H3C S5800_5820X-CMW520-R1211 Release Notes
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 2 of 167
H3C S5800_5820X-CMW520-R1211 Release Notes Keywords: Version Information, Version changed, Unresolved Problems and Avoidance Measures, List of Solved Problems.
Abstract: Provide all details about the application version file, include: Version Information, Version changed, Unresolved Problems and Avoidance Measures, List of Solved Problems.
Acronyms: Acronym Full spelling IRF Intelligent Resilient Framework
AAA Authentication, Authorization and Accounting
ARP Address Resolution Protocol
CMW Comware
DHCP Dynamic Host Configuration Protocol
GVRP GARP VLAN Registration Protocol
IGMP Internet Group Management Protocol
LACP Link Aggregation Control Protocol
MIB Management Information Base
MSTP Multiple Spanning Tree Protocol
RIP Routing Information Protocol
MPLS Multi-protocol Label Switching
VPLS Virtual Private LAN Service
ISSU In-Service Software Upgrade
IRDP ICMP Router Discovery Protocol
NLB Network Load Balance
DCB Data Center Bridge
DCBX DCB Capability Exchange Protocol
COPP Control Panel Policy
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 3 of 167
Table of Contents
Version Information·················································································································8 Version Number ·······················································································································8 Version History··························································································································8 Hardware and Software Compatibility Matrix··············································································9
Restrictions and Cautions ······································································································ 10
Feature List··························································································································· 10 Hardware Feature·················································································································· 10
S5800 Switch models and technical specifications ······························································ 10 S5820X Switch models and technical specifications ···························································· 13
Software Features ·················································································································· 14
Version Updates ··················································································································· 25 Feature Updates ···················································································································· 25 Command Line Updates········································································································· 30 MIB Updates ·························································································································· 35 Operation Changes ··············································································································· 37
Operation Changes in R1211 ···························································································· 37 Operation Changes in F1209P01 ······················································································· 37 Operation Changes in F1209 ···························································································· 37 Operation Changes in F1208 ···························································································· 37 Operation Changes in F1207 ···························································································· 37 Operation Changes in R1206 ···························································································· 37 Operation Changes in R1110P05 ······················································································· 38 Operation Changes in R1110P04 ······················································································· 38 Operation Changes in R1110P03 ······················································································· 38 Operation Changes in F1110 ···························································································· 38 Operation Changes in R1109P01 ······················································································· 38 Operation Changes in R1109 ···························································································· 38 Operation Changes in R1108 ···························································································· 38 Operation Changes in E1107 ···························································································· 39 Operation Changes in E1106P01 ······················································································· 39 Operation Changes in E1106 ···························································································· 39
Open Problems and Workarounds ·························································································· 39
List of Resolved Problems ······································································································· 40 Resolved Problems in R1211 ···································································································· 40 Resolved Problems in F1209P01································································································ 45 Resolved Problems in F1209····································································································· 46 Resolved Problems in F1208····································································································· 47 Resolved Problems in F1207····································································································· 48
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 4 of 167
Resolved Problems in R1206 ···································································································· 49 Resolved Problems in R1110P05 ······························································································· 50 Resolved Problems in R1110P04 ······························································································· 53 Resolved Problems in R1110P03 ······························································································· 55 Resolved Problems in F1110····································································································· 58 Resolved Problems in R1109P01 ······························································································· 61 Resolved Problems in R1109 ···································································································· 61 Resolved Problems in R1108 ···································································································· 62 Resolved Problems in E1107····································································································· 63 Resolved Problems in E1106P01································································································ 64 Resolved Problems in E1106····································································································· 64
Related Documentation········································································································ 64 New Feature Documentation·································································································· 64 Documentation Set ················································································································ 64 Obtaining Documentation······································································································ 64
Downloading Documentation ·························································································· 64
Software Upgrading·············································································································· 65 Introduction··························································································································· 65 Approaches for Loading Software ··························································································· 65 Loading Software through the Boot ROM Menu ········································································ 66
Introduction to the Boot ROM Menu ·················································································· 66 Loading Software Using XMODEM Through Console Port······················································ 68 Loading Software Using TFTP Through Ethernet Port ····························································· 78 Loading Software Using FTP Through Ethernet Port······························································· 81
Loading Software Through CLI ································································································· 84 Loading Software through USB Interface············································································ 85 Loading Software Using FTP ······························································································ 85 Loading Software Using TFTP ····························································································· 87
Appendix····························································································································· 87 Details of Changed CLI Commands in R1211 ············································································ 87
display device manuinfo fan ···························································································· 87 display device manuinfo power························································································ 88 oam loopback interface·································································································· 90 fan prefer-direction ········································································································· 91 pim bfd enable ··············································································································· 92 pim ipv6 bfd enable ········································································································ 93 ospfv3 bfd enable ··········································································································· 93 isis ipv6 bfd enable ·········································································································· 94 peer bfd (IPv6 address family view/IPv6 BGP-VPN instance view) ········································· 94 ssl client-policy ················································································································ 95 ip check source max-entries ····························································································· 96 preferred-path ················································································································ 97 ip urpf ···························································································································· 98
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 5 of 167
cwmp ···························································································································· 98 cwmp acs password········································································································ 99 cwmp acs url ·················································································································· 99 cwmp acs username ····································································································· 100 cwmp cpe connect retry ······························································································· 101 cwmp cpe connect interface ························································································ 101 cwmp cpe inform interval ······························································································ 102 cwmp cpe inform interval enable ··················································································· 103 cwmp cpe inform time ·································································································· 103 cwmp cpe password ····································································································· 104 cwmp cpe username ···································································································· 104 cwmp cpe wait timeout································································································· 105 cwmp enable ··············································································································· 106 display cwmp configuration ··························································································· 106 display cwmp status ······································································································ 108
Details of Changed CLI Commands in F1209P01 ····································································· 109 mac-address mac-roaming enable ················································································ 109 stp tc-snooping ············································································································· 110
Details of Changed CLI Commands in F1209 ·········································································· 110 default ························································································································· 110 ipv6 neighbor stale-aging······························································································· 111 next-server···················································································································· 112
Details of Changed CLI Commands in F1208 ·········································································· 112 ip route-static················································································································ 112 ip community-list ··········································································································· 115 apply comm-list delete ·································································································· 117 mac-table limit·············································································································· 117
Details of Changed CLI Commands in F1207 ·········································································· 118 dhcp-snooping rate-limit ································································································ 118 default-route-advertise (OSPF view) ················································································ 119 qos car aggregative······································································································ 120
Details of Changed CLI Commands in R1206 ·········································································· 121 cfd ais enable··············································································································· 121 cfd ais level ·················································································································· 122 cfd ais period················································································································ 122 jumboframe enable ······································································································ 123 reset packet-drop interface ··························································································· 124 display packet-drop interface ························································································ 125 display packet-drop summary ························································································ 126 port link-mode··············································································································· 126 ip icmp-extensions········································································································· 127 port isolate-user-vlan······································································································ 128 reset dns host ················································································································ 129
Details of Changed CLI Commands in R1110P05 ····································································· 129
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 6 of 167
display ftp client configuration························································································ 129 ftp client source ············································································································ 130 display tftp client configuration······················································································· 131 tftp client source ··········································································································· 132 display telnet client configuration ··················································································· 133 telnet client source ········································································································ 133 primary accounting (RADIUS scheme view)······································································ 134 primary authentication (RADIUS scheme view) ································································· 135 secondary accounting (RADIUS scheme view) ································································· 137 secondary authentication (RADIUS scheme view)····························································· 139 ignore-first-as ················································································································ 141
Details of Changed CLI Commands in R1109 ·········································································· 141 irf domain ····················································································································· 141 bfd multi-hop destination-port ························································································ 142
Details of Changed CLI Commands in R1108 ·········································································· 142 reset version-update-record ··························································································· 142 display version-update-record ························································································ 143 portal server server-detect ····························································································· 144 portal server user-sync ··································································································· 146 arp resolving-route enable ····························································································· 147 cut connection ············································································································· 148 arp filter source ············································································································· 149 arp filter binding ············································································································ 149 dot1x unicast-trigger······································································································ 150 display counters rate ····································································································· 151
Details of Changed CLI Commands in E1107 ·········································································· 152 packet-filter ·················································································································· 152 packet-filter ipv6 ··········································································································· 153 rule (advanced IPv4 ACL view)······················································································· 154 mad bfd enable············································································································ 158 mad enable ················································································································· 159 mad exclude interface ·································································································· 159 mad ip address ············································································································· 160 mad restore ·················································································································· 161 logfile save ··················································································································· 162 buffer apply·················································································································· 162 buffer egress queue guaranteed ···················································································· 163 buffer egress queue shared···························································································· 164 buffer egress shared ······································································································ 165 buffer egress total-shared······························································································· 166
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 7 of 167
List of Tables
Table 1 Version history.................................................................................................................................8
Table 2 Hardware and software compatibility matrix ...........................................................................9
Table 3 H3C S5800 Switch Series technical specifications ..................................................................10
Table 4 H3C S5820X Switch Series technical specifications................................................................13
Table 5 Software features of the S5800 series .......................................................................................14
Table 6 Software features of the A5820X series ....................................................................................19
Table 7 Feature updates ..........................................................................................................................25
Table 8 Command line updates .............................................................................................................30
Table 9 MIB updates..................................................................................................................................35
Table 10 New Feature Documentation .................................................................................................64
Table 11 Documentation set ...................................................................................................................64
Table 12 Download documentation from the H3C website ..............................................................64
Table 13 Approaches for loading software on the switch..................................................................65
Table 14 Description of the Boot ROM menu........................................................................................67
Table 15 Description of the Boot ROM update menu .........................................................................72
Table 16 Description of the protocol parameter setting menu .........................................................73
Table 17 Description of the TFTP parameters ........................................................................................80
Table 18 Description of the FTP parameters..........................................................................................83
Table 19 Output description ..................................................................................................................107
Table 20 Output description ..................................................................................................................108
Table 21 display packet-drop interface command output description ........................................125
Table 22 display version-update-record command output description........................................143
Table 23 display counters rate command output description ........................................................151
Table 24 Match criteria and other rule information for advanced IPv4 ACL rules .......................154
Table 25 TCP/UDP-specific parameters for advanced IPv4 ACL rules............................................155
Table 26 ICMP-specific parameters for advanced IPv4 ACL rules..................................................156
Table 27 ICMP message names supported in advanced IPv4 ACL rules.......................................156
Table 28 Default data buffer allocation schemes of the S5800 and the S5820X series switches163
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 8 of 167
Version Information Version Number
Comware software, Version 5.20, Release 1211
Note: You can see the version number with the command display version in any view. Please see Note①.
Version History Table 1 Version history
Version number Last version Release Date Remarks S5800_5820X-CMW520-R1211
S5800_5820X-CMW520-F1209P01 2011-05-04 None
S5800_5820X-CMW520-F1209P01
S5800_5820X-CMW520-F1209 2011-03-14 None
S5800_5820X-CMW520-F1209
S5800_5820X-CMW520-F1208 2011-01-24 None
S5800_5820X-CMW520-F1208
S5800_5820X-CMW520-F1207 2010-12-17 None
S5800_5820X-CMW520-F1207
S5800_5820X-CMW520-R1206 2010-11-30 None
S5800_5820X-CMW520-R1206
S5800_5820X-CMW520-R1110P05 2010-10-08 None
S5800_5820X-CMW520-R1110P05
S5800_5820X-CMW520-R1110P04 2010-06-18 None
S5800_5820X-CMW520-R1110P04
S5800_5820X-CMW520-R1110P03 2010-05-27 None
S5800_5820X-CMW520-R1110P03
S5800_5820X-CMW520-F1110 2010-03-30 None
S5800_5820X-CMW520-F1110
S5800_5820X-CMW520-R1109P01 2010-01-25 None
S5800_5820X-CMW520-R1109P01
S5800_5820X-CMW520-R1109 2009-12-11 None
S5800_5820X-CMW520-R1109
S5800_5820X-CMW520-R1108 2009-11-04 None
S5800_5820X-CMW520-R1108
S5800_5820X-CMW520-E1107 2009-10-12 None
S5800_5820X-CMW520-E1107
S5800_5820X-CMW520-E1106P01 2009-06-19 None
S5800_5820X-CMW520-E1106P01
S5800_5820X-CMW520-E1106 2009-07-20 None
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 9 of 167
Version number Last version Release Date Remarks S5800_5820X-CMW520-E1106 First release 2009-05-25 None
Hardware and Software Compatibility Matrix Table 2 Hardware and software compatibility matrix
Item Specifications Product family S5800/S5820X Series
Hardware platform
H3C S5800-60C-PWR/ H3C S5800-32C-PWR/ H3C S5800-56C-PWR H3C S5800-32C/ H3C S5800-56C/ H3C S5800-32F H3C S5820X-28C / H3C S5820X-28S H3C S5820X-26S/H3C S5800-54S
Minimum memory requirements 512 MB/1GB
Minimum Flash requirements 512 MB
Boot ROM version Version 212 or higher (Note: Perform the command display version command in any view to view the version information. Please see Note②)
Host software S5800_5820X-CMW520-R1211.bin
iMC version
iMC PLAT 5.0 (E0101) + L02 iMC UAM 5.0 (E0101) iMC EAD 5.0 (E0101) iMC NTA 5.0 (E0101) iMC UBA 5.0 (E0101) iMC QoSM 5.0 (E0101)
iNode version iNode PC 5.0 (E0101)
OAA version
Fiber Channel Card: 9.0.6.15.0 IPS/AV Card: ESS2110P10 Fire Wall Card: R3166P12 High Performance Wireless AC Card: R2107P10 Wireless AC Card: R3111P09
Note H3C S5820X-28C / H3C S5820X-28S don’t support iMC UBA
Sample: To display the host software and Boot ROM version of the S5800/S5820X, perform the following:
<H3C>display version
H3C Comware Platform Software
Comware Software, Version 5.20, Release 1211 ------- Note①
Copyright (c) 2004-2011 Hangzhou H3C Tech. Co., Ltd. All rights reserved.
H3C S5800-56C uptime is 0 week, 0 day, 16 hours, 40 minutes
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 10 of 167
H3C S5800-56C with 2 Processor
512M bytes SDRAM
4M bytes Nor Flash Memory
512M bytes Nand Flash Memory
Config Register points to Nand Flash
Hardware Version is Ver.B
CPLD Version is 003
BootRom Version is 212 ------ Note②
[SubSlot 0] 48GE+4SFP Plus Hardware Version is Ver.B
[SubSlot 1] No Module
Restrictions and Cautions 1. S5820X works at IPS mirror mode. If the IPS applies “any” rule, the PC connected to the
device can not communicate to its gateway.
Feature List Hardware Feature S5800 Switch models and technical specifications
Table 3 H3C S5800 Switch Series technical specifications
Item S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-54S
S5800-32C
S5800-32C-PWR
S5800-32F
Dimensions (H × W × D)
86.1 × 440 × 465 mm (3.39 × 17.32 × 18.31 in)
43.6 × 440 × 367 mm (1.72 × 17.32 × 14.45 in)
43.6 × 440 × 427 mm (1.72 × 17.32 × 16.81 in)
43.6 × 440 × 660 mm (1.72 × 17.32 × 25.98 in)
43.6 × 440 × 367 mm (1.72 × 17.32 × 14.45 in)
43.6 × 440 × 427 mm (1.72 × 17.32 × 16.81 in)
43.6 × 440 × 427 mm (1.72 × 17.32 × 16.81 in)
Weight ≤ 18 kg (39.68 lb)
≤ 6.5 kg (14.33 lb)
≤ 8.5 kg (18.74 lb)
≤ 12.2 kg (26.90 lb)
≤ 6.0 kg (13.23 lb)
≤ 8 kg (17.64 lb)
≤ 8.5 kg (18.74 lb)
Console ports
1, on the front panel
1, covered by the logo plate on the front panel
1, covered by the logo plate on the front panel
1, on the rear panel
1, on the front panel
1, on the front panel
1, covered by the logo plate on the front panel
Management Ethernet ports
N/A N/A N/A 1, on the rear panel
N/A N/A 1, on the rear panel
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 11 of 167
Item S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-54S
S5800-32C
S5800-32C-PWR
S5800-32F
USB ports (full speed)
1, on the front panel
1, covered by the logo plate on the front panel
1, covered by the logo plate on the front panel
1, on the rear panel
1, on the front panel
1, on the front panel
1, covered by the logo plate on the front panel
10/100/1000Base-T Ethernet ports
48, PoE 48 48, PoE 48 24 24, PoE N/A
100/1000Base-X SFP ports
4 N/A N/A N/A N/A N/A 24
4 4 6 4 4 4
SFP+ ports N/A You can plug an SFP+ transceiver module, SFP transceiver module or SFP+ cable into an SFP port. An SFP port plugged in with an SFP+ cable can be used to connect IRF member switches.
Expansion interface card slots
2, on the front panel
1, on the rear panel
1, on the rear panel
N/A 1, on the rear panel
1, on the rear panel
1, on the front panel
OAP card slots 1 N/A N/A N/A N/A N/A N/A
Fan tray slots
1, hot swapping
N/A Fixed fans are used.
N/A Fixed fans are used.
2, hot swapping
N/A Fixed fans are used.
