vrf forwarding(TACACS+)
Use this command to configure vrf name used by the TACACS+ group server (this command is
supported by the device supporting VRF).
ip vrf forwarding vrf-name
no ip vrf forwarding
Parameter
Description Parameter Description
vrf-name VRF name.
Defaults N/A
Command
Mode
TACACS+ group server configuration mode.
Usage Guide Specify vrf name to the specified TACACS+ server.
Configuration
Examples
The following example specifies VRF name as vpn1 to TACACS+ server group:
Ruijie(config)# aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)# server 1.1.1.1
Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1
Related
Commands Command Description
aaa group server tacacs+ Configures a TACACS+ server group.
server
Configures the server list of aTACACS+ server
group.
Platform
Description
N/A
Command Reference TACACS+ Commands
server(TACACS+)
Use this command to configure server address in TACACS+ group server.
server { ip-address | ipv6-address }
no server { ip-address | ipv6-address }
Parameter
Description Parameter Description
ip-address The IP address of the server in the TACACS+ server group
ipv6-address The IPv6 address of the server in the TACACS+ server group
Defaults N/A
Command
Mode
TACACS+ group server configuration mode.
Usage Guide You must enter the TACACS+ server group configuration mode to configure this command.
To configure server addresses in a TACACS+ group server, you must execute the tacacs-server
host command in global configuration mode.
For the IP address of the servers in TACACS+ group servers, when one server does not reply, it will
send the request to the next server.
Configuration
Examples
The following example configures a TACACS+ server group named tac1 and a TACACS+ server
address 1.1.1.1 in this group:
Ruijie(config)#aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)#server 1.1.1.1
Related
Commands Command Description
aaa group server tacacs+ Configures a TACACS+ server group.
ip vrf forwarding
Configures a VRF name supported by
TACACS+ server group.
Platform
Description
N/A
show tacacs
Use this command to show the interoperation of each TACACS+ server.
show tacacs+
Parameter
Description Parameter Description
Command Reference TACACS+ Commands
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to show the interoperation of each TACACS+ server.
Configuration
Examples
Ruijie# show tacacs
Tacacs+ Server : 172.19.192.80/49
Socket Opens: 0
Socket Closes: 0
Total Packets Sent: 0
Total Packets Recv: 0
Reference Count: 0
Related
Commands Command Description
tacacs-server host Defines a TACACS+ secure server host.
Platform
Description
N/A
tacacs-server host
Use this command to configure IP address of aTACACS+ server host
tacacs-server host { ip-address | ipv6-address } [ port integer ] [ timout integer ] [ key string ]
no tacacs-server host { ip-address | ipv6-address }
Parameter
Description Parameter Description
ip-address The IP address of a TACACS+ server host.
ipv6-address The IPv6 address of a TACACS+ server host.
port integer The TCP port used in TACACS+ communication.
timeout integer The Timeout time of TACACS+ host.
key string The shared keyword of the TACACS+ client and server.
Defaults No specified TACACS+ host
Command
Mode
Global configuration mode.
Command Reference TACACS+ Commands
Usage Guide To use TACACS+ to implement AAA security service, you must define the TACACS+ secure server.
You can define one or multiple TACACS+ secure servers by using the tacacs-server host
command.
Configuration
Examples
The following example defines a TACACS+ secure server host:
Ruijie(config)# tacacs-server host 192.168.12.1
Ruijie(config)# tacacs-server host 2001::1
Related
Commands Command Description
aaa authentication
Defines a AAA identity authentication method
list.
tacacs-server key
Defines the shared password of TACACS+
secure server globally.
tacacs-server timeout
Defines a timeout timer of reply packet of
TACACS+ server globally.
Platform
Description
This command is not supported on AP110-W.
tacacs-server key
Use this command to configure global password of TACACS+
tacacs-server key [ 0 | 7 ] string
no tacacs-server key
Parameter
Description Parameter Description
string Text of shared password.
0 | 7 Encryption type of password, 0 indicates no encryption ; 7 indicates
being simply encrypted.
Defaults No specified shared password.
Command
Mode
Global configuration mode.
Usage Guide The device and TACACS+ secure server communicates with each other successfully on the basis of
the shared password. Therefore, to make the device and TACACS+ secure server communicate with
each other, the same shared password must be defined on both of the device and the server. When
we need to specify different passwords for every server, use key option in tacacs-server host
command. We can set a key to all the servers that have not set key option in global configuration
mode.
Command Reference TACACS+ Commands
Configuration
Examples
The following example defines the shared password of TACACS+ secure server as
aaa: Ruijie(config)# tacacs-server key aaa
Related
Commands Command Description
tacacs-server host Defines a TACACS+ secure server host.
tacacs-server timeout Defines the timeout timer of TACACS+ packet.
Platform
Description
This command is not supported on AP110-W.
tacacs-server timeout
Use this command to configure the global timeout time waiting for the server when the device is
communicating with TACACS+ server.
tacacs-server timeout seconds
no tacacs-server timeout
Parameter
Description Parameter Description
seconds Timeout time (s) in the range 1 to 1000s.
Defaults 5 seconds
Command
Mode
Global configuration mode.
Usage Guide Use this command to adjust the timeout time of reply packets. When we specify different timeout
times for every server, use timeout option in tacacs-server host command. We can set a timeout to
all the servers that have not set timeout option in global configuration mode.
Configuration
Examples
The following example shows how to define the timeout time as 10 seconds:
Ruijie(config)# tacacs-server timeout 10
Related
Commands Command Description
tacacs-server host Defines a TACACS+ secure server host.
tacacs-server key Defines the shared password of TACACS+.
Platform
Description
This command is not supported on AP110-W.
Command Reference SSH Commands
SSH Commands
crypto key generate
Use this command to generate a public key on the SSH server in global configuration mode.
crypto key generate {rsa | dsa}
Parameter Description Parameter
Description rsa Generates an RSA key.
dsa Generates a DSA key.
Defaults The SSH server does not generate a public key by default.
Command
Mode
Global configuration mode
Usage Guide When you need to enable the SSH server service, use this command to generate a public key on the
SSH server and enable the SSH server service by running the enable service ssh-server command
at the same time. SSH 1 uses the RSA key; SSH 2 uses the RSA or DSA key. Therefore, if an RSA
key has been generated, both SSH1 and SSH2 can use it. If only a DSA key is generated, only SSH2
can use it.
A key can be deleted by using the crypto key zeroize command. The no crypto key
generate command is not available.
Configuration
Examples
Ruijie# configure terminal
Ruijie(config)# crypto key generate rsa
Command Description Related
Commands show ip ssh Displays the current status of the SSH server.
crypto key zeroize {rsa | dsa}
Deletes the DSA and RSA keys and disables the SSH server
function.
Platform
Description
N/A
crypto key zeroize
Use this command to delete the public key on the SSH server in global configuration mode.
crypto key zeroize {rsa | dsa}
Command Reference SSH Commands
Parameter Description Parameter
Description rsa Deletes the RSA key.
dsa Deletes the DSA key.
Defaults N/A.
Command
Mode
Global configuration mode
Usage Guide Use this command to delete the public key on the SSH server. After the key is deleted, the SSH
server state becomes DISABLE. If you want to disable the SSH server, run the no enable service
ssh-server command.
Configuration
Examples
Ruijie# configure terminal
Ruijie(config)# crypto key zeroize rsa
Command Description Related
Commands show ip ssh Displays the current status of the SSH server.
crypto key generate { rsa|dsa } Generates the DSA and RSA keys.
Platform
Description
N/A
ip ssh authentication-retries
Use this command to set the user authentication retry times of the SSH server.
Use the no form of this command to restore to the default setting.
ip ssh authentication-retries retry times
no ip ssh authentication-retries
Parameter Description Parameter
Description retry times User authentication retry times, in the range from 0 to 5
Defaults The default authentication retry times are 3. You can use the no ip ssh authentication-retries
command to restore to the default value.
Command
Mode
Global configuration mode
Usage Guide User authentication is considered failed if authentication is not successful when the configured
authentication retry times on the SSH server are exceeded. Use the show ip ssh command to view
the configuration of the SSH server.
Configuration The following example sets the user authentication retry times to 2.
Command Reference SSH Commands
Examples Ruijie# configure terminal
Ruijie(config)# ip ssh authentication-retries 2
Command Description Related
Commands show ip ssh Displays the current status of the SSH server.
Platform
Description
N/A
ip ssh time-out
Use this command to set the user authentication timeout period on the SSH server.
Use the no form of this command to restore to the default setting.
ip ssh time-out time
no ip ssh time-out
Parameter Description Parameter
Description time User authentication timeout period
Defaults The default user authentication timeout period is 120 seconds. You can use the no ip ssh time-out
command to restore to the default value.
Command
Mode
Global configuration mode
Usage Guide The authentication is considered timeout and failed if the authentication is not successful within 120
seconds starting from reception of a connection request. Use the show ip ssh command to view the
configuration of the SSH server.
Configuration
Examples
The following example sets the timeout period to 100 seconds.
Ruijie# configure terminal
Ruijie(config)# ip ssh time-out 100
Command Description Related
Commands show ip ssh Displays the current status of the SSH server.
Platform
Description
N/A
ip ssh version
Use this command to set the version of the SSH server.
Use the no form of this command to restore to the default setting.
Command Reference SSH Commands
ip ssh version {1 | 2}
no ip ssh version
Parameter Description
1 Supports the SSH1 client connection request.
Parameter
Description
2 Supports the SSH2 client connection request.
Defaults SSH1 and SSH2 are compatible by default. When a version is set, only the connection sent by the
SSH client of this version is accepted. You can use the no ip ssh version command to restore to the
default setting.
Command
Mode
Global configuration mode
Usage Guide Use this command to configure the SSH connection protocol version supported by the SSH server.
By default, the SSH server supports SSH1 and SSH2, and the clients of these versions can connect
to the SSH server. If Version 1 or 2 is set, only the SSH client of this version can connect to the SSH
server. Use the show ip ssh command to display the current status of SSH server.
Configuration
Examples
The following example sets the version of the SSH server to Version 2.
Ruijie# configure terminal
Ruijie(config)# ip ssh version 2
Command Description Related
Commands show ip ssh Displays the current status of the SSH server.
Platform
Description
N/A
disconnect ssh
Use this command to disconnect the established SSH connection.
disconnect ssh [vty] session-id
Parameter Description Parameter
Description session-id ID of the established SSH connection session
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide You can disconnect an SSH connection by entering the ID of the SSH connection or the specified
VTY connection ID. Only connections of the SSH type can be disconnected.
Command Reference SSH Commands
Configuration
Examples
Ruijie# disconnect ssh 1 Or
Ruijie# disconnect ssh vty 1
Command Description Related
Commands show ssh Displays information about the established SSH connection.
clear line vty line_number Disconnects the current VTY connection.
Platform
Description
N/A
show crypto key mypubkey
Use this command to query the public key part of the public key on the SSH server.
show crypto key mypubkey {rsa/dsa}
Parameter Description
rsa Displays the public key part of the RSA key.
Parameter
Description
dsa Displays the public key part of the DSA key.
Defaults N/A.
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the public key part of the generated public key on the SSH server,
including the key generation time, key name, and contents of the public key part.
Configuration
Examples
Ruijie# show crypto key mypubkey rsa
Command Description Related
Commands crypto key generate {rsa | dsa} Generates the DSA and RSA keys.
Platform
Description
N/A
show ip ssh
Use this command to query the effective configuration of the SSH server.
show ip ssh
Parameter Parameter Description
Command Reference SSH Commands
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the effective configuration of the SSH server, including the version,
whether the SSH server is enabled, authentication timeout period, and authentication retry times.
Note: If no key is generated for the SSH server, the SSH version is still unavailable even if this SSH
version has been configured.
Configuration
Examples
Ruijie# show ip ssh
Command Description Related
Commands ip ssh version {1 | 2} Configures the version of the SSH server.
ip ssh time-out time
Sets the user authentication timeout period on the SSH
server.
ip ssh authentication-retries Sets the user authentication retry times on the SSH server.
Platform
Description
N/A
show ssh
Use this command to query each SSH connection.
show ssh
Parameter Description Parameter
Description N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode
Usage Guide Use this command to query the established SSH connections, including the VTY number of
connection, SSH version, encryption algorithm, message authentication algorithm, connection status,
and user name.
Configuration
Examples
Ruijie# show ssh
Command Reference SSH Commands
Command Description Related
Commands N/A N/A
Platform
Description
N/A
Command Reference FTP Client Commands
FTP Client Commands
copy ftp
This section introduces how to use the copy ftp command to transfer files at the CLI in the main
program. To use the FTP client to download files to the device, execute the copy ftp:url flash:url
command in the privileged mode. Use the copy flash:url ftp:url command to upload files of the local
client to the server.
copy ftp://username:password@dest-address [/remote-directory]/remote-file
flash:[local-directory/]local-file [vrf vrfname]
copy flash:[local-directory/]local-file ftp://username:password@dest-address [/remote-directory]/
remote-file [vrf vrfname]
Parameter
Description Parameter Description
username
Username for logging in to the FTP server, with a length no more than
40 bytes. The username does not contain dot (.), at sign (@), slash (/),
and space. This parameter is mandatory.
password
Password for logging in to the FTP server, with a length no more than
32 bytes. The password does not contain dot (.), at sign (@), slash (/),
and space. This parameter is mandatory.
dest-address IP address of the FTP server
remote-directory
Name of the optional directory on the FTP server for uploading files,
with a length no more than 255 bytes. The directory name does not
contain space and Chinese characters. If this parameter is empty, the
current directory of the FTP server is used.
remote-file
Name of the file on the remote server, with a length no more than 255
bytes. The name does not contain space and Chinese characters.
local-directory
Optional directory of the folder on the local device. Create the folder on
the local device before specifying the directory of the folder because
this command cannot automatically create a folder. If this parameter is
empty, the current directory is used, with a length no more than 255
bytes, and does not contain space and Chinese characters.
local-file
Name of the file on the local server, with a length no more than 255
bytes. The name does not contain space and Chinese characters.
vrfname Name of the specified VRF
Defaults N/A
Command
Modes Privileged EXEC mode
Command Reference FTP Client Commands
Usage
Guidelines
Use the copy ftp:url flash:url command to download files.
Use the copy flash:url ftp: url command to upload files.
Examples The username is user; password is pass, IP address is 192.168.23.69. Download the file named
remote-file under the root directory of the FTP server to the home directory of the device, and save it
as local-file.
Ruijie# copy ftp://user:pass@192.168.23.69/root/remote-file flash:home/local-file
Upload the file local-file under the home directory of the device to the root directory of the FTP server,
and save it as remote-file.
Ruijie# copy flash:home/local-file ftp://user:pass@192.168.23.69/root/remote-file
Related
Commands Command Description
N/A N/A
Platform
Description
-
default ftp-client
Use the default ftp-client command to restore the default setting of the FTP client in the global
configuration mode, namely, passive (PASV) mode for data connection, binary mode for file transfer,
and client source IP address not bound.
default ftp-client [vrf vrfname]
Parameter
Description Parameter Description
vrfname Restores the default setting for the specified VRF.
Defaults The data connection mode is passive (PASV), file transfer mode is binary, and no local source IP
address is specified.
Command
Modes Global configuration mode
Usage
Guidelines
Use this command to restore the default setting of the FTP client.
Examples Restore the default setting of the FTP client.
Ruijie (config)# default ftp-client
Related Command Description
Command Reference FTP Client Commands
Commands
default ftp-client Restors ftp client default configuration.
Platform
Description
N/A
ftp-client ascii
Use the ftp-client ascii command to set the FTP transfer mode to text (ASCII). Use the no form of this
command to restore the default setting.
ftp-client [vrf vrfname] ascii
no ftp-client [vrf vrfname] ascii
Parameter
Description Parameter Description
vrfname Sets the file transfer mode for the specified VRF.
Defaults The default FTP transfer mode is binary.
Command
Modes Global configuration mode
Usage
Guidelines
This command sets the file transfer mode to the text (ASCII) mode.
Examples Set the file transfer mode to ASCII.
Ruijie (config)# ftp-client ascii
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ftp-client port
Use the ftp-client port command to set the FTP data connection mode to active (PORT). Use the no
form of this command to restore the passive mode, in which the client initiates a connection to the
server for data transmission.
ftp-client [vrf vrfname] port
Command Reference FTP Client Commands
no ftp-client [vrf vrfname] port
Parameter
Description Parameter Description
vrfname Sets the data connection mode for the specified VRF.
Defaults The default FTP connection mode is passive (PASV).
Command
Modes Global configuration mode
Usage
Guidelines
You can use this command to set the active mode for data connection, in which the server initiates a
connection to the client.
Examples Set the active mode for FTP connection.
Ruijie (config)# ftp-client port
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
ftp-client source-address
Use the ftp-client source-address command to configure the source address of the FTP client for
transmitted FTP packets.
Use the no form of this command to remove the binding.
ftp-client [vrf vrfname] source-address {ip-address | ipv6-address}
no ftp-client [vrf vrfname] source-address
Parameter
Description Parameter Description
ip-address IP address of the FTP client
ipv6-address IPv6 address of the FTP client
vrfname Binds the source IP address with the specified VRF.
Defaults By default, no source IP address is specified for the client. The device uses the IP address of the
interface determined by the matched route as the source IP address to communicate with an FTP
server.
Command Global configuration mode
Command Reference FTP Client Commands
Modes
Usage
Guidelines
This command configures a source IP address for a client to connect to the server.
Examples Set the active mode for FTP connection.
Ruijie (config)# ftp-client source-address 192.168.23.236
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference CPU Protection Commands
CPU Protection Commands
cpu-protect type packet-type pps pps_value
Use this command to set the bandwidth for receiving packets of a specified type for the CPU port.
cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …} pps pps_value
Parameter Description Parameter
Description pps_value Number of packets per second
Defaults The CPU's default bandwidth for receiving packets of each type is 1000 pps.
Command
Mode Global configuration mode
Usage Guide N/A
Configuration
Examples
The following example sets the CPU's bandwidth for receiving BPDU packets.
Ruijie(config)# cpu-pr type bpdu pps 100
Set packet type bpdu pps 100 .
Command Description Related
Commands cpu-protect type packet-type pri pri_num Sets the priority of the packets of a
specified type received by the CPU port.
Platform
Description N/A
cpu-protect type packet-type pri pri_num
Use this command to set the priority of the packets of a specified type received by the CPU port.
cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …} pri pri_num
Parameter Description Parameter
Description pri_num ID, value range: 0 to 7
Defaults The default value of the queue corresponding to the packets of each type is 0.
Command Reference CPU Protection Commands
Command
Mode Global configuration mode
Usage Guide N/A
Configuration
Examples
The following example maps BPDU packets to queue 7.
Ruijie(config)# cpu-protect type bpdu pri 7
Set packet type bpdu pri 7.
Command Description Related
Commands cpu-protect type packet-type pps pps_value Sets the bandwidth for transmitting
packets of a specified type.
Platform
Description N/A
show cpu-protect type
Use this command to display statistics about the packets of a specified type.
show cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …} dvmrp
Parameter Description Parameter
Description slot_num Value range: 1 to 16
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide Use this command to display statistics about the packets of a specified type.
Configuration
Examples
The following example uses the show cpu-protect type bpdu command to display statistics of
receiving BPDU packets.
Ruijie(config)# show cpu-protect type arp
Slot Type Pps Total Drop
--------- ------------ --------- --------- ---------
MainBoard bpdu 100 30 0
Slot-2 bpdu 100 30 0
Command Description Related
Command show cpu-protect type packet-type Displays statistics of packets of a specified
type protected by the CPU.
Command Reference CPU Protection Commands
Platform
Description
N/A
In the configuration command of the CPP, the ellipsis (…) refers to the CPP types not
listed.
Command Reference Threshold Commands
Threshold Commands
threshold set
Use this command to set the threshold value for the device. Use the no form of this command to
restore the default value.
threshold set {cpu | memory | temperature} warning_value [critical_value]
no threshold set {cpu | memory | temperature}
Parameter
Description Parameter Description
cpu | memory |
temperature
Specifies the threshold type.
cpu indicates the CPU utilization threshold.
memory indicates the memory utilization threshold.
temperature indicates the temperature threshold.
warning_value Configures the warning threshold.
The range of CPU and memory utilization threshold is from 1 to 100.
The range of temperature threshold is 0 to 200.
critical_value Configures the critical threshold, which must be greater than the
warning threshold.
The range of CPU and memory utilization threshold is from 1 to 100.
The range of temperature threshold is 0 to 200.
Defaults CPU threshold: warning threshold: 90; critical threshold: 100.
Memory threshold: warning threshold: 90; critical threshold: 100.
Temperature threshold: warning threshold: 90; critical threshold: 100.
Command
mode
Global configuration mode
Usage Guide You can use this command to configure the thresholds of CPU utilization, memory utilization and
temperature. These thresholds can be read through MIB to learn the CPU and memory usage. There
is no related syslog for the threshold.
Configuration
Examples
The following example sets the memory utilization threshold.
Ruijie(config)# threshold set memory 70 90
The following example sets the CPU utilization threshold.
Ruijie(config)# threshold set cpu 70 90
The following example sets the temperature threshold.
Ruijie(config)# threshold set temperature 60 80
Command Reference Threshold Commands
Related
Commands Command Description
show threshold Displays the system threshold values.
Platform
Description
N/A
show threshold
Use this command to display the system threshold values.
show threshold {cpu | memory | temperature}
Parameter
Description Parameter Description
cpu | memory |
temperature
Specifies the threshold type.
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide N/A
Configuration
Examples
The following example displays the CPU utilization threshold.
Ruijie# show threshold cpu
The following example displays the memory utilization threshold.
Ruijie# show threshold memory
Related
Commands Command Description
threshold set Sets the threshold value.
Platform
Description
N/A
Command Reference NFPP Commands
NFPP Commands
arp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
arp-guard attack-threshold { per-src-ip | per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-ip Set the attack threshold for each source IP address.
per-src-mac Set the attack threshold for each source MAC address.
per-port Set the attack threshold for each port.
pps Set the attack threshold, in pps. The valid range is 1 to 9999.
Defaults By default, the attack threshold for each source IP address and source MAC address is 8pps; and the
attack threshold for each port is 200pps.
Command
Mode
NFPP configuration mode.
Usage Guide The attack threshold shall be equal to or greater than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard attack-threshold per-src-ip 2
Ruijie(config-nfpp)# arp-guard attack-threshold per-src-mac 3
Ruijie(config-nfpp)# arp-guard attack-threshold per-port 50
Related
Commands Command Description
nfpp arp-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp arp-guard summary Show the configurations.
show nfpp arp-guard hosts Show the monitored host.
clear nfpp arp-guard hosts Clear the isolated host.
Platform
Description
N/A
Command Reference NFPP Commands
arp-guard enable
Use this command to enable the anti-ARP guard function globally.
arp-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard enable
Related
Commands Command Description
nfpp arp-guard enable Enable the anti-ARP attack on the interface.
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
arp-guard isolate-period
Use this command to set the arp-guard isolate time globally.
arp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent Permanent isolation.
Defaults The default isolate time is 0, which means no isolation.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Command Reference NFPP Commands
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard isolate-period 180
Related
Commands Command Description
nfpp arp-guard isolate-period Set the isolate time on the interface.
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
arp-guard monitored-host-limit
Use this command to set the maximum monitored host number.
arp-guard monitored-host-limit number
Parameter
Description Parameter Description
number The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults 1000
Command
Mode
NFPP configuration mode
Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard monitored-host-limit 200
Related
Commands Command Description
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
Command Reference NFPP Commands
arp-guard monitor-period
Use this command to configure the arp guard monitor time.
arp guard monitor-period seconds
Parameter
Description Parameter Description
seconds Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults 600s
Command
Mode
NFPP configuration mode.
Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard monitor-period 180
Related
Commands Command Description
show nfpp arp-guard summary Show the configurations.
show nfpp arp-guard hosts Show the monitored host list.
clear nfpp arp-guard hosts Clear the isolated host.
Platform
Description
N/A
arp-guard rate-limit
Use this command to set the arp guard rate limit.
arp-guard rate-limit { per-src-ip | per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-ip Set the rate limit for each source IP address.
per-src-mac Set the rate limit for each source MAC address.
per-port Set the rate limit for each port.
Command Reference NFPP Commands
pps Set the rate limit, in the range of 1 to 9999
Defaults The default rate limit for each source IP address and MAC address is 4pps; the default rate limit for
each port is 100pps.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# arp-guard rate-limit per-src-ip 2
Ruijie(config-nfpp)# arp-guard rate-limit per-src-mac 3
Ruijie(config-nfpp)# arp-guard rate-limit per-port 50
Related
Commands Command Description
nfpp arp-guard policy Set the rate limit and the attack threshold.
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
arp-guard scan-threshold
Use this command to set the global scan threshold.
arp-guard scan-threshold pkt-cnt
Parameter
Description Parameter Description
pkt-cnt Set the scan threshold, in the range of 1 to 9999.
Defaults The default scan threshold is 15, in 10 seconds.
Command
Mode
NFPP configuration mode
Usage Guide The scanning may occur on the condition that:
more than 15 packets are received within 10 seconds;
the source MAC address for the link layer is constant while the source IP address is uncertain;
the source MAC and IP address for the link layer is constant while the destination IP address is
uncertain.
Configuration Ruijie(config)# nfpp
Command Reference NFPP Commands
Examples Ruijie(config-nfpp)# arp-guard scan-threshold 20
Related
Commands Command Description
nfpp arp-guard scan-threshold Set the scan threshold on the port.
show nfpp arp-guard summary Show the configurations.
show nfpp arp-guard scan Show the ARP guard scan table.
clear nfpp arp-guard scan Clear the ARP guard scan table.
Platform
Description
N/A
clear nfpp arp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp arp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address | mac-address ]
Parameter
Description Parameter Description
vid Set the VLAN ID.
interface-id Set the interface name and number.
ip-address Set the IP address.
mac-address Set the MAC address.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command without the parameter to clear all monitored hosts
Configuration
Examples
Ruijie# clear nfpp arp-guard hosts vlan 1 interface g0/1
Related
Commands Command Description
arp-guard attack-threshold Set the global attack threshold.
nfpp arp-guard policy Set the limit threshold and attack threshold.
show nfpp arp-guard hosts Show the monitored host.
Platform
Description
N/A
Command Reference NFPP Commands
clear nfpp arp-guard scan
Use this command to clear ARP scanning table.
clear nfpp arp-guard scan
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# clear nfpp arp-guard scan
Related
Commands Command Description
arp-guard attack-threshold Set the global attack threshold.
nfpp arp-guard policy Set the attack threshold.
show nfpp arp-guard scan Show the ARP scanning table.
Platform
Description
N/A
clear nfpp dhcp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp dhcp-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]
Parameter
Description Parameter Description
vid Set the VLAN ID.
interface-id Set the interface name and number.
mac-address Set the MAC address.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Command Reference NFPP Commands
Usage Guide Use this command without the parameter to clear all monitored hosts.
Configuration
Examples
Ruijie# clear nfpp dhcp-guard hosts vlan 1 interface g0/1
Related
Commands Command Description
dhcp-guard attack-threshold Set the global attack threshold.
nfpp dhcp-guard policy Set the limit threshold and attack threshold.
show nfpp dhcp-guard hosts Show the monitored host.
Platform
Description
N/A
clear nfpp dhcpv6-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp dhcpv6-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]
Parameter
Description Parameter Description
vid Set the VLAN ID.
interface-id Set the interface name and number.
mac-address Set the MAC address.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command without the parameter to clear all monitored hosts
Configuration
Examples
Ruijie# clear nfpp dhcpv6-guard hosts vlan 1 interface g0/1
Related
Commands Command Description
dhcpv6-guard attack-threshold Set the global attack threshold.
nfpp dhcpv6-guard policy Set the limit threshold and attack threshold.
show nfpp dhcpv6-guard hosts Show the monitored host.
Platform N/A
Command Reference NFPP Commands
Description
clear nfpp icmp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp icmp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]
Parameter
Description Parameter Description
vid Set the VLAN ID.
interface-id Set the interface name and number.
ip-address Set the IP address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command without the parameter to clear all monitored hosts.
Configuration
Examples
Ruijie# clear nfpp icmp-guard hosts vlan 1 interface g0/1
Related
Commands Command Description
icmp-guard attack-threshold Set the global attack threshold.
nfpp icmp-guard policy Set the limit threshold and attack threshold.
show nfpp icmp-guard hosts Show the monitored host.
Platform
Description
N/A
clear nfpp ip-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp ip-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]
Parameter
Description Parameter Description
vid Set the VLAN ID.
interface-id Set the interface name and number.
ip-address Set the IP address.
Command Reference NFPP Commands
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command without the parameter to clear all monitored hosts.
Configuration
Examples
Ruijie# clear nfpp ip-guard hosts vlan 1 interface g0/1
Related
Commands Command Description
ip-guard attack-threshold Set the global attack threshold.
nfpp ip-guard policy Set the limit threshold and attack threshold.
show nfpp ip-guard hosts Show the monitored host.
Platform
Description
N/A
clear nfpp log
Use this command to clear the NFPP log buffer area.
clear nfpp log
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# clear nfpp log
32 log-buffer entries were cleared.
Related
Commands Command Description
show nfpp log
Show the NFPP log configurations or the log
buffer area.
Platform N/A
Command Reference NFPP Commands
Description
dhcp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
dhcp-guard attack-threshold { per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-mac Set the attack threshold for each source MAC address.
per-port Set the attack threshold for each port.
pps Set the attack threshold, in pps. The valid range is 1 to 9999.
Defaults By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for
each port is 300pps.
Command
Mode
NFPP configuration mode.
Usage Guide N/A.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard attack-threshold per-src-mac 15
Ruijie(config-nfpp)# dhcp-guard attack-threshold per-port 200
Related
Commands Command Description
nfpp dhcp-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp dhcp-guard summary Show the configurations.
show nfpp dhcp-guard hosts Show the monitored host list.
clear nfpp dhcp-guard hosts Clear the monitored host.
Platform
Description
N/A
dhcp-guard enable
Use this command to enable the DHCP anti-attack function.
dhcp-guard enable
Parameter Parameter Description
Command Reference NFPP Commands
Description
N/A N/A
Defaults Disabled
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
dhcp-guard isolate-period
Use this command to set the isolate time globally.
dhcp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent Permanent isolation.
Defaults The default isolate time is 0, which means no isolation.
Command
Mode
NFPP configuration mode.
Usage Guide The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard isolate-period 180
Related Command Description
Command Reference NFPP Commands
Commands
nfpp dhcp-guard isolate-period Set the isolate time on the interface.
show nfpp dhcp-guard summary Show the configurations.
Platform
Description
N/A
dhcp-guard monitored-host-limit
Use this command to set the maximum monitored host number.
dhcp-guard monitored-host-limit number
Parameter
Description Parameter Description
number The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults 1000
Command
Mode
NFPP configuration mode
Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard monitored-host-limit 200
Related
Commands Command Description
show nfpp dhcp-guard summary Show the configurations.
Platform
Description
N/A
dhcp-guard monitor-period
Use this command to configure the monitor time
Command Reference NFPP Commands
dhcp-guard monitor-period seconds
Parameter
Description Parameter Description
seconds Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults 600s
Command
Mode
NFPP configuration mode.
Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard monitor-period 180
Related
Commands Command Description
show nfpp dhcp-guard summary Show the configurations.
show nfpp dhcp-guard hosts Show the monitored host list.
clear nfpp dhcp-guard hosts Clear the isolated host.
Platform
Description
N/A
dhcp-guard rate-limit
Use this command to set the rate-limit threshold globally.
dhcp-guard rate-limit { per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-mac Set the rate limit for each source MAC address.
per-port Set the rate limit for each port.
pps Set the rate limit, in the range of 1 to 9999
Defaults The default rate limit for each source MAC address is 5pps; the default rate limit for each port is
150pps.
Command Reference NFPP Commands
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcp-guard rate-limit per-src-mac 8
Ruijie(config-nfpp)# dhcp-guard rate-limit per-port 100
Related
Commands Command Description
nfpp dhcp-guard policy Set the rate limit and the attack threshold.
show nfpp dhcp-guard summary Show the configurations.
Platform
Description
N/A
dhcpv6-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
dhcpv6-guard attack-threshold { per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-mac Set the attack threshold for each source MAC address.
per-port Set the attack threshold for each port.
pps Set the attack threshold, in pps. The valid range is 1 to 9999.
Defaults By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for
each port is 300pps
Command
Mode
NFPP configuration mode.
Usage Guide N/A.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-src-mac 15
Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-port 200
Related
Commands Command Description
Command Reference NFPP Commands
nfpp dhcpv6-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp dhcpv6-guard summary Show the configurations.
show nfpp dhcpv6-guard hosts Show the monitored host list.
clear nfpp dhcpv6-guard hosts Clear the monitored host.
Platform
Description
N/A
dhcpv6-guard enable
Use this command to enable the DHCPv6 anti-attack function.
dhcpv6-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults Disabled
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard enable
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
dhcpv6-guard isolate-period
Use this command to set the isolate time globally.
dhcpv6-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
Command Reference NFPP Commands
permanent Permanent isolation.
Defaults The default isolate time is 0, which means no isolation.
Command
Mode
NFPP configuration mode.
Usage Guide The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard isolate-period 180
Related
Commands Command Description
nfpp dhcpv6-guard isolate-period Set the isolate time on the interface.
show nfpp dhcpv6-guard summary Show the configurations.
Platform
Description
N/A
dhcpv6-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
dhcpv6-guard monitored-host-limit number
Parameter
Description Parameter Description
number The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults 1000
Command
Mode
NFPP configuration mode
Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Command Reference NFPP Commands
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard monitored-host-limit 200
Related
Commands Command Description
show nfpp dhcpv6-guard summary Show the configurations.
Platform
Description
N/A
dhcpv6-guard monitor-period
Use this command to configure the monitor time.
dhcpv6-guard monitor-period seconds
Parameter
Description Parameter Description
seconds Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults 600s
Command
Mode
NFPP configuration mode.
Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard monitor-period 180
Related
Commands Command Description
show nfpp dhcpv6-guard summary Show the configurations.
show nfpp dhcpv6-guard hosts Show the monitored host list.
clear nfpp dhcpv6-guard hosts Clear the isolated host.
Platform
Description
N/A
Command Reference NFPP Commands
dhcpv6-guard rate-limit
Use this command to set the rate-limit threshold globally.
dhcpv6-guard rate-limit { per-src-mac | per-port } pps
Parameter
Description Parameter Description
per-src-mac Set the rate limit for each source MAC address.
per-port Set the rate limit for each port.
pps Set the rate limit, in the range of [1,9999]
Defaults The default rate limit for each source MAC address is 5pps; the default rate limit for each port is
150pps.
Command
Mode
NFPP configuration mode
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-src-mac 8
Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-port 100
Related
Commands Command Description
nfpp dhcpv6-guard policy Set the rate limit and the attack threshold.
show nfpp dhcpv6-guard summary Show the configurations.
Platform
Description
N/A
icmp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
icmp-guard attack-threshold { per-src-ip | per-port } pps
Parameter
Description Parameter Description
per-src-ip Set the attack threshold for each source IP address.
per-port Set the attack threshold for each port.
pps Set the attack threshold, in pps. The valid range is 1 to 9999.
Command Reference NFPP Commands
Defaults By default, the attack threshold and the rate-limit threshold for each source IP address and each port
are the same. For the default rate-limit threshold value, see the icmp-guard rate-limit command.
Command
Mode
NFPP configuration mode.
Usage Guide N/A.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard attack-threshold per-src-ip 600
Ruijie(config-nfpp)# icmp-guard attack-threshold per-port 1200
Related
Commands Command Description
nfpp icmp-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp icmp-guard summary Show the configurations.
show nfpp icmp-guard hosts Show the monitored host list.
clear nfpp icmp-guard hosts Clear the monitored host.
Platform
Description
N/A
icmp-guard isolate-period
Use this command to set the isolate time globally.
icmp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent Permanent isolation.
Defaults The default isolate time is 0, which means no isolation.
Command
Mode
NFPP configuration mode.
Usage Guide The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard isolate-period 180
Command Reference NFPP Commands
Related
Commands Command Description
nfpp icmp-guard isolate-period Set the isolate time on the interface.
show nfpp icmp-guard summary Show the configurations.