N/A Fixed fans are used
1, hot swapping
PoE module slots 1, N/A N/A N/A N/A N/A N/A
Power module slots
2, hot swapping
N/A N/A 2, hot swapping
N/A N/A 2, hot swapping
AC-input voltage
Rated voltage: 100 VAC to 240 VAC, 50 or 60 Hz Max voltage: 90 VAC to 264 VAC, 47 or 63 Hz
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 12 of 167
Item S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-54S
S5800-32C
S5800-32C-PWR
S5800-32F
DC-input voltage
Rated voltage: • 300 W
at –48 VDC to –60 VDC
• 750 W at –54 VDC to –57 VDC
N/A N/A
Rated voltage: –40 VDC to –60 VDC
N/A N/A
Rated voltage: –48 VDC to –60 VDC
RPS-input voltage
Rated voltage: –52 VDC to –55 VDC
Rated voltage: 10.8 VDC to 13.2 VDC
Rated voltage: –52 VDC to –55 VDC
N/A
Rated voltage: 10.8 VDC to 13.2 VDC
Rated voltage: –52 VDC to –55 VDC
Rated voltage: –52 VDC to –55 VDC
Minimum power consumption
DC: 94 W AC: 96 W
102 W
DC: 107 W AC: 131 W
105 W 67 W DC: 64 W AC: 85 W
DC: 58 W AC: 67 W
Maximum power consumption
Single DC output: 1840 W (1500 W for PoE output) Dual DC outputs: 1840 W (1500 W for PoE output) Single AC output: 714 W (425 W for PoE output) Dual AC outputs: 1147 W (740 W for PoE output)
163 W
DC: 973 W (740 W for PoE output) AC: 673 W (370 W for PoE output)
AC: 130 W DC: 130 W
105 W
DC: 870 W (740 W for PoE output) AC: 598 W (370 W for PoE output)
DC: 136 W AC: 146 W
Operating temperature
0°C to 45°C (32°F to 113°F)
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 13 of 167
Item S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-54S
S5800-32C
S5800-32C-PWR
S5800-32F
Operating humidity 10% to 90%, noncondensing
S5820X Switch models and technical specifications Table 4 H3C S5820X Switch Series technical specifications
Item S5820X-26S S5820X-28S S5820X-28C
Dimensions (H × W × D) 43.6 × 440 × 660 mm (1.72 × 17.32 × 25.98 in)
43.6 × 440 × 427 mm (1.72 × 17.32 × 16.8 in)
86 × 440 × 467 mm (3.39 × 17.32 × 18.39 in)
Weight ≤ 11.2 kg (24.69 lb) ≤ 8.5 kg (18.74 lb) ≤ 17 kg (37.48 lb)
Console ports 1 1 1
Management Ethernet ports 1 1 N/A
USB ports 1 1 1
10/100/1000Base-T Ethernet ports 2 4 4
SFP+ ports 24 24 14
Expansion interface card slots N/A N/A 2, front panel
OAP card slots N/A N/A 1, rear panel
Fan tray slots 2, rear panel 1, rear panel 1, rear panel
Power module slots 2, rear panel 2, rear panel 2, rear panel
AC-input voltage Rated voltage: 100 VAC to 240 VAC, 50 or 60 Hz Max voltage: 90 VAC to 264 VAC, 47 or 63 Hz
DC-input voltage
Rated voltage: –40 VDC to –60 VDC Max voltage: –40 VDC to –72 VDC
Rated voltage: –48 VDC to –60 VDC Max voltage: –40.5 VDC to –72 VDC
Rated voltage: –48 VDC to –60 VDC Max voltage: –40.5 VDC to –72 VDC
Minimum power consumption 135 W
AC: 128 W DC: 124 W
AC: 105 W DC: 103 W
Maximum power consumption
AC: 205 W DC: 205 W
AC: 245 W DC: 241 W
AC: 185 W DC: 176 W
Operating temperature 0ºC to 45ºC (32°F to 113°F)
Operating humidity 10% to 90%, noncondensing
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 14 of 167
Software Features Table 5 Software features of the S5800 series
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
Switching capacity (full duplex)
284 Gbps 256 Gbps 208 Gbps 256
Gbps Wire speed L2 switching
Packet forwarding rate (whole system)
211.3 Mpps 190.5 Mpps 154.8 Mpps 190.5
Mpps
Forwarding mode Store and forward
IRF
Ring topology Chain topology MAD for BFD/LACP/ARP ISSU
Link aggregation
Aggregation of GE ports Aggregation of 10 GE ports Static link aggregation Dynamic link aggregation An IRF fabric supports up to 128 aggregation groups, and each group supports up to eight GE ports or eight 10 GE ports. NLB
Flow control IEEE 802.3x flow control and back pressure
Jumbo frame With a maximum size of 10000 bytes
MAC address table
32K MAC addresses 1K static MAC addresses Blackhole MAC addresses Limit to the number of MAC addresses learned on a port
VLAN
Port-based VLANs (4094 VLANs) QinQ and selective QinQ Voice VLAN Protocol-based VLANs MAC-based VLANs IP subnet-based VLANs GVRP Super VLAN
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 15 of 167
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
VLAN mapping One-to-one VLAN mapping Many-to-one VLAN mapping Two-to-two VLAN mapping
ARP
16K entries 1K static entries Gratuitous ARP Standard proxy ARP and local proxy ARP ARP source suppression ARP detection (based on DHCP snooping entries/802.1X security entries/static IP-to-MAC bindings) Multicast ARP
ND 8K entries 1K static entries
VLAN virtual interface 1K
DHCP
DHCP client DHCP snooping DHCP relay agent DHCP server DHCPv6 client DHCPv6 snooping DHCPv6 relay agent DHCPv6 server
UDP helper Supported
DNS Dynamic domain name resolution Dynamic domain name resolution client IPv4/IPv6 addresses
IPv4 route
4K static routes RIP v1/2: up to 4K IPv4 routes OSPF v1/v2: up to 16K IPv4 routes BGP: up to 16K IPv4 routes ISIS: up to 16K IPv4 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing IRDP
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 16 of 167
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
IPv6 route
2K static routes RIPng: up to 2K IPv6 routes OSPF v3: up to 8K IPv6 routes BGP4+ for IPV6: up to 8K IPv6 routes ISIS for IPV6: up to 8K IPv6 routes 256 equal-cost routes, each having 8 next hops Routing policy VRRP Policy routing
URPF Reverse route check strict mode and loose mode
MCE IPv4/IPv6
BFD
OSPF/OSPFv3 BGP/BGP4 IS-IS/IS-ISv6 PIM/IPM for IPv6 Static route MAD
Tunnel
IPv4 over IPv4 tunnel IPv4 over IPv6 tunnel IPv6 over IPv4 manual tunnel IPv6 over IPv4 6to4 tunnel IPv6 over IPv4 ISATAP tunnel IPv6 over IPv6 tunnel GRE tunnel
MPLS MPLS VPLS
IPv4 multicast
IGMP snooping v1/v2/v3 Multicast VLAN Multicast VLAN+ IGMP v1/v2/v3 PIM-DM PIM-SM PIM-SSM MSDP MBGP PIM BI-DIR Multicast VPN Multicast over MCE Mulitcast over MCE over tunnel
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 17 of 167
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
IPv6 multicast
MLD snooping v1/v2 MLD v1/v2 PIM-DM/SM/SSM/BI-DIR for IPv6 IPv6 multicast VLAN IPv6 multicast VLAN+ MBGP for IPv6
Broadcast/multicast/unicast storm control
Based on port rate percentage Based on pps Based on bps
MSTP
STP/RSTP/MSTP STP root guard BPDU guard STP TC snooping
RRPP RRPP protocol Multi-instance RRPP
Smart Link Up to 26 groups Multi-instance Smart Link
Monitor link Supported
QoS/ACL
Restriction of the rates at which a port sends and receives packets, with a granularity of 8 kbps. Packet redirection CAR, with a granularity of 8 kbps. Global CAR (including aggregation CAR and hierarchical CAR) Eight output queues for each port Queue scheduling algorithms based on port and queue, including SP, WDRR, WFQ, and SP + WDRR. Remarking of 802.1p and DSCP priorities Packet filtering at Layer 2 through Layer 4; flow classification based on source MAC address, destination MAC address, source IP (IPv4/IPv6) address, destination IP (IPv4/IPv6) address, port, protocol, and VLAN. Time range WRED Traffic shaping User profile COPP HQoS
Mirroring Traffic mirroring Port mirroring Multiple mirror observing ports
Remote mirroring Remote port mirroring (RSPAN/ERSPAN)
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 18 of 167
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
Security
Hierarchical management and password protection of users AAA authentication RADIUS authentication HWTACACS SSH 2.0 Port isolation Port security MAC address authentication IP-MAC-port binding IP source guard HTTPS SSL PKI Portal EAD Boot ROM access control (password recovery)
OAA
IPS Firewall Anti virus Wireless access
802.1X
Up to 2,048 users Port-based and MAC address-based authentication Guest VLAN Trunk port authentication 802.1X-based dynamic QoS/ACL/VLAN assignment
Traffic Management
IPFIX (NetStream) sFlow
Software download and upgrade
XModem FTP TFTP
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 19 of 167
Feature S5800-60C-PWR
S5800-56C
S5800-56C-PWR
S5800-32C
S5800-32C-PWR
S5800-32F
S5800-54S
Management
Configuration at the command line interface Remote configuration through Telnet Configuration through Console port SNMP RMON alarm, event and history recording IMC NMS Web-based network management System log Hierarchical alarms HGMPv2 NTP PoE Power supply alarm function Fan and temperature alarms BIMS zero configuration
Maintenance
Debug information output Ping and Tracert NQA Track Remote maintenance through Telnet Virtual cable test 802.1ag 802.3ah DLDP File download and upload through USB port Auto power down EEE
Table 6 Software features of the A5820X series
Feature S5820X-28C S5820X-28S S5820X-26S Switching capacity (full duplex)
488 Gbps
Wire speed L2 switching Packet
forwarding rate (whole system)
363 Mbps
Forwarding mode Store-forward and cut-through
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 20 of 167
Feature S5820X-28C S5820X-28S S5820X-26S
IRF
Ring topology Chain Topology MAD of BFD/LACP/ARP ISSU
Link aggregation
Aggregation of GE ports Aggregation of 10-GE ports Static link aggregation Dynamic link aggregation An IRF fabric supports up to 128 aggregation groups, and each group supports up to eight GE ports or eight 10-GE ports NLB
Flow control IEEE 802.3x flow control and back pressure
Jumbo Frame Supports a maximum frame size of 10000 bytes
MAC address table
32K MAC addresses 1K static MAC addresses Blackhole MAC addresses Limit to the number of MAC addresses learned on a port
VLAN
Port-based VLANs (4094 VLANs) QinQ and selective QinQ Voice VLAN Protocol-based VLANs MAC-based VLANs IP subnet-based VLANs GVRP Super VLAN
VLAN mapping One-to-one VLAN mapping Many-to-one VLAN mapping Two-to-two VLAN mapping
ARP
8K entries 1K static entries Gratuitous ARP Standard proxy ARP and local proxy ARP ARP source suppression ARP detection (based on DHCP snooping entries/802.1x security entries/static IP-to-MAC bindings) Multicast ARP
ND 4K entries 1K static entries
VLAN virtual interface 1K
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 21 of 167
Feature S5820X-28C S5820X-28S S5820X-26S
DHCP
DHCP client DHCP snooping DHCP relay agent DHCP server DHCPv6 client DHCPv6 snooping DHCPv6 relay agent DHCPv6 server
UDP Helper Supported
DNS Dynamic domain name resolution Dynamic domain name resolution client IPv4/IPv6 addresses
IPv4 route
4K static routes RIP v1/2: up to 4K IPv4 routes OSPF v1/v2: up to 12K IPv4 routes BGP: up to 12K IPv4 routes ISIS: up to 12K IPv4 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing IRDP
IPv6 route
2K static routes RIPng: up to 2K IPv6 routes OSPFv3: up to 6K IPv6 routes BGP4+: up to 6K IPv6 routes ISISv6: up to 6K IPv6 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing
URPF Strict mode and loose mode
MCE IPv4/IPv6
BFD
OSPF/OSPFv3 BGP/BGP4 IS-IS/IS-ISv6 PIM/IPM for IPv6 Static route MAD
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 22 of 167
Feature S5820X-28C S5820X-28S S5820X-26S
Tunnel
IPv4 over IPv4 tunnel IPv4 over IPv6 tunnel IPv6 over IPv4 manual tunnel IPv6 over IPv4 6to4 tunnel IPv6 over IPv4 ISATAP Tunnel IPv6 over IPv6 tunnel GRE tunnel
IPv4 multicast
IGMP snooping v1/v2/v3 Multicast VLAN Multicast VLAN+ IGMP v1/v2/v3 PIM-DM PIM-SM PIM-SSM MSDP MBGP PIM BI-DIR Multicast over MCE Mulitcast over MCE over Tunnel
IPv6 multicast
MLD snooping v1/v2 MLD v1/v2 PIM-DM/SM/SSM/BI-DIR for IPv6 IPv6 multicast VLAN IPv6 multicast VLAN+ MBGP for Ipv6
Broadcast/multicast/unicast storm control
Based on port rate percentage Based on pps Based on bps
MSTP
STP/RSTP/MSTP STP root guard BPDU guard STP TC snooping
RRPP RRPP protocol Multi-instance RRPP
Smart link Up to 26 groups Multi-instance Smart Link
Monitor link Supported
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 23 of 167
Feature S5820X-28C S5820X-28S S5820X-26S
QoS/ACL
Restriction of the rates at which a port sends and receives packets, with a granularity of 8 kbps. Packet redirection CAR, with a granularity of 8 kbps. Global CAR (including aggregation CAR and hierarchical CAR) Eight output queues for each port Flexible queue scheduling algorithms based on port and queue, including SP, WDRR, WFQ, and SP + WDRR Remarking of 802.1p and DSCP priorities Packet filtering at Layer 2 through Layer 4; flow classification based on source MAC address, destination MAC address, source IPv4/IPv6 address, destination IPv4/IPv6 address, port, protocol, and VLAN. Time range WRED Traffic shaping User profile COPP
Mirroring Traffic mirroring Port mirroring Multiple mirror observing ports
Remote mirroring Remote port mirroring (RSPAN/ERSPAN)
Security
Hierarchical management and password protection of users AAA authentication RADIUS authentication HWTACACS SSH 2.0 Port isolation Port security MAC address authentication IP-MAC-port binding IP source guard HTTPS SSL PKI Portal EAD Boot ROM access control (password recovery)
Data Center Feature PFC DCBX
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 24 of 167
Feature S5820X-28C S5820X-28S S5820X-26S
OAA
IPS Firewall Anti virus Wireless access FC
802.1X
Up to 2,048 users Port-based and MAC address–based authentication Guest VLAN Trunk port authentication 802.1X-based dynamic QoS/ACL/VLAN assignment
Software download and upgrade
XModem FTP TFTP
Management
Configuration at the command line interface Remote configuration through Telnet Configuration through Console port SNMP RMON alarm, event and history recording IMC NMS Web-based network management System log Hierarchical alarms HGMPv2 NTP Power supply alarm function Fan and temperature alarms BIMS zero configuration
Maintenance
Debug information output Ping and Tracert NQA Track Remote maintenance through Telnet Virtual cable test 802.1ag 802.3ah DLDP File download and upload through USB port Auto power down EEE
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 25 of 167
Version Updates Feature Updates
Table 7 Feature updates
Version number
Item Description
Hardware feature updates
1. Support new 300W administrable power. 2. Support H3C S5820X-26S\H3C S5800-54S.
S5800_5820X-CMW520-R1211
Software feature updates
1. Support display manufactory information of power, sub slot, optical module and fan. 2. Support set the prefer wind direction of system and alarm when the wind direction error. 3. Support URPF loose mode. 4. Support IPv6 BFD, PIM/PIMv6 BFD 5. Support assigning a tunnel port to a tunnel policy 6. Support BIMS zero configuration 7. Support 16K intra-zone route entries and inter-zone route entries 8. Support configuring the max num of the static and dynamic IP binding 9. Support portal authentication through aggregate port 10. IPv6 BFD support for OSPFv3, ISISv6, and BGP4+ 11. IPv6 BFD support for OSPFv3, BGP4+, and ISISv6 in a VRF 12. Support disabling VSI station move.
Hardware feature updates
None S5800_5820X-CMW520-F1209P01
Software feature updates
1. Support TC-Snooping feature. 2. Support mac-roaming feature.
S5800_5820X-CMW520-F1209
Hardware feature updates
None
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 26 of 167
Version number
Item Description
Software feature updates
1. Support 6VPE. 2. Support ACL match LSAP field. 3. Support interface default settings restoration feature. 4. Support configuring a start or end remark for ACL rules. 5. Support setting the age timer for ND entries. 6. Support configuring MAC address transition. 7. Support displaying response time in CFD loop back test result. 8. Support writes user-defined information to LSW1SP4P0 and LSW1SP2P0 sub slot. 9. Support configuring OAM loopback function and loopback active/passive mode on port. 10. Support Specifying a server's IP address for the client when the device works as DHCP server.
Hardware feature updates
None S5800_5820X-CMW520-F1208
Software feature updates
1. Support 4k static route and 4k RIP route. 2. Support 255 VRRP. 3. BGP support 1k peers. 4. Support 1k VRF. 5. Support ACL output filtering. 6. Increased ACL name length. 7. Support routing policy name extension. 8. Support community list name configuration. 9. Support permanent static route.
Hardware feature updates
None S5800_5820X-CMW520-F1207
Software feature updates
1. Support dynamic password secondly attestation. 2. Support DHCP packet rate limit. 3. OSPF support add default route from other router. 4. Support obtaining device ACL utilization by MIB. 5. Support obtaining optical module information by MIB. 6. Support obtaining DHCP server information by MIB.
S5800_5820X-CMW520-R1206
Hardware feature updates
1. Support 5m stack cable 2. Support FC module
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 27 of 167
Version number
Item Description
Software feature updates
New Features: 1. Support DCBX 2. Support configuring timer zone with WEB 3. Support configuring time parameter of OAM 4. ICMP Extension MPLS (RFC 4950) 5. Support IPv4 Path MTU adjust(RFC 1191) 6. BPDU Drop any 7. Support Supper VLAN 8. BFD/OAM/RRPP/CFD dual core supported 9. Support multicast ARP 10. Support lossless Link-aggregation 11. Support NLB 12. Support configuring the timeout of LACP 13. Support detecting the loop back between multiple ports 14. Support IRDP 15. Support configuring the L4 Port range of egress ACL 16. Support HQOS 17. Support PIM BI-DIR 18. Support DHBK-portal 19. Support COPP 10. Support MPLS 21. Support VPLS 22. Support L3 rout port 23. Support multicast VPN ; Support multicast over MCE ; Support multicast over MCE over tunnel 24. Support ISSU on IRF 25. Support modifying the ACL dynamically 26. Support DHCPv6 server/Snooping 27. Triple authentication function enhanced and support configuring it with WEB 28. Support multicast Controlled 29. Support ND anti-attack 30.Support configuring the jumbo frame size on port 31. Support password control 32. Support configuring PBR with a single command line 33. Support sticky MAC old. Deleted Features: Delete BFD authentication function. Modified Features BFD sessions increased to 32
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 28 of 167
Version number
Item Description
Hardware feature updates
Support 40Km SFP+ fiber module S5800_5820X-CMW520-R1110P05
Software feature updates
New features: 1. Radius authentication supports multi backup server. 2. Saving information to log buffer when VRRP priority changes. 3. Add the command “ftp/tftp/telnet client source” to specify the source IP. 4. Support displaying transceiver diagnosis and traffic statistics on IRF port. 5. Support to configure ignoring the first AS number of eBGP. 6. Portal authentication support certificate.
Hardware feature updates
None S5800_5820X-CMW520-R1110P04
Software feature updates
None
Hardware feature updates
None S5800_5820X-CMW520-R1110P03
Software feature updates
New features: 1. SPF+ port supports 1000Base-T module. 2. Support CFD trap and MIB. 3. Support loopback detection MIB. 4. BGP supports importing direct route of OSPF. 5. Support anti-attack on management port.
S5800_5820X-CMW520-F1110
Hardware feature updates
None
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 29 of 167
Version number
Item Description
Software feature updates
New features: 1. Support Configuring the minimum number of selected ports in the aggregation group 2. The description information configured on ports is added to be shown when press command “display brief interface” 3. Support creating IBGP neighbors between PE and CE 4. Support VPN on TFTP/SFTP/SSH2/FTP 5. Support hash key configuration on IRF ports 6. Support mac-vlan trigger enable 7. Support mac-vlan PVID disable 8. Support VPN based on TUNNEL 9. Support AAA based on VPN 10. Support system log based on VPN 11. Support Echo packet single-hop detection when using BFD to implement fast fault detection 12. Support ACL log 13. Support Mixed IRF of S5800 and S5820X 14. Support guest vlan based on mac authentication.
Hardware feature updates
None S5800_5820X-CMW520-R1109P01
Software feature updates
None
Hardware feature updates
None S5800_5820X-CMW520-R1109
Software feature updates
New features: 1.IRF domain function 2.BFD multi-hop destination-port
Hardware feature updates
New features: none Deleted features: none
S5800_5820X-CMW520-R1108
Software feature updates
New features: 1. Support ARP blank hole route function 2. ARP gateway protection and ARP filter protection 3. Record software version used on the device to higher end memory 4. LLDP TLV support POE+ attributes. 5. Support portal escape function Deleted features: none
S5800_5820X-CMW520-E1107
Hardware feature updates
None
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 30 of 167
Version number
Item Description
Software feature updates
New features: 1. MAD detection through LACP and BFD protocol. 2. Configure packet buffer flexibly by command 3. Support execute ACL command through packet filter command 4. ACL support TCP established key word 5. Warm reboot and log information recorded to flash. 6. Support CPLD auto update function Deleted features: none
Hardware feature updates
None S5800_5820X-CMW520-E1106P01
Software feature updates
None
Hardware feature updates
First release S5800_5820X-CMW520-E1106
Software feature updates
First release
Command Line Updates Table 8 Command line updates
Version number
Item Description
New commands Refer to Details of Changed CLI Commands in R1211
Removed commands
1. poe mode signal
S5800_5820X-CMW520-R1211
Modified commands 1. ip urpf strict change to ip urpf { loose | strict } Refer to Details of Changed CLI Commands in R1211
New commands Refer to Details of Changed CLI Commands in F1209P01
Removed commands
None.
S5800_5820X-CMW520-F1209P01
Modified commands None.
S5800_5820X-CMW520-F1209
New commands 1. default
2. ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging
3. next-server ip-address undo next-server Refer to Details of Changed CLI Commands in F1209 The other new command, refer to New Feature
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 31 of 167
Documentation
Removed commands
1. fib6-tunning fast-download-enable
Modified commands 1. dhcp relay address-check [ enable | disable ] changes to dhcp relay address-check enable 2. port isolate-user-vlan { host | promiscuous } changes to
port isolate-user-vlan { host | INTEGER<1-4094> promiscuous } 3. The modified commands related to 6VPE, refer to <Command changes for 6VPE>
New commands Refer to Details of Changed CLI Commands in F1208
Removed commands
None.
S5800_5820X-CMW520-F1208
Modified commands 1. ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] change to ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] 2. ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] change to ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ]
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 32 of 167
[ permanent ] [ description description-text ] 3. ip community-list { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * change to ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * 4. ip community-list { deny | permit } regular-expression change to ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit } regular-expression 5. apply comm-list comm-list-number delete change to apply comm-list { comm-list-number | comm-list-name } delete Refer to Details of Changed CLI Commands in F1208
New commands Refer to Details of Changed CLI Commands in F1207
Removed commands
None.