Platform
Description
N/A
icmp-guard enable
Use this command to enable the ICMP anti-attack function.
icmp-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard enable
Related
Commands Command Description
nffp icmp-guard enable
Enable the ICMP anti-attack function on the
interface.
show nfpp icmp-guard summary Show the configurations.
Platform
Description
N/A
icmp-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
icmp-guard monitored-host-limit number
Parameter Parameter Description
Command Reference NFPP Commands
Description
number The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults 1000
Command
Mode
NFPP configuration mode
Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard monitored-host-limit 200
Related
Commands Command Description
show nfpp icmp-guard summary Show the configurations.
Platform
Description
N/A
icmp-guard monitor-period
Use this command to configure the monitor time.
icmp-guard monitor-period seconds
Parameter
Description Parameter Description
seconds Set the monitor time, in seconds. The valid range is [180, 86400].
Defaults 600s
Command
Mode
NFPP configuration mode.
Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
Command Reference NFPP Commands
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard monitor-period 180
Related
Commands Command Description
show nfpp icmp-guard summary Show the configurations.
show nfpp icmp-guard hosts Show the monitored host list.
clear nfpp icmp-guard hosts Clear the isolated host.
Platform
Description
N/A
icmp-guard rate-limit
Use this command to set the rate-limit threshold globally.
icmp-guard rate-limit { per-src-ip | per-port } pps
Parameter
Description Parameter Description
per-src-ip Set the rate limit for each source IP address.
per-port Set the rate limit for each port.
pps Set the rate limit, in the range of [1,9999]
Defaults The default rate-limit threshold for each source IP address is half of the value for each port. And the
default rate-limit threshold value for each port varies with the products.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard rate-limit per-src-ip 500
Ruijie(config-nfpp)# icmp-guard rate-limit per-port 800
Related
Commands Command Description
nfpp icmp-guard policy Set the rate limit and the attack threshold.
show nfpp icmp-guard summary Show the configurations.
Command Reference NFPP Commands
Platform
Description
N/A
icmp-guard trusted-host
Use this command to set the trusted hosts free form monitoring.
icmp-guard trusted-host ip mask
no icmp-guard trusted-host { all | ip mask }
Parameter
Description Parameter Description
ip Set the IP address.
mask Set the IP mask.
all Delete the configurations of all trusted hosts.
Defaults N/A.
Command
Mode
NFPP configuration mode.
Usage Guide The administrator can use this command to set the trusted host free from monitoring. The ICMP
packets are allowed to send to the trusted host CPU without any rate-limit and warning configuration.
Configure the mask to set all hosts in one network segment free from monitoring.
UP to 500 trusted hosts are supported.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# icmp-guard trusted-host 1.1.1.0 255.255.255.0
Related
Commands Command Description
show nfpp icmp-guard trusted-host Show the configurations.
Platform
Description
N/A
ip-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
ip-guard attack-threshold { per-src-ip | per-port } pps
Parameter Parameter Description
Command Reference NFPP Commands
Description
per-src-ip Set the attack threshold for each source IP address.
per-port Set the attack threshold for each port.
pps Set the attack threshold, in pps. The valid range is 1 to 9999.
Defaults By default, the attack threshold for each source IP address and each port are 20pps and 2000pps
respectively.
Command
Mode
NFPP configuration mode.
Usage Guide The attack threshold shall be equal to or larger than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard attack-threshold per-src-ip 2
Ruijie(config-nfpp)# ip-guard attack-threshold per-port 50
Related
Commands Command Description
nfpp ip-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp ip-guard summary Show the configurations.
show nfpp ip-guard hosts Show the monitored host list.
clear nfpp ip-guard hosts Clear the monitored host.
Platform
Description
N/A
ip-guard enable
Use this command to enable the IP anti-scanfunction.
ip-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults Enabled
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Command Reference NFPP Commands
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard enable
Related
Commands Command Description
nffp ip-guard enable
Enable the IP anti-scan function on the
interface.
Platform
Description
N/A
ip-guard isolate-period
Use this command to set the isolate time globally.
ip-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent Permanent isolation.
Defaults The default isolate time is 0, which means no isolation.
Command
Mode
NFPP configuration mode.
Usage Guide N/A.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard isolate-period 180
Related
Commands Command Description
nfpp ip-guard isolate-period Set the isolate time on the interface.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
ip-guard monitor-period
Use this command to configure the monitor time.
Command Reference NFPP Commands
ip-guard monitor-period seconds
Parameter
Description Parameter Description
seconds Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults 600s
Command
Mode
NFPP configuration mode.
Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard monitor-period 180
Related
Commands Command Description
show nfpp ip-guard summary Show the configurations.
show nfpp ip-guard hosts Show the monitored host list.
clear nfpp ip-guard hosts Clear the isolated host.
Platform
Description
N/A
ip-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
ip-guard monitored-host-limit number
Parameter
Description Parameter Description
number The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults 1000
Command
Mode
NFPP configuration mode
Command Reference NFPP Commands
Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard monitored-host-limit 200
Related
Commands Command Description
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
ip-guard rate-limit
Use this command to set the rate-limit threshold globally.
ip-guard rate-limit { per-src-ip | per-port } pps
Parameter
Description Parameter Description
per-src-ip Set the rate limit for each source IP address.
per-port Set the rate limit for each port.
pps Set the rate limit, in the range of 1 to 9999
Defaults By default, the the rate-limit threshold for each source IP address and each port is 20pps and 100pps
respectively.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard rate-limit per-src-ip 2
Ruijie(config-nfpp)# ip-guard rate-limit per-port 50
Command Reference NFPP Commands
Related
Commands Command Description
nfpp ip-guard policy Set the rate limit and the attack threshold.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
ip-guard scan-threshold
Use this command to set the global scan threshold.
ip-guard scan-threshold pkt-cnt
Parameter
Description Parameter Description
pkt-cnt Set the scan threshold, in the range of 1 to 9999.
Defaults The default scan threshold is 100, in 10 seconds.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard scan-threshold 2
Related
Commands Command Description
nfpp ip-guard scan-threshold Set the scan threshold on the port.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
ip-guard trusted-host
Use this command to set the trusted hosts free form monitoring.
ip-guard trusted-host ip mask
no ip-guard trusted-host { all | ip mask }
Parameter Parameter Description
Command Reference NFPP Commands
Description
ip Set the IP address.
mask Set the IP mask.
all Delete the configurations of all trusted hosts.
Defaults N/A.
Command
Mode
NFPP configuration mode.
Usage Guide The administrator can use this command to set the trusted host free from monitoring. The ICMP
packets are allowed to sent to the trusted host CPU without any rate-limit and warning configuration.
Configure the mask to set all hosts in one network segment free from monitoring.
UP to 500 trusted hosts are supported.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# ip-guard trusted-host 1.1.1.0 255.255.255.0
Related
Commands Command Description
show nfpp ip-guard trusted-host Show the configurations.
Platform
Description
N/A
log-buffer entries
Use this command to set the NFPP log buffer area size.
log-buffer entries number
Parameter
Description Parameter Description
number The buffer area size. The valid range is 0 to 1024.
Defaults 256.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# log-buffer entries 50
Command Reference NFPP Commands
Related
Commands Command Description
log-buffer logs number_of_message interval
length_in_seconds
Show the rate of the syslog generated from the
NFPP buffer area.
show nfpp log
Show the NFPP log configuration or the log
buffer area.
Platform
Description
N/A
log-buffer logs
Use this command to set the rate of syslog generated from the NFPP log buffer area.
log-buffer logs number_of_message interval length_in_seconds
Parameter
Description Parameter Description
number_of_message
The valid range is 0-1024.
0 indicates that all logs are recorded in the specific buffer area and no
syslogs are generated.
length_in_seconds
The valid range is 0-86400(one day).
0 indicates not to write the log to the buffer area but generate the
syslog immediately.
With both the number_of_message and length_in_seconds values
are 0, it indicates not to write the log to the buffer area but generate
the syslog immediately.
The parameter number_of_message /length_in_second indicates the
rate of syslog generated from the NFPP log buffer area.
Defaults By default, the number_of_message is 1 and the length_in_seconds is 30.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# log-buffer logs 2 interval 12
Related
Commands Command Description
log-buffer entries number Set the NFPP log buffer area size.
Command Reference NFPP Commands
show nfpp log summary
Show the NFPP log configurations or the log
buffer area.
Platform
Description
N/A
logging
Use this command to set the VLAN or the interface log for NFPP
logging vlan vlan-range
logging interface interface-id
Parameter
Description Parameter Description
vlan-range Set the specified VLAN range, in the format such as “1-3, 5”.
interface-id Set the interface ID.
Defaults All logs are recorded..
Command
Mode
NFPP configuration mode.
Usage Guide Use this command to filter the logs and records the logs within the specified VLAN range or the
specified port
Configuration
Examples
The following example shows the administrator how to record the logs in VLAN 1,VLAN 2,VLAN 3
and VLAN 5 only:
Ruijie(config)# nfpp
Ruijie(config-nfpp)# logging vlan 1-3,5
The following example shows the administrator how to record the logs on the interface
GigabitEthernet 0/1 only:
Ruijie(config)# nfpp
Ruijie(config-nfpp)# logging interface G 0/1
Related
Commands Command Description
show nfpp log summary
Show the NFPP log configurations or the log
buffer area.
Platform
Description
N/A
Command Reference NFPP Commands
nd-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
nd-guard attack-threshold per-port { ns-na | rs | ra-redirect } pps
Parameter
Description Parameter Description
ns-na Set the neighbor request and neighbor advertisement.
rs Set the router request.
ra-redirect Set the router advertisement and the redirect packets.
pps Set the attack threshold, in pps. The valid range is [1,9999].
Defaults By default, the default attack threshold for the ns-na, rs and ra-redirect on each port is 30.
Command
Mode
NFPP configuration mode.
Usage Guide The attack threshold shall be equal to or larger than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# nd-guard attack-threshold per-port ns-na 20
Ruijie(config-nfpp)# nd-guard attack-threshold per-port rs 10
Ruijie(config-nfpp)# nd-guard attack-threshold per-port ra-redirect 10
Related
Commands Command Description
nfpp ip-guard policy
Show the rate-limit threshold and attack
threshold.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
nd-guard enable
Use this command to enable the ND anti-attack function.
nd-guard enable
Parameter
Description Parameter Description
N/A N/A
Command Reference NFPP Commands
Defaults Enabled
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# nd-guard enable
Related
Commands Command Description
nffp nd-guard enable
Enable the ND anti-attack function on the
interface.
show nfpp nd-guard summary Show the configurations.
Platform
Description
N/A
nd-guard rate-limit
Use this command to set the rate-limit threshold globally.
nd-guard rate-limit per-port { ns-na | rs | ra-redirect } pps
Parameter
Description Parameter Description
ns-na Set the neighbor request and neighbor advertisement.
rs Set the router request.
ra-redirect Set the router advertisement and the redirect packets.
pps Set the attack threshold, in pps. The valid range is [1,9999].
Defaults By default, the default rate-limit threshold for the ns-na, rs and ra-redirect on each port is 15.
Command
Mode
NFPP configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# nfpp
Ruijie(config-nfpp)# nd-guard rate-limit per-port ns-na 10
Ruijie(config-nfpp)# nd-guard rate-limit per-port rs 5
Ruijie(config-nfpp)# nd-guard rate-limit per-port ra-redirect 5
Command Reference NFPP Commands
Related
Commands Command Description
nfpp nd-guard policy Set the rate limit and the attack threshold.
show nfpp nd-guard summary Show the configurations.
Platform
Description
N/A
nfpp arp-guard enable
Use this command to enable the anti-ARP attack function on the interface.
nfpp arp-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults The anti-ARP attack function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Usage Guide The interface anti-ARP attack configuration is prior to the global configuration.
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp arp-guard enable
Related
Commands Command Description
arp-guard enable Enable the anti-ARP attack function.
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
nfpp arp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode
nfpp arp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds Set the isolate period, in second. The valid range is 0, or [30, 86400].
Command Reference NFPP Commands
0 indicates no isolation.
permanent Permanent isolation.
Defaults By default, the isolate period is not configured.
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp arp-guard isolate-period 180
Related
Commands Command Description
arp-guard isolate-period Set the global isolate period.
show nfpp arp-guard summary Show the configurations.
Platform
Description
N/A
nfpp arp-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp arp-guard policy { per-src-ip | per-src-mac | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description Parameter Description
per-src-ip
Set the rate-limit threshold and the attack threshold for each source
IP address.
per-src-mac
Set the rate-limit threshold and the attack threshold for each source
MAC address.
per-port Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps Set the attack threshold with the valid range of [1, 9999].
Defaults By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.
Command Reference NFPP Commands
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp arp-guard policy per-src-ip 2 10
Ruijie(config-if)# nfpp arp-guard policy per-src-mac 3 10
Ruijie(config-if)# nfpp arp-guard policy per-port 50 100
Related
Commands Command Description
arp-guard attack-threshold Set the global attack threshold.
arp-guard rate-limit Set the global rate-limit threshold.
show nfpp arp-guard summary Show the configurations.
show nfpp arp-guard hosts Show the monitored host.
clear nfpp arp-guard hosts Clear the isolated host.
Platform
Description
N/A
nfpp arp-guard scan-threshold
Use this command to set the scan threshold.
nfpp arp-guard scan-threshold pkt-cnt
Parameter
Description Parameter Description
pkt-cnt Set the scan threshold with the valid range of [1, 9999].
Defaults By default, the sport-based scan threshold is not configured.
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp arp-guard scan-threshold 20
Related
Commands Command Description
arp-guard attack-threshold Set the global attack threshold.
show nfpp arp-guard summary Show the configurations.
show nfpp arp-guard scan Show the ARP scan table.
clear nfpp arp-guard scan Clear the ARP scan table.
Platform N/A
Command Reference NFPP Commands
Description
nfpp dhcp-guard enable
Use this command to enable the DHCP anti-attack function on the interface.
nfpp dhcp-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults The DHCP anti-attack function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Usage Guide The interface DHCP anti- attack configuration is prior to the global configuratio
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp dhcp-guard enable
Related
Commands Command Description
dhcp-guard enable Enable the anti-ARP attack function.
show nfpp dhcp-guard summary Show the configurations.
Platform
Description
N/A
nfpp dhcp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp dhcp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
permanent Permanent isolation.
Defaults By default, the isolate period is not configured
Command Interface configuration mode.
Command Reference NFPP Commands
Mode
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp dhcp-guard isolate-period 180
Related
Commands Command Description
dhcp-guard isolate-period Set the global isolate period.
show nfpp dhcp-guard summary Show the configurations.
Platform
Description
N/A
nfpp dhcpv6-guard enable
Use this command to enable the DHCPv6 anti-attack function on the interface.
nfpp dhcpv6-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults The DHCPv6 anti-attack function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Usage Guide The interface DHCPv6 anti- attack configuration is prior to the global configuration.
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp dhcpv6-guard enable
Related
Commands Command Description
dhcpv6-guard enable Enable the anti-ARP attack function.
show nfpp dhcpv6-guard summary Show the configurations.
Platform
Description
N/A
Command Reference NFPP Commands
nfpp dhcpv6-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp dhcpv6-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
permanent Permanent isolation.
Defaults By default, the isolate period is not configured.
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp dhcpv6-guard isolate-period 180
Related
Commands Command Description
dhcpv6-guard isolate-period Set the global isolate period.
show nfpp dhcpv6-guard summary Show the configurations.
Platform
Description
N/A
nfpp icmp-guard enable
Use this command to enable the ICMP anti-attack function on the interface.
nfpp icmp-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults The ICMP anti-attack function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Command Reference NFPP Commands
Usage Guide The interface ICMP anti- attack configuration is prior to the global configuration.
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp icmp-guard enable
Related
Commands Command Description
icmp-guard enable Enable the anti-ARP attack function.
show nfpp icmp-guard summary Show the configurations.
Platform
Description
N/A
nfpp icmp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp icmp-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
permanent Permanent isolation.
Defaults By default, the isolate period is not configured.
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp icmp-guard isolate-period 180
Related
Commands Command Description
icmp-guard isolate-period Set the global isolate period.
show nfpp icmp-guard summary Show the configurations.
Platform
Description
N/A
Command Reference NFPP Commands
nfpp icmp-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp icmp-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description Parameter Description
per-src-ip
Set the rate-limit threshold and the attack threshold for each source
IP address.
per-port Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps Set the attack threshold with the valid range of [1, 9999].
Defaults By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp icmp-guard policy per-src-ip 5 10
Ruijie(config-if)# nfpp icmp-guard policy per-port 100 200
Related
Commands Command Description
icmp-guard attack-threshold Set the global attack threshold.
icmp-guard rate-limit Set the global rate-limit threshold.
show nfpp icmp-guard summary Show the configurations.
show nfpp icmp-guard hosts Show the monitored host.
clear nfpp icmp-guard hosts Clear the isolated host.
Platform
Description
N/A
nfpp ip-guard enable
Use this command to enable the ICMP anti-attack function on the interface.
nfpp ip-guard enable
Parameter
Description Parameter Description
N/A N/A
Command Reference NFPP Commands
Defaults The IP anti-scan function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Usage Guide The interface IP anti-scan configuration is prior to the global configuration.
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp ip-guard enable
Related
Commands Command Description
ip-guard enable Enable the anti-ARP attack function.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
nfpp ip-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp ip-guard isolate-period { seconds | permanent }
Parameter
Description Parameter Description
seconds
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
permanent Permanent isolation.
Defaults By default, the isolate period is not configured.
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp ip-guard isolate-period 180
Related
Commands Command Description
ip-guard isolate-period Set the global isolate period.
Command Reference NFPP Commands
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
nfpp ip-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp ip-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description Parameter Description
per-src-ip
Set the rate-limit threshold and the attack threshold for each source
IP address.
per-port Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps Set the attack threshold with the valid range of [1, 9999].
Defaults By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp ip-guard policy per-src-ip 2 10
Ruijie(config-if)# nfpp ip-guard policy per-port 50 100
Related
Commands Command Description
ip-guard attack-threshold Set the global attack threshold.
ip-guard rate-limit Set the global rate-limit threshold.
show nfpp ip-guard summary Show the configurations.
show nfpp ip-guard hosts Show the monitored host.
clear nfpp ip-guard hosts Clear the isolated host.