S5800_5820X-CMW520-F1207
Modified commands 1. default-route-advertise [ [ always | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] change to default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] 2. qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peek-information-rate ] [ red action ] the cbs and ebs max virtual value change from 16000000 to 256000000 Refer to Details of Changed CLI Commands in F1207
S5800_5820X-CMW520-R1206
New commands 1. Feature ISSU relate new command refer to < 01 Fundamentals Command Reference > 2. Feature Supper VLAN relate new command refer to < 03 Layer 2 - LAN Switching Command Reference > 3. Feature IRDP relate new command refer to < 04 Layer 3 - IP Services Command Reference > 4. Feature MPLS/VPLS relate new command refer to < 07 MPLS Command Reference > 5. Feature PIM BI-DIR relate new command refer to < 06 IP Multicast Command Reference > 6. Feature Multicast VPN/Multicast over MCE/Multicast over MCE over tunnel/Multicast Controlled relate new command refer to <06 IP Multicast Command Reference> 7. Feature password control relate new command refer to < 09 Security Command Reference > 8. Feature DHCPv6/Snooping relate new command refer to < 04 Layer 3 - IP Services Command Reference
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 33 of 167
> 9. Feature IPsec relate new command refer to < 09 Security Command Reference > 10. Policy based route relate new command refer to < 05 Layer 3 - IP Routing Command Reference > 11. IP Source Guard support IPv6 relate new command refer to < 09 Security Command Reference > 12. Feature DCBX relate new command refer to < 03 Layer 2 - LAN Switching Command Reference > 13. Feature DHBK relate new command refer to < 10 High Availability Command Reference > 14. Feature IPv6 ND relate new command refer to < 09 Security Command Reference > 15. Sticky MAC old relate new command refer to < Sticky MAC Feature Manual > Others new commands Refer to Details of Changed CLI Commands in R1206
Removed commands
1. reset dns [ ipv6 ] dynamic-host change to reset dns host [ ip | ipv6 | naptr | srv ] Refer to Details of Changed CLI Commands in R1206
Modified commands 1. bfd authentication-mode { md5 key-id key | sha1 key-id key | simple key-id password } undo bfd authentication-mode
New commands Refer to Details of Changed CLI Commands in R1110P05
Removed commands
None
S5800_5820X-CMW520-R1110P05
Modified commands 1. undo secondary accounting changed to undo secondary accounting [ipv4-address | ipv6 ipv6-address ] 2. undo secondary authentication changed to undo secondary authentication [ipv4-address | ipv6 ipv6-address ] 3. primary authentication { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to primary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } 4. primary accounting { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] ] changed to primary accounting { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } 5. secondary authentication { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to secondary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 34 of 167
ipv6-address [ port-number | key string ] * } 6. secondary accounting { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to secondary accounting { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string] * } Refer to Details of Changed CLI Commands in R1110P05
New commands None
Removed commands
None
S5800_5820X-CMW520-R1110P04
Modified commands None
New commands 1. ip binding vpn-instance 2. tcp syn-cookie enable Refer to S5800&S5820X Series Ethernet Switches Command Manual(Release 1110)
Removed commands
1. undo portal trap server-down
S5800_5820X-CMW520-R1110P03
Modified commands 1. display brief interface changed to display interface brief 2. mcms connect slot slot-number system system-name changed to oap connect slot slot-number system system-name 3. mcms reboot slot slot-number system system-name changed to oap reboot slot slot-number system system-name
New commands Refer to S5800&S5820X Series Ethernet Switches Command Manual(F1110)
Removed commands
None
S5800_5820X-CMW520-F1110
Modified commands None
New commands None
Removed commands
None
S5800_5820X-CMW520-R1109P01
Modified commands None
New commands Refer to Details of Changed CLI Commands in R1109
Removed commands
None
S5800_5820X-CMW520-R1109
Modified commands None
New commands Refer to Details of Changed CLI Commands in R1108
Removed commands
None
S5800_5820X-CMW520-R1108
Modified commands None
S5800_5820X-CM New commands Refer to Details of Changed CLI Commands in E1107
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 35 of 167
Removed commands
None W520-E1107
Modified commands None
New commands None
Removed commands
None
S5800_5820X-CMW520-E1106P01
Modified commands None
New commands First release
Removed commands
First release
S5800_5820X-CMW520-E1106
Modified commands First release
MIB Updates Table 9 MIB updates
Version number Item MIB file Module Description
New rfc2737-entity.mib ENTITY-MIB
Support display administrant information of power, sub slot, optical module and fan ENTITY-MIB entPhysicalName entPhysicalSerialNum
S5800_5820X-CMW520-R1211
Modified None None None
New None None None S5800_5820X-CMW520-F1209P01 Modified None None None
New None None None S5800_5820X-CMW520-F1209 Modified None None None
New None None None S5800_5820X-CMW520-F1208 Modified None None None
hh3c-dhcp-server.mib DHCP Server
HH3C-DHCP-SERVER-MIB: hh3cDHCPServerObjects hh3cDHCPServerTables hh3cDHCPServerTraps
hh3c-transceiver-info.mib
Optic module HH3C-TRANSCEIVER-INFO-MIB: hh3cTransceiverInfoEntry
New
hh3c-acl.mib ACL hh3cAclResourceUsageTable
S5800_5820X-CMW520-F1207
Modified Entity MIB Entity MIB Refer to the MIB Companion for detail information
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 36 of 167
Version number Item MIB file Module Description rfc3814-mpls-ftn-std.mib
MPLS MPLS-FTN-STD-MIB
rfc3815-mpls-ldp-std.mib
MPLS MPLS-LDP-STD-MIB New
rfc3813-mpls-lsr-std.mib MPLS MPLS-LSR-STD-MIB
S5800_5820X-CMW520-R1206
Modified None None None
New None None None S5800_5820X-CMW520-R1110P05 Modified None None None
New None None None S5800_5820X-CMW520-R1110P04 Modified None None None
New None None None
hh3c-lpbkdt.mib
Loopback-detection
Support h3cLpbkdtTrapLoopbacked, h3cLpbkdtTrapRecovered, h3cLpbkdtTrapPerVlanLoopbacked, h3cLpbkdtTrapPerVlanRecovered in h3cLpbkdtTrapPrefix. S5800_5820X-CM
W520-R1110P03 Modified
IEEE8021-CFM-MIB.mib
Connectivity Fault Management
Support dot1agCfmMdTable, dot1agCfmMaNetTable, dot1agCfmMaCompTable, dot1agCfmMaMepListTable, dot1agCfmMepTable and dot1agCfmMdTableNextIndex.
New None None None S5800_5820X-CMW520-F1110 Modified None None None
New None None None S5800_5820X-CMW520-R1109P01 Modified None None None
New None None None S5800_5820X-CMW520-R1109 Modified None None None
New None None None S5800_5820X-CMW520-R1108 Modified None None None
New None None None S5800_5820X-CMW520-E1107 Modified None None None
New None None None S5800_5820X-CMW520-E1106P01 Modified None None None
New First release First release First release S5800_5820X-CMW520-E1106 Modified First release First release First release
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 37 of 167
Operation Changes Operation Changes in R1211
None
Operation Changes in F1209P01 None
Operation Changes in F1209 1. The command “remark service-vlan-id” has effect on both tag and untag packets by
default. It has effect on only tag packets in early version. 2. The port’s PVID and VLAN can be configured even if it in a PVLAN mapping group.
Such operation will be rejected in early version.
Operation Changes in F1208 1. Send free ARP at once when RRPP notify ARP TC event in order to resume traffic
quickly. There is no such operation in early version. 2. When the port link-delay mode is down mode, if there is state change of down or up
on the port the port delay time will be refreshed. There is no refresh operation in early version.
Operation Changes in F1207 1. Modify support max 5k rules in an ACL group to support 10k rules.
Operation Changes in R1206 1. Modify the forwarding priority of 32bit route from lower to higher than ARP. 2. Modify the default action of PBR (MQC-based) from dropping to forwarding when the
next hop of the PBR not exists. 3. The VRRP virtual IP will be advertised as 32bits host route when advertising the VRRP
network in old software version. From this version, the Virtual IP will not be advertised any more.
4. The un-authorized user can not get IP address through DHCP in EAD fast deployment with previous version if the DHCP-Snooping is not enabled on device, while with this version, the un-authorized can get IP address even if the DHCP-Snooping is not enabled.
5. The new version will map the 802.1p priority of the customer VLAN to service VLAN in QINQ application while the old version does not do this map and the 802.1p priority of service VLAN is always 0.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 38 of 167
6. The old version will add the secondary VLAN to uplink port and add the primary VLAN to downlink port; The new version does not do this only if port isolate-user-vlan { host | promiscuous } configured.
7. The new software support dual core application and the patch install is core based. So the file name of patch changed from patchs5800.bin to patch_mpu.bin(Main core) and patch_lpu.bin (assistant core). Patch installing command "patch install flash:/patchs5800.bin" and "patch install flash:" can be used on old version but command "patch install flash:" can only be used on new version.
Operation Changes in R1110P05 None
Operation Changes in R1110P04 None
Operation Changes in R1110P03 None
Operation Changes in F1110 None
Operation Changes in R1109P01 1. Enhance the burst ability in default configuration.
Operation Changes in R1109 1. DHCP relay function’s default action is not produce DHCP security table and keeps
switch DHCP packets normally. And default action is produce DCHP security table in older version
2. DCHP relay function produce security table only when related authorized ARP, DHCP relay address check and IP source guard function enabled and not relate with other function.
3. DHCP keep switching packets when DHCP relay table reaches max specification or the same IP temporary entry limitation reaches to 2 or more. And drop packets in older version.
4. The DHCP ACK packets are switched normally when not receive DHCP request packets and drop packets in older version.
Operation Changes in R1108 Reply ARP request packet which’s source IP is all zero and judge this packet is valid.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 39 of 167
Operation Changes in E1107 None
Operation Changes in E1106P01 None
Operation Changes in E1106 First release
Open Problems and Workarounds LSD50925 • First found-in version: A5800_5820X-CMW520-R1211 • Description: Issue the display interface MTunnel command. The displayed “maximum
transmit unit” is 1460 which is different from the actual value. • Workaround: None.
LSD59864 • First found-in version: A5800_5820X-CMW520-R1211 • Description: Use BIMS to manage an IRF fabric. The IRF fabric is displayed as multiple
devices on the management interface. • Workaround: None.
LSD60159 • First found-in version: A5800_5820X-CMW520-R1211 • Description: Configure a hybrid port to remove the VLAN tag of traffic from VLANs
other than VLAN 1. Use IMC to view the port list of the configured VLANs. The hybrid port is not displayed.
• Workaround: None.
LSD50222 • First found-in version: A5800_5820X-CMW520-R1211 • Description: Use an IRF fabric as a PE. The local CE can communicate with the remote
CE over a CCC connection through the master device but not a slave device. • Workaround: Connect the CE to the master device.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 40 of 167
List of Resolved Problems Resolved Problems in R1211
LSD58354 • First found-in version: S5800_5820X-CMW520-F1209P01F1209P01 • Condition: Configure the mac-table limit command in VSI view, and then cancel the
configuration. • Description: The device cannot learn VSI MAC addresses.
LSD59916 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the mac-table limit command in VSI view on an IRF fabric and
reboot the master device to trigger active/standby switchover. • Description: The slave device cannot apply the configuration of the mac-table limit
command.
LSD58786 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the policy-based-route command when the memory usage is
high on the slave device. • Description: The device prompts insufficient ACL resources. Protocol packets cannot
be sent to the CPU and traffic forwarding is interrupted.
LSD59825 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure parameters bandwidth and gts in the same policy, and then cancel
one of them. • Description: The other configuration is also cancelled and thus cannot take effect.
LSD59476 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Reboot the master device to trigger active/standby switchover when the
device has more than 10000 ARP entries in an IRF system. • Description: The device reboots repeatedly.
LSD58580 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Execute the display packet-drop command to display information about
dropped packets. • Description: The command cannot display information about dropped packets on
router ports.
LSD58273 • First found-in version: S5800_5820X-CMW520-F1209P01
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 41 of 167
• Condition: Enable Layer 3 portal authentication on the VLAN interface that corresponds to the aggregate port, disable the IRF port to disconnect IRF links so that the IRF fabric splits, and then disable Layer 3 portal authentication.
• Description: Portal-related ACLs are wrongly removed, and the attached devices cannot ping the device.
LSD58585 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Execute the display lldp local-information command. • Description: HardwareRev, SerialNum, Manufacturer name, Model name, and Asset
tracking identifier are all displayed “unknown.”
LSD58842 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Install optical modules on all slots on the S5800-32F, and add the S5800-32F
to the IRF fabric. • Description: The S5800-32F reboots repeatedly and cannot join the IRF fabric.
LSD58508 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Enable the OSPF graceful restart function on the IRF fabric, and disconnect
IRF links so that the IRF fabric splits. • Description: OSPF neighborship states are switched.
LSD58411 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the LACP MAD–enabled aggregate port as a reserved port, and
repeatedly simulate IRF fabric split and IRF fabric merge. • Description: Some member ports of the aggregate group cannot be selected, and
MAD fails.
LSD58820 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Execute the scripts to quickly add and remove PBR. • Description: Execute the display acl resource command and find ACL resource leak.
LSD58695 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: The IRF fabric starts with the configuration of the voice vlan qos trust
command. • Description: Display the logbuffer, and find error information “Command voice vlan
qos 4 0 fails to recover configuration.”
LSD58641 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: In an IRF fabric, configure isatap tunnel, and configure an IPv6 site-local
address, for example, 3001::/64 eui-64 on the tunnel port. Then, reboot the device.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 42 of 167
• Description: Display the logbuffer, and find error information “Command ipv6 address 3001::/64 eui-64 fails to recover configuration.”
LSD58640 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the IS-IS cost mode as auto-cost, and bind IS-IS to the tunnel port. • Description: Display information about the tunnel port and find that the cost values are
not standard compliant.
LSD58581 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Two devices establish IS-IS neighbor relationship and a TE tunnel. Install
more than 10000 LSP route entries and execute the traffic-eng command to perform TE failover.
• Description: The device on which you execute the traffic-eng command reboots exceptionally.
LSD58543 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Enable LLDP on the port and connect the port to the Cisco IP telephone. • Description: The port cannot establish LLDP neighbor relationship with the IP
telephone.
LSD58530 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: In VRRP standard mode, configure multiple virtual IP addresses in the same
VRRP group, and assign them on the master device and slave device in different orders.
• Description: Execute the display vrrp interface Vlan-interface x vrid x command, and find that the displayed IP addresses on the master device and slave device are different.
LSD58516 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Add a port that is forwarding traffic to a service loopback group, and
remove it from the group. • Description: Traffic forwarding cannot resume on the port.
LSD58457 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Click Back on the page for the fourth step on the web configuration
wizard. • Description: The Back button does not work.
LSD58378 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Walk MIB node “dot1qVlanStaticUntaggedPorts” through SNMP.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 43 of 167
• Description: The significant octet of the obtained value corresponds to a high port number, but the specification requires that the significant octet should correspond to a low port number.
TCD02667 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Enable MacVlan, VoiceVlan, and 802.1X on the port, and a large number
of users try to get online through the port. • Description: Some online users are forced to get offline.
LSD57520 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Establish a cluster. • Description: Members repeatedly join and leave the cluster.
LSD56170 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: In an IRF fabric, use the IPS card to apply a rule that concerns only an
outbound interface. • Description: The rule is applied only to the device where the outbound interface
resides, but not to other member devices in the IRF fabric.
TCD02710 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Configure the S5800 to work in VRRP enhanced mode and enable portal
authentication. The master device and the iMC are interconnected. Switch the traffic to the slave device after the first accounting-start message is sent.
• Description: The slave device cannot send accounting-update message, causing that the user gets offline.
TCD02566 • First found-in version: S5800_5820X-CMW520-R1110P04 • Condition: An intra-zone route entry and an inter-zone route entry that have the same
next hop update each other. • Description: This condition results in oversized number of intra-zone route entries,
causing repeated route calculation and 100% of CPU utilization.
ZDD03850 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: The device acts as a client to log in to the server through FTP to upload and
download files. • Description: Upload and download fail.
ZDD03868 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: The device is configured with NQA to detect the network, and the next-hop
is specified. • Description: NQA detection fails.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 44 of 167
LSD57513 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Log in to the device through Telnet, and apply an MQC policy that the
device does not support. • Description: If the terminal monitor is not enabled, the device does not give prompt
that the device does not support the policy.
LSD57222 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure handshake interval for the cluster through web NMS, save the
configuration and reboot the device. • Description: The configuration is lost.
LSD57249 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the speed and duplex mode of the 10GE port on the web page. • Description: ”Not supported” is returned.
LSD56113 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the RMON extended alarm group through the iMC, save the
configuration and reboot the device. • Description: The configuration is lost.
LSD58138 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Send packets to an IRF fabric, and add a large number of MAC VLAN
entries. Reboot the master device to trigger active/standby switchover when packets are being sent to the IRF fabric.
• Description: Some MAC VLAN entries cannot age out.
LSD58101 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure the IRF fabric as the DHCP relay and enable the IP check
function. Then, send three IP address applications every second. • Description: CPU utilization becomes high. Display information about the IRF port, but
find no IRF-related alarms.
LSD58263 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure an IPv6 VPN tunnel on the device, and use a PC to ping the
VLAN interface with ping packets whose packet length is 1049 or more. • Description: The PC cannot ping the device.
LSD67832 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: In an IRF fabric, configure multiple Smartlink workgroups, and configure
them to work in preemptive mode. Each group controls a different VLAN. The primary
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 45 of 167
port is a port on the master device and the secondary port is an aggregate port. Disable and then enable the primary port by the shutdown and undo shutdown command.
• Description: The ARP entries of some instances in the upstream device are not refreshed.
LSD58146 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: Configure a user profile and its corresponding QoS policy, apply the QoS
policy, and then cancel the policy configuration with the undo command but select “N” at the prompt. Then, cancel the policy configuration again with the undo command and select “Y” to apply the configuration. Then, remove the ACL rules.
• Description: ACLs fail to be removed, and the system prompts “Error: The acl has been applied, and can not be deleted or changed.”
LSD58179 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Apply an IPv4 ACL in the outbound direction on the port, and then an IPv6
ACL in the outbound direction on the port. Then, apply the same ACLs on other ports. • Description: The ACLs fail to be applied to other ports.
LSD59697 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Walk MIB node “HGMP hh3cNDPPortTable” through SNMP. • Description: The system does not list the results in lexicographic order.
ZDD03986 • First found-in version: S5800_5820X-CMW520-F1209P01 • Condition: The device receives a packet in which the user parameters contain a
63-byte callback-number parameter. • Description: 64-byte memory block on the device is written badly, which might cause
that CLIs cannot be parsed or the device reboots exceptionally.
LSD60563 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: User login through SSH and do authentication and authorization with
TACACS+, authentication successes but authorization failed. • Description: Memory access exception and it may lead to protocol broken or device
rebooting abnormally.
Resolved Problems in F1209P01 None.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 46 of 167
Resolved Problems in F1209 LSD55527 • First found-in version: S5800_5820X-CMW520-R1110P04 • Condition: Plug and remove sub slot frequently. • Description: The statistical info of packet counter on some port is zero while traffic is
continual.
LSD55902 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Configure flow-control on port with burst-mode configuration and traffic
continuer. • Description: The flow-control configuration has no effect.
LSD55621 • First found-in version: S5800_5820X-CMW520-R1208 • Condition: Execute command “display mac-address statistics”. • Description: Item “Total Multicast” displayed is false.
LSD55389 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Configure NAS-IP with 255 as last number. • Description: The configuration can’t apply.
LSD56265 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Device works on an environment with a lot of BGP routes and route
attribute changed continually. • Description: BGP peer up and down again and again.
ZDD03749 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Memory using rate is high and memory with size 256 can be allocated while
with size 2048 can’t be allocated. • Description: The net stream task abnormal and cause device reboot.
LSD56026 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: S5800/5820X device works as DHCP server, PXE devices work as client and
PXE devices can’t parse option 150 field in DHCP packets. • Description: PXE client can’t get startup file from DHCP server and startup failed.
LSD55742 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Obtain ifType node through MIB browser. • Description: The return value is 117, it should be 6.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 47 of 167
Resolved Problems in F1208 LSD55123 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Walk hh3cTransceiverFiberDiameterType and hh3cTransceiverMinTXPower
MIB node on switch connected with stack SFP cable through MIB browser. • Description: Can't get all port's hh3cTransceiverFiberDiameterType node information
and hh3cTransceiverMinTXPower's information isn’t correct.
LSD55546 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: 2048 user get online from one port using do1x radius authentication and the
shake hand timer is the default value 15 seconds. • Description: Some user lost line after some times.
LSD55694 • First found-in version: S5800_5820X-CMW520-F1207 • Condition: When exist iterative ECMP route on the device. • Description: The route fails to add to the switch chip sometimes.
LSD55663 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Enable L2VPN but doesn’t enable MPLS L2VPN function then execute "ping
lsp pw *.*.*.* pw-id *" command. • Description: The device reboots.
LSD55049 • First found-in version: S5800_5820X-CMW520-F1207 • Condition: Obtain optic module power MIB nod through MIB browser and execute
“_display transceiver diagnosis” command. • Description: The power value displayed by two measures is conflict.
LSD55054 • First found-in version: S5800_5820X-CMW520-F1207 • Condition: Obtain hh3cTransceiverDiagnostic MIB node on the device some port not
connected with optic module. • Description: Can't get all port's hh3cTransceiverDiagnostic MIB information.
LSD55562 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Some route with next hop is TUNNEL fails to add to the switch chip when
ARP table full. • Description: These routes can't flush to the switch chip even when ARP table become
not full.
LSD55336 • First found-in version: S5800_5820X-CMW520-F1207
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 48 of 167
• Condition: Apply more then 2048 VPLS items. • Description: No more VPLS item can be applied and CPU rate is high.
LSD52608 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Send IPV6 unicast or multicast too big packet to obtain ICMP answer
packet. • Description: The MTU value in answer packet isn’t equal the value configured on port
interface.
LSD53825 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Obtain hh3cTransceiverInfoEntry node by MIB on an IRF system. • Description: CPU rate is high.
HWD28488 • First found-in version: S5800_5820X-CMW520-F1207 • Condition: Device temperature over warning value. • Description: The word “TEMPERATURE_WANRING” in warning information spelling
mistake, it should be “TEMPERATURE_WARNING”.
LSD53876 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Configure command “display ip netstream cache”. • Description: The word “Direc” in show information spelling mistake, it should be
“Direct”.
LSD53669 • First found-in version: S5800_5820X-CMW520-F1207 • Condition: When different VRF visit each other, delete ARP in source VRP. • Description: The destination VRF can’t copy the learning ARP, as a result, the VRF can’t
communicate with each other after ARP moved.
Resolved Problems in F1207 LSD54344 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Enable net stream on device and send traffic measurement packet to test
center. • Description: The TCP Flags field in traffic measurement packet is wrong.
LSD54650 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: The first time insert or plug sub slot after device boot up. • Description: There are packets lost for a little moment.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 49 of 167
LSD54409 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Apply more than 100 ACL rules through ACFP on an IRF system with two IPS
cards. • Description: The rules apply failed.
LSD54692 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Devices configure OSPF and apply MD5 authentication, run a long time in
an environment with a lot of OSPF neighbors. • Description: The OSPF neighbors may be break off and rebuild.
LSD54413 • First found-in version: S5800_5820X-CMW520-R1206 • Condition: Apply ACL policy include any field through ACFP on an IRF system with two
IPS cards. • Description: The traffic measurement is anomaly.
LSD54125 • First found-in version: S5800_5820X-CMW520- R1110P05 • Condition: Enable QinQ on the port, and configure BPDU-TUNNEL PVST. • Description: The inner VLAN tags of BPDU-Tunnel PVST packets are changed to 0.
Resolved Problems in R1206 LSD41738 • First found-in version: S5800_5820X-CMW520-E1107 • Condition: There is an IRF system MAC change event occur when cluster command
switch as a master member in IRF rebooted. • Description: The cluster function becomes invalid.
LSD52117 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: When the sending interface index of Sflow V5 Sampler is unknown. • Description: It should filter “0” into the field of the packet in stead of “1” according to
the standard.
LSD53033 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Configure a PBR and set the next hop to a tunnel interface. • Description: The PBR can’t work properly.
LSD44944 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: IP ttl-expires function does not enabled on device, and the port received
packets with TTL = 1.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 50 of 167
• Description: The packet would be sent to CPU wrongly.
HWD26461 • First found-in version: S5800_5820X-CMW520-R1110P05 • Condition: Configure command “_reset transceiver diagnosis” to clear diagnosis
information about optic Transceiver. • Description: Command line will return error such as “Error: There is no any transceiver
information”.
ZDD03348 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Telnet server from other company with our devices, and the packets from
server has a head with “\0\r\n”. • Description: There will be nothing displayed or the display is half-baked.
LSD42682 • First found-in version: S5800_5820X-CMW520-R1110P04 • Condition: Apply unsupported MQC or not enough resource for new ACL application. • Description: Abnormal protocol behavior or function occurred on device. For example,
the device can’t learn ARP anymore.
HSD51987 • First found-in version: S5800_5820X-CMW520- R1110P05 • Condition: As an NTP client, the device synchronizes its clock with the NTP server. When
the server’s clock is not accurate, the clock difference is too large between the server and the client.
• Description: The device discards the NTP clock source.
LSD58024 • First found-in version: S5800_5820X-CMW520- R1100P05 • Condition: The actual number of intra-zone route entries on the device is not
consistent with that calculated by the OSPF SPF algorithm. In such a case, install new intra-zone route entries to make the total number of intra-zone route entries more than the upper limit of the device.
• Description: Continuous SPF calculation might occur, causing 100% of CPU utilization.
RTD40567 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Walk MIB node “hh3cLswPortType” through SNMP. • Description: None is returned.
Resolved Problems in R1110P05 LSD49224 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: S5820X works with IPS and configures IPS in mirror mode; Enable MSTP multi
instances on device.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 51 of 167
• Description: The L2 switched unicast packets matched Mirror rule is dropped.
LSD48166 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Device works for a long time. • Description: Login the device with telnet and show info in log buffer, there is error
information in log buffer such as “vt0 has got the TCB of task FC0”.
LSD48127 • First found-in version: S5800_5820X-CMW520-R1110P04 • Condition: Configure a radius primary server which doesn’t exist and set it to active
manually. • Description: The server status can’t change from active to block automatically.
LSD47296 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Execute the SNMP script to access MIB entry of hh3cRrppPortEntry. • Description: The device reboots.
TCD02368 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Execute “reset saved-configuration” on device. • Description: Current startup saved-configuration file is NULL when execute “display
startup” and the configuration still exists when execute “display saved-configuration”.
LSD47874 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Configure two ports in one IRF-PORT group, one port connects to other
device to buildup an IRF system, the other port is added and deleted from the IRF-PORT group repeatedly.
• Description: Size of 2048 byte memory leaks.
LSD49095 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Reboot master device of an IRF group and then delete MAD BFD and
reconfigure it. • Description: BFD session can’t create successfully.
LSD48911 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: There are a lot of configurations related to link aggregation on the device
and it connects to another device with aggregation link; Reboot the other device. • Description: The device reboots occasionally.
LSD48912 • First found-in version: S5800_5820X-CMW520-R1110P04 • Condition: There are seven users login the device through SSH and execute “display
current-configuration”
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 52 of 167
• Description: There is nothing displayed for the last user.
LSD48856 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: When link status change and there are a lot of ARP items need to be
updated. • Description: The ARP table can’t be updated in a short time.
LSD48822 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: One user displays the ACL and another user deletes the ACL at the same
time. • Description: The device reboots.
LSD48776 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Press TAB key at the view which doesn’t support key word attaching. • Description: Memory leaks.
LSD48486 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Configure “port connection-mode extend” on master device of IRF group
and reboot the master device. • Description: The configuration “port connection-mode extend” lost after the device
rebooted.
LSD48823 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Send VRRP packets to a VLAN-interface which doesn’t enable VRRP. • Description: The status of other VRRP groups changes frequently.
LSD46979 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Reboot an IRF group with a lot of ports has been configured “mac-vlan”
and “voice vlan”. • Description: It costs a long time to recover the IRF system.
LSD47345 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Send IPV6 L3 packets that destination is unknown. • Description: The CPU usage is high.
LSD49724 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: The device works at heavy traffic for a long time. • Description: There are some parity check errors on chip occasionally.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 53 of 167
HWD25109 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Insert an optical module to a port which the RX power threshold or the
actually RX power is lower than -20db, and display the diagnostic info of the module. • Description: The RX power threshold or the actually RX power displayed is not correctly.
It’s displayed as -40db.
Resolved Problems in R1110P04 LSD42465 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: In IPS application, enable ACFP redirect policy on device and enable
portal on L3 interface connected to users. • Description: The counter of the port may be a large value.
LSD47541 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Apply ACFP policy on the four GE fiber port or the GE port on sub slot of
S5800-60C-PWR. • Description: The packets can’t be redirected to IPS card.
LSD47217/LSD47620 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: When display information about L3 table and at the same time the device
is learning ARP. • Description: The RX task can’t receive packets occasionally and the device may
reboot.
LSD47830 • First found-in version: S5800_5820X-CMW520-R1110P03 • Condition: DLDP up and down frequently for a long time. • Description: Some tasks hang up and the device can’t work properly.
LSD47104 • First found-in version: S5800_5820X-CMW520-R1110P03 • Condition: Configure the log host in a VPN and configure the source IP to send the log
message. • Description: The device can’t send the log message with the configured source IP.
LSD47000 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Configure the ACFP rule with “gt” or “lt” a L4 port number. • Description: The traffic “eq” to the configured L4 port number will be redirected or
mirrored to the IPS.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 54 of 167
LSD48982 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: When user login the switch through SSH, and execute the display
diagnostic-information and select output the result to the screen directly while there is a lot of lot of MAC-ADDRESS, routing entries or VLAN.
• Description: The switch may reboot.
LSD48065 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Apply more then 20 ACFP policies on device, then insert IPS card. • Description: Some of the policies can’t be applied successfully.
LSD48790 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Multi users access the device at the same time. One user adds or deletes
port member of a link aggregation group while another user display the link aggregation group.
• Description: The device reboots occasionally.
LSD48023 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: The IPS card works at “redirections” mode. • Description: The PC connected to the device directly can’t communicate its
gateway.
LSD48020 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: The IPS card works at “mirror” mode and enable portal at the downlink L3
interface. • Description: Users can’t authenticate successfully.
LSD47878 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: The IPS card works at “mirror” mode. • Description: The traffic of L2 packets is double and the L3 packets can’t be
transmitted.
LSD47326 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Enable NTDP on device and execute “ntdp explore” repeat • Description: The device reboots occasionally.
LSD48971 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Enable OSPF on device and configure import BGP route. • Description: Some iBGP route can’t be imported successfully.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 55 of 167
LSD46943 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: When receiving packets with double tag and the inter VLAN of tag is not
configured on the device. • Description: The packets will be dropped.
Resolved Problems in R1110P03 LSD45825 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable MAC-authentication with guest VLAN, when user authentications
failed and return to guest VLAN. • Description: The MAC-VLAN table related to the user has not been deleted.
LSD45782 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable VRRPE on IRF, the PC connected to master send a gratuitous ARP
packet conflict to the virtual IP of VRRP. • Description: The ARP reply packet from VRRP use a wrong MAC address, users
connected to the master can’t ping the master successfully.
LSD45441 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable MAC-authentication on IRF, the authentication users reach to the
max number on the slave. • Description: No more users can get authorized on the master.
LSD43000 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Insert 100M fiber module to 1000M fixed fiber port on the front panel of
S5800-60C-PWR switch. • Description: The port can’t forward packets occasionally.
LSD46220 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Insert IPS card to the device and enable inline mode to monitor L3 packet
flow. • Description: L3 packet cannot be transmitted.
LSD45742 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable CFD on a port and shutdown it. • Description: The trap information of CFD can’t be sent out.
LSD46204 • First found-in version: S5800_5820X-CMW520-F1110
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 56 of 167
• Condition: Enable loopback detection on device, and generate a loop. • Description: The device can’t send loopback trap message to the trap server.
LSD45971 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable port-bridge on device. • Description: Port-bridge can’t work properly.
LSD45888 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Change IRF port to a user port. • Description: Packets destined to this port probability cannot be forwarded.
LSD45776 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable MAC-address notifying information function on a port which has
enabled MAC max count limit. • Description: Mac-address notifying information function can’t work properly.
LSD45743 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: When no sampling algorithm configured on a port and monitors the flow
with NetFlow. • Description: Information from NetFlow shows the port configured sampling algorithm.
LSD46382 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: There is IPv4 ACL and IPv6 ACL with the same ACL number configured on
device, and the IPv6 ACL is null, apply packet-filter rule with the IPv6 ACL on L3 interface outbound direction, then add rules to IPv6 ACL.
• Description: The IPv4 ACL with the same ACL number will be applied.
LSD46062 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: View LACP configuration with Web. • Description: The port name of slot 10 has no slot information.
LSD46023 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Apply ACL on TFTP Server worked on VPN. • Description: TFTP put and get cannot work.
LSD45807 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Two IRF group connect by LACP with LACP MAD enabled, reboot one of
the IRF group.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 57 of 167
• Description: The CPU unitization of the other IRF group may be high and the network loss stability with a long time.
LSD45660 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: In an IRF system, add a 10G port to an aggregation group then configure
the port as an IRF port • Description: The device comes into configuration recovery process and cannot
response to CLI for a long time.
LSD46420 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Apply MQC or packet-filter with IPv6 next-header, SIP, DIP and other IP field. • Description: The rule applied cannot take into effect.
LSD46411 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Configure IP precedence field and TOS field in one ACL rule. • Description: The ACL rule with IP precedence field applied failed.
LSD46400 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable storm-constrain control block on a port which has configured
unicast-suppression or multicast-suppression. • Description: Storm-constrain control block worked failed.
LSD46115 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Create a link aggregation group between two IRF groups and enable VRRP
function, reboot the backup device that exchanges VRRP protocol packet with the other IRF group.
• Description: The VRRP status of the IRF changes to master from backup and then changes back.
LSD45875 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable ACL logging function on 10GE port then input traffic match the ACL
at wire speed. • Description: The logging information displayed is wrong.
LSD45761 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Enable ACL logging function on a port and input traffic match the ACL,
copy the rule of the ACL to other ACL number but don’t apply the ACL. • Description: There will be logging information associate the ACL displayed.
LSD46503 • First found-in version: S5800_5820X-CMW520-F1110
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 58 of 167
• Condition: Configure QOS WFQ and QOS GTS on a port at the same moment, input different size packets to different queues.
• Description: The packet rate of some queues doesn’t match the WFQ configured.
LSD47032 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Configure the guaranteed ratio buffer parameter of all the 8 queues. • Description: The device reboots after applying the buffer parameter.
LSD46884 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Repeat execute loopback internal test on port for a long time. • Description: The CLI will hang up.
LSD46772 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Apply ip-prefix deny function. • Description: Ip-prefix deny function works wrong, the static route which mask length
less then the configured is denied.
LSD46144 • First found-in version: S5800_5820X-CMW520-F1110 • Condition: Reboot the IRF group. • Description: There are a lot of recover configuration failed information about IRF,
portal, OAM and CFD etc.
Resolved Problems in F1110 LSD42426 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Enable bpdu-tunnel and QinQ VLAN transparent function on a port at the
same time. • Description: Bpdu-tunnel protocol packets passing through the service port are added
an outer tag wrongly.
LSD43636 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Enable dhcp-snooping on device, and the link connected to DHCP server is
an aggregation, “dhcp-snooping trust” configured on the link. • Description: The customer connected to the device can not get IP address from DHCP
server.
LSD44358 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Create tunnel interface on device. • Description: When pressing “display lldp neighbor-information interface T X/X/X” shows
all the ports’ LLDP neighbor information wrongly.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 59 of 167
LSD44217 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Two IRF group connect with an aggregation link, and configure MAD LACP
on both size of the link aggregation with different domain, then split one of the IRF group.
• Description: MAD LACP can not detect the split.
LSD44612 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Configure BFD MAD on an IRF, split of the IRF and then recover the IRF. • Description: IP routing conflict information will be displayed on device.
LSD45205 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Use Putty to telnet device with SSH mode. • Description: After a long time running, the device may be reboot probability.
LSD45107 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Access the device with web mode press a large number of characters in
the address frame. • Description: The device reboots.
LSD42604 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Delete all the VLANs in a VRRP environment. • Description: The master of IRF group may be reboot probability.
LSD44597 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Configure 115200 baud rate on serial port of the device and access the
device with 115200 baud rate. • Description: Some terminals may display illegible characters.
LSD44126 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Execute “debug port global-info” command on an IRF. • Description: The master of IRF reboots.
LSD44989 • First found-in version: S5800_5820X-CMW520-E1107 • Condition: Execute “display rps” /”display power” command on
S5800-32C/S5800-56C. • Description: “display rps” returns “not support” and “display power” shows power 2 is
absent.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 60 of 167
LSD45367 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Configure RRPP primary ring and subring to the max spec, then reboot. • Description: Protocol packets can not be sent to CPU after reboot.
LSD45467 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Use Saint to scan the IP address of the out-of-band management port. • Description: The device may be reboot probability.
LSD45354 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Disable lldp on device. • Description: LLDP protocol packets would be transmitted by the device.
LSD44062 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Ftp to a server as the client and use port mode. • Description: The device reboots.
LSD43999 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Enable VRRP normal mode on device and ping the virtual IP address with a
PC. • Description: The inner MAC address and outer MAC address of the ARP ACK packet
replied by the device are different.
LSD44289 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Configure “header incoming” on device • Description: Display configuration shows “header incomming”.
LSD44293 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Enable Sflow on a port, and no packets pass through on the port. • Description: Some Sflow statistic packets which only contain the header of standard
Sflow packet and with the length of 40 bytes are sent to the collector.
LSD44231 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Execute “display patch info” command. • Description: Word “temporary” is wrongly spelled as “temporaty”.
LSD43959 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Configure “bfd multi-hop destination-port 3784”. • Description: This configuration can not be saved to configuration file.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 61 of 167
LSD44125 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Add a link-up status port to an aggregation. • Description: The information of the port changing down shows on the device.
LSD45389 • First found-in version: S5800_5820X-CMW520-R1109 • Condition: Get the temperature of the device using MIB. • Description: The temperature returned is 65535.
LSD46092 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Insert Openxt optical module to 10GE port. • Description: The port is probability up and down.
Resolved Problems in R1109P01 LSD44209 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Inset 1G ESFP optic module to 10G port. • Description: Port would be down and up within one second frequently.
LSD44385 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Apply “remark drop-precedenc” and “remark qos-local-id” acl rules
together. • Description: Operation failed
LSD44633 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Power off and power on or reboot the devices of a stack in the same time. • Description: After reboot, the stack ports connected with a stack cable may keep link
down on either sides or one end link up but the other end link down.
Resolved Problems in R1109 LSD43327 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: S5820X device enable IPV6 function • Description: Qos behavior with car can’t apply successfully.
LSD42320 • First found-in version: S5800_5820X-CMW520-E1106
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 62 of 167
• Condition: Execute “reset unused porttag “command in stack device and then reboot master device.
• Description: Ports interface can’t be created partly.
LSD42292 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Scan device using IPV6 address unreachable packets. • Description: The device reboots.
LSD43302 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Walk MIB h3cMPortGroupTable node of IGMP group. • Description: The device reboots.
LSD42979 • First found-in version: S5800_5820X-CMW520-R1108 • Condition: Ping the server which use virtual LACP link-aggregation NIC connected with
device. • Description: The time delay is long.
LSD42422 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Configure multicast load balancing when already exit multicast entry. • Description: The multicast egress interface can’t be deleted.
Resolved Problems in R1108 LSD41882 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Continuous packets flow flush to the management port. • Description: The console port no reaction or the device reboots.
LSD42640 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Remove stack configuration on the port and use this port to switch normal
packets. • Description: Multicast packets can’t send out from this port.
LSD42578 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Ftp to the server using IPV6 and execute “dir” command. • Description: The device reboots.
LSD42662 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Shut down and undo shut down the 10G Ethernet port.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 63 of 167
• Description: 10G port can’t link up.
LSD42753 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Configure forced speed and duplex on the 10G port which inserted 1000M
fiber module and reboots the device. • Description: The port switch packet only in single direction.
LSD42580 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Plug out fiber or cable in the device which configured link-delay and
dynamic link aggregation configuration. • Description: The port can’t switch packets.
LSD38727 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Configure VPN bind virtual interface in the S5820X-28S or S5820X-28C
device. • Description: The direct IP in VPN can’t ping successfully.
LSD38723 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Show the current configuration on the device configured loopback
interface. • Description: The loopback interface configuration are behind the info center related
configuration
LSTD39672 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Receive telnet packets over 640 Kbps on a port. And the packets are not to
the device’s CPU port. • Description: The packets over 640 Kbps will be dropped by the port.
Resolved Problems in E1107 LSD39253 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Configure cluster and cluster ftp server on the command switch. • Description: log on ftp server from member switch and failed to get/put file.
LSD39151 • First found-in version: S5800_5820X-CMW520-E1106 • Condition: Configure STP and run LLDP compatible with CDP • Description: The STP discard port doesn’t switch CDP packets.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 64 of 167
Resolved Problems in E1106P01 None
Resolved Problems in E1106 First release
Related Documentation New Feature Documentation
Table 10 New Feature Documentation
For information about new features, see Documentation Set <H3C S5820X&S5800 Series Ethernet Switches Configuration Guides-Release 1211> and <H3C S5820X&S5800 Series Ethernet Switches Command References-Release 1211>.
Documentation Set Table 11 Documentation set
Manual Version H3C S5820X Series Ethernet Switches Installation Manual 6W104
H3C S5800 Series Ethernet Switches Installation Manual 6W104
H3C PSR150-A&PSR150-D Power Modules User Manual 5W101
H3C PSR300-12A&PSR300-12D1 Power Modules User Manual 5PW102
H3C PSR750-A&PSR750-D Power Modules User Manual 5PW102
H3C S5820X&S5800 Switch Series Configuration Guides-Release 1211 6W100
H3C S5820X&S5800 Switch Series Command References-Release 1211 6W100
H3C LSVM1AC650 & LSVM1DC650 Power Modules User Manual 5PW101
Obtaining Documentation Downloading Documentation
Take the following steps to get related documents from the H3C website at www.h3c.com.
Table 12 Download documentation from the H3C website
How to apply for an account
Access the homepage of H3C at http://www.h3c.com and click Registration at the top right. In the displayed page, provide your information and click Submit to register.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 65 of 167
How to apply for an account
Access the homepage of H3C at http://www.h3c.com and click Registration at the top right. In the displayed page, provide your information and click Submit to register.
How to get documentation
Approach 1: In the homepage of H3C at http://www.h3c.com, select Technical Support & Document > Technical Documents from the navigation bar at the top. Then select a product for its documents. Approach 2: In the Support area of the H3C homepage at http://www.h3c.com, select Technical Documents. Then select a product for its documents.
The operation and command manuals corresponding to a software version are released along with the software version.
Software Upgrading Introduction
Loading software on the switch involves loading application files and upgrading the Boot ROM program by using the host software package. The host software package of the S5800 series comprises the Boot ROM files and application files with the file name extension .bin. • Loading application files: Download the host software package to the flash memory
on the switch and set the attribute (main, backup, or none) of the application files. • Upgrading the Boot ROM program: Use Boot ROM files in the host software package to
upgrade the Boot ROM program of the switch.
NOTE: Boot ROM files (stored together with application files with name extension .bin in the host software package) used for upgrade are complete Boot ROM files. A complete Boot ROMfile includes a basic section and an extended section. The basic Boot ROM section is the smallest program file used to complete the primary initialization of the system. With rich human-computer interaction (HCI) functions, the extended Boot ROM section uses Ethernet interfaces for upgrading the applications and the boot system.
Approaches for Loading Software You can load application and configuration files of the switch through the Boot ROM menu or the CLI.
Table 13 Approaches for loading software on the switch
Approach Section
Loading files through the Boot ROM Loading Software Using XMODEM Through Console Port
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 66 of 167
Approach Section Loading Software Using TFTP Through Ethernet Port menu
Loading Software Using FTP Through Ethernet Port
Loading Software through USB Interface
Loading Software Using FTP Loading files through the CLI
Loading Software Using TFTP
NOTE: • Each S5800-32F series switch provides a management Ethernet port, which can operate
regardless of the working status of the switching chip. To upgrade the Boot ROM program or load application files when the switching chip fails to operate normally, youare recommended to use the management Ethernet port.
• Loading the Boot ROM or application files through the management Ethernet port is similar to that through the common Ethernet port. This manual takes the common Ethernet port as examples in file loading.
Loading Software through the Boot ROM Menu
To load the Boot ROM and application files through the Boot ROM menu, you need to correctly connect a user terminal to the switch using a console cable.
Introduction to the Boot ROM Menu Starting......
************************************************************************
* *
* H3C S5800-56C BOOTROM, Version 007 *
* *
************************************************************************
Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.