Platform
Description
N/A
nfpp dhcp-guard policy
Use this command to set the rate-limit threshold and the attack threshold
Command Reference NFPP Commands
nfpp dhcp-guard policy { per-src-mac | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description Parameter Description
per-src-mac
Set the rate-limit threshold and the attack threshold for each source
MAC address.
per-port Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps Set the attack threshold with the valid range of [1, 9999].
Defaults By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp dhcp-guard policy per-src-mac 3 10
Ruijie(config-if)# nfpp dhcp-guard policy per-port 50 100
Related
Commands Command Description
dhcp-guard attack-threshold Set the global attack threshold.
dhcp-guard rate-limit Set the global rate-limit threshold.
show nfpp dhcp-guard summary Show the configurations.
show nfpp dhcp-guard hosts Show the monitored host.
clear nfpp dhcp-guard hosts Clear the isolated host.
Platform
Description
N/A
nfpp ip-guard scan-threshold
Use this command to set the scan threshold.
nfpp ip-guard scan-threshold pkt-cnt
Parameter
Description Parameter Description
pkt-cnt Set the scan threshold with the valid range of [1, 9999].
Defaults By default, the sport-based scan threshold is not configured.
Command Reference NFPP Commands
Command
Mode
Interface configuration mode.
Usage Guide N/A
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp ip-guard scan-threshold 20
Related
Commands Command Description
ip-guard attack-threshold Set the global attack threshold.
show nfpp ip-guard summary Show the configurations.
Platform
Description
N/A
nfpp nd-guard enable
Use this command to enable the ND anti-attack function on the interface.
nfpp nd-guard enable
Parameter
Description Parameter Description
N/A N/A
Defaults The ND anti-attack function is not enabled on the interface.
Command
Mode
Interface configuration mode.
Usage Guide The interface ND anti-attack configuration is prior to the global configuration.
Configuration
Examples
Ruijie(config)# interface G0/1
Ruijie(config-if)# nfpp nd-guard enable
Related
Commands Command Description
nd-guard enable Enable the ND anti- attack function.
show nfpp nd-guard summary Show the configurations.
Platform
Description
N/A
Command Reference NFPP Commands
nfpp nd-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp nd-guard policy per-port { ns-na | rs | ra-redirect } rate-limit-pps attack-threshold-pps
Parameter
Description Parameter Description
ns-na Set the neighbor request and neighbor advertisement.
rs Set the router request.
ra-redirect Set the router advertisement and the redirect packets.
rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].
Defaults By default, the rate-limit threshold and the attack threshold are not configured.
Command
Mode
Interface configuration mode.
Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.
For ND snooping, the port is classified into untrusted port and trusted port. The untrusted port
connects to the host and the trusted port connects to the gateway. The rate-limt threshold for the
trusted port shall higher than the one for the untrusted port because the traffic of the trusted port
generally is higher than the traffic of the untrusted port. For the trusted port with ND snooping
enabled, ND snooping advertises ND guard to set the rate-limit threshold and attack threshold for the
three categories of packets as 800pps and 900pps respectively.
Configuration
Examples
Ruijie(config)# interface G 0/1
Ruijie(config-if)# nfpp nd-guard policy per-port ns-na 50 100
Ruijie(config-if)# nfpp nd-guard policy per-port rs 10 20
Ruijie(config-if)# nfpp nd-guard policy per-port ra-redirect 10 20
Related
Commands Command Description
nd-guard attack-threshold Set the global attack threshold.
nd-guard rate-limit Set the global rate-limit threshold.
show nfpp nd-guard summary Show the configurations.
Platform
Description
N/A
show nfpp arp-guard hosts
Use this command to show the monitored host.
show nfpp arp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
Command Reference NFPP Commands
mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the monitored host.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the statistical information of the monitored host:
Ruijie# show nfpp arp-guard hosts statistics
success fail total
------- ---- -----
100 20 120
The following example shows the monitored host:
Ruijie# show nfpp arp-guard hosts
If column 1 shows '*', it means "hardware do not isolate user" .
VLAN interface IP address MAC address remain-time(s)
---- -------- --------- ----------- -------------
1 Gi0/1 1.1.1.1 - 110
2 Gi0/2 1.1.2.1 - 61
*3 Gi0/3 - 0000.0000.1111 110
4 Gi0/4 - 0000.0000.2222 61
Total:4 hosts
Related
Commands Command Description
clear nfpp arp-guard hosts Clear the monitored host.
Platform
Description
N/A
show nfpp arp-guard scan
Use this command to show the ARP scan list.
Command Reference NFPP Commands
show nfpp arp-guard scan [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address ]
[ mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the ARP scan list.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp arp-guard scan statistics
ARP scan table has 4 record(s).
Ruijie# show nfpp arp-guard scan
VLAN interface IP address MAC address timestamp
---- -------- ---------- ----------- ---------
1 Gi0/1 N/A 0000.0000.0001 2008-01-23 16:23:10
2 Gi0/2 1.1.1.1 0000.0000.0002 2008-01-23 16:24:10
3 Gi0/3 N/A 0000.0000.0003 2008-01-23 16:25:10
4 Gi0/4 N/A 0000.0000.0004 2008-01-23 16:26:10
Total:4 record(s)
Ruijie# show nfpp arp-guard scan vlan 1 interface G 0/1 0000.0000.0001
VLAN interface IP address MAC address timestamp
---- -------- ---------- ----------- -------
1 Gi0/1 N/A 0000.0000.0001 2008-01-23 16:23:10
Total:1 record(s)
Related
Commands Command Description
arp-guard scan-threshold Set the global scan threshold.
nfpp arp-guard scan-threshold Set the scan threshold.
clear nfpp arp-guard scan Clear the ARP scan list.
Platform
Description
N/A
Command Reference NFPP Commands
show nfpp arp-guard summary
Use this command to show the configurations.
show nfpp arp-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp arp-guard summary
(Format of column Rate-limit and Attack-threshold is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold
Global Enable 300 4/5/60 8/10/100 15
Gi 0/1 Enable 180 5/-/- 8/-/- -
Gi 0/2 Disable 200 4/5/60 8/10/100 20
Maximum count of monitored hosts: 1000
Monitor period:300s
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Attack-threshold In the same format as the rate-limit.
- No configuration.
Related
Commands Command Description
arp-guard attack-threshold Set the global attack threshold.
arp-guard enable Enable the anti-ARP attack function.
arp-guard isolate-period Set the global isolate time.
arp-guard monitor-period Set the monitor period.
arp-guard monitored-host-limit Set the maximum number of the monitored hosts.
arp-guard rate-limit Set the global rate-limit threshold.
Command Reference NFPP Commands
arp-guard scan-threshold Set the global scan threshold.
nfpp arp-guard enable
Enable the anti-ARP attack function on the
interface.
nfpp arp-guard isolate-period Set the isolate time.
nfpp arp-guard policy Set the rate-limit threshold and attack threshold.
nfpp arp-guard scan-threshold Set the scan threshold.
Platform
Description
N/A
show nfpp dhcp-guard hosts
Use this command to show the monitored host.
show nfpp dhcp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the monitored host.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the statistical information of the monitored host:
Ruijie# show nfpp dhcp-guard hosts statistics
success fail total
------- ---- -----
100 20 120
The following example shows the monitored host:
Ruijie# show nfpp dhcp-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface MAC address remain-time(seconds)
---- --------- ----------- -------------------
1 gi0/2 0000.0000.0001 10
Command Reference NFPP Commands
*2 gi0/1 0000.0000.0002 20
Total:2 host(s)
Related
Commands Command Description
clear nfpp dhcp-guard hosts Clear the monitored host.
Platform
Description
N/A
show nfpp dhcp-guard summary
Use this command to show the configurations.
show nfpp dhcp-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp dhcp-guard summary
(Format of column Rate-limit and Attack-threshold is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold
Global Enable 300 -/5/150 -/10/300
Gi 0/1 Enable 180 -/6/- -/8/-
Gi 0/2 Disable 200 -/5/30 -/10/50
Maximum count of monitored hosts: 1000
Monitor period:300s
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Command Reference NFPP Commands
- No configuration.
Related
Commands Command Description
dhcp-guard attack-threshold Set the global attack threshold.
dhcp-guard enable Enable the DHCP anti-attack function.
dhcp-guard isolate-period Set the global isolate time.
dhcp-guard monitor-period Set the monitor period.
dhcp-guard monitored-host-limit Set the maximum number of the monitored hosts.
dhcp-guard rate-limit Set the global rate-limit threshold.
nfpp dhcp-guard enable
Enable the DHCP anti-attack function on the
interface.
nfpp dhcp-guard isolate-period Set the isolate time.
nfpp dhcp-guard policy Set the rate-limit threshold and attack threshold.
Platform
Description
N/A
show nfpp dhcpv6-guard hosts
Use this command to show the monitored host.
show nfpp dhcpv6-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the monitored host.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the statistical information of the monitored host:
Ruijie# show nfpp dhcpv6-guard hosts statistics
success fail total
------- ---- -----
Command Reference NFPP Commands
100 20 120
The following example shows the monitored host:
Ruijie# show nfpp dhcpv6-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface MAC address remain-time(seconds)
---- --------- ----------- -------------------
1 gi0/2 0000.0000.0001 10
*2 gi0/1 0000.0000.0002 20
Total:2 host(s)
Related
Commands Command Description
clear nfpp dhcpv6-guard hosts Clear the monitored host.
Platform
Description
N/A
show nfpp dhcpv6-guard summary
Use this command to show the configurations.
show nfpp dhcpv6-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp dhcpv6-guard summary
(Format of column Rate-limit and Attack-threshold is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold
Global Enable 300 -/5/150 -/10/300
Gi 0/1 Enable 180 -/6/- -/8/-
Gi 0/2 Disable 200 -/5/30 -/10/50
Maximum count of monitored hosts: 1000
Monitor period:300s
Command Reference NFPP Commands
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Attack-threshold In the same format as the rate-limit.
- No configuration.
Related
Commands Command Description
dhcpv6-guard attack-threshold Set the global attack threshold.
dhcpv6-guard enable Enable the DHCPv6 anti-attack function.
dhcpv6-guard isolate-period Set the global isolate time.
dhcpv6-guard monitor-period Set the monitor period.
dhcpv6-guard monitored-host-limit Set the maximum number of the monitored hosts.
dhcpv6-guard rate-limit Set the global rate-limit threshold.
nfpp dhcpv6-guard enable
Enable the DHCPv6 anti-attack function on the
interface.
nfpp dhcpv6-guard isolate-period Set the isolate time.
nfpp dhcpv6-guard policy Set the rate-limit threshold and attack threshold.
Platform
Description
N/A
show nfpp icmp-guard hosts
Use this command to show the monitored host.
show nfpp icmp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-Id ] [ ip-address |
mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the monitored host.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Command Reference NFPP Commands
Usage Guide N/A
Configuration
Examples
The following example shows the statistical information of the monitored host:
Ruijie# show nfpp icmp-guard hosts statistics
success fail total
------- ---- -----
100 20 120
The following example shows the monitored host:
Ruijie# show nfpp icmp-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface IP address remain-time(s)
---- -------- --------- -------------
1 Gi0/1 1.1.1.1 110
2 Gi0/2 1.1.2.1 61
Total:2 host(s)
Related
Commands Command Description
clear nfpp icmp-guard hosts Clear the monitored host.
Platform
Description
N/A
show nfpp icmp-guard summary
Use this command to show the configurations.
show nfpp icmp-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp icmp-guard summary
(Format of column Rate-limit and Attack-threshold is
per-src-ip/per-src-mac/per-port.)
Command Reference NFPP Commands
Interface Status Isolate-period Rate-limit Attack-threshold
Global Enable 300 4/-/60 8/-/100
Gi 0/1 Enable 180 5/-/- 8/-/-
Gi 0/2 Disable 200 4/-/60 8/-/100
Maximum count of monitored hosts: 1000
Monitor period:300s
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Attack-threshold In the same format as the rate-limit.
- No configuration.
Related
Commands Command Description
icmp-guard attack-threshold Set the global attack threshold.
icmp-guard enable Enable the ICMP anti-attack function.
icmp-guard isolate-period Set the global isolate time.
icmp-guard monitor-period Set the monitor period.
icmp-guard monitored-host-limit Set the maximum number of the monitored hosts.
icmp-guard rate-limit Set the global rate-limit threshold.
nfpp icmp-guard enable
Enable the ICMP anti-attack function on the
interface.
nfpp icmp-guard isolate-period Set the isolate time.
nfpp icmp-guard policy Set the rate-limit threshold and attack threshold.
Platform
Description
N/A
show nfpp icmp-guard trusted-host
Use this command to show the trusted host free from being monitored.
show nfpp icmp-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command Reference NFPP Commands
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp icmp-guard trusted-host
IP address mask
--------- ------
1.1.1.0 255.255.255.0
1.1.2.0 255.255.255.0
Total:2 record(s)
Related
Commands Command Description
icmp-guard trusted-host Set the trusted host.
Platform
Description
N/A
show nfpp ip-guard hosts
Use this command to show the monitored host.
show nfpp ip-guard hosts [ statistics | [ [ vlan vid ] [ Interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description Parameter Description
statistics Show the statistical information of the monitored host.
vid The VLAN ID.
interface-id The interface name.
ip-address The IP address.
mac-address The MAC address.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
The following example shows the statistical information of the monitored host:
Ruijie# show nfpp ip-guard hosts statistics
success fail total
------- ---- -----
Command Reference NFPP Commands
100 20 120
Ruijie#show nfpp ip-guard hosts
If column 1 shows '*', it means "hardware do not isolate host" .
VLAN interface IP address Reason remain-time(s)
---- -------- --------- ------- -------------
1 Gi0/1 1.1.1.1 ATTACK 110
2 Gi0/2 1.1.2.1 SCAN 61
Total:2 host(s)
Related
Commands Command Description
clear nfpp ip-guard hosts Clear the monitored host.
Platform
Description
N/A
show nfpp ip-guard summary
Use this command to show the configurations.
show nfpp ip-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp ip-guard summary
(Format of column Rate-limit and Attack-threshold is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold
Global Enable 300 4/-/60 8/-/100 15
Gi 0/1 Enable 180 5/-/- 8/-/- -
Gi 0/2 Disable 200 4/-/60 8/-/100 20
Maximum count of monitored hosts: 1000
Monitor period..300s
Command Reference NFPP Commands
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Attack-threshold In the same format as the rate-limit.
- No configuration.
Related
Commands Command Description
ip-guard attack-threshold Set the global attack threshold.
ip-guard enable Enable the IP anti-scan function.
ip-guard isolate-period Set the global isolate time.
ip-guard monitor-period Set the monitor period.
ip-guard monitored-host-limit Set the maximum number of the monitored hosts.
ip-guard rate-limit Set the global rate-limit threshold.
nfpp ip-guard enable Enable the IP anti-scan function on the interface.
nfpp ip-guard isolate-period Set the isolate time.
nfpp ip-guard policy Set the rate-limit threshold and attack threshold.
Platform
Description
N/A
show nfpp ip-guard trusted-host
Use this command to show the trusted host free from being monitored.
show nfpp ip-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp ip-guard trusted-host
IP address mask
--------- ------
1.1.1.0 255.255.255.0
Command Reference NFPP Commands
1.1.2.0 255.255.255.0
Total:2 record(s)
Related
Commands Command Description
ip-guard trusted-host Set the trusted host.
Platform
Description
N/A
show nfpp log
Use this command to show the NFPP log configuration.
show nfpp log summary
Use this command to show the NFPP log buffer area content.
show nfpp log buffer [ statistics ]
Parameter
Description Parameter Description
statistics Show the statistical information of the NFPP log buffer area.
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide When the log buffer area is full, the subsequent logs are to be dropped, and an entry with all
attributes ”-” is displayed in the log buffer area. The administrator shall increase the capacity of the log
buffer area or improve the rate of generating the syslog.
The generated syslog in the log buffer area carries with the timestamp, for example:
%NFPP_ARP_GUARD-4-DOS_DETECTED:
Host<IP=N/A,MAC=0000.0000.0004,port=Gi4/1,VLAN=1> was detected.(2009-07-01 13:00:00)
Configuration
Examples
The following example shows the NFPP log configurations:
Ruijie#show nfpp log summary
Total log buffer size : 10
Syslog rate : 1 entry per 2 seconds
Logging:
VLAN 1-3, 5
interface Gi 0/1
interface Gi 0/2
The following example shows the log number in the buffer area:
Ruijie#show nfpp log buffer statistics
Command Reference NFPP Commands
There are 6 logs in buffer.
The following example shows the NFPP log buffer area:
Ruijie#show nfpp log buffer
Protocol VLAN Interface IP address MAC address Reason Timestamp
------- ---- -------- --------- ----------- ------ ---------
ARP 1 Gi0/1 1.1.1.1 - DoS 2009-05-30
16:23:10
ARP 1 Gi0/1 1.1.1.1 - ISOLATED 2009-05-30
16:23:10
ARP 1 Gi0/1 1.1.1.2 - DoS 2009-05-30
16:23:15
ARP 1 Gi0/1 1.1.1.2 - ISOLATE_FAILED 2009-05-30
16:23:15
ARP 1 Gi0/1 - 0000.0000.0001 SCAN 2009-05-30
16:30:10
ARP - Gi0/2 - - PORT_ATTACKED 2009-05-30
16:30:10
Field Description
Protocol ARP, IP, ICMP, DHCP,DHCPv6, NS-NA, RS, RA-REDIRECT
Reason 1. DoS
2. ISOLATED
3. ISOLATE_FAILE
4. SCAN
5. PORT_ATTACKED
Related
Commands Command Description
clear nfpp log Clear the NFPP log buffer area.
Platform
Description
N/A
show nfpp nd-guard summary
Use this command to show the configurations.
show nfpp nd-guard summary
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command Reference NFPP Commands
Command
Mode
Privileged EXEC mode.
Usage Guide N/A
Configuration
Examples
Ruijie# show nfpp nd-guard summary
(Format of column Rate-limit and Attack-threshold is NS-NA/RS/RA-REDIRECT.)
Interface Status Rate-limit Attack-threshold
Global Enable 20/5/10 40/10/20
Gi 0/1 Enable 15/15/15 30/30/30
Gi 0/2 Disable -/5/30 -/10/50
Field Description
Interface(Global) Global configuration
Status Enable/Disable the anti-attack function.