Creation Date : Dec 2 2008,17:43:47
CPU Clock Speed : 750MHz
Memory Size : 512MB
Flash Size : 512MB
CPLD Version : 001
PCB Version : Ver.B
Mac Address : 000ef2005800
Press Ctrl-B to enter Extended Boot menu...4
When the system displays “Press Ctrl-B to enter Extended Boot menu”, press Ctrl + B. Then, the following prompt is displayed: Please input BootRom password:
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 67 of 167
NOTE: • By default, the system starts up in normal mode and the waiting time here is five
seconds. If you set the startup mode to fast, the waiting time is one second. • To enter the Boot ROM menu in normal mode, you need to press Ctrl + B within four
seconds when the system displays “Press Ctrl-B to enter Boot Menu”. Otherwise, the system starts decompressing the application files.
• You need to restart the switch if you want to enter the Boot ROM menu after the application files are decompressed.
Enter the Boot ROM password (the initial password is null). Then the system displays the Boot ROM menu. BOOT MENU
1. Download application file to flash
2. Select application file to boot
3. Display all files in flash
4. Delete file from flash
5. Modify BootRom password
6. Enter BootRom upgrade menu
7. Skip current configuration file
8. Set BootRom password recovery
9. Set switch startup mode
0. Reboot
Enter your choice(0-9):
The items in the Boot ROM menu are described in Table 14 .
Table 14 Description of the Boot ROM menu
Item Description 1. Download application file to flash Download the application file to the flash memory
2. Select application file to boot Select the application file to boot
3. Display all files in flash Display all files in the flash memory
4. Delete file from flash Delete files from the flash memory
5. Modify BootRom password Modify the Boot ROM password
6. Enter BootRom upgrade menu Enter the Boot ROM update menu
7. Skip current configuration file Skip the current configuration file (this configuration is valid once)
8. Set BootRom password recovery Restore the Boot ROM password
9. Set switch startup mode Set the startup mode of the switch
0. Reboot Restart the switch
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 68 of 167
NOTE: • Currently, Boot ROM files are not provided separately by the S5800 series; instead, they
are stored together with the application files with name extension .bin in the host software package.
• The procedures for upgrading the Boot ROM program and loading application files aresimilar except that you need to select different items (1 for loading application files, and 6 for loading Boot ROM files) in the Boot ROM menu. This manual takes upgrading the Boot ROM program as examples.
Loading Software Using XMODEM Through Console Port Introduction to XMODEM XMODEM is a file transfer protocol widely used for its simplicity. XMODEM transfers files through the console port, supporting data packets of 128 bytes. With respect to reliability, it supports checksum, CRC, and the error packet retransmission mechanism. Normally, the maximum number of retransmission attempts is ten.
XMODEM transfer is completed by receiving and sending programs together. Receiving program initiates packet checking method negotiation by sending the negotiation character. If negotiation passes, the sending program starts packet transfer. Upon receipt of a complete packet, the receiving program checks it using the agreed-upon check method. If the check succeeds, the receiving program sends an acknowledgement character; if the check fails, it sends a reject character. Upon receipt of the acknowledgement, the sending program continues to send the next packet; upon receipt of the reject, it retransmits the packet.
Setting Terminal Parameters When setting up the configuration environment through the console port, the terminal or PC can use the terminal emulation program to communicate with the switch. You can run the HyperTerminal of the Windows operating system to connect to other PCs, network devices, and Telnet sites. For detailed information and the use of the HyperTerminal, refer to the HyperTerminal Help documentation in Help and Support Center on the PC running the Windows operating system.
In the following configuration procedure, Windows XP HyperTerminal is used to communicate with the switch. 1. Start the PC and run the terminal emulation program. 2. Set terminal parameters as follows: • Bits per second: 9,600 • Data bits: 8 • Parity: None • Stop bits: 1 • Flow control: None • Emulation: VT100
The specific procedure is as follows:
Step1 Select Start > Programs > Accessories > Communications > HyperTerminal to enter the HyperTerminal window. The Connection Description dialog box appears, as shown below.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 69 of 167
Figure 1 Connection description of the HyperTerminal
Step2 Type the name of the new connection in the Name text box and click OK. The following dialog box appears. Select the serial port to be used from the Connect using drop-down list.
Figure 2 Set the serial port used by the HyperTerminal connection
Step3 Click OK after selecting a serial port. The following dialog box appears. Set Bits per second to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 70 of 167
Figure 3 Set the serial port parameters
Step4 Click OK after setting the serial port parameters and the system enters the HyperTerminal
window shown below.
Figure 4 HyperTerminal window
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 71 of 167
Step5 Click Properties in the HyperTerminal window to enter the Switch Properties dialog box. Click the Settings tab, set the emulation to VT100, and then click OK.
Figure 5 Set terminal emulation in Switch Properties dialog box
Upgrading the Boot ROM program Complete the following tasks to update the Boot ROM program using XMODEM through the console port (For details about the HyperTerminal, refer to Setting Terminal Parameters:
Task Remarks Enter the Boot ROM update menu on the switch
Enter the protocol parameter setting menu
Configure the switch to download files using XMODEM
Required Log in to the switch through the HyperTerminal and then configure the protocol used for loading files.
Set the download rate of the console port on the switch
Required Log in to the switch through the HyperTerminal and then set the download rate of the console port on the switch.
Change the rate of the serial port on the terminal
Optional Set the baud rate of the serial port on the terminal to be consistent with that of the console port on the switch.
Establish a connection between the terminal and the switch using the changed rate Optional
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 72 of 167
Task Remarks
Upload an application file from the terminal to the switch
Required Transmit a file from the terminal to the switch using the changed connection rate.
Update the Boot ROM file on the switch Required Update the Boot ROM file on the switch.
Restore the download rate to the default
Optional Set the baud rate of the serial port on the terminal to be consistent with the default rate of the console port on the switch.
Restart the switch to make the updated Boot ROM file effective Required
1. Enter the Boot ROM update menu on the switch
Enter the Boot ROM menu, and then enter 6 or press Ctrl + U after the system displays “Enter your choice(0-9):” to enter the Boot ROM update menu. Enter your choice(0-9): 6
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
The items in the Boot ROM update menu are described in Table 15 .
Table 15 Description of the Boot ROM update menu
Item Description 1. Update full BootRom Update the complete Boot ROM file
2. Update extended BootRom Update the extended Boot ROM section
3. Update basic BootRom Update the basic Boot ROM section
0. Return to boot menu Return to the Boot ROM menu
2. Enter the protocol parameter setting menu
After the system displays “Enter your choice(0-3):”, enter 1 to enter the protocol parameter setting menu. NOTE: All the Boot ROM files used for upgrade are complete Boot ROM files. 1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):
The items in the protocol parameter setting menu are described in Table 16 .
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 73 of 167
Table 16 Description of the protocol parameter setting menu
Item Description 1. Set TFTP protocol parameter Set TFTP parameters
2. Set FTP protocol parameter Set FTP parameters
3. Set XMODEM protocol parameter Set XMODEM parameters
0. Return to boot menu Return to the Boot ROM menu
3. Configure the switch to download files using XMODEM
Enter 3 to enter the download rate setting menu. Please select your download baudrate:
1.* 9600
2. 19200
3. 38400
4. 57600
5. 115200
0. Return
Enter your choice (0-5):
4. Set the download rate of the console port on the switch
Select an appropriate download rate. For example, if you select 115200 bps, that is, enter 5, the following information is displayed: Download baud rate is 115200 bps
Please change the terminal's baud rate to 115200 bps and select XMODEM protocol
Press enter key when ready
Now that the console communication baud rate of the switch has been changed to 115200 bps while that of the terminal is still 9600 bps, the two sides cannot communicate with each other. According to the prompt, you need to change the baud rate of the terminal to 115200 bps. NOTE: • Typically, the size of a .bin file is over 10 MB. Even at a baud rate of 115200 bps, the
update takes tens of minutes. • If you select 9600 bps as the download rate, you can skip the step Change the rate of
the serial port on the terminal. 5. Change the rate of the serial port on the terminal
To ensure communication between the terminal and the switch, the baud rate of the serial port on the terminal should be consistent with that of the console port on the switch.
Step1 Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the switch.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 74 of 167
Figure 6 Disconnect the terminal from the switch
Step2 Select File > Properties. In the Properties dialog box, click Configure (as shown in Figure 7 ), and then select 115200 from the Bits per second drop-down list box (as shown in Figure 8 ).
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 75 of 167
Figure 7 Properties dialog box
Figure 8 Modify the baud rate
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 76 of 167
Step3 Select Call > Call to reestablish the connection.
Figure 9 Reestablish the connection
NOTE: The new settings can take effect only after you reestablish the connection. 6. Establish a connection between the terminal and the switch using the changed rate
Press Enter to reestablish the connection between the terminal and the switch and download the application file at 115200 bps. The following information is displayed: Now please start transfer file with XMODEM protocol.
If you want to exit, Press <Ctrl+X>.
Loading ...CCCCCCCCCC
NOTE: Press Ctrl + X to quit downloading files; otherwise, proceed as follows. 7. Upload an application file from the terminal to the switch
Step4 Select Transfer > Send File in the HyperTerminal window (as shown in Figure 10 ). Click Browse in the pop-up dialog box (as shown in Figure 11 ) to select the application file to be downloaded (for example, update.bin), and select Xmodem from the Protocol drop-down list.
Figure 10 Transfer menu
Figure 11 File transmission dialog box
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 77 of 167
Step5 Click Send. The following dialog box appears:
Figure 12 Send the application file using XMODEM
8. Update the Boot ROM file on the switch
After the Boot ROM file is downloaded, the terminal displays the following information: Loading ...CCCC Done!
Will you Update Basic BootRom? (Y/N):Y
The system asks you whether you want to update the basic Boot ROM section. Click Y and then the system displays the following information after the update is completed. Updating Basic BootRom...........Done!
Updating extended BootRom? (Y/N):Y
The system asks you whether you want to update the extended Boot ROM section. Click Y. Then the system displays the following information after the update is completed: Updating extended BootRom.........Done!
Please change the terminal's baudrate to 9600 bps, press ENTER when ready.
9. Restore the download rate to the default
Set the baud rate to 9600 bps (refer to Change the rate of the serial port on the terminal for detailed operation). NOTE: If you select 9600 bps as the download rate, skip this step, that is, you do not need to modify the baud rate of the HyperTerminal. 10. Restart the switch to make the updated Boot ROM file effective
Press any key to return to the Boot ROM update menu. 1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 78 of 167
Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.
Loading an application file To load the application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information: 1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):3
Select an appropriate protocol in Table 16 to load the application file.
The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than the upgrading the Boot ROM program.
After the application file is loaded, the switch displays that you should set the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file. Writing flash..................................................................
................Done!
Please input the file attribute (Main/Backup/None) M
Done!
NOTE: If an application file with a specific attribute already exists when you set a new file with theattribute, the attribute of the existing file becomes none after the new file becomes effective.
Loading Software Using TFTP Through Ethernet Port Introductin to TFTP Trivial File Transfer Protocol (TFTP) is a TCP/IP protocol used for file transfer between client and server. It provides a simple and low-overhead file transfer service. TFTP provides unreliable data transfer over UDP.
Upgrading the Boot ROM program Complete the following tasks to upgrade the Boot ROM program using TFTP through an Ethernet port (For details about the HyperTerminal, refer to Setting Terminal Parameters:
Task Remarks
Set up the configuration environment
Required Connect the switch to the TFTP server through an Ethernet port, and to a PC through the console port. The PC and the TFTP server can be the same device.
Run the TFTP Server program on the sever Required
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 79 of 167
Task Remarks Run the terminal emulation program on the PC connected with the switch’s console port. Start the switch and enter the Boot ROM menu. Then enter the protocol parameter setting menu.
Enter the protocol parameter setting menu
Configure the switch to upload the Boot ROM file through TFTP
Required Log in to the switch through the HyperTerminal and configure the protocol for uploading the Boot ROM file.
Update the Boot ROM file on the switch Required Update the Boot ROM file on the switch.
Restart the switch to make the updated Boot ROM file effective
Required Restart the switch to make the updated Boot ROM file effective.
1. Set up the configuration environment
Connect an Ethernet port (GigabitEthernet 1/0/25, for example) of the switch to the server (whose IP address is available) that provides the file (usually the .bin file) to be downloaded, and connect the console port of the switch to a PC, as shown in Figure 13 .
Figure 13 Load software using TFTP/FTP through Ethernet port
CAUTION: • The PC and the TFTP/FTP server can be the same device. • Each S5800-32F series switch provides a management Ethernet port, which can operate
regardless of the working status of the switching chip. To upgrade the Boot ROM program or load application files when the switching chip fails to operate normally, youare recommended to use the management Ethernet port.
• The TFTP/FTP server program is not provided with the S5800 series. Make sure that it is available by yourself.
2. Run the TFTP Server program on the sever
Run TFTP Server on the server connected with the switch’s Ethernet port, and specify the path of the application file to be downloaded. 3. Run the terminal emulation program on the PC connected with the switch’s console
port. Start the switch and enter the Boot ROM menu. Then enter the protocol parameter setting menu.
If you want to load the Boot ROM file, enter 6 in the Boot ROM menu after the system displays “Enter your choice(0-9):” to enter the Boot ROM update menu. 1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 80 of 167
Enter your choice(0-3):
4. Enter the protocol parameter setting menu
Enter 1 to update the complete Boot ROM file, and then enter the protocol parameter setting menu. Bootrom update menu:
1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):
5. Configure the switch to upload the Boot ROM file through TFTP
Enter 1 to update the Boot ROM file using TFTP, and then set the TFTP parameters. Load File Name :update.bin
Server IP Address :10.10.10.2
Local IP Address :10.10.10.3
Gateway IP Address :
The parameters are described in Table 17 .
Table 17 Description of the TFTP parameters
Item Description Load File Name : Name of the file to be downloaded (for example, update.bin)
Server IP Address : IP address of server (for example, 10.10.10.2)
Local IP Address : IP address of the switch (for example, 10.10.10.3)
Gateway IP Address : IP address of the gateway (suppose it is not specified)
NOTE: • Enter the file name and IP addresses based on the actual condition. • If the switch and the server are on the same network segment, you can specify any
unused IP address of the network for the switch without specifying the gateway’s IP address; if they are not on the same segment, you need to specify the gateway’s IP address so that the switch can communicate with the server.
6. Update the Boot ROM file on the switch
Enter the corresponding parameters based on the actual condition. The system displays the following information: Loading........................................................................
...............................................................................
................................Done!
Will you Update Basic BootRom? (Y/N):Y
The system asks you whether you want to update the basic Boot ROM section. Click Y. Then the system displays the following information after the update is complete: Updating Basic BootRom...........Done!
Updating extended BootRom? (Y/N):Y
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 81 of 167
The system asks you whether you want to update the extended Boot ROM section. Click Y. Then the system displays the following information after the update is complete: Updating extended BootRom.........Done!
7. Restart the switch to make the updated Boot ROM file effective
Press any key to return to the Boot ROM update menu. Press enter key when ready
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.
Loading an application file To load an application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information: 1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):3
You can enter 1 to load the application file.
The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than upgrading the Boot ROM program.
After loading the application file, the switch displays that you should configure the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file. Writing flash..................................................................
................Done!
Please input the file attribute (Main/Backup/None) M
Done!
NOTE: If an application file with a specific attribute already exists when you set a new file with theattribute, the attribute of the existing file becomes none after the new file becomes effective.
Loading Software Using FTP Through Ethernet Port Introduction to FTP The switch can serve as either an FTP server or an FTP client by using its Ethernet port to download the system application and configuration files. The switch serves as an FTP client in the following examples.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 82 of 167
Upgrading the Boot ROM program
NOTE: When upgrading the Boot ROM program, the switch can serve only as an FTP client.
Complete the following tasks to upgrading the Boot ROM program using FTP through an Ethernet port (For details about the HyperTerminal, refer to Setting Terminal Parameters:
Task Remarks
Set up the configuration environment
Required Connect the switch to the TFTP server through an Ethernet port, and to a PC through the console port. The PC and the TFTP server can be the same device.
Run the FTP Server program on the server Required
Run the terminal emulation program on the PC connected with the switch’s console port. Start the switch and enter the Boot ROM menu, and then enter the protocol parameter setting menu.
Enter the protocol parameter setting menu
Configure the switch to load the Boot ROM file through FTP
Required Log in to the switch through the HyperTerminal and configure the protocol for uploading the Boot ROM file.
Update the Boot ROM file on the switch Required Update the Boot ROM file on the switch.
Restart the switch to make the updated Boot ROM file effective
Required Restart the switch to make the updated Boot ROM file effective.
1. Set up the configuration environment
Connect an Ethernet port (GigabitEthernet 1/0/25, for example) of the switch to the server (whose IP address is available) that provides the file (usually the .bin file) to be downloaded, and connect the console port of the switch to a PC, as shown in Figure 13 . 2. Run the FTP Server program on the server
Run FTP Server on the server connected with the switch’s Ethernet port, configure the FTP username and password, and specify the path of the application file to be downloaded. 3. Run the terminal emulation program on the PC connected with the switch’s console
port. Start the switch and enter the Boot ROM menu, and then enter the protocol parameter setting menu.
If you want to load the Boot ROM file, enter 6 in the Boot ROM menu after the system displays “Enter your choice(0-9):” to enter the Boot ROM update menu. 1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
4. Enter the protocol parameter setting menu
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 83 of 167
Enter 1 to update the complete Boot ROM file. Bootrom update menu:
1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):
5. Configure the switch to load the Boot ROM file through FTP
In the protocol parameter setting menu, enter 2 to update the Boot ROM file using FTP, and then set the FTP parameters. Load File Name :update.bin
Server IP Address :10.10.10.2
Local IP Address :10.10.10.3
Gateway IP Address :0.0.0.0
FTP User Name :5800
FTP User Password :123
The parameters are described in Table 18 .
Table 18 Description of the FTP parameters
Item Description Load File Name : Name of the file to be downloaded
Server IP Address : IP address of the PC
Local IP Address : IP address of the switch
Gateway IP Address : IP address of the gateway
FTP User Name Username for logging in to the FTP server, which should be consistent with that configured on the FTP server.
FTP User Password Password for logging in to the FTP server, which should be consistent with that configured on the FTP server.
NOTE: • Enter the file name and IP addresses based on the actual condition. • If the switch and the server are on the same network segment, you can specify any
unused IP address of the network for the switch without specifying the gateway’s IP address; if they are not on the same segment, you need to specify the gateway’s IP address so that the switch can communicate with the server.
6. Update the Boot ROM file on the switch
Enter the corresponding parameters based on the actual condition. The system displays the following information: Will you Update Basic BootRom? (Y/N):Y
The system asks you whether you want to update the basic Boot ROM section. Click Y. The system displays the following information after the update is complete: Updating Basic BootRom...........Done!
Updating extended BootRom? (Y/N):Y
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 84 of 167
The system asks you whether you want to update the extended Boot ROM section. Click Y and then the system displays the following information after the update is complete: Updating extended BootRom.........Done!
7. Restart the switch to make the updated Boot ROM file effective
Press any key to return to the Boot ROM update menu. Press enter key when ready
1. Update full BootRom
2. Update extended BootRom
3. Update basic BootRom
0. Return to boot menu
Enter your choice(0-3):
Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.
Loading an application file To load an application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information: 1. Set TFTP protocol parameter
2. Set FTP protocol parameter
3. Set XMODEM protocol parameter
0. Return to boot menu
Enter your choice(0-3):3
You can enter 2 to load the application file.
The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than upgrading the Boot ROM program.
After loading the application file, the switch displays that you should configure the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file. Writing flash..................................................................
................Done!
Please input the file attribute (Main/Backup/None) M
Done!
NOTE: If an application file with a specific attribute already exists when you set a new file with theattribute, the attribute of the existing file becomes none after the new file becomes effective.
Loading Software Through CLI By connecting a terminal to the switch, you can upgrade the Boot ROM program and load application files of the switch remotely through CLI.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 85 of 167
Loading Software through USB Interface Each S5800 series switch provides a USB interface on its front panel. You can download the Boot ROM and application files to a removable storage device (such as a USB flash disk), and load the file through the USB interface.
Suppose the Boot ROM and application files are stored in the file named update.bin, follow these steps to load the files from the USB flash disk.
Step1 Plug the USB flash disk containing the update.bin file in the USB interface of the switch.
Step2 Copy the update.bin file to the flash memory of the switch. <H3C> cd flash:
<H3C> copy usba:/upadate.bin update.bin
Step3 Remove the USB flash disk, and then load the Boot ROM file. <H3C> bootrom update file update.bin slot 1
This command will update bootrom file on the specified board(s), Continue? [Y/
N]:y
Now updating bootrom, please wait...
Step4 Load the application file, and specify the file as the main program file. <H3C> boot-loader file update.bin slot 1 main
This command will set the boot file of the specified board. Continue? [Y/N]:y
The specified file will be used as the main boot file at the next reboot on slot 1!
<H3C> display boot-loader
Slot 1
The current boot app is: flash:/update.bin
The main boot app is: flash:/update.bin
The backup boot app is: flash:/update.bin
<H3C> reboot
NOTE: • After loading the application file, use the reboot command to restart the switch to
make the update take effect (make sure you have saved other configurations before restart).
• If the flash memory does not have enough space, you can load the Boot ROM file first, and then delete certain application files from the flash memory (you are recommended to delete the unused host program files); then, load the application file to the switch through FTP for update.
• Avoid any power failure during the loading process.
Loading Software Using FTP As shown in Figure 14 , run FTP Server on the local host, configure username admin and the password, and specify the path of the file to be downloaded (suppose the IP address of the FTP server is 202.10.10.53). Then, telnet to the switch and send the host program file to the switch using FTP.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 86 of 167
Figure 14 Load software through FTP
Suppose the Boot ROM and application files are stored in the file named update.bin, follow these steps after you telnet to the switch.
Step1 Download the file to the switch using FTP. <H3C> ftp 202.10.10.53
Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):admin
331 Give me your password, please
Password:
230 Logged in successfully
[ftp] get update.bin update.bin
[ftp] bye
Step2 Upgrade the Boot ROM program. <H3C> bootrom update file update.bin slot 1
This command will update bootrom file on the specified board(s), Continue? [Y/
N]:y
Now updating bootrom, please wait...
Step3 Load the application file, and specify the file as the main program file. <H3C> boot-loader file update.bin slot 1 main
This command will set the boot file of the specified board. Continue? [Y/N]:y
The specified file will be used as the main boot file at the next reboot on slot 1!
<H3C> display boot-loader
Slot 1
The current boot app is: flash:/update.bin
The main boot app is: flash:/update.bin
The backup boot app is: flash:/update.bin
<H3C> reboot
NOTE: • After loading the application file, use the reboot command to restart the switch to
make the update take effect (make sure you have saved other configurations before restart).
• If the flash memory does not have enough space, you can load the Boot ROM file first, and then delete certain application files from the flash memory (you are recommended to delete the unused host program files); then, load the application file to the switch through FTP for update.
• Avoid any power failure during the loading process.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 87 of 167
Loading Software Using TFTP Loading a file through TFTP is similar to loading a file through FTP. The switch can serve only as a TFTP client that downloads the file from the TFTP server to its flash memory. The procedure after download is the same as loading the file remotely through FTP.
Appendix Details of Changed CLI Commands in R1211 display device manuinfo fan Syntax
On a centralized device or a distributed device:
display device manuinfo fan fan-id [ | { begin | exclude | include } regular-expression ]
On a centralized IRF member device:
display device manuinfo slot slot-number fan fan-id [ | { begin | exclude | include } regular-expression ]
On a distributed IRF member device:
display device manuinfo chassis chassis-number fan fan-id [ | { begin | exclude | include } regular-expression ]
View Any view
Default level 3: Manage level
Parameters slot slot-number: Displays the electrical label information of the fans on an IRF member device. The slot-number argument is the ID of a member device. (On a centralized IRF member device)
chassis chassis-number: Displays the electrical label information of the fans on an IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device)
fan fan-id: Displays the electrical label information of the specified fan. Support for this argument and the value range depend on the device model.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 88 of 167
regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256 characters.
Description Use the display device manuinfo fan command to display the electrical label information of the specified fan.
NOTE: Support for this command depends on the device model.
Examples # Display the electrical label information of fan 2. (On a centralized device or a distributed device) (The output of this command varies with devices) <Sysname> display device manuinfo fan 2
Fan unit 2:
DEVICE_NAME : fan
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
VENDOR_NAME : H3C
# Display the electrical label information of fan 2 on IRF member device 1. (On a centralized IRF member device) (The output of this command varies with devices) <Sysname> display device manuinfo fan 2
Slot 1:
Fan unit 2:
DEVICE_NAME : fan
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
VENDOR_NAME : H3C
# Display the electrical label information of fan 2 on IRF member device 1. (On a distributed IRF member device) (The output of this command varies with devices) <Sysname> display device manuinfo chassis 1 fan 2
Chassis 1:
Fan unit 2:
DEVICE_NAME : fan2
DEVICE_SERIAL_NUMBER : 210235A36L1234567891
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
VENDOR_NAME : H3C
display device manuinfo power Syntax
On a centralized device or a distributed device:
display device manuinfo power power-id [ | { begin | exclude | include } regular-expression ]
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 89 of 167
On a centralized IRF member device:
display device manuinfo slot slot-number power power-id [ | { begin | exclude | include } regular-expression ]
On a distributed IRF member device:
display device manuinfo chassis chassis-number power power-id [ | { begin | exclude | include } regular-expression ]
View Any view
Default level 3: Manage level
Parameters slot slot-number: Displays the electrical label information of the PSUs on an IRF member device. The slot-number argument is the ID of a member device. (On a centralized IRF member device)
chassis chassis-number: Displays the electrical label information of the PSUs on an IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device)
power power-id: Displays the electrical label information of the specified power supply unit (PSU), where power-id represents the PSU number. The value varies with devices.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256 characters.
Description Use the display device manuinfo power command to display the electrical label information of the specified PSU.
NOTE: Support for this command depends on the device model.
Examples # Display the electrical label information of PSU 2. (On a centralized device or a distributed device) (The output of this command varies with devices) <Sysname> display device manuinfo power 2
Power unit 2:
DEVICE_NAME : power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 90 of 167
VENDOR_NAME : H3C
# Display the electrical label information of PSU 2 on IRF member device 1. (On a centralized IRF member device) (The output of this command varies with devices) <Sysname> display device manuinfo slot 1 power 2
Slot 1:
Power unit 2:
DEVICE_NAME : power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
VENDOR_NAME : H3C
# Display the electrical label information of PSU 2 on IRF member device 1. (On a distributed IRF member device) (The output of this command varies with devices) <Sysname> display device manuinfo chassis 1 power 2
Chassis 1:
Power unit 2:
DEVICE_NAME : power2
DEVICE_SERIAL_NUMBER : 210235A36L1234567891
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2010-01-20
VENDOR_NAME : H3C
oam loopback interface Syntax
oam loopback interface interface-type interface-number
undo oam loopback interface interface-type interface-number
View User view, system view
Default level 1: Monitor level
Parameters interface-type interface-number: Specifies a port by its type and number.
Description Use the oam loopback command to enable Ethernet OAM remote loopback on an Ethernet port.
Use the undo oam loopback command to disable Ethernet OAM remote loopback on an Ethernet port.
By default, Ethernet OAM remote loopback is disabled on an Ethernet port.
Ethernet OAM remote loopback is available only after the Ethernet OAM connection is established and can be performed only by the Ethernet OAM entities operating in active Ethernet OAM mode.
Related commands: oam enable, oam loopback, and oam mode.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 91 of 167
Examples # Configure the active Ethernet OAM mode and enable Ethernet OAM on Ethernet 1/1, and then enable Ethernet OAM remote loopback on Ethernet 1/1 in system view. <Sysname> system-view
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] oam mode active
[Sysname-Ethernet1/1] oam enable
[Sysname-Ethernet1/1] quit
[Sysname]oam loopback interface ethernet 1/1
fan prefer-direction Syntax
On a centralized device:
fan prefer-direction { power-to-port | port-to-power }
undo fan prefer-direction
On a distributed device/centralized IRF member device:
fan prefer-direction slot slot-number { power-to-port | port-to-power }
undo fan prefer-direction slot slot-number
On a distributed IRF member device:
fan prefer-direction chassis chassis-number { power-to-port | port-to-power }
undo fan prefer-direction chassis chassis-number
View System view
Default level 2: System level
Parameters slot slot-number: Verifies the fan ventilation direction of the specified card. The slot-number argument represents the number of the slot of a card. (On a distributed device)
slot slot-number: Verifies the fan ventilation direction of the specified member device. The slot-number argument is the ID of a member device of the current IRF virtual device. (On a centralized IRF member device)
chassis chassis-number: Verifies the fan ventilation direction of the specified IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device)
power-to-port: Verifies that the fan ventilation direction is from the PSU side to the port side.
port-to-power: Verifies that the fan ventilation direction is from the port side to the PSU side.
Description Use the fan prefer-direction command to verify the fan ventilation direction.
Use the undo fan prefer-direction command to restore the default.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 92 of 167
The default fan ventilation direction depends on your fan model.
A product series has a default air ventilation direction that cannot be modified at the CLI. If the ventilation direction of the fan tray is not consistent with the system, the system regards that the fan tray is wrong, and repeatedly outputs traps and logs. In this case, if the fan tray has the same ventilation direction as the air ventilation system in the equipment room, you can use this command to verify the ventilation direction of the fan tray so that the system stops outputting traps and logs.
NOTE: Support for this command depends on the device model.
Examples # Verfify the fan ventilation direction as port-to-power. <Sysname> system-view
[Sysname] fan prefer-direction port-to-power
pim bfd enable Syntax
pim bfd enable
undo pim bfd enable
View Interface view
Default level 2: System level
Parameters None
Description Use the pim bfd enable command to enable PIM to work with Bidirectional Forwarding Detection (BFD).
Use the undo pim bfd enable command to disable this feature.
By default, this feature is disabled.
You must enable PIM-DM or PIM-SM on an interface before you configure this feature on the interface. Otherwise, this feature is not effective.
Related commands: pim dm and pim sm.
Examples # Enable IP multicast routing in the public network, enable PIM-SM on interface VLAN-interface 100, and enable PIM to work with BFD on the interface. <Sysname> system-view
[Sysname] multicast routing-enable
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] pim sm
[Sysname-Vlan-interface100] pim bfd enable
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 93 of 167
pim ipv6 bfd enable Syntax
pim ipv6 bfd enable
undo pim ipv6 bfd enable
View Interface view
Default level 2: System level
Parameters None
Description Use the pim ipv6 bfd enable command to enable IPv6 PIM to work with Bidirectional Forwarding Detection (BFD).
Use the undo pim ipv6 bfd enable command to disable this feature.
By default, this feature is disabled.
You must enable IPv6 PIM-DM or IPv6 PIM-SM on an interface before you configure this feature on the interface. Otherwise, this feature is not effective.
Related commands: pim ipv6 dm and pim ipv6 sm.
Examples # Enable IPv6 multicast routing in the public network, enable IPv6 PIM-SM on interface VLAN-interface 100, and enable IPv6 PIM to work with BFD on the interface. <Sysname> system-view
[Sysname] multicast ipv6 routing-enable
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] pim ipv6 sm
[Sysname-Vlan-interface100] pim ipv6 bfd enable
ospfv3 bfd enable Syntax
ospfv3 bfd enable [ instance instance-id ]
undo ospfv3 bfd enable [ instance instance-id ]
View Interface view
Default level 2: System level
Parameters instance-id: Instance ID of the interface. It ranges from 0 to 255 and defaults to 0.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 94 of 167
Description Use the ospfv3 bfd enable command to enable BFD for link failure detection on an OSPFv3 interface.
Use the undo ospfv3 bfd enable command to disable BFD on the OSPFv3 interface.
By default, the OSPFv3 interface is not enabled with BFD.
Examples # Enable BFD on VLAN-interface 11 in instance 1. <Sysname> system-view
[Sysname] interface vlan-interface 11
[Sysname-Vlan-interface11] ospfv3 bfd enable instance 1
isis ipv6 bfd enable Syntax
isis ipv6 bfd enable
undo isis ipv6 bfd enable
View Interface view
Default level 2: System level
Parameters None
Description Use the isis ipv6 bfd enable command to enable BFD on an IPv6 IS-IS interface for link failure detection.
Use the undo isis ipv6 bfd enable command to disable BFD on an IPv6 IS-IS interface.
By default, an IPv6 IS-IS interface is not enabled with BFD.
Examples # Enable BFD for IPv6 IS-IS on VLAN-interface 11. <Sysname> system-view
[Sysname] interface vlan-interface 11
[Sysname-Vlan-interface11] isis ipv6 bfd enable
peer bfd (IPv6 address family view/IPv6 BGP-VPN instance view) Syntax
peer ipv6-address bfd
undo peer ipv6-address bfd
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 95 of 167
View IPv6 address family view, IPv6 BGP-VPN instance view
Default level 2: System level
Parameters ipv6-address: IPv6 address of a peer.
Description Use the peer bfd command to enable BFD over the link to a BGP peer.
Use the undo peer bfd command to restore the default.
By default, BFD is not enabled for any BGP peer.
After a link failure occurs, BFD may detect the failure before the system performs GR, and as a result, GR will fail. Therefore, if GR capability is enabled for IPv6 BGP, use BFD with caution.
Examples # Enable BFD over the link to BGP peer 100::1. <Sysname> system-view
[Sysname] bgp 100
[Sysname] ipv6-family
[Sysname-bgp-af-ipv6] peer 100::1 bfd
ssl client-policy Syntax
ssl client-policy policy-name
undo ssl client-policy { policy-name | all }
View System view
Default level 2: System level
Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters, which cannot be “a”, “al”, or “all”.
all: Specifies all SSL client policies.
Description Use the ssl client-policy command to create an SSL policy and enter its view.
Use the undo ssl client-policy command to delete a specified SSL client policy or all SSL client policies.
Related commands: display ssl client-policy.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 96 of 167
Examples # Create SSL client policy policy1 and enter its view. <Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1]
ip check source max-entries Syntax
ip check source [ ipv6 ] max-entries number
undo ip check source [ ipv6 ] max-entries
View Layer 2 Ethernet port view
Default level 2: System level
Parameters ipv6: Limits the number of IPv6 source guard binding entries. Without this keyword, this command limits the number of IPv4 source guard binding entries.
number: Maximum number of IP source guard entries allowed on a port. The value ranges from 0 to 2048.
Description Use the ip check source max-entries command to limit the total number of static and dynamic IPv4 (or IPv6) source guard binding entries on a port. When the number of IPv4 (or IPv6) binding entries on a port reaches the maximum, the port does not allowed new IPv4 (or IPv6) binding entries any more.
Use the undo ip check source max-entries command to restore the default.
By default, the maximum number of IPv4/IPv6 source guard binding entries allowed on a port is 2048.
If the maximum number of IPv4 (or IPv6) binding entries to be configured on a port is smaller than the number of existing IPv4 (or IPv6) binding entries on the port, the maximum number can be configured successfully and the existing entries will be not be affected. New IPv4 (or IPv6) binding entries, however, cannot be added more, unless the number of IPv4 (or IPv6) binding entries on the port drops below the configured maximum.
The actual maximum number of binding entries that the switch can apply to a port depends on the ACL resource on the switch.
Examples # Set the maximum number of IP source guard binding entries on port GigabitEthernet 1/0/1 to 100. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip check source max-entries 100
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 97 of 167
preferred-path Syntax
preferred-path number interface tunnel tunnel-number [ disable-fallback ]
undo preferred-path number
View Tunneling policy view
Default level 2: System view
Parameters number: Number of the preferred tunnel, in the range 0 to 63. A smaller number means a higher priority.
interface tunnel tunnel-number: Specifies a tunnel interface for the preferred tunnel. tunnel-number represents the tunnel interface number, which ranges from 0 to 127.
disable-fallback: With this keyword specified, the tunneling policy does not select other paths when this preferred tunnel is matched (the tunnel’s destination address and encapsulation type are both matched) but is unavailable.
Description Use the preferred-path interface tunnel command to configure a preferred tunnel and specify a tunnel interface for it.
Use the undo preferred-path command to remove a preferred tunnel.
By default, no preferred tunnel exists.
In a tunneling policy, you can configure up to 64 preferred tunnels.
The tunnel interfaces specified for the preferred tunnels can have the same destination address and the tunnel encapsulation type must be MPLS TE.
Examples # Tunnel interfaces Tunnel 0, Tunnel 2, and Tunnel 3 have the same destination address 1.1.1.1. Configure a tunneling policy po1 for the switch, so that the switch selects tunnels for traffic destined for 1.1.1.1 in this order: Tunnel 0, Tunnel 2, Tunnel 3. If all three tunnels are unavailable, tunnel selection is stopped and traffic destined for 1.1.1.1 can not be transmitted. For traffic going to other destinations, the device selects tunnels by type, and only one CR-LSP tunnel can be selected. <Sysname> system-view
[Sysname] tunnel-policy po1
[Sysname-tunnel-policy-po1] preferred-path 0 interface tunnel 0
[Sysname-tunnel-policy-po1] preferred-path 2 interface tunnel 2
[Sysname-tunnel-policy-po1] preferred-path 3 interface tunnel 3 disable-fallback
[Sysname-tunnel-policy-po1] tunnel select-seq cr-lsp load-balance-number 1
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 98 of 167
ip urpf Syntax
ip urpf { loose | strict }
undo ip urpf
View System view, interface view
Default level 2: System level
Parameters loose: Specifies loose URPF check. To pass loose URPF check, the source address of a packet must match the destination address of a forwarding information base (FIB) entry.
strict: Specifies strict URPF check. To pass strict URPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.
Description Use the ip urpf command to enable URPF check globally.
Use the undo ip urpf command to disable URPF check.
By default, URPF check is disabled.
NOTE: The routing table size is decreased by half when URPF is enabled on the switch. To prevent loss of route entries and packets, you cannot enable URPF on the switch if the number of route entries the switch maintains exceeds half the routing table size.
Examples # Enable strict URPF check globally. <Sysname> system-view
[Sysname] ip urpf strict
cwmp Syntax
cwmp
View System view
Default level 2: System level
Parameters None
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 99 of 167
Description Use the cwmp command to enter CWMP view.
Examples # Enter CWMP view. <Sysname> system-view
[Sysname] cwmp
cwmp acs password Syntax
cwmp acs password passowrd
undo cwmp acs password
View CWMP view
Default level 2: System level
Parameters password: Password used for authentication when the CPE connects to the ACS, which is a case-sensitive string of 1 to 255 characters.
Description Use the cwmp acs password command to configure the password used for connection to the ACS.
Use the undo cwmp acs password command to restore the default.
By default, no password is configured for connection to the ACS.
If you use the command multiple times, the newly configured password overwrites the previous one.
The execution of the undo cwmp acs username command equals the execution of both undo cwmp acs username and undo cwmp acs password commands, which means the system deletes both the CPE username and the password at the same time.
Related commands: cwmp acs username.
Examples # Configure the password used for connection to the ACS as newpsw. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp acs password newpsw
cwmp acs url Syntax
cwmp acs url url
undo cwmp acs url
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 100 of 167
View CWMP view
Default level 2: System level
Parameters url: URL of the ACS, which is a string of 8 to 255 characters. An URL must be in the format of http://host[:port]/path.
Description Use the cwmp acs url command to configure the ACS URL.
Use the undo cwmp acs url command to restore the default.
By default, no ACS URL is configured.
If you use the command for multiple times, the newly configured URL overwrites the previous one.
Examples Configure the ACS URL as http://www.acs.com:80/acs. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp acs url http://www.acs.com:80/acs
cwmp acs username Syntax
cwmp acs username username
undo cwmp acs username
View CWMP view
Default level 2: System level
Parameters username: Username used for authentication when the CPE connects to the ACS, which is a case-sensitive string of 1 to 255 characters.
Description Use the cwmp acs username command to configure the username used for connection to the ACS.
Use the undo cwmp acs username command to restore the default.
By default, no username is configured for connection to the ACS.
If you use the command multiple times, the newly configured username overwrites the previous one.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 101 of 167
The execution of the undo cwmp acs username command equals the execution of both undo cwmp acs username and undo cwmp acs password commands, which means the system deletes both the CPE username and the password at the same time.
Related commands: cwmp acs password.
Examples # Configure the username used for connection to the ACS as newname. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp acs username newname
cwmp cpe connect retry Syntax
cwmp cpe connect retry times
undo cwmp cpe connect retry
View CWMP view
Default level 2: System level
Parameters times: Number of attempts that will be made to retry a connection, which ranges from 0 to 100. 0 indicates that no attempt will be made to retry a connection.
Description Use the cwmp cpe connect retry command to configure the maximum number of attempts the CPE can make to retry a connection.
Use the undo cwmp cpe connect retry command to restore the default.
By default, the retry times is infinity, that is, a CPE sends connect requests to the ACS at a specified interval all along.
Examples # Configure that the CPE can retry a connection for up to 5 times. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe connect retry 5
cwmp cpe connect interface Syntax
cwmp cpe connect interface interface-type interface-number
undo cwmp cpe connect interface
View CWMP view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 102 of 167
Default level 2: System level
Parameters interface-type interface-number: Type and number of the interface that connects a CPE to the ACS.
Description Use the cwmp cpe connect interface command to set the interface connecting to the ACS on the CPE.
Use the undo cwmp cpe connect interface command to restore the default.
By default, the interface that connects the CPE to the ACS is VLAN-interface 1.
Examples # Set the interface connecting to the ACS on the CPE to VLAN-interface 1. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe connect interface Vlan-interface 1
cwmp cpe inform interval Syntax
cwmp cpe inform interval seconds
undo cwmp cpe inform interval
View CWMP view
Default level 2: System level
Parameters seconds: Interval between sending the Inform messages, which ranges from 60 to 65535 seconds.
Description Use the cwmp cpe inform interval command to configure the interval at which the CPE sends an Inform message.
Use the undo cwmp cpe inform interval command to restore the default.
By default, the Inform message sending interval is 600 seconds.
Examples # Configure the CPE to send an Inform message every 3600 seconds. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform interval 3600
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 103 of 167
cwmp cpe inform interval enable Syntax
cwmp cpe inform interval enable
undo cwmp cpe inform interval enable
View CWMP view
Default level 2: System level
Parameters None
Description Use the cwmp cpe inform interval enable command to enable periodical sending of Inform messages.
Use the undo cwmp cpe inform interval enable command to restore the default.
By default, periodical sending of Inform messages is disabled.
Examples # Enable periodical sending of Inform messages. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform interval enable
cwmp cpe inform time Syntax
cwmp cpe inform time time
undo cwmp cpe inform time
View CWMP view
Default level 2: System level
Parameters time: Time at which the CPE sends an Inform message. The specified time must be in the format of yyyy-mm-ddThh:mm:ss, and in the range of 1970-01-01T00:00:00 to 2105-12-31T23:59:59. The specified time must be greater than the current system time.
Description Use the cwmp cpe inform time command to configure the CPE to send an Inform message at a specified time.