Rate-limit In the format of the rate-limit threshold for the NS-NA/RS/RA-REDIRECT.
Attack-threshold In the same format as the rate-limit.
- No configuration.
Related
Commands Command Description
nd-guard attack-threshold Set the global attack threshold.
nd-guard enable Enable the ND anti-attack function.
nd-guard rate-limit Set the global rate-limit threshold.
nfpp nd-guard enable
Enable the ND anti-attack function on the
interface.
nfpp nd-guard policy Set the rate-limit threshold and attack threshold.
Platform
Description
N/A
Command Reference ACL Commands
ACL Commands
access-list
Use this command to create an access list rule to filter data packets. The no form of this command
deletes the specified access list entries.
1) Standard IP access list (1 to 99, 1300 to 1999)
access-list id { deny | permit } { source source-wildcard | host source | any | interface idx }
[time-range tm-range-name ] [ log ]
2) Extended IP access list (100 to 199, 2000 to 2699 )
access-list id { deny | permit } protocol {source source-wildcard | host source | any | interface idx }
{ destination destination-wildcard | host destination | any } [ precedence precedence] [ tos tos ]
[ fragment ] [ range lower upper ] [ time-range time-range-name] [ log ]
3) Extended MAC access list (700 to 799)
access-list id { deny | permit} {any | host source-mac-address } { any | host
destination-mac-address } [ ethernet-type ] [ cos [ out ] [ inner in ] ]
4) Extended expert access list (2700 to 2899)
access-list id { deny | permit } [ protocol | [ ethernet-type ] [ cos [ out ] [ inner in ] ] ] [ VID [ out ]
[ inner in ] ] { source source-wildcard | host source | any } { host source-mac-address | any }
{ destination destination-wildcard | host destination | any} { host destination-mac-address | any } ]
[ precedence precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]
When you select the Ethernet-type field or cos field:
access-list id { deny | permit } { ethernet-type | cos [ out ] [ inner in ] } [ VID [ out ] [ inner in ] ]
{ source source-wildcard | host source | any } { host source-mac-address | any } { destination
destination-wildcard | host destination | any } { host destination-mac-address | any } [ time-range
time-range-name ]
When you select the protocol field:
access-list id { deny | permit } protocol [ VID [out][inner in ] ] {source source-wildcard | host source |
any } { host source-mac-address | any } {destination destination-wildcard | host destination | any }
{ host destination-mac-address | any } [ precedence precedence ] [ tos tos ] [ fragment] [range
lower upper ] [ time-range time-range-name ]
Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
access-list id { deny | permit } icmp [ VID [ out ] [ inner in ] ] { source source-wildcard | host source
| any } { host source-mac-address | any } { destination destination-wildcard | host destination | any}
{host destination-mac-address | any} [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ]
[precedence precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
access-list id {deny | permit} tcp [VID [out][inner in]]{source source-wildcard | host Source | any}
{host source-mac-address | any } [operator port [port] ] {destination destination-wildcard | host
destination | any} {host destination-mac-address | any} [operator port [port] ] [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ match-all
Command Reference ACL Commands
tcp-flag | established ]
User Datagram Protocol (UDP)
access-list id {deny | permit} udp[VID [out][inner in]] {source source –wildcard | host source | any}
{host source-mac-address | any } [ operator port [port] ] {destination destination-wildcard | host
destination | any}{host destination-mac-address | any} [operator port [port] ] [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name]
5) List remark
access-list id list-remark text
Parameter
Description Parameter Description
id
Access list ID. The ranges available are 1 to 99, 100 to 199, 1300 to
1999, 2000 to 2699, 2700 to 2899, and 700 to 799.
deny If not matched, access is denied.
permit If matched, access is permitted.
source Specify the source IP address (host address or network address).
source-wildcard It can be discontinuous, for example, 0.255.0.32.
protocol
IP protocol number. It can be one of EIGRP, GRE, IPINIP, IGMP,
NOS, OSPF, ICMP, UDP, TCP, and IP. It can also be a number
representing the IP protocol between 0 and 255. The important
protocols such as ICMP, TCP, and UDP are described separately.
destination
Specify the destination IP address (host address or network
address).
destination-wildcard
Wildcard of the destination IP address. It can be discontinuous, for
example, 0.255.0.32.
fragment Packet fragment filtering
precedence Specify the packet priority.
precedence Packet precedence value (0 to 7)
range Layer4 port number range of the packet.
lower Lower limit of the layer4 port number.
upper Upper limit of the layer4 port number.
time-range Time range of packet filtering
time-range-name Time range name of packet filtering
tos Specify type of service.
tos ToS value (0 to 15)
icmp-type ICMP message type (0 to 255)
icmp-code ICMP message type code (0 to 255)
icmp-message ICMP message type name
operator Operator (lt-smaller, eq-equal, gt-greater, neq-unequal, range-range)
port [ port ]
Port number; range needs two port numbers, while other operators
only need one port number.
host source-mac-address Source physical address
host
destination-mac-address
Destination physical address
Command Reference ACL Commands
VID vid Match the specified VID.
ethernet-type Ethernet type
match-all Match all the bits of the TCP flag.
tcp-flag Match the TCP flag.
established Match the RST or ACK bits, not other bits of the TCP flag.
text Remark information
Defaults None
Command
Mode
Global configuration mode.
Usage Guide To filter the data by using the access control list, you must first define a series of rule statements by
using the access list. You can use ACLs of the appropriate types according to the security needs:
The standard IP ACL (1 to 99, 1300 to 1999) only controls the source IP addresses.
The extended IP ACL (100 to 199, 2000 to 2699) can enforce strict control over the source and
destination IP addresses.
The extended MAC ACL (700 to 799) can match against the source/destination MAC addresses and
Ethernet type.
The extended expert access list (2700 to 2899) is a combination of the above and can match and filter
the VLAN ID.
For the layer-3 routing protocols including the unicast routing protocol and multicast routing protocol,
the following parameters are not supported by the ACL: precedence precedence/tos
tos/fragments/range lower upper/time-range time-range-name
The TCP Flag includes part or all of the following:
urg
ack
psh
rst
syn
fin
The packet precedence is as below:
critical
flash
flash-override
immediate
internet
network
priority
routine
The service types are as below:
max-reliability
Command Reference ACL Commands
max-throughput
min-delay
min-monetary-cost
normal
The ICMP message types are as below:
administratively-prohibited
dod-host-prohibited
dod-net-prohibited
echo
echo-reply
fragment-time-exceeded
general-parameter-problem
host-isolated
host-precedence-unreachable
host-redirect
host-tos-redirect
host-tos-unreachable
host-unknown
host-unreachable
information-reply
information-request
mask-reply
mask-request
mobile-redirect
net-redirect
net-tos-redirect
net-tos-unreachable
net-unreachable
network-unknown
no-room-for-option
option-missing
packet-too-big
parameter-problem
port-unreachable
precedence-unreachable
protocol-unreachable
redirect
device-advertisement
device-solicitation
source-quench
source-route-failed
time-exceeded
timestamp-reply
Command Reference ACL Commands
timestamp-request
ttl-exceeded
unreachable
The TCP ports are as follows. A port can be specified by port name and port number:
bgp
chargen
cmd
daytime
discard
domain
echo
exec
finger
ftp
ftp-data
gopher
hostname
ident
irc
klogin
kshell
ldp
login
nntp
pim-auto-rp
pop2
pop3
smtp
sunrpc
syslog
tacacs
talk
telnet
time
uucp
whois
www
The UDP ports are as follows. A UDP port can be specified by port name and port number.
biff
bootpc
bootps
discard
Command Reference ACL Commands
dnsix
domain
echo
isakmp
mobile-ip
nameserver
netbios-dgm
netbios-ns
netbios-ss
ntp
pim-auto-rp
rip
snmp
snmptrap
sunrpc
syslog
tacacs
talk
tftp
time
who
xdmcp
The Ethernet types are as below:
aarp
appletalk
decnet-iv
diagnostic
etype-6000
etype-8042
lat
lavc-sca
mop-console
mop-dump
mumps
netbios
vines-echo
xns-idp
Configuration
Examples
1. Example of the standard IP ACL
The following basic IP ACL allows the packets whose source IP addresses are 192.168.1.64 -
192.168.1.127 to pass:
Ruijie (config)#access-list 1 permit 192.168.1.64 0.0.0.63
2. Example of the extended IP ACL
Command Reference ACL Commands
The following extended IP ACL allows the DNS messages and ICMP messages to pass:
Ruijie(config)#access-list 102 permit tcp any any eq domain log
Ruijie(config)#access-list 102 permit udp any any eq domain log
Ruijie(config)#access-list 102 permit icmp any any echo log
Ruijie(config)#access-list 102 permit icmp any any echo-reply
3. Example of the extended MAC ACL
This example shows how to deny the host with the MAC address 00d0f8000c0c to provide service
with the protocol type 100 on gigabit Ethernet port 1/1. The configuration procedure is as below:
Ruijie(config)#access-list 702 deny host 00d0f8000c0c any aarp
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# mac access-group 702 in
4. Example of the extended expert ACL
The following example shows how to create and display an extended expert ACL. This expert ACL
denies all the TCP packets with the source IP address 192.168.12.3 and the source MAC address
00d0.f800.0044.
Ruijie(config)#access-list 2702 deny tcp host 192.168.12.3 mac 00d0.f800.0044
any any
Ruijie(config)# access-list 2702 permit any any any any
Ruijie(config)# show access-lists
expert access-list extended 2702
10 deny tcp host 192.168.12.3 mac 00d0.f800.0044 any any
10 permit any any any any
Related
Commands Command Description
show access-lists Show all the ACLs.
mac access-group Apply the extended MAC ACL on the interface.
Platform
Description
N/A
deny
One or multiple deny conditions are used to determine whether to forward or discard the packet. In
ACL configuration mode, you can modify the existent ACL or configure according to the protocol
details.
Standard IP ACL
[sn] deny {source source-wildcard | host source | any| interface idx } [ time-range tm-range-name ]
[ log ]
Extended IP ACL
[sn] deny protocol source source-wildcard destination destination-wildcard [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ log ]
Extended IP ACLs of some important protocols:
Internet Control Message Prot (ICMP)
Command Reference ACL Commands
[sn] deny icmp {source source-wildcard | host source | any} {destination destination-wildcard |
host destination | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [precedence
precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination
destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
User Datagram Protocol (UDP)
[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination
destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
Extended MAC ACL
[sn] deny {any | host source-mac-address}{any | host destination-mac-address} [ethernet-type][cos
[out] [inner in]]
Extended expert ACL
[sn] deny[protocol | [ethernet-type][ cos [out] [inner in]]] [[VID [out][inner in]]] {source
source-wildcard | host source | any}{host source-mac-address | any } {destination
destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence
precedence] [tos tos][fragment] [range lower upper] [ time-range time-range-name ]
When you select the ethernet-type field or cos field:
[sn] deny {[ethernet-type}[cos [out] [inner in]]} [[VID [out][inner in]]] {source source-wildcard | host
source | any} {host source-mac-address | any } {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [time-range time-range-name]
When you select the protocol field:
[sn] deny protocol [[VID [out][inner in]]] {source source-wildcard | host source | any} {host
source-mac-address | any } {destinationdestination-wildcard | host destination | any} {host
destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]
[time-range time-range-name]
Extended expert ACLs of some important protocols
Internet Control Message Protocol (ICMP)
[sn] deny icmp [[VID [out][inner in]]] {source source-wildcard | host source | any} {host
source-mac-address | any} {destination destination-wildcard | host destination | any} {host
destination-mac-address | any} [icmp-type] [[icmp-type [icmp-code ]] | [icmp-message]] [precedence
precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
[sn] deny tcp [[VID [out][inner in]]]{source source-wildcard | host Source | any} {host
source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] deny udp [[VID [out][inner in]]]{source source –wildcard | host source | any} {host
source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination
| any}{host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name]
Command Reference ACL Commands
Address Resolution Protocol (ARP)
[sn] deny arp {vid vlan-id}[ source-mac-address source-wildcard |host source-mac-address | any]
[host destination –mac-address | any] {sender-ip sender-ip–wildcard | host sender-ip | any}
{sender-mac sender-mac-wildcard | host sender-mac | any} {target-ip target-ip–wildcard | host
target-ip | any}
5. Extended IPv6 ACL
[sn] deny protocol{source-ipv6-prefix/prefix-length | any | host source-ipv6-address }
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended ipv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn]deny icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] deny tcp {source-ipv6-prefix / prefix-length | hostsource-ipv6-address | any}[operator port[port]]
{destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any} [operator port [port]]
[dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range time-range-name]
[match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] deny udp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port
[port]] {destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any}[operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range
time-range-name]
Parameter
Description Parameter Description
sn ACL entry sequence number
source-ipv6-prefix Source IPv6 network address or network type
destination-ipv6-prefix Destination IPv6 network address or network type
prefix-length Prefix mask length
source-ipv6-address Source IPv6 address
destination-ipv6-address Destination IPv6 address
dscp Differential Service Code Point
dscp Code value, within the range of 0 to 63
flow-label Flow label
flow-label Flow label value, within the range of 0 to 1048575.
protocol
For the IPv6, the field can be ipv6 | icmp | tcp | udp and number in the
range 0 to 255
time-range Time range of the packet filtering
time-range-name Time range name of the packet filtering
Defaults No entry
Command Reference ACL Commands
Command
mode
ACL configuration mode.
Usage Guide Use this command to configure the filtering entry of ACLs in ACL configuration mode.
Configuration
Examples
The following example shows how to create and display an extended expert ACL. This expert ACL
denies all the TCP packets with the source IP address 192.168.4.12 and the source MAC address
001300498272.
Ruijie(config)#expert access-list extended 2702
Ruijie(config-exp-nacl)#deny tcp host
192.168.4.12 host 0013.0049.8272 any any
Ruijie(config-exp-nacl)#permit any any any any
Ruijie(config-exp-nacl)#show access-lists
expert access-list extended 2702
10 deny tcp host 192.168.4.12 host 0013.0049.8272 any any
20 permit any any any any
Ruijie(config-exp-nacl)#
This example shows how to use the extended IP ACL. The purpose is to deny the host with the IP
address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to Interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)# ip access-list extended ip-ext-acl
Ruijie(config-ext-nacl)# deny tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended ip-ext-acl
10 deny tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ip access-group ip-ext-acl in
Ruijie(config-if)#
This example shows how to use the extended MAC ACL. The purpose is to deny the host with the
MAC address 0013.0049.8272 to send Ethernet frames of the type 100 and apply the rule to Interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)#mac access-list extended mac1
Ruijie(config-mac-nacl)#deny host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)# show access-lists
mac access-list extended mac1
10 deny host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# mac access-group mac1 in
This example shows how to use the standard IP ACL. The purpose is to deny the host with the IP
address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure
is as below:
Command Reference ACL Commands
Ruijie(config)#ip access-list standard 34
Ruijie(config-ext-nacl)# deny host 192.168.4.12
Ruijie(config-ext-nacl)#show access-lists
ip access-list standard 34
10 deny host 192.168.4.12
Ruijie(config-ext-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ip access-group 34 in
This example shows how to use the extended IPV6 ACL. The purpose is to deny the host with the IP
address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure
is as below:
Ruijie(config)#ipv6 access-list extended v6-acl
Ruijie(config-ipv6-nacl)#11 deny ipv6 host 192.168.4.12 any
Ruijie(config-ipv6-nacl)#show access-lists
ipv6 access-list extended v6-acl
11 deny ipv6 host 192.168.4.12 any
Ruijie(config-ipv6-nacl)# exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ipv6 traffic-filter v6-acl in
Related
Commands Command Description
show access-lists Show all the ACLs.
ipv6 traffic-filter Apply the extended ipv6 ACL on the interface.
ip access-group Apply the IP ACL on the interface.
mac access-group Apply the extended MAC ACL on the interface.
ip access-list Define the IP ACL.
mac access-list Define the extended MAC ACL.
expert access-list Define the extended expert ACL.
ipv6 access-list Define the extended IPv6 ACL.
permit Permit the access.
Platform
Description
N/A
expert access-group
Use this command to apply the specified expert ACL on the specified interface. Use the no form of
the command to remove the application.
expert access-group {id| name } { in | out }
no expert access-group {id|name} {in|out}
Parameter Parameter Description
Command Reference ACL Commands
Description
id ID of the expert ACL (2700 to 2899)
name Name of the expert ACL
in Filter the inputting packets of the interface
out Filter the outputting packets of the interface
Defaults No Expert ACL is applied on the interface.
Command
mode
Interface configuration mode.
Usage Guide This command is used to apply the specified ACL on the interface to control the input and output data
streams on the interface. Use the show access-group command to view the setting.
Configuration
Examples
The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit
interface 0/1:
Ruijie(config)# interface GigaEthernet 0/1
Ruijie(config-if)# expert access-group
accept_00d0f8xxxxxx_only in
Related
Commands Command Description
show access-group Show the ACL configuration.
Platform
Description
The expert ACL is not supported by routers.
expert access-list
Use this command to create an extended expert ACL. Use the no form of the command to remove
the ACL.
expert access-list extended {id | name}
no expert access-list extended {id | name}
Parameter
Description Parameter Description
id ID of the extended expert ACL (2700 to 2899)
name Name of the extended expert ACL
Defaults No Expert ACL
Command
mode
Global configuration mode.
Command Reference ACL Commands
Usage Guide Use show access-lists to display the ACL configurations.
Configuration
Examples
Create an extended expert ACL:
Ruijie(config)# expert access-list extended exp-acl
Ruijie(config-exp-nacl)# show access-lists expert access-list extended
exp-acl
Ruijie(config-exp-nacl)#
Create an extended expert ACL:
Ruijie(config)# expert access-list extended 2704
Ruijie(config-exp-nacl)# show access-lists access-list extended 2704
Ruijie(config-exp-nacl)#
Related
Commands Command Description
show access-lists Show the extended expert ACLs
Platform
Description
The expert ACL is not supported by routers.
ip access-group
Use this command to apply a specific ACL to an interface. The no form of this command cancels the
application.
ip access-group {id | name} {in | out} [unreflect | reflect]
no ip access-group { id | name} {in | out}
Parameter
Description Parameter Description
id ID of the IP ACL (1 to 199, 1300 to 2699)
name Name of the IP ACL
in Filter the incoming packets of the interface.
out Filter the outgoing packets of the interface.
unreflect
Disable the Reflexive-ACL. (Working principle of the reflexive ACL: a.
A router generates a temporary access list automatically based on
layer-3 and layer-4 information of original traffic of the intranet. The
temporary access list is created based on the following rules:
Protocol unchanged, source-IP and destination-IP are strictly
exchanged with each other, and source-port and destination-port are
strictly exchanged with each other. b. Only when the layer-3 and
layer-4 information of the returned flow strictly matches with the
previous layer-3 and layer-4 information of the temporary access list
created based on outbound traffic, the router will permit the flow to
enter the intranet.)
Command Reference ACL Commands
reflect Enable the Reflexive-ACL.
Defaults No ACL is applied on the interface.
Command
mode
Interface configuration mode.
Usage Guide Use the ip access-group command to apply the specified ACL to the interface, when the firewall is
enabled.
Configuration
Examples
The following example applies the ACL 120 on the fastEthernet0/0 to filter the incoming packets:
Ruijie(config)# interface fastEthernet 0/0
Ruijie(config-if)# ip access-group 120 in
Related
Commands Command Description
access-list Define the ACL.
show access-lists Show all the ACLs.
Platform
Description
N/A
ip access-list
Use this command to create a standard IP ACL or extended IP ACL. Use the no form of the
command to remove the ACL.
ip access-list {extended | standard} {id | name}
no ip access-list {extended | standard} {id | name}
Parameter
Description Parameter Description
id
ID of the ACL 1 to 99 and 1300 to 1999 for standard ACL) or 100 to
199 and 2000 to 2699 for extended ACL
name Name of the ACL
Defaults None
Command
mode
Global configuration mode.
Usage Guide There are differences between a standard ACL and an extended ACL. The extended ACL is more
precise. Refer to deny or permit in the two modes. Use show access-lists to display the ACL
configurations.
Command Reference ACL Commands
Configuration
Examples
Create a standard ACL:
Ruijie(config)# ip access-list extended 123
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 123
Ruijie(config-ext-nacl)#
Create an extended ACL:
Ruijie(config)# ip access-list standard std-acl
Ruijie(config-std-nacl)# show access-lists
ip access-list standard std-acl
Ruijieconfig-std-nacl)#
Related
Commands Command Description
show access-lists Show the ACLs.
Platform
Description
N/A
ip access-list resequence
Use this command to rearrange entries of an IP ACL and enter the configuration mode. Use the no
form of this command to restore the default setting.
ip access-list resequence {id | name} start-sn inc-sn
no ip access-list resequence {id | name}
Parameter
Description Parameter Description
id It indicates the number of the ACL.
name It indicates the name of the ACL.
start-sn
It indicates the start value of the sequence number, from 1 to
2147483647.
inc-sn
It indicates the increment of the sequence number, from 1 to
2147483647.
Defaults start-sn: 10
inc-sn: 10
Command
mode
Global configuration mode
Usage Guide Use the show access-lists command to view the configuration of this command.
Configuration
Examples
The following example rearranges the ACL entries:
Ruijie# show access-lists
Command Reference ACL Commands
ip access-list standard 1
10 permit host 192.168.4.12
20 deny any any
Ruijie# config
Ruijie(config)# ip access-list resequence 1 21 43
Ruijie(config)# exit
Ruijie# show access-lists
ip access-list standard 1
21 permit host 192.168.4.12
64 deny any any
Related
Commands Command Description
show access-lists It is used to view the ACL.
Platform
Description
N/A
list-remark text
Use this command to add remarks for the specified ACL. The no form deletes the remarks.
list-remark text
Parameter
Description Parameter Description
text Remark information
Defaults N/A
Command
mode
ACL configuration mode
Usage Guide Add remarks for the specified ACL.
Note: The remarks include 100 characters at most and two same remarks are not allowed in one
ACL.
When an ACE is deleted, the remarks between this ACE and the preceding one are deleted.
Configuration
Examples
Ruijie# ip access-list extended 102
Ruijie(config-ext-nacl)# list-remark this acl is to filter the host
192.168.4.12
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 102
deny ip host 192.168.4.12 any
1000 hits
Command Reference ACL Commands
this acl is to filter the host 192.168.4.12
Ruijie(config-ext-nacl)#
Related
Commands Command Description
show access-lists Show the ACLs.
ip access-list Define the IP ACL.
Platform
Description
N/A
mac access-group
Use this command to apply the specified MAC ACL on the specified interface. Use the no form of the
command to remove the application.
mac access-group {id | name}{in | out}
no mac access-group {id | name} {in | out}
Parameter
Description Parameter Description
id ID of the MAC ACL (700 to 799)
name Name of the MAC ACL
in Filter the incoming packets of the interface
out Filter the outgoing packets of the interface
Defaults No ACL is applied on the interface.
Command
mode
Interface configuration mode.
Usage Guide You can use the show running-config command to show the configuration result.
Configuration
Examples
The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit
interface 1:
Ruijie(config)#interface GigaEthernet 1/1
Ruijie(config-if)#mac access-group
accept__00d0f8xxxxxx_only in
Related
Commands Command Description
show access-group Show the ACL configuration.
Platform The mac ACL is not supported by routers.
Command Reference ACL Commands
Description
mac access-list
Use this command to create an extended MAC ACL. Use the no form of the command to remove the
ACL.
mac access-list extended {id | name}
no mac access-list extended {id | name}
Parameter
Description Parameter Description
id ID of the extended MAC ACL (700 to 799)
name Name of the extended MAC ACL
Defaults N/A
Command
mode
Global configuration mode.
Usage Guide Use the show access-lists command to display the ACL configurations.
Configuration
Examples
Create an extended MAC ACL:
Ruijie(config)# mac access-list extended mac-acl
Ruijie(config-mac-nacl)# show access-lists mac access-list extended mac-acl
Create an extended ACL:
Ruijie(config)# mac access-list extended 704
Ruijie(config-mac-nacl)# show access-lists mac access-list extended 704
Related
Commands Command Description
show access-lists Show the ACLs
Platform
Description
The mac ACL is not supported by routers.
no sn
Use this command to delete an entry of the ACL.
no sn
Parameter
Description Parameter Description
Command Reference ACL Commands
sn Sequence number of the ACL entry
Defaults N/A
Command
mode
ACL configuration mode.
Usage Guide Use this command to delete an ACL entry in ACL configuration mode.
Configuration
Examples
Ruijie(config)# ipv6 access-list extended v6-acl
Ruijie(config-ipv6-nacl)# permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)#12 deny ipv6 host any any
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
10 permit ipv6 host ::192.168.4.12 any
12 deny ipv6 any any
Ruijie(config-ipv6-nacl)# no 12
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
10 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)#
Related
Commands Command Description
show access-lists Show all the ACLs.
ip access-list Define the IP ACL.
ipv6 access-list Define the extended IPV6 ACL.
deny Define the deny rule.
permit Define the permit rule.
Platform
Description
N/A
permit
One or multiple permit conditions are used to determine whether to forward or discard the packet. In
ACL configuration mode, you can modify the existent ACL or configure according to the protocol
details.
Standard IP ACL
[ sn ] permit {source source-wildcard | host source | any | interface idx } [ time-range
tm-range-name] [ log ]
Extended IP ACL
[ sn ] permit protocol source source-wildcard destination destination-wildcard [ precedence
precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ log ]
Command Reference ACL Commands
Extended IP ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[ sn ] permit icmp {source source-wildcard | host source | any } { destination destination-wildcard |
host destination | any } [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [ precedence
precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]
Transmission Control Protocol (TCP)
[ sn ] permit tcp { source source-wildcard | host source | any } [ operator port [ port ] ] { destination
destination-wildcard | host destination | any } [ operator port [ port ] ] [ precedence precedence ]
[ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ match-all tcp-flag |
established ]
User Datagram Protocol (UDP)
[sn] permit udp {source source -wildcard|host source |any} [ operator port [port]] {destination
destination-wildcard |host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
Extended MAC ACL
[sn] permit {any | host source-mac-address} {any | host destination-mac-address}
[ethernet-type][ cos [out] [inner in]]
Extended expert ACL
[sn] permit [protocol | [ethernet-type][ cos [out] [inner in]]] [VID [out][inner in]] {source
source-wildcard | host source | any} {host source-mac-address | any } {destination
destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence
precedence] [tos tos][fragment] [range lower upper] [time-range time-range-name]
When you select the Ethernet-type field or cos field:
[sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host
source | any} {host source-mac-address | any } {destination destination-wildcard | host destination
| any} {host destination-mac-address | any} [time-range time-range-name]
When you select the protocol field:
[sn] permit protocol [VID [out][inner in]] {source source-wildcard | host Source | any} {host
source-mac-address | any } {destination destination-wildcard | host destination | any} {host
destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]
[time-range time-range-name]
Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn] permit icmp [VID [out][inner in]] {source source-wildcard | host source | any} {host
source-mac-address | any } {destination destination-wildcard | host destination | any} {host
destination-mac-address | any}[ icmp-type ] [[icmp-type [icmp-code ]] | [ icmp-message ]]
[precedence precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
[sn] permit tcp [VID [out][inner in]]{source source-wildcard | host Source | any} {host
source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] permit udp [VID [out][inner in]]{source source –wildcard | host source | any} {host
Command Reference ACL Commands
source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination
| any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name]
Address Resolution Protocol (ARP)
[sn] permit arp {vid vlan-id} [host source-mac-address | any] [host destination –mac-address | any]
{sender-ip sender-ip–wildcard | host sender-ip | any} {sender-mac sender-mac-wildcard | host
sender-mac | any} {target-ip target-ip–wildcard | host target-ip | any}
6) Extended IPv6 ACL
[sn] permit protocol {source-ipv6-prefix / prefix-length | any | host source-ipv6-address}
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended IPv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn] permit icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label][fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] permit tcp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range
time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] permit udp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range
time-range-name]
Parameter
Description Parameter Description
N/A N/A
Defaults None
Command
mode
ACL configuration mode.
Usage Guide Use this command to configure the permit conditions for the ACL in ACL configuration mode.
Configuration
Examples
The following example shows how to create and display an Expert Extended ACL. This expert ACL
permits all the TCP packets with the source IP address 192.168.4.12 and the source MAC address
001300498272.
Ruijie(config)#expert access-list extended exp-acl
Ruijie(config-exp-nacl)#permit tcp host 192.168.4.12 host 0013.0049.8272
Command Reference ACL Commands
any any
Ruijie(config-exp-nacl)#deny any any any any
Ruijie(config-exp-nacl)#show access-lists
expert access-list extended exp-acl
10 permit tcp host 192.168.4.12 host 0013.0049.8272 any any
20 deny any any any any
Ruijie(config-exp-nacl)#
This example shows how to use the extended IP ACL. The purpose is to permit the host with the IP
address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)# ip access-list extended 102
Ruijie(config-ext-nacl)# permit tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 102
10 permit tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ip access-group 102 in
Ruijie(config-if)#
This example shows how to use the extended MAC ACL. The purpose is to permit the host with the
MAC address 0013.0049.8272 to send Ethernet frames through the type 100 and apply the ACL to
interface gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)#mac access-list extended 702
Ruijie(config-mac-nacl)#permit host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)#show access-lists
mac access-list extended 702
10 permit host 0013.0049.8272 any aarp 702
Ruijie(config-mac-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#mac access-group 702 in
This example shows how to use the standard IP ACL. The purpose is to permit the host with the IP
address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration
procedure is as below:
Ruijie(config)#ip access-list standard std-acl
Ruijie(config-std-nacl)#permit host 192.168.4.12
Ruijie(config-std-nacl)#show access-lists
ip access-list standard std-acl
10 permit host 192.168.4.12
Ruijie(config-std-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ip access-group std-acl in
This example shows how to use the extended IPV6 ACL. The purpose is to permit the host with the IP
address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration
procedure is as below:
Command Reference ACL Commands
Ruijie(config)#ipv6 access-list extended v6-acl
Ruijie(config-ipv6-nacl)#11 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
11 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)# exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ipv6 traffic-filter v6-acl in
Related
Commands Command Description
show access-lists Show all the ACLs.
ipv6 traffic-filter Apply the extended ipv6 ACL on the interface.
ip access-group Apply the IP ACL on the interface.
mac access-group Apply the extended MAC ACL on the interface.
ip access-list Define the IP ACL.
mac access-list Define the extended MAC ACL.
expert access-list Define the extended expert ACL.
ipv6 access-list Define the extended IPv6 ACL.
deny Deny the access.
Platform
Description
N/A
security access-group
Use this command to configure the secure interface channel.
security access-group {id|name}
no security access-group
Parameter
Description Parameter Description
id It indicates the ID of the ACL.
name It indicates the name of the ACL.
Defaults N/A
Command
mode
Interface configuration mode
Usage Guide This command is used to configure the secure interface channel.
Configuration Ruijie(config-if)#security access-group 1
Command Reference ACL Commands
Examples
Related
Commands Command Description
show running It shows the current configuration information.
Platform
Description
This command is not supported by routers.
security global access-group
Use this command to configure the global security channel.
security global access-group { id | name }
no security global access-group
Parameter
Description Parameter Description
id ACL ID
name ACL name
Defaults N/A
Command
mode
Global configuration mode
Usage Guide Use this command to configure the global security channel.
Configuration
Examples Ruijie# security global access-group 1
Related
Commands Command Description
show running Show configuration of current system.
Platform
Description
This command is not supported by routers.
security uplink enable
Use this command to configure the uplink port of the security channel on the interface.
security uplink enable
no security uplink enable
Command Reference ACL Commands
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Interface configuration mode.
Usage Guide Use this command to configure the uplink port of the security channel on the interface.
Configuration
Examples Ruijie(config-if)#security uplink enable
Related
Commands Command Description
show running Show configuration of current system.
Platform
Description
This command is not supported by routers.
show access-group
Use this command to show the ACL configured on the interface.
show access-group [ interface interface ]
Parameter
Description Parameter Description
interface Interface ID
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Show the ACL configured of the interface. If no interface is specified, the associated ACLs of all the
interfaces will be shown.
Configuration
Examples
Ruijie# show access-group
ip access-list standard ipstd3
Applied On interface GigabitEthernet 0/1.
ip access-list standard ipstd4
Applied On interface GigabitEthernet 0/2.
ip access-list extended 101
Command Reference ACL Commands
Applied On interface GigabitEthernet 0/3.
ip access-list extended 102
Applied On interface GigabitEthernet 0/8.
Related
Commands Command Description
ip access-group Apply the IP ACL to the interface.
mac access-group Apply the mac ACL to the interface.
expert access-group Apply the expert ACL to the interface.
ipv6 traffic-filter Apply the IPv6 ACL to the interface.
Platform
Description
N/A
show access-lists
Use this command to show all ACLs or the specified ACL.
show access-lists [ id | name ]
Parameter
Description Parameter Description
id ID of the IP ACL
name Name of the IP ACL
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Use this command to show the specified ACL. If no ID or name is specified, all the ACLs will be shown.
Configuration
Examples
Ruijie# show access-lists n_acl
ip access-list standard n_acl
Ruijie# show access-lists 102
ip access-list extended 102
Ruijie# show access-lists
ip access-list standard n_acl
ip access-list extended 101
permit icmp host 192.168.1.1 any log (1080 matches)
permit tcp host 1.1.1.1 any established
deny ip any any (80021 matches)
mac access-list extended mac-acl
expert access-list extended exp-acl
ipv6 access-list extended v6-acl
Command Reference ACL Commands
petmit ipv6 ::192.168.4.12 any (100 matches)
deny any any (9 matches)
Related
Commands Command Description
ip access-list Define the IP ACL.
mac access-list Define the extended MAC ACL.
expert access-list Define the extended expert ACL.
ipv6 access-list Define the extended IPv6 ACL.
Platform
Description
N/A
show expert access-group
Use this command to show the configured expert ACL of the interface.
show expert access-group [ interface interface ]
Parameter
Description Parameter Description
interface Interface ID
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Show the expert ACL configured on the interface. If no interface is specified, the associated expert
ACLs of all the interfaces will be shown.
Configuration
Examples
Ruijie# show expert access-group interface gigabitethernet 0/2
expert access-group ee in
Applied On interface GigabitEthernet 0/2.
Related
Commands Command Description
expert access-list Define the extended expert ACL.
Platform
Description
N/A
Command Reference ACL Commands
show ip access-group
Use this command to show the configured expert ACL of the interface.
show ip access-group[ interface interface ]
Parameter
Description Parameter Description
interface Interface ID
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Show the IP ACL configured of the interface. If no interface is specified, the associated IP ACLs of all
the interfaces will be shown.
Configuration
Examples
Ruijie# show ip access-group interface gigabitethernet 0/1
ip access-group aaa in
Applied On interface GigabitEthernet 0/1.
Related
Commands Command Description
ip access-list Define the IP ACL.
Platform
Description
N/A
show mac access-group
Use this command to show the configured MAC ACL of the interface.
show mac access-group[ interface interface ]
Parameter
Description Parameter Description
interface Interface ID
Defaults N/A
Command
mode
Privileged EXEC mode
Usage Guide Show the MAC ACL associated with the interface. If no interface is specified, the associated MAC
Command Reference ACL Commands
ACLs of all associated interfaces will be shown.
Configuration
Examples
Ruijie# show mac access-group interface gigabitethernet 0/3
mac access-group mm in
Applied On interface GigabitEthernet 0/3.
Related
Commands Command Description
mac access-list Define the extended MAC ACL.
Platform
Description
N/A
Command Reference File System Commands
File System Commands
cd
Use this command to set the present directory for the file system.
cd [ filesystem: ] [ directory ]
Parameter Description
filesystem: Specified file system. This parameter must be carried with “:”.
Parameter
Description
directory Specified directory
Defaults The default directory is the flash root directory.
Command
Mode
Privileged EXEC mode.
Usage Guide Change the above parameter to the directory you want to enter. Use the pwd command to view the
present directory.
Configuration
Examples
Example 1: The following example sets usb0 root directory as the present directory:
Ruijie# cd usb0:/Example 1: The following example sets sd root directory as the present directory:
Ruijie# cd sd0:/
Command Description Related
Commands pwd Show the present word directory.
Platform
Description
N/A.
copy
Use this command to copy a file from the specified source directory to the specified destination
directory.
copy source-url destination-url
Parameter Description
source-url Source file URL, which can be local or remote.