Use the undo cwmp cpe inform time command to restore the default.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 104 of 167
By default, the time is null, that is, the CPE is not configured to send an Inform message at a specific time.
Examples # Configure the CPE to send an Inform message at 2007-12-01T20:00:00. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform time 2007-12-01T20:00:00
cwmp cpe password Syntax
cwmp cpe password password
undo cwmp cpe password
View CWMP view
Default level 2: System level
Parameters password: Password used for authentication when the ACS connects to the CPE, which is a case-sensitive string of 1 to 255 characters.
Description Use the cwmp cpe password command to configure the password used for authentication when the ACS connects to the CPE.
Use the undo cwmp cpe password command to restore the default.
By default, no password is configured for connection to the CPE.
If you use the command for multiple times, the newly configured password overwrites the previous one.
The execution of the undo cwmp cpe username command equals the execution of both undo cwmp cpe username and undo cwmp cpe password commands, which means the system deletes both the CPE username and the password at the same time.
Related commands: cwmp cpe username.
Examples # Configure the password used for connection to the CPE as newpsw. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe password newpsw
cwmp cpe username Syntax
cwmp cpe username username
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 105 of 167
undo cwmp cpe username
View CWMP view
Default level 2: System level
Parameters username: Username used for authentication when the ACS connects to the CPE, which is a case-sensitive string of 1 to 255 characters.
Description Use the cwmp cpe username command to configure the username used for authentication when the ACS connects to the CPE.
Use the undo cwmp cpe username command to restore the default.
By default, no username is configured for connection to the CPE.
If you use the command for multiple times, the newly configured username overwrites the previous ones.
The execution of the undo cwmp cpe username command equals the execution of both undo cwmp cpe username and undo cwmp cpe password commands, which means the system deletes both the CPE username and the password at the same time.
Related commands: cwmp cpe password.
Examples # Configure the username used for connection to the CPE as newname. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe username newname
cwmp cpe wait timeout Syntax
cwmp cpe wait timeout seconds
undo cwmp cpe wait timeout
View CWMP view
Default level 2: System level
Parameters seconds: Timeout value of the CPE close-wait timer, which ranges from 30 to 1800 seconds.
Description Use the cwmp cpe wait timeout command to configure the close-wait timer of the CPE.
Use the undo cwmp cpe wait timeout command to restore the default.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 106 of 167
By default, the timeout of the CPE close-wait timer is 30 seconds.
Examples # Configure the CPE close-wait timeout as 60 seconds. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe wait timeout 60
cwmp enable Syntax
cwmp enable
undo cwmp enable
View CWMP view
Default level 2: System level
Parameters None
Description Use the cwmp enable command to enable CWMP.
Use the undo cwmp enable command to disable CWMP.
By default, CWMP is enabled.
CWMP cannot be disabled when it is performing upload or download operations.
Examples # Disable CWMP when there is no upload or download operations. <Sysname> system
[Sysname] cwmp
[Sysname-cwmp] undo cwmp enable
display cwmp configuration Syntax
display cwmp configuration [ | { begin | exclude | include } regular-expression ]
View Any view
Default level 2: System level
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 107 of 167
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.
Description Use the display cwmp configuration command to display the current configuration information of CWMP.
Examples # CWMP is enabled. Display the configuration information of CWMP. <Sysname> display cwmp configuration
TR-069 is enabled.
ACS URL :http://www.acs.com:80/acs
ACS username :newname
ACS password :newpsw3
Inform enable status :disabled
Inform interval :600s
Inform time :none
Wait timeout :30s
Reconnection times :Unlimited
Source IP interface :none
Table 19 Output description
Field Description
TR-069 is The status of CWMP (TR-069), including enabled and disabled.
ACS URL URL of the ACS. It is displayed as null if not configured.
ACS username Authentication username for connection to the ACS. It is displayed as null if not configured.
ACS password Authentication password for connection to the ACS. It is displayed as null if not configured.
Inform enable status Enabled/disabled status of periodical sending of Inform messages
Inform interval Interval between sending Inform messages
Inform time Date and time at which an Inform message will be sent. It is displayed as null if not configured.
Wait timeout Timeout value for the CPE to wait for a response
Reconnection times Number of attempts the CPE can make to retry a connection
Source IP interface Interface connecting to the ACS on the CPE. You can set this interface with the cwmp cpe connect interface command.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 108 of 167
display cwmp status Syntax
display cwmp status [ | { begin | exclude | include } regular-expression ]
View Any view
Default level 2: System level
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.
Description Use the display cwmp status command to display the current status information of CWMP.
Examples # CWMP is disabled. Display the status information of CWMP. <Sysname> display cwmp status
TR-069 is disabled.
# CWMP is enabled. Display the status information of CWMP. <Sysname> display cwmp status
TR-069 is enabled.
ACS URL :http://www.acs.com:80/acs
ACS information is set by :user
ACS username :newname
ACS password :newpsw3
Connection status :disconnected
Data transfer status :none
Time of last successful connection :none
Interval upon to next connection :1096832s
Table 20 Output description
Field Description
ACS URL URL of the ACS. It is displayed as null if not configured.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 109 of 167
Field Description
ACS information is set by
The mode through which CWMP gets the ACS URL. It is displayed as null if ACS URL is not configured. user: Indicates that the ACS URL is configured through CLI config file: Indicates that the ACS URL is configured through ACS DHCP: Indicates that the ACS URL is configured through DHCP
ACS username Authentication username for connection to the ACS. It is displayed as null if not configured.
ACS password Authentication password for connection to the ACS. It is displayed as null if not configured.
Connection status
Connection status, includes: connected: Indicates that the connection is established. disconnected: Indicates that the connection is not established. waiting response: Indicates that the device is waiting for a response.
Data transfer status
Data transfer status, includes: uploading: The device is uploading data. downloading: The device is downloading data. none: The device is not transferring data.
Time of last successful connection Time at which the last successful connection was established. If there is no successful connection, it is displayed as none.
Interval upon to next connection
Period of time after which the device will initiate a connection. If no interval or time is configured for Inform message sending, it is displayed as null.
Details of Changed CLI Commands in F1209P01 mac-address mac-roaming enable Syntax
mac-address mac-roaming enable
View System view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 110 of 167
Default level 2: System level
Parameters None
Description Use the mac-address mac-roaming enable command to make MAC-address roam to other slots in an IRF system.
This command not configured by default.
Examples # Open MAC roaming functions. <Sysname> system-view
[Sysname] mac-address mac-roaming enable
stp tc-snooping Syntax
stp tc-snooping
View System view
Default level 2: System level
Parameters None
Description Use the stp tc-snooping command to enable TC-snooping feature. Device can delete ARP item and MAC address when receive TCN packet at the condition STP disabled and TC-snooping enabled.
This command not configured by default and used only STP disabled.
Examples # Open TC-snooping functions. <Sysname> system-view
[Sysname] stp tc-snooping
Details of Changed CLI Commands in F1209 default Syntax
default
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 111 of 167
View Interface view
Default level 2: System level
Parameters None
Description Use the default command to restore the default settings of an interface.
This command may fail to restore some default settings of the interface because the conditions for restoring those settings are not satisfied. To view the execution result of the default command, use the display this command.
Examples # Restore the default settings of the interface GigabitEthernet 1/0/1. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] default
This command will restore the default settings. Continue? [Y/N]:y
ipv6 neighbor stale-aging Syntax
ipv6 neighbor stale-aging aging-time
undo ipv6 neighbor stale-aging
View System view
Default level 2: System level
Parameters aging-time: Age timer for ND entries, in the range of 1 to 24 hours.
Description Use ipv6 neighbor stale-aging command to set the age timer of ND entries.
Use the undo ipv6 neighbor stale-aging command to restore the default.
By default, the age timer of ND entries is four hours.
Examples # Set the age timer of ND entries to two hours. <Sysname> system-view
[Sysname] ipv6 neighbor stale-aging 2
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 112 of 167
next-server Syntax
next-server ip-address
undo next-server
View DHCP address pool view
Default level 2: System level
Parameters ip-address: IP address of a server.
Description Use the next-server command to specify the IP address of a server for DHCP clients.
Use the undo next-server command to remove the server’s address from the DHCP address pool.
By default, no server’s IP address is specified in the address pool on the DHCP server.
Examples # Specify IP address 1.1.1.1 in DHCP address pool 0. <Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] next-server 1.1.1.1
Details of Changed CLI Commands in F1208 ip route-static Syntax
ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ]
undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ]
ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] [ public ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ]
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 113 of 167
undo ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } [ next-hop-address [ public ] | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ]
View System view
Default level 2: System level
Parameters vpn-instance s-vpn-instance-name&<1-6>: Specifies a source MPLS L3VPN. s-vpn-instance-name is a case-sensitive string of 1 to 31 characters. &<1-6> indicates the argument before it can be entered up to 6 times. Each VPN has its own routing table, and the configured static route is installed in the routing tables of the specified VPNs. Support for this keyword and argument combination depends on the device model.
dest-address: Destination IP address of the static route, in dotted decimal notation.
mask: Mask of the IP address, in dotted decimal notation.
mask-length: Mask length, in the range 0 to 32.
next-hop-address: IP address of the next hop, in dotted decimal notation.
interface-type interface-number: Specifies the outbound interface by its type and number. If the outbound interface is a broadcast interface, such as an Ethernet interface, a virtual template or a VLAN interface, the next hop address must be specified.
vpn-instance d-vpn-instance-name: Specifies a destination MPLS L3VPN. d-vpn-instance-name is a case-sensitive string of 1 to 31 characters. If a destination VPN is specified, the router will search the outbound interface in the destination VPN based on the configured next-hop-address.
next-hop-address public: Indicates that the specified next-hop-address is a public network address, rather than a VPN instance address.
preference preference-value : Specifies the preference of the static route, which is in the range of 1 to 255 and defaults to 60.
tag tag-value: Sets a tag value for the static route from 1 to 4294967295. The default is 0. Tags of routes are used in routing policies to control routing. For more information about routing policies, see IP Routing Basics in the Layer 3 – IP Routing Command Reference.
permanent: Specifies the route as a permanent static route. If the outgoing interface is down, the permanent static route is still active.
description description-text: Configures a description for the static route, which consists of 1 to 60 characters, including special characters like space, but excluding ?.
bfd: Enable the BFD (bidirectional forwarding detection) function to detect reachability of the static route’s next hop. Once the next hop is unreachable, the system will switch to a backup route. Support for this key word varies by device.
control-packet: Implements BFD in the control packet mode.
echo-packet: Implements BFD in the echo packet mode.
bfd-source ip-address: Specifies the source address of BFD packets. H3C recommends you to configure loopback interface address.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 114 of 167
track track-entry-number: Associates the static route with a track entry. Use the track-entry-number argument to specify a track entry number, in the range 1 to 1024. Support for this argument varies with devices.
Description Use the ip route-static command to configure a unicast static route.
Use the undo ip route-static command to delete a unicast static route.
When configuring a unicast static route, follow these guidelines: 1. If the destination IP address and the mask are both 0.0.0.0 (or 0), the configured route
is a default route. The default route will be used for forwarding a packet if no route is available for the packet in the routing table.
2. You can implement different routing policies by tuning route preference. For example, to enable multiple routes to the same destination address to share load, assign the same preference for the routes; to enable them to back up one another, assign different preferences for them.
3. You can specify the outbound interface or the next hop address of the static route as needed. The next hop address cannot be the IP address of a local interface; otherwise, the route configuration will not take effect. If the outbound interface supports network address-to-link layer address resolution or is a point-to-point interface, you may specify only the interface or the next hop address.
• If the outbound interface is a Null 0 interface, there is no need to configure the next hop address.
• If the outbound interface is a point-to-point interface, a PPP interface for example, you may specify only the outbound interface rather than the peer address or both the outbound interface and peer address. As only the outbound interface is specified, there is no need to change the configuration of the route even if the peer address is changed.
• If the outbound interface is an NBMA and P2MP interface, you are recommended to specify both the interface and the next hop address for the route. This is because such interfaces support point-to-multipoint networks; for them the router must establish IP address-to-link layer address mappings for successful packet delivery.
• H3C does not recommend to specify a broadcast interface (such as an Ethernet interface or a VLAN interface) as the outbound interface for a static route, because a broadcast interface may have multiple next hops. If you have to do so, you must specify the corresponding next hop of the interface at the same time.
• To implement BFD with the control-packet mode, the remote end must create a BFD session; otherwise the BFD function cannot work. To implement BFD with the echo-packet mode, the BFD function can work without the remote end needing to create any BFD session.
• To configure a static route and enable BFD control packet mode for it, specify an outbound interface and a direct next hop—BFD establishes a direct session, or specify an indirect next hop and a specific BFD packet source address—BFD establishes an indirect session—for the static route.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 115 of 167
NOTE: • Whether this command supports the VPN instance varies with devices. • The static route does not take effect if you specify its next hop address first and
then configure the address as the IP address of a local interface, such as an Ethernet interface and VLAN interface.
• If route oscillation occurs, enabling BFD may worsen it. Be cautious when using BFD.
• To configure track monitoring for an existing static route, simply associate the static route with a track entry. For a non-existent static route, configure it and associate it with a track entry.
• If the track module uses NQA to detect the reachability of the private network static route's nexthop, the VPN instance number of the static route's nexthop must be identical to that configured in the NQA test group.
• If a static route needs route recursion, the associated track entry must monitor the nexthop of the recursive route instead of that of the static route. Otherwise, a valid route may be mistakenly considered invalid.
• Do not specify the permanent keyword together with the bfd or track keyword.
Examples # Configure a static route, whose destination address is 1.1.1.1/24, next hop address is 2.2.2.2, tag value is 45, and description information is for internet & intranet. <Sysname> system-view
[Sysname] ip route-static 1.1.1.1 24 2.2.2.2 tag 45 description for internet & intranet
# Configure a static route for a VPN instance named vpn1: the destination address is 1.1.1.1/16 and the next hop address is 1.1.1.2, which is the address of this VPN instance. <Sysname> system-view
[Sysname] ip route-static vpn-instance vpn1 1.1.1.1 16 vpn-instance vpn1 1.1.1.2
# Configure a static route: the destination address is 1.1.1.1/24, the outbound interface is Ethernet 1/1, and the next hop address is 2.2.2.2, and enable BFD with the echo packet mode. <Sysname> system-view
[Sysname] ip route-static 1.1.1.1 24 ethernet 1/1 2.2.2.2 bfd echo-packet
ip community-list Syntax
ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] *
undo ip community-list { basic-comm-list-num | basic comm-list-name } [ deny | permit ] [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] *
ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit } regular-expression
undo ip community-list { adv-comm-list-num | advanced comm-list-name } [ deny | permit ] [ regular-expression ]
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 116 of 167
View System view
Default level 2: System level
Parameters basic-comm-list-num: Basic community list number, in the range 1 to 99.
basic: Specifies a basic communist list name.
advanced: Specifies an advanced communist list name.
comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs.
adv-comm-list-num: Advanced community list number, in the range 100 to 199.
regular-expression: Regular expression of advanced community attribute, a string of 1 to 50 characters. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide.
deny: Specifies the match mode for the community list as deny.
permit: Specifies the match mode for the community list as permit.
community-number-list: Community number list, which is in the community number or aa:nn format; a community number is in the range 1 to 4294967295; aa and nn are in the range 0 to 65535. Up to 16 community numbers can be entered.
internet: Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute.
no-advertise: Routes with this attribute cannot be advertised to other BGP peers.
no-export: Routes with this attribute cannot be advertised out the local AS, or the confederation but can be advertised to other ASs in the confederation.
no-export-subconfed: Routes with this attribute cannot be advertised out the local AS, or to other sub ASs in the confederation.
Description Use the ip community-list to define a community list entry.
Use the undo ip community-list command to remove a community list or entry.
No community list is defined by default.
Examples # Define basic community list 1 to permit routing information with the internet community attribute. <Sysname> system-view
[Sysname] ip community-list 1 permit internet
# Define advanced community list 100 to permit routing information with the community attribute starting with 10. <Sysname> system-view
[Sysname] ip community-list 100 permit ^10
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 117 of 167
apply comm-list delete Syntax
apply comm-list { comm-list-number | comm-list-name } delete
undo apply comm-list
View Routing policy view
Default level 2: System level
Parameters comm-list-number: Community list number. A basic community list number ranges from 1 to 99. A advanced community list number ranges from 100 to 199.
comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs.
Description Use the apply comm-list delete command to remove the community attributes specified by the community list from BGP routing information.
Use the undo apply comm-list command to remove the clause configuration.
No community attributes are removed from BGP routing information by default.
Examples # Configure node 10 in permit mode of routing policy policy1: remove the community attributes specified in community list 1 from the BGP routing information matching AS-PATH list 1. <Sysname> system-view
[Sysname] route-policy policy1 permit node 10
[Sysname-route-policy] if-match as-path 1
[Sysname-route-policy] apply comm-list 1 delete
mac-table limit Syntax
mac-table limit mac-limit-number
undo mac-table limit
View VSI view
Default level 2: System level
Parameters mac-limit-number: Maximum number of MAC addresses that the device can learn for the VPLS instance. The value range varies with device models.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 118 of 167
Description Use the mac-table limit command to specify the maximum number of MAC addresses that the device can learn for the VPLS instance.
Use the undo mac-table limit command to restore the default.
The default maximum number of MAC addresses that the device can learn for a VPLS instance varies with device models. NOTE: Support for this command depends on the device model.
Examples # Set the maximum number of MAC addresses that the device can learn for VPLS instance aaa to 1024. <Sysname> system-view
[Sysname] vsi aaa
[Sysname-vsi-aaa] mac-table limit 1024
Details of Changed CLI Commands in F1207 dhcp-snooping rate-limit Syntax
dhcp-snooping rate-limit rate
undo dhcp-snooping rate-limit
View Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Default Level 2: System level
Parameters rate: Maximum rate of DHCP packets, in the range of 64 to 512 Kbps.
Description Use the dhcp-snooping rate-limit command to configure a DHCP packet rate on the interface..
Use the undo dhcp-snooping rate-limit command to restore the default.
By default, DHCP packet rate limit is disabled.
Examples # Set the maximum rate of DHCP packets on Layer 2 Ethernet interface GigabitEthernet 1/0/1 to 64 Kbps. <Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp-snooping rate-limit 64
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 119 of 167
default-route-advertise (OSPF view) Syntax
default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ]
undo default-route-advertise
View OSPF view
Default level 2: System level
Parameters always: Generates a default route in a Type-5 LSA into the OSPF routing domain regardless of whether a default route exists in the routing table. With this keyword specified, the router does not calculate default routes from other routers.
permit-calculate-other: Generates a default route in a Type-5 LSA into the OSPF routing domain if an active default route that does not belong to the current OSPF process exists in the IP routing table. With this keyword specified, the router calculates default routes from other routers. NOTE: If neither the always nor permit-calculate-other keyword is specified, the router generates a default route in a Type-5 LSA into the OSPF routing domain only when an active default route that does not belong to the current OSPF process exists in the IP routing table, and the router does not calculate default routes from other routers.
cost cost: Specifies a cost for the default route, in the range 0 to 16777214. If no cost is specified, the default cost specified by the default cost command applies..
route-policy route-policy-name: Specifies a routing policy name, a string of 1 to 63 case-sensitive characters. When a default route exists in the routing table and the specified routing policy is matched, the command distributes a default route in a Type-5 LSA into the OSPF routing domain, and the routing policy modifies some values in the Type-5 LSA. If the always keyword is specified at the same time, the command can distribute a default route in a Type-5 LSA into the OSPF routing domain when the specified routing policy is matched, regardless of whether a default route exists in the routing table, and the routing policy modifies some values in the Type-5 LSA.
type type: Specifies a type for the Type-5 LSA: 1 or 2. If type is not specified, the default type for the Type-5 LSA specified by the default type command applies.
summary: Advertises the Type-3 summary LSA of the specified default route.
Description Use the default-route-advertise command to generate a default route into the OSPF routing domain.
Use the undo default-route-advertise command to disable OSPF from distributing a default external route.
By default, no default route is distributed.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 120 of 167
Using the import-route command cannot redistribute a default route. To do so, use the default-route-advertise command. If no default route exists in the router's routing table, use the default-route-advertise always command to generate a default route in a Type-5 LSA.
The default-route-advertise summary cost command is applicable only to VPNs, and the default route is redistributed in a Type-3 LSA. The PE router advertises the redistributed default route to the CE router.
Related commands: import-route and default.
Examples # Configure the router to generate a default route in a Type-5 LSA into the OSPF routing domain if an active default route that does not belong to OSPF process 100 exists in the IP routing table, and to calculate default routes from other routers. <Sysname> system-view
[Sysname] ospf 100
[Sysname-ospf-100] default-route-advertise permit-calculate-other
qos car aggregative Syntax
qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peek-information-rate ] [ red action ]
undo qos car car-name
View System view
Default Level 2: System level
Parameters car-name: Name of the aggregation CAR policy.
aggregative: Indicates that the global CAR policy is aggregative.
cir committed-information-rate: Committed information rate (CIR) in kbps. The committed-information-rate argument ranges from 8 to 32000000 and must be a multiple of 8.
cbs committed-burst-size: Committed burst size (CBS) in bytes. • If you do not specify the cbs keyword, the CBS is 62.5 × committed-information-rate by
default and cannot not exceed 16000000. • If you specify the cbs keyword, the CBS ranges from 512 to 16000000.
ebs excess-burst-size: Excess burst size (EBS) in bytes. The excess-burst-size argument ranges from 0 to 16000000 and defaults to 512.
pir peak-information-rate: Peak information rate (PIR) in kbps. The peak-information-rate argument ranges from 8 to 32000000 and must be a multiple of 8.
green action: Action to take on packets that conform to CIR. The default action is pass.
yellow action: Action to take on packets that conform to PIR but do not conform to CIR. The default action is pass.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 121 of 167
red action: Action to take on packets that conforms to neither CIR nor PIR. The default action is discard.
action: Action to take on packets, which can be: • discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dot1p-pass new-cos: Sets the CoS value of the 802.1p packet to new-cos and
permits the packet to pass through. The new-cos argument is in the range of 0 to 7. • remark-dscp-pass new-dscp: Sets the DSCP value of the packet to new-dscp and
permits the packet to pass through. The new-dscp argument is in the range of 0 to 63.
Description Use the qos car aggregative command to configure an aggregation CAR policy.
Use the undo qos car command to remove an aggregation CAR policy.
An aggregation CAR policy does not take effect until it is applied to an interface or referenced in a policy.
Examples # Configure the aggregation CAR policy aggcar-1, where CIR is 256, CBS is 4096, and red packets are dropped. <Sysname> system-view
[Sysname] qos car aggcar-1 aggregative cir 256 cbs 4096 red discard
Details of Changed CLI Commands in R1206 cfd ais enable Syntax
cfd ais enable
undo cfd ais enable
View System view
Default Level 2: System level
Parameters None
Description Use the cfd ais enable command to enable AIS.
Use the undo cfd ais enable command to disable AIS.
By default, AIS is disabled.
Examples # Enable AIS. <Sysname> system-view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 122 of 167
[Sysname] cfd ais enable
cfd ais level Syntax
cfd ais level level-value service-instance instance-id
undo cfd ais level level-value service-instance instance-id
View System view
Default Level 2: System level
Parameters level level-value: Specifies the AIS frame transmission level, which ranges from 1 to 7.
service-instance instance-id: Specifies a service instance by its ID, which ranges from 1 to 32767.
Description Use the cfd ais level command to configure the AIS frame transmission level in the specified service instance.
Use the undo cfd ais level command to restore the default.
By default, no AIS frame transmission level is configured for a service instance.
If no AIS frame transmission level is configured for a service instance, the MEPs in the service instance cannot send AIS frames.
Regardless of the value of the level-value argument, the undo cfd ais level command restores the AIS frame transmission level to an invalid value.
Examples # Configure the AIS frame transmission level as 3 in service instance 1. <Sysname> system-view
[Sysname] cfd ais level 3 service-instance 1
cfd ais period Syntax
cfd ais period period-value service-instance instance-id
undo cfd ais period period-value service-instance instance-id
View System view
Default Level 2: System level
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 123 of 167
Parameters period period-value: Specifies the AIS frame transmission period, which ranges from 1 to 60 seconds.
service-instance instance-id: Specifies a service instance by its ID, which ranges from 1 to 32767.
Description Use the cfd ais period command to configure the AIS frame transmission period in the specified service instance.
Use the undo cfd ais period command to restore the default.
By default, the AIS frame transmission period is 1 second in all service instances.
Regardless of the value of the period-value argument, the undo cfd ais period command restores the AIS frame transmission period to 1 second.
Examples # Configure the AIS frame transmission period as 60 seconds in service instance 1. <Sysname> system-view
[Sysname] cfd ais period 60 service-instance 1
jumboframe enable Syntax
jumboframe enable [ value ]
undo jumboframe enable
View Ethernet interface view, port group view
Default Level 2: System level
Parameters value: Maximum length of Ethernet frames that are allowed to pass through, in the range of 1536 to 10000 bytes. If you set the value argument multiple times, the latest configuration takes effect.
Description Use the jumboframe enable command to allow jumbo frames within the specified length to pass through an Ethernet interface or a group of Ethernet interfaces. • The maximum jumbo frame length is specified by the value argument. • If you do not specify the value argument, the maximum jumbo frame length is 10000
bytes.
Use the undo jumboframe enable command to prevent frames longer than 1536 bytes to pass through an Ethernet interface or a group of Ethernet interfaces.
By default, the switch allows jumbo frames with the specified length to pass through all Ethernet ports. The default length of jumbo frames that are allowed to pass is 10000 bytes.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 124 of 167
• Configuration of this command in Ethernet interface view applies only to the current Ethernet interface.
• Configuration of this command in port group view applies to the layer 2 Ethernet interface(s) in the port group.
Examples # Enable the jumbo frames no longer than 10000 bytes to pass through GigabitEthernet 1/0/1. <Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] jumboframe enable
reset packet-drop interface Syntax
reset packet-drop interface [ interface-type [ interface-number ] ]
View Any view
Default Level 2: System level
Parameters interface-type: Specify an interface type, you can specify Gigabit interface or 10-Gigabit interface.
interface-number: Specify an interface number.
Description Use the reset packet-drop interface command to clear statistics of dropped packets on an interface or multiple interfaces. Sometimes when you want to collect the statistics of dropped packets on an interface, you need to clear the old statistics on the interface first. • If you do not specify an interface type or interface number, this command clears
statistics of dropped packets on all the interfaces on the device. • If you specify an interface type only, this command clears statistics of dropped
packets on the specified type of interfaces. • If you specify both the interface type and interface number, this command clears
statistics of dropped packets on the specified interface.
Examples # Clear statistics of dropped packets on GigabitEthernet 1/0/1. <Sysname> reset packet-drop interface GigabitEthernet 1/0/1
# Clear statistics of dropped packets on all interfaces. <Sysname> reset packet-drop interface
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 125 of 167
display packet-drop interface Syntax
display packet-drop interface [ interface-type [ interface-number ] ] [ | { begin | exclude | include } regular-expression ]
View Any view
Default Level 1: Monitor level
Parameters interface-type: Specifies an interface type, you can specify Gigabit interface or 10-Gigabit interface.
interface-number: Specifies an interface number.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays the lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.
Description Use the display packet-drop interface command to display information about packets dropped on an interface or multiple interfaces. • If you do not specify an interface type or interface number, this command displays
information about dropped packets on all the interfaces on the device. • If you specify an interface type only, this command displays information about
dropped packets on the specified type of interfaces. • If you specify both the interface type and interface number, this command displays
information about dropped packets on the specified interface.
Examples # Display information about dropped packets on GigabitEthernet 1//01. <Sysname> display packet-drop interface gigabitethernet 1/0/1
GigabitEthernet1/0/1:
Packets dropped by GBP full or insufficient bandwidth: 301
Packets dropped by FFP: 261
Packets dropped by STP non-forwarding state: 321
Table 21 display packet-drop interface command output description
Field Description
Packets dropped by GBP full or insufficient bandwidth
Packets that are dropped because the buffer is used up or the bandwidth is insufficient
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 126 of 167
Field Description
Packets dropped by FFP Packets that are filtered out
Packets dropped by STP non-forwarding state
Packets that are dropped because STP is in the non-forwarding state
display packet-drop summary Syntax
display packet-drop summary [ | { begin | exclude | include } regular-expression ]
View Any view
Default Level 1: Monitor level
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays the lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.
Description Use the display packet-drop summary command to display the summary information about dropped packets on all interfaces.
Examples # Display information about dropped packets on all interfaces. <Sysname> display packet-drop summary
All interfaces:
Packets dropped by GBP full or insufficient bandwidth: 301
Packets dropped by FFP: 261
Packets dropped by STP non-forwarding state: 321
port link-mode Syntax
port link-mode { bridge | route }
undo port link-mode
View Ethernet interface view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 127 of 167
Default Level 2: System level
Parameters bridge: Specifies the Layer 2 mode.
route: Specifies the Layer 3 mode.
Description Use the port link-mode command to change the working mode of the Ethernet interface.
Use the undo port link-mode command to restore the default.
By default, the interfaces operate as Layer 2 Ethernet interfaces (in bridge mode).
CAUTION: After you change the operating mode of an Ethernet interface, all the settings of the Ethernet interface are restored to their defaults under the new operating mode.
Examples # Configure GigabitEthernet 1/0/1 to operate in Layer 2 mode. <Sysname> system-view
[Sysname] interface gigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port link-mode route
#
Return
The preceding output shows that GigabitEthernet 1/0/1 operates in route mode. [Sysname-GigabitEthernet1/0/1] port link-mode bridge
[Sysname-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port link-mode bridge
#
Return
The output shows that GigabitEthernet 1/0/1 is now operating in bridge mode. NOTE: The display this command displays the configuration that takes effect in the current view.
ip icmp-extensions Syntax
ip icmp-extensions { compliant | non-compliant }
undo ip icmp-extensions
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 128 of 167
View System view
Default Level 2: System level
Parameters compliant: Specifies the compliant mode.
non-compliant: Specifies the non-compliant mode.
Description Use the ip icmp-extensions command to enable support for ICMP extensions.
Use the undo ip icmp-extensions command to disable support for ICMP extensions.
By default, ICMP extensions are not supported.
Examples # Enable support for ICMP extensions in compliant mode. <Sysname> system-view
[Sysname] ip icmp-extensions compliant
port isolate-user-vlan Syntax
port isolate-user-vlan { host | promiscuous }
undo port isolate-user-vlan
View Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Default Level 2: System level
Parameters host: Configures the port as a downstream port.
promiscuous: Configures the port as an upstream port.
Description Use the port isolate-user-vlan command to configure the isolate-user-VLAN type of a port.
Use the undo port isolate-user-vlan command to restore the default setting.
By default, no isolate-user-VLAN type is configured for a port.
Related commands: isolate-user-vlan.
Examples # Configure the access port GigabitEthernet 1/0/1 as a downstream port. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port isolate-user-vlan host
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 129 of 167
# Configure the Layer 2 aggregate interface Bridge-Aggregation 1 as a hybrid port and then configure it as an upstream port. <Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] port link-type hybrid
[Sysname-Bridge-Aggregation1] port isolate-user-vlan promiscuous
reset dns host Syntax
reset dns host [ ip | ipv6 | naptr | srv ]
View User view
Default Level 2: System level
Parameters ip: Clears the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address.
ipv6: Clears the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
naptr: Clears the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name.
srv: Clears the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site.
Description Use the reset dns host command to clear information of the dynamic DNS cache.
Without any keyword specified, the dynamic DNS cache information of all query types will be cleared.
Related commands: display dns host.
Examples # Clear the dynamic DNS cache information of all query types. <Sysname> reset dns host
Details of Changed CLI Commands in R1110P05 display ftp client configuration Syntax
display ftp client configuration
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 130 of 167
View Any view
Default Level 1: Monitor level
Parameters None
Description Use the display ftp client configuration command to display the configuration information of the FTP client.
NOTE: Currently this command displays the configured source IP address or source interface of the FTP client.
Related commands: ftp client source.
Examples # Display the current configuration information of the FTP client. <Sysname> display ftp client configuration
The source IP address is 192.168.0.123
ftp client source Syntax
ftp client source { interface interface-type interface-number | ip source-ip-address }
undo ftp client source
View System view
Default Level 2: System level
Parameters interface interface-type interface-number: Source interface for the FTP connection, including interface type and interface number. The primary IP address configured on the source interface is the source IP address of the packets sent by FTP. If no primary IP address is configured on the source interface, the connection fails.
ip source-ip-address: Source IP address of the FTP connection. It must be an IP address that has been configured on the device.
Description Use the ftp client source command to configure the source address of the transmitted FTP packets from the FTP client.
Use the undo ftp client source command to restore the default.
By default, a device uses the IP address of the interface determined by the matched route as the source IP address to communicate with an FTP server.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 131 of 167
NOTE: • The source address can be specified as the source interface and the source IP address.
If you use the ftp client source command to specify the source interface and then the source IP address, the newly specified source IP address overwrites the configured source interface and vice versa.
• If the source address is specified with the ftp client source command and then with theftp command, the source address specified with the latter one is used to communicatewith the FTP server.
• The source address specified with the ftp client source command is valid for all FTP connections and the source address specified with the ftp command is valid only for the current FTP connection.
Related commands: display ftp client configuration.
Examples # Specify the source IP address of the FTP client as 2.2.2.2. <Sysname> system-view
[Sysname] ftp client source ip 2.2.2.2
# Specify the source interface of the FTP client as Vlan-interface1. <Sysname> system-view
[Sysname] ftp client source interface vlan-interface1
display tftp client configuration Syntax
display tftp client configuration
View Any view
Default Level 1: Monitor level
Parameters None
Description Use the display tftp client configuration command to display the configuration information of the TFTP client.
Related commands: tftp client source.
Examples # Display the current configuration information of the TFTP client. <Sysname> display tftp client configuration
The source IP address is 192.168.0.123
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 132 of 167
NOTE: Currently this command displays the configured source IP address or source interface of the TFTP client.
tftp client source Syntax
tftp client source { interface interface-type interface-number | ip source-ip-address }
undo tftp client source
View System view
Default Level 2: System level
Parameters interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on the source interface is the source IP address of the packets sent by TFTP. If no primary IP address is configured on the source interface, the transmission fails.
ip source-ip-address: The source IP address of TFTP connections. It must be an IP address that has been configured on the device.
Description Use the tftp client source command to configure the source address of the TFTP packets from the TFTP client.
Use the undo telnet client source command to restore the default.
By default, a device uses the IP address of the interface determined by the matched route as the source IP address to communicate with a TFTP server.
NOTE: • The source address can be specified as the source interface and the source IP; if you
use the tftp client source command to specify the source interface and then the source IP, the newly specified source IP overwrites the configured source interface and vice versa.
• If the source address is specified with the tftp client source command and then with thetftp command, the source address specified with the latter one is used to communicate with the TFTP server.
• The source address specified with the tftp client source command is valid for all tftp connections and the source address specified with the tftp command is valid for the current tftp command.
Related commands: display tftp client configuration.
Examples # Specify the source IP address of the TFTP client as 2.2.2.2. <Sysname> system-view
[Sysname] tftp client source ip 2.2.2.2
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 133 of 167
# Specify the source interface of the TFTP client as Vlan-interface1.
<Sysname> system-view
[Sysname] tftp client source interface vlan-interface 1
display telnet client configuration Syntax
display telnet client configuration
View Any view
Default Level 1: Monitor level
Parameter None
Description Use the display telnet client configuration command to display the source IP address or source interface configured for the current device.
Example # Display the source IP address or source interface configured for the current device. <Sysname> display telnet client configuration
The source IP address is 1.1.1.1.
telnet client source Syntax
telnet client source { ip ip-address | interface interface-type interface-number }
undo telnet client source
View System view
Default Level 2: System level
Parameters None
Description Use the telnet client source command to specify the source IP address or source interface for the Telnet packets to be sent.
Use the undo telnet client source command to remove the source IP address or source interface configured for Telnet packets.
By default, source IP address or source interface of the Telnet packets sent is not configured.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 134 of 167
Examples # Specify the source IP address for Telnet packets. <Sysname> system-view
[Sysname] telnet client source ip 129.102.0.2
# Remove the source IP address configured for Telnet packets.
[Sysname] undo telnet client source
primary accounting (RADIUS scheme view) Syntax
primary accounting { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * }
undo primary accounting
View RADIUS scheme view
Default Level 2: System level
Parameters ip-address: IPv4 address of the primary accounting server.
ipv6 ipv6-address: IPv6 address of the primary accounting server.
port-number: UDP port number of the primary accounting server, which ranges from 1 to 65535 and defaults to 1813.
key string: Specifies the shared key for exchanging accounting packets with the primary RADIUS accounting server. A shared key is a case-sensitive string of 1 to 64 characters.
vpn-instance vpn-instance-name: Name of the VPN instance of the primary RADIUS accounting server, a string of 1 to 31 case-sensitive characters.
Description Use the primary accounting command to specify the primary RADIUS accounting server.
Use the undo primary accounting command to remove the configuration.
By default, no primary RADIUS accounting server is specified.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 135 of 167
NOTE: • The IP addresses of the primary and secondary accounting servers cannot be the
same. Otherwise, the configuration fails. • The RADIUS service port configured on the device and that of the RADIUS server must
be consistent. • The shared key configured on the device for accounting packets and that configured
on the RADIUS server must be consistent. • The shared key configured in this command is used in preference. If the key string
keyword and argument combination is not configured here, the shared key configuredin the key accounting string command will be used.
• If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the primary accounting command to ensure normal communication with the server.
• The IP addresses of the primary and secondary accounting servers must be of the sameIP version.
• The IP addresses of the accounting servers and those of the authentication/authorization servers must be of the same IP version.
• The VPN specified here takes precedence over the VPN specified for the RADIUS scheme.
• If you change the primary accounting server when the device is already sending a start-accounting request to the server, the communication with the original primary server will time out, and the device will look for a server in active state from scratch: thenew primary server is evaluated at first and then the secondary servers according to their configuration order.
• If you remove an accounting server being used by online users, the device cannot send real-time accounting requests and stop-accounting requests any more for the users, and does not buffer the stop-accounting requests.
Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).
Examples # Specify the IP address of the primary accounting server for RADIUS scheme radius1 as 10.110.1.2 and the UDP port of the server as 1813. <Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary accounting 10.110.1.2 1813
primary authentication (RADIUS scheme view) Syntax
primary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * }
undo primary authentication
View RADIUS scheme view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 136 of 167
Default Level 2: System level
Parameters ip-address: IPv4 address of the primary authentication/authorization server.
ipv6 ipv6-address: IPv6 address of the primary authentication/authorization server.
port-number: UDP port number of the primary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812.
key string: Specifies the shared key for exchanging authentication and authorization packets with the primary RADIUS authentication/authorization server. A shared key is a case-sensitive string of 1 to 64 characters.
vpn-instance vpn-instance-name: Name of the VPN instance of the primary RADIUS authentication/authorization server, a string of 1 to 31 case-sensitive characters.
Description Use the primary authentication command to specify the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to remove the configuration.
By default, no primary RADIUS authentication/authorization server is specified.
NOTE: • After creating a RADIUS scheme, you are supposed to configure the IP address and
UDP port of each RADIUS server (primary/secondary authentication/authorization or accounting server). Ensure that at least one authentication/authorization server and one accounting server are configured, and that the RADIUS service port settings on thedevice are consistent with the port settings on the RADIUS servers.
• The shared key configured on the device for authentication/authorization packets andthat configured on the RADIUS server must be consistent.
• The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configuredin the key authentication string command will be used.
• If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the primary authentication command to ensure normal communication with the server.
• The IP addresses of the primary and secondary authentication/authorization servers cannot be the same. Otherwise, the configuration fails.
• The IP addresses of the primary and secondary authentication/authorization servers must be of the same IP version.
• The IP addresses of the authentication/authorization servers and those of the accounting servers must be of the same IP version.
• The VPN specified here takes precedence over the VPN specified for the RADIUS scheme.
• In an authentication process, if you remove the primary authentication server, the communication with the original primary server will time out, and the device will look fora server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 137 of 167
Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).
Examples # Specify the primary authentication/authorization server for RADIUS scheme radius1. <Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.110.1.1 1812
secondary accounting (RADIUS scheme view) Syntax
secondary accounting { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * }
undo secondary accounting [ ipv4-address | ipv6 ipv6-address ]
View RADIUS scheme view
Default Level 2: System level
Parameters Ipv4-address: IPv4 address of the secondary accounting server, in dotted decimal notation. The default is 0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary accounting server.
port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and defaults to 1813.
key string: Specifies the shared key for exchanging accounting packets with the secondary RADIUS accounting server. A shared key is a case-sensitive string of 1 to 64 characters.
vpn-instance vpn-instance-name: Name of the VPN instance of the secondary RADIUS accounting server, a string of 1 to 31 case-sensitive characters.
Description Use the secondary accounting command to specify secondary RADIUS accounting servers for a RADIUS scheme.
Use the undo secondary accounting command to remove the configuration.
By default, no secondary RADIUS accounting server is specified.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 138 of 167
NOTE: • You can configure multiple secondary RADIUS accounting servers by executing this
command repeatedly. After the configuration, if the primary server fails, the device looks for a secondary server in active state (a secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate with it.
• A RADIUS scheme supports up to 16 secondary RADIUS accounting servers. • All accountings servers, primary or secondary, must use IP addresses of the same IP
version. • The IP addresses of the primary and secondary accounting servers must be different
from each other. Otherwise, the configuration fails. • The RADIUS service port configured on the device and that of the RADIUS server must
be consistent. • The shared keys configured on the device for accounting packets and that configured
on the RADIUS server must be consistent. • The shared key configured in this command is used in preference. If the key string
keyword and argument combination is not configured here, the shared key configuredin the key accounting string command will be used.
• If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the secondary accounting command to ensure normal communication with the server.
• The IP addresses of the accounting servers and those of the authentication/authorization servers must be of the same IP version.
• The VPN specified here takes precedence over the VPN specified for the RADIUS scheme.
• If you remove a secondary accounting server when the device is already sending a start-accounting request to the server, the communication with the secondary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order.
• If you remove an accounting server being used by online users, the device cannot send real-time accounting requests and stop-accounting requests any more for the users, and does not buffer the stop-accounting requests.
Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).
Examples # Specify the secondary accounting server and UDP port number for RADIUS scheme radius1. <Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary accounting 10.110.1.1 1813
# Specify two secondary accounting servers for RADIUS scheme radius2, with the server IP addresses of 10.110.1.1 and 10.110.1.2, and the UDP port number of 1813. <Sysname> system-view
[Sysname] radius scheme radius2
[Sysname-radius-radius2] secondary accounting 10.110.1.1 1813
[Sysname-radius-radius2] secondary accounting 10.110.1.2 1813
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 139 of 167
secondary authentication (RADIUS scheme view) Syntax
secondary authentication { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * }
undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]
View RADIUS scheme view
Default Level 2: System level
Parameters Ipv4-address: IPv4 address of the secondary authentication/authorization server, in dotted decimal notation. The default is 0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary authentication