Parameter
Description
destination-url Destination file URL, which can be local or remote.
Defaults N/A.
Command Reference File System Commands
Command
Mode
Privileged EXEC mode.
Usage Guide This command is used to copy the files among various storage media in the local and to transmit the
files between the network servers:
The following table lists the URL prefix for the specified file system:
Prefix Description
flash:
Flash storage media. This prefix can be used in all devices. The default is
flash if the prefix is not used for the URL. In general, the bootstrap main
program is stored in the flash.
tftp: TFTP network server
xmodem: Use the xmodem protocol to transmit the file to the network device.
slave: Flash on the slave board from the chassis device.
usb0: The first USB device.
usb1: The second USB device.
sd0: The first SD card.
sw1-m1-disk0: Flash memory of the management board in the M1 slot of the chassis with
switch id 1, in VSU mode.
sw1-m2-disk0: Flash memory of the management board in the M2 slot of the chassis with
switch id 1, in VSU mode.
sw2-m1-disk0: Flash memory of the management board in the M1 slot of the chassis with
switch id 2, in VSU mode.
sw2-m2-disk0: Flash memory of the management board in the M1 slot of the chassis with
switch id 2, in VSU mode.
This command does not support the wildcard.
Without the specified URL prefix configured, the current file system is used by default.
Configuration
Examples
Example 1: Download the file from the TFTP server:
Ruijie# copy tftp://192.168.201.54/rgos.bin flash:/
Example 2: Upload the file to the TFTP server:
Ruijie# copy flash:/rgos.bin tftp://192.168.201.54/rgos.bin
Example 3: Use the xmodem to download the file:
Ruijie# copy xmodem: flash:/config.text
Example 4: Copy the file to the U disk:
Ruijie#copy flash:/config.text usb0:/config.text
Example 5: Copy the file to the slave management board:
Ruijie#copy flash:/config.text slave:/config.text
Command Reference File System Commands
Example 6: Copy the file from the flash to the SD card:
Ruijie#copy flash:/rgos.bin sd0:/rgos.bin
Example 7: Copy the file from the U disk to the SD card:
Ruijie#copy usb0:/config.text sd0:/config.text
Example 8: Copy the file from the SD card to the U disk:
Ruijie#copy sd0:/config.text usb0:/config.text
Command Description
delete Delete the file.
rename Rename the file.
Related
Commands
dir Show the file list of the specified directory.
Platform
Description
N/A.
mkdir
Use this command to create a directory.
mkdir directory
Parameter Description Parameter
Description directory Name of the directory to be created.
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide Simply enter the name of the directory you want to create (including the path).
If the created file has been existed, the creation will fail. If the upper-level for the
directory to be created is inexistent, it fails to create the specified directory. For example,
if the directory of flash:/backup is inexistent, the creation of the directory of
flash:/backup/temp will fail. The solution is that the directory of flash:/backup shall be
created before the creation of the directory of flash:/backup/temp.
Configuration
Examples
Example 1: Create the test directory at the root directory:
Ruijie# mkdir test
Example 2: Create the test2 directory at the root directory of the SD card:
Ruijie# mkdir sd0:/test2
Command Reference File System Commands
Command Description
rmdir Delete the directory.
pwd Show the present directory.
Related
Commands
Platform
Description
N/A.
pwd
Use this command to show the working path.
pwd
Parameter Description Parameter
Description N/A. N/A.
Defaults N/A.
Usage Guide This command shows the present working path
Configuration
Examples
The following example shows the present working path.
Ruijie# pwd
Flash:/
Command Description Related
Commands cd Change the file system in the present directory.
Platform
Description
N/A.
rmdir
Use this command to delete an empty directory.
rmdir directory
Parameter Description Parameter
Description directory Name of the directory to be deleted, which must be empty
Defaults N/A.
Command
Mode
Privileged EXEC mode.
Usage Guide This command does not support the wildcards, and the directory to be deleted must be empty.
Command Reference File System Commands
Configuration
Examples
If there is tmp directory in the current directory and the directory does not contain any files:
Ruijie# rmdir tmp
Ruijie# ls
Command Description Related
Commands mkdir Create a directory
Platform
Description
N/A
Command Reference CPU-LOG Commands
CPU-LOG Commands
cpu-log
Use this command to manually configure the low and high threshold of triggering the cpu utilization
log.
cpu-log log-limit low_num high_num
Parameter
Description Parameter Description
log-limit The command descriptor prompting the limit range.
low_num Sets the low threshold of triggering the cpu utilization log.
high_num Sets the high threshold of triggering the cpu utilization log.
Defaults By default, the high and low threshold of triggering the cpu utilization log are 100% and 90%.
Command
Mode
Global configuration mode.
Usage Guide Use this command to manually configure the low and high threshold of triggering the cpu utilization
log. When the CPU utilization exceeds the high threshold, the system prompts the log message for
one time. When the CPU utilization is less than the low threshold, the system prompts the log
message and advertises that the current CPU utilization has been decreased. This message is sent
only when the CPU high and low threshold switches over.
Configuration
Examples
#Show how to set the low and high threshold of triggering the cpu utilization log to 70% and 80%
respectively.
Ruijie(config)# cpu-log log-limit 70 80
#The console prompts the following message when the CPU utilization is higher 80%:
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU utilization in one minute: 95%,
Using most cpu's task is ktimer : 94%
#The console prompts the following message when the CPU utilization is less than 70%:
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU
utilization in one minute :68%,Using most cpu's task
is ktimer : 60%
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: The CPU
using rate has down!
Related
Commands Command Description
N/A N/A
Command Reference CPU-LOG Commands
Platform
Description
N/A
show cpu
Use this command to show the CPU utilization information.
show cpu
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged EXEC mode.
Usage Guide Use this command to show the system CPU utilization information in five seconds, one minute and
five minutes, and the CPU utilization of every task in five seconds, one minute and five minutes.
Configuration
Examples
Ruijie# show cpu
=======================================
CPU Using Rate Information
CPU utilization in five seconds: 25%
CPU utilization in one minute : 20%
CPU utilization in five minutes: 10%
NO 5Sec 1Min 5Min Process
0 0% 0% 0% LISR INT
1 7% 2% 1% HISR INT
2 0% 0% 0% ktimer
3 0% 0% 0% atimer
4 0% 0% 0% printk_task
5 0% 0% 0% waitqueue_process
6 0% 0% 0% tasklet_task
7 0% 0% 0% kevents
8 0% 0% 0% snmpd
9 0% 0% 0% snmp_trapd
10 0% 0% 0% mtdblock
11 0% 0% 0% gc_task
12 0% 0% 0% Context
13 0% 0% 0% kswapd
14 0% 0% 0% bdflush
15 0% 0% 0% kupdate
Command Reference CPU-LOG Commands
16 0% 3% 1% ll_mt
17 0% 0% 0% ll main process
18 0% 0% 0% bridge_relay
19 0% 0% 0% d1x_task
20 0% 0% 0% secu_policy_task
21 0% 0% 0% dhcpa_task
22 0% 0% 0% dhcpsnp_task
23 0% 0% 0% igmp_snp
24 0% 0% 0% mstp_event
25 0% 0% 0% GVRP_EVENT
26 0% 0% 0% rldp_task
27 0% 2% 1% rerp_task
28 0% 0% 0% reup_event_handler
29 0% 0% 0% tpp_task
30 0% 0% 0% ip6timer
31 0% 0% 0% rtadvd
32 0% 0% 0% tnet6
33 2% 0% 0% tnet
34 0% 0% 0% Tarptime
35 0% 0% 0% gra_arp
36 0% 0% 0% Ttcptimer
37 8% 1% 0% ef_res
38 0% 0% 0% ef_rcv_msg
39 0% 0% 0% ef_inconsistent_daemon
40 0% 0% 0% ip6_tunnel_rcv_pkt
41 0% 0% 0% res6t
42 0% 0% 0% tunrt6
43 0% 0% 0% ef6_rcv_msg
44 0% 0% 0% ef6_inconsistent_daemon
45 0% 0% 0% imid
46 0% 0% 0% nsmd
47 0% 0% 0% ripd
48 0% 0% 0% ripngd
49 0% 0% 0% ospfd
50 0% 0% 0% ospf6d
51 0% 0% 0% bgpd
52 0% 0% 0% pimd
53 0% 0% 0% pim6d
54 0% 0% 0% pdmd
55 0% 0% 0% dvmrpd
56 0% 0% 0% vty_connect
57 0% 0% 0% aaa_task
58 0% 0% 0% Tlogtrap
59 0% 0% 0% dhcp6c
Command Reference CPU-LOG Commands
60 0% 0% 0% sntp_recv_task
61 0% 0% 0% ntp_task
62 0% 0% 0% sla_deamon
63 0% 3% 1% track_daemon
64 0% 0% 0% pbr_guard
65 0% 0% 0% vrrpd
66 0% 0% 0% psnpd
67 0% 0% 0% igsnpd
68 0% 0% 0% coa_recv
69 0% 0% 0% co_oper
70 0% 0% 0% co_mac
71 0% 0% 0% radius_task
72 0% 0% 0% tac+_acct_task
73 0% 0% 0% tac+_task
74 0% 0% 0% dhcpd_task
75 0% 0% 0% dhcps_task
76 0% 0% 0% dhcpping_task
77 0% 0% 0% dhcpc_task
78 0% 0% 0% uart_debug_file_task
79 0% 0% 0% ssp_init_task
80 0% 0% 0% rl_listen
81 0% 0% 0% ikl_msg_operate_thread
82 0% 0% 0% bcmDPC
83 0% 0% 0% bcmL2X.0
84 3% 3% 3% bcmL2X.0
85 0% 0% 0% bcmCNTR.0
86 0% 0% 0% bcmTX
87 0% 0% 0% bcmXGS3AsyncTX
88 0% 2% 1% bcmLINK.0
89 0% 0% 0% bcmRX
90 0% 0% 0% mngpkt_rcv_thread
91 0% 0% 0% mngpkt_recycle_thread
92 0% 0% 0% stack_task
93 0% 0% 0% stack_disc_task
94 0% 0% 0% redun_sync_task
95 0% 0% 0% conf_dispatch_task
96 0% 0% 0% devprob_task
97 0% 0% 0% rdp_snd_thread
98 0% 0% 0% rdp_rcv_thread
99 0% 0% 0% rdp_slot_change_thread
100 4% 2% 1% datapkt_rcv_thread
101 0% 0% 0% keepalive_link_notify
102 0% 0% 0% rerp_msg_recv_thread
103 0% 0% 0% ip_scan_guard_task
Command Reference CPU-LOG Commands
104 0% 0% 0% ssp_ipmc_hit_task
105 0% 0% 0% ssp_ipmc_trap_task
106 0% 0% 0% hw_err_snd_task
107 0% 0% 0% rerp_packet_send_task
108 0% 0% 0% idle_vlan_proc_thread
109 0% 0% 0% cmic_pause_detect
110 1% 1% 1% stat_get_and_send
111 0% 1% 0% rl_con
112 75% 80% 90% idle
In the list above, the first three lines indicate the system CPU utilization in five seconds, one minute
and five minutes, including LISR, HISR and tasks. Then, it describes the detailed CPU utilization
distribution:
No: Serial number
5Sec: CPU utilization of the tasks in five seconds.
1Min: CPU utilization of the tasks in one minute.
5Min: CPU utilization of the tasks in five minutes.
The first two lines in the list above indicate the CPU utilization of all LISRs and HISRs. From the third
line, it begins to indicate the CPU utilization of the tasks. The last line indicates the CPU utilization of
the idle task, which is the same as the “System Idle Process” in the Windows. In the example above,
CPU utilization of idle task within five seconds is 75%, indicating that 75% CPU is idle.
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Memory Commands
Memory Commands
show memory
Use this command to show the current memory usage information.
show memory
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
mode
Privileged EXEC mode.
Usage Guide Use this command to view the current system memory state and usage information, including the
system physical memory amount, the number of free pages in the current system, the free memory
statistics.
Configuration
Examples
This example shows the running result of the command show memory.
Ruijie#show memory
System Memory Statistic:
Free pages: 1079
watermarks : min 379, lower 758, low 1137, high 1516
System Total Memory : 128MB, Current Free Memory : 5283KB
Used Rate : 96%
The above information includes the following parts:
Free pages: the memory size of one free page is about 4k;
Watermarks(see the following table)
Watermarks Description
min
The memory resources are extremely insufficient. It can only
keep the kernel running. All application modules fails to run if
the minimum watermark has been reached.
lower
The memory resources are severely insufficient. One routing
protocol will auto-exit and release the memory if the lower
watermark has been reached. For the details, see the
memory-lack exit-policy command.
Command Reference Memory Commands
low
The memory resources are insufficient. The routing protocol
will be in OVERFLOW state if the low watermark has been
reached. In the overflow state, the routers do not learn new
routes any more. The commands are not allowed to be
executed when the memory lacks.
high The memory resources are sufficient. Each routing protocol
attempts to restore the state from OVERFLOW to normal.
The overall system memory, the current available memory and memory used rate.
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
Command Reference Syslog Commands
Syslog Commands
clear logging
Use this command to clear the logs from the buffer in privileged user mode.
clear logging
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode Privileged user mode
Usage Guide This command clears the log packets from the memory buffer. You cannot clear the statistics of the
log packets.
Configuration
Examples
The following example clears the log packets from the memory buffer.
Ruijie# clear logging
Related
Commands Command Description
logging on Turns on the log switch.
show logging Shows the logs in the buffer.
logging buffered Records the logs in the memory buffer.
Platform
Description
N/A
more flash
Use this command to show the contents of the logs stored in the extended FLASH in privileged user
mode.
more flash: filename
Parameter
Description Parameter Description
filename Log file name.
Command Reference Syslog Commands
Defaults N/A
Command
Mode Privileged user mode
Usage Guide In the extended FLASH, the log file indicates the files with the prefix “//f2/”, “//f3/’. This command only
allows you to view the log files. You cannot use this command to view other non-log files.
Configuration
Examples
The following example shows the results of the log files in the extended FLASH:
Ruijie# more flash://f2/log.txt
look up file in the extended flash://f2/log.txt
00004 2004-11-17 4:1:32 Ruijie: %5:Reload requested by Administrator. Reload
Reason :Reload command
Related
Commands Command Description
logging file flash Records the logs to the extended FLASH.
Platform
Description
N/A
logging buffered
Use this command to set the memory buffer parameters (log severity, buffer size) for logs at global
configuration layer. Use the no form of the command to disable recording logs in the memory buffer.
Use the default form of this command to restore the memory buffer size to the default value.
logging buffered [buffer-size | level]
no logging buffered
default logging buffered
Parameter
Description Parameter Description
bufferN/Asize
Size of the buffer is related to the specific device type:
1. For the kernel / aggregation switches, 4 K to 10 M bytes.
2. For the access switches, 4 K to 1 M.
3. For other devices, 4 K to 128 K Bytes.
level
Severity of logs, from 0 to 7. The name of the severity or the numeral
can be used.
Defaults The buffer size is related to the specific device type.
1. kernel switches: 1 M Bytes;
2. aggregation switches: 256 K Bytes;
Command Reference Syslog Commands
3. access switches: 128 K Bytes;
4. other devices: 4 K Bytes
The log severity is 7.
Command
Mode Global configuration mode
Usage Guide The memory buffer for log is used in recycled manner. That is, when the memory buffer with the
specified size is full, the oldest information will be overwritten. To show the log information in the
memory buffer, run the show logging command in privileged user mode.
The logs in the memory buffer are temporary, and will be cleared in case of device restart or the
execution of the clear logging command in privileged user mode. To trace a problem, it is required to
record logs in flash or send them to Syslog Server.
The log information is classified into the following 8 levels (Table 1):
Table-1
Keyword Level Description
Emergencies 0 Emergency case, system cannot run normally
Alerts 1 Problems that need immediate remedy
Critical 2 Critical conditions
Errors 3 Error message
warnings 4 Alarm information
Notifications 5 Information that is normal but needs attention
informational 6 Descriptive information
Debugging 7 Debugging messages
Lower value indicates higher level. That is, level 0 indicates the information of the highest level.
When the level of log information to be displayed on devices is specified, the log information at or
below the set level will be allowed to be displayed.
After running the system for a long time, modifying the log buffer size especially in
condition of large buffer may fails due to the insufficent availble continuous memory.
The failure message will be shown. It is recommended to modify the log buffer size as
soon as the system starts.
Configuration
Examples
The following example allows logs at and below severity 6 to be recorded in the memory buffer sized
10,000 bytes.
Ruijie(config)# logging buffered 10000 6
Related
Commands Command Description
Command Reference Syslog Commands
logging on Turns on the log switch.
show logging Shows the logs in the buffer.
clear logging Clears the logs in the log buffer.
Platform
Description
N/A
logging console
Use this command to set the severity of logs that are allowed to be displayed on the console in global
configuration mode. Use the no form of this command to prohibit printing log messages on the
console.
logging console [ level ]
no logging console
Parameter
Description Parameter Description
level
Severity of log messages, 0 to 7. The name of the severity or the
numeral can be used. For the details of log severity, see table 1.
Defaults Debugging (7).
Command
Mode Global configuration mode
Usage Guide When a log severity is set, the log messages at or below that severity will be displayed on the
console.
The show logging command displays the related setting parameters and statistics of the log.
Configuration
Examples
The following example sets the severity of log that is allowed to be displayed on the console as 6:
Ruijie(config)# logging console informational
Related
Commands Command Description
logging on Turns on the log switch.
show logging
Shows the logs and related log configuration
parameters in the buffer.
Platform
Description
N/A
Command Reference Syslog Commands
logging count
Use this command to enable the log statistics function in global configuration mode. Use the no form
of the command to delete the log statistics and disable the statistics function.
logging count
no logging count
Parameter
Description Parameter Description
N/A N/A
Defaults The log statistics function is disabled by default.
Command
Mode
Global configuration mode
Usage Guide This command enables the log statistics function. The statistics begins when the function is enabled.
If you run the no logging count command, the statistics function is disabled and the statistics data is
deleted.
Configuration
Examples
The following example enables the log statistics function:
Ruijie(config)# logging count
Related
Commands Command Description
show logging count
Views log information about modules of the
system.
show logging
Views basic configuration of log modules and
log information in the buffer.
Platform
Description
N/A
logging facility
Use this command to configure the device value of the log information in global configuration mode.
Use the no form of the command to restore it to the default device value (23).
logging facility facility-type
no logging facility
Parameter
Description Parameter Description
facility-type Syslog device value. For specific settings, refer to the usage guide.
Command Reference Syslog Commands
Defaults Local7(23)
Command
Mode Global configuration mode
Usage Guide The following table (Table-2) is the possible device values of Syslog:
Numerical Code Facility
0 (kern) Kernel messages
1 (user) User-level messages
2 (mail) Mail system
3 (daemon) System daemons
4 (auth1) security/authorization messages
5 (syslog) Messages generated internally by syslogd
6 (lpr) Line printer subsystem
7 (news) USENET news
8 (uucp) Unix-to-Unix copy system
9 (clock1) Clock daemon
10 (auth2) security/authorization messages
11 (ftp) FTP daemon
12 (ntp) NTP subsystem
13 (logaudit) log audit
14 (logalert) log alert
15 (clock2) clock daemon
16 (local0) Local use
17 (local1) Local use
18 (local2) Local use
19 (local3) Local use
20 (local4) Local use
21 (local5) Local use
22 (local6) Local use
23 (local7) Local use
The default device value of RGOS is 23 (local 7).
Configuration
Examples
The following example sets the device value of Syslog as kernel:
Ruijie(config)# logging facility kern
Related Command Description
Command Reference Syslog Commands
Commands
logging console
Sets the severity of logs that are allowed to be
displayed on the console.
Platform
Description
N/A
logging file flash
Use this command to record logs in the extended flash in global configuration mode. Use the no form
of the command to disable the function.
logging file flash: filename [ max-file-size ] [ level ] xx
no logging file
Parameter
Description Parameter Description
filename Name of the log file of txt type
max-file-size
Maximal size of the log file in the range from 128 K to 6 M bytes, the
default value is 128K bytes.
level
The severity of logs recorded in the log files. The name of the severity
or the numeral can be used. By default, the severity of logs recorded
in the FLASH is 6. For the details of log severity, see Table-1.
Defaults Logs cannot be recorded in the extended FLASH.
Command
Mode Global configuration mode
Usage Guide If no Syslog Server is specified or it is not desired to transfer logs on the network due to the
consideration of security purpose, it is possible to save the logs directly in extended flash.
The extension of the log file is fixed as txt. Any configuration of extension for the filename will be
refused.
You must purchase an additional extended FLASH to record logs on it. If there is no
extended FLASH, the logging file flash command will automatically be hidden, not
allowing you to configure it.
Configuration
Examples
The following example records the logs in the extended flash, with the name trace.txt, file size 128 K
and log severity 6.
Ruijie(config)# logging file flash:trace
Command Reference Syslog Commands
Related
Commands Command Description
logging on Turns on the log switch.
show logging
Shows the log messages and related log
configuration parameters in the buffer.
more flash Views the logs in the extended flash.
Platform
Description
N/A
logging monitor
Use this command to set the severity of logs that are allowed to be displayed on the VTY window
(telnet window, SSH window, etc.) in global configuration mode. Use the no form of this command to
prohibit printing log messages on the VTY window.
logging monitor [ level ]
no logging monitor
Parameter
Description Parameter Description
level
Severity of the log message. The name of the severity or the numeral
can be used. For the details of log severity, see Table-1.
Defaults Debugging (7).
Command
Mode Global configuration mode
Usage Guide To print log information on the VTY window, run the terminal monitor command in privileged user
mode. The level of logs to be displayed is defined by logging monitor.
The log level defined with "Logging monitor" is for all VTY windows.
Configuration
Examples
The following example sets the severity of log that is allowed to be printed on the VTY window as 6:
Ruijie(config)# logging monitor informational
Related
Commands Command Description
logging on Turns on the log switch.
Platform
Description
N/A
Command Reference Syslog Commands
logging on
Use this command globally to allow logs to be displayed on different devices. Use the no form of this
command to disable the fucntion.
logging on
no logging on
Parameter
Description Parameter Description
N/A N/A
Defaults Logs are allowed to be displayed on different devices.
Command
Mode Global configuration mode
Usage Guide Log information can not only be shown in the Console window and VTY window, but also be recorded
in different equipments such as the memory buffer, the extended FLASH and Syslog Server. This
command is the total log switch. If this switch is turned off, no log will be displayed or recorded unless
the severity level is greater than 1.
Configuration
Examples
The following example disables the log switch on the device.
Ruijie(config)# no logging on
Related
Commands Command Description
logging buffered Records the logs to a memory buffer.
logging Sends logs to the Syslog server.
logging file flash: Records logs on the extended FLASH.
logging console
Allows the log level to be displayed on the
console.
logging monitor
Allows the log level to be displayed on the VTY
window (such as telnet window) .
logging trap
Sets the log level to be sent to the Syslog
server.
Platform
Description
N/A
logging rate-limit
Use this command to enable log rate limit function to limit the output logs in a second in the global
Command Reference Syslog Commands
configuration mode. The no form of this command disables log rate limit function.
logging rate-limit { number | all number | console {number | all number } } [ except severity ]
no logging rate-limit
Parameter
Description Parameter Description
number
The number of logs that can be processed in a second in the range
from 1 to 10000.
all Sets rate limit to all the logs with severity level 0 to 7.
console
Sets the amount of logs that can be shown in the console in a
second.
except
By default, the severity level is error (3). The rate of the log whose
severity level is less than or equal to error (3) is not controlled.
severity
Log severity level in the range from 0 to 7. The lower the level is, the
higher the severity is.
Defaults The log rate limit function is disabled by default.
Command
Mode Global configuration mode
Usage Guide Use this command to control the syslog outpt to prevent the massive log output.
Configuration
Examples
The following example sets the number of the logs (including debug) that can be processed in a
second as 10. However, the logs with warning or higher severity level are not controlled:
Ruijie(config)#logging rate-limit all 10 except warnings
Related
Commands Command Description
show logging count
Views log information about modules of the
system.
show logging
Views basic configuration of log modules and
log information in the buffer.
Platform
Description
N/A
logging server
Use this command to record the logs in the specified Syslog Sever in global configuration mode. Use
the no form of the command to disable the function.
logging server { ip-address [ vrf vrf-name ] | ipv6 ipv6-address }
Command Reference Syslog Commands
no logging server { ip-address [ vrf vrf-name] | ipv6 ipv6-address }
Parameter
Description Parameter Description
ip-address IP address of the host that receives log information.
vrf-name
Specifies the VRF instance (VPN device forwarding table) connecting
to the log host.
ipv6-address Specifies IPV6 address for the host receiving the logs.
Defaults No log is sent to any syslog server by default.
Command
Mode Global configuration mode
Usage Guide This command specifies a Syslog server to receive the logs of the device. Users are allowed to
configure up to 5 Syslog Servers. The log information will be sent to all the configured Syslog Servers
at the same time.
Configuration
Examples
The following example specifies a syslog server of the address 202.101.11.1:
Ruijie(config)# logging server 202.101.11.1
The following example specifies an ipv6 address as AAAA:BBBB:FFFF:
Ruijie(config)# logging server ipv6 AAAA:BBBB:FFFF
Related
Commands Command Description
logging on Turns on the log switch.
show logging
Views log messages and related log
configuration parameters in the buffer.
logging trap
Sets the level of logs allowed to be sent to
Syslog server.
Platform
Description
N/A
logging source ip| ipv6
Use this command to configure the source IP address of logs in global configuration mode. Use the
no form of this command to remove the settings.
logging source { ip ip-address | ipv6 ipv6-address }
no logging source { ip | ipv6 }
Parameter
Description Parameter Description
Command Reference Syslog Commands
ip-address
Specifies the source IPV4 address sending the logs to IPV4 log
server.
ipv6-address
Specifies the source IPV6 address sending the logs to IPV6 log
server.
Defaults N/A
Command
Mode Global configuration mode
Usage Guide By default, the source address of the log messages sent to the syslog server is the address of the
sending interface. For easy tracing and management, this command can be used to fix the source
address of all log messages as an address, so that the administrator can identify which device is
sending the message through the unique addresses. If this IP address is not configured on the
device, the source address of the log messages is the address of the sending interface.
Configuration
Examples
The following example specifies 192.168.1.1 as the source address of the syslog messages:
Ruijie(config)# logging source ip 192.168.1.1
Related
Commands Command Description
logging Sends the logs to the Syslog server.
Platform
Description
N/A
logging source interface
Use this command to configure the source interface of logs in global configuration mode. Use the no
form of this command to remove the settings.
logging source interface interface-type interface-number
no logging source interface
Parameter
Description Parameter Description
interface-type Interface type.
interface-number Interface number.
Defaults N/A
Command
Mode Global configuration mode
Command Reference Syslog Commands
Usage Guide By default, the source address of the log messages sent to the syslog server is the address of the
sending interface. For easy tracing and management, this command can be used to fix the source
address of all log messages as an interface address, so that the administrator can identify which
device is sending the message through the unique addresses. If the source interface is not configured
on the device, or no IP address is configured for the source interface, the source address of the log
messages is the address of the sending interface.
Configuration
Examples
The following example specifies loopback 0 as the source address of the syslog messages:
Ruijie(config)# logging source interface loopback 0
Related
Commands Command Description
logging Sends logs to the Syslog server.
Platform
Description
N/A
logging synchronous
Use this command to enable synchronization function between user input and log output in line
configuration mode to prevent interruption when the user is keying in characters. Use the no form of
this command to disable this function.
logging synchronous
no logging synchronous
Parameter
Description Parameter Description
N/A N/A
Defaults The synchronization function between user input and log output is disabled by default.
Command
Mode Line configuration mode
Usage Guide This command enables synchronization function between user input and log output, preventing the
user from interrupting when keying in the characters.
Configuration
Examples
Ruijie(config)#line console 0
Ruijie(config-line)#logging synchronous
Print UP-DOWN logs on the port when keying in the command, the input command will be output
again:
Ruijie# configure terminal
Oct 9 23:40:55 %LINK-5-CHANGED: Interface GigabitEthernet 0/1, changed state
Command Reference Syslog Commands
to down
Oct 9 23:40:55 %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet 0/1, changed state to DOWN
Ruijie# configure terminal//----the input command by the user is output
again rather than being intererupted.
Related
Commands Command Description
show running-config Views the configuration.
Platform
Description
N/A
logging trap
Use this command to set the severity of logs that are allowed to be sent to the syslog server in global
configuration mode. Use the no form of this command to prohibit sending log messages to the Syslog
server.
logging trap [ level ]
no logging trap
Parameter
Description Parameter Description
level
Severity of the log message. The name of the severity or the numeral
can be used. For the details of log severity, see Table 1.
Defaults Informational(6)
Command
Mode Global configuration mode
Usage Guide To send logs to the Syslog Server, run the logging command in global configuration mode to
configure the Syslog Server. Then, run the logging trap command to specify the severity level of
logs to be sent.
The show logging command displays the configured related parameters and statistics of the log.
Configuration
Examples
The following example enables logs at severity 6 to be sent to the Syslog Server with the address of
202.101.11.22:
Ruijie(config)# logging 202.101.11.22
Ruijie(config)# logging trap informational
Related
Commands Command Description
Command Reference Syslog Commands
logging on Turns on the log switch.
logging Sends logs to the Syslog server.
show logging
Shows the log messages and related log
configuration parameters in the buffer.
Platform
Description
N/A
service sequence-numbers
Use this command to attach serial numbers into the logs in global configuration mode. Use the no
form of the command to remove the serial numbers in the logs.
service sequence-numbers
no service sequence-numbers
Parameter
Description Parameter Description
N/A N/A
Defaults No serial number is carried in the logs by default.
Command
Mode Global configuration mode
Usage Guide In addition to the timestamp, you can add serial numbers to the logs, numbering from 1. Then, it is
clearly known whether the logs are lost or not and their sequence.
Configuration
Examples
The following example adds serial numbers to the logs.
Ruijie(config)# service sequence-numbers
Related
Commands Command Description
logging on Turns on the log switch.
service timestamps Attaches timestamps to the logs.
Platform
Description
N/A
service sysname
Use this command to attach system name to logs in global configuration mode. Use the no form of
the command to remove the system name from the logs.
Command Reference Syslog Commands
service sysname
no service sysname
Parameter
Description Parameter Description
N/A N/A
Defaults No system name is attached to logs by default.
Command
Mode Global configuration mode
Usage Guide This command allows you to decide whether to add system name in the log information.
Configuration
Examples
The following example adds a system name in the log information:
Mar 22 15:28:02 %SYS-5-CONFIG: Configured from console by console
Ruijie #config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie (config)#service sysname
Ruijie (config)#end
Ruijie #
Mar 22 15:35:57 S3250 %SYS-5-CONFIG: Configured from console by console
Related
Commands Command Description
show logging
Shows basic configuration of log modules and
log information in the buffer.
Platform
Description
N/A
service timestamps
Use this command to attach timestamp into logs in global configuration mode. Use the no form of this
command to remove the timestamp from the logs. Use the default form of this command to restore
the timestamps of logs to the default values.
service timestamps [ message-type [ uptime | datetime [ msec | year ] ] ]
no service timestamps [ message-type ]
default service timestamps [ message-type ]
Parameter
Description Parameter Description
message-type The log type, including Log and Debug. The log type indicates the
Command Reference Syslog Commands
log information with severity levels of 0 to 6. The debug type
indicates that with severity level 7.
uptime
Device start time in the format of *Day*Hour*Minute*Second, for
example, 07:00:10:41.
datetime
Current time of the device in the format of
Month*Date*Hour*Minute*Second, for example, Jul 27 16:53:07.
msec
Current time of the device in the format of
Month*Date*Hour*Minute*Second*milisecond, for example, Jul 27
16:53:07.299
year
Current time of the device in the format of
Year*Month*Date*Hour*Minute*Second, for example, 2007 Jul 27
16:53:07
Defaults The time stamp in the log information is the current time of the device. If the device has no RTC, the
time stamp is automatically set to the device start time.
Command
Mode Global configuration mode
Usage Guide When the uptime option is used, the time format is the running period from the last start of the device
to the present time, in seconds. When the datetime option is used, the time format is the date of the
current device, in the format of YY-MM-DD, HH:MM:SS.
Configuration
Examples
The following example enables the timestamp for log and debug information, in format of Datetime,
supporting milisecond display.
Ruijie(config)# service timestamps debug datetime msec
Ruijie(config)# service timestamps log datetime msec
Ruijie(config)# end
Ruijie(config)# Oct 8 23:04:58.301 %SYS-5-CONFIG I: configured from console
by console
Related
Commands Command Description
logging on Turns on the log switch.
service sequence-numbers Enables serial numbers of logs.
Platform
Description
N/A
terminal monitor
Use this command to show logs on the current VTY window. Use the no form of this command to
disable the function.
Command Reference Syslog Commands
terminal monitor
terminal no monitor
Parameter
Description Parameter Description
N/A N/A
Defaults Log information is not allowed to be displayed on the VTY window by default.
Command
Mode Privileged user mode
Usage Guide This command only sets the temporary attributes of the current VTY. As the temporary attribute, it is
not stored permanently. At the end of the VTY terminal session, the system will use the default
setting, and the temporary setting is invalid. This command can be also executed on the console, but
it does not take effect.
Configuration
Examples
The following example allows log information to be printed on the current VTY window:
Ruijie# terminal monitor
Related
Commands Command Description
N/A N/A
Platform
Description
N/A
show logging
Use this command to show configured parameters and statistics of logs and log messages in the
memory buffer at privileged user layer.
show logging
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode
Privileged user mode
Usage Guide N/A
Command Reference Syslog Commands
Configuration
Examples
The following command shows the result of the show logging command:
Ruijie# show logging
Syslog logging: enabled
Console logging: level debugging, 15495 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 15496 messages logged
Standard format: false
Timestamp debug messages: datetime
Timestamp log messages: datetime
Sequence-number log messages: enable
Sysname log messages: enable
Count log messages: enable
Trap logging: level informational, 15242 message lines logged,0 fail
logging to 202.101.11.22
logging to 192.168.200.112
Log Buffer (Total 131072 Bytes): have written 1336,
015487: *Sep 19 02:46:13: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,
changed state to up.
015488: *Sep 19 02:46:13: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to up.
015489: *Sep 19 02:46:26: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,
changed state to down.
015490: *Sep 19 02:46:26: Ruijie %LINEPROTON/A5N/AUPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to down.
015491: *Sep 19 02:46:28: Ruijie %LINKN/A3N/AUPDOWN: Interface FastEthernet
0/24, changed state to up.
015492: *Sep 19 02:46:28: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to up.
Log information description:
Field Description
Syslog logging Logging flag: enabled or disabled
Console logging Level of the logs printed on the console, and statistics
Monitor logging Level of the logs printed on the VTY window, and
statistics
Buffer logging Level of the logs recorded in the memory buffer, and
statistics.
Standard format Standard log format.
Timestamp debug messages Timestamp format of the Debug messages
Timestamp log messages Timestamp format of the Log messages
Sequence-number log messages Serial number switch
Command Reference Syslog Commands
Sequence log messages Attaches system names to the logs.
Count log messages Log statistics function
Trap logging Level of the logs sent to the syslog server, and
statistics
Log Buffer Log files recorded in the memory buffer
Related
Commands Command Description
logging on Turns on the log switch.
clear logging Clears the log messages in the buffer.
Platform
Description
N/A
show logging count
Use this command to show the statistics about occurrence times, and the last occurrence time of
each module log in the system in privileged mode.
show logging count
Parameter
Description Parameter Description
N/A N/A
Defaults N/A
Command
Mode Privileged mode
Usage Guide To use the log packet statistics function, run the logging count command in global configuration
mode. The show logging count command can show the information of a specific log, occurrence
times, and the last occurrence time.
You can use the show logging command to check whether the log statistics function is enabled.
Configuration
Examples
The following is the execution result of the show logging count command:
Ruijie# show logging count
Module Name Message Name Sev Occur Last Time
SYS CONFIG_I 5 1 Jul 6 10:29:57
SYS TOTAL 1
Related Command Description
Command Reference Syslog Commands
Commands
logging count Enables the log statistics function.
show logging
Shows basic configuration of log modules and
log information in the buffer.
clear logging Clears the logs in the buffer.
Platform
Description
N/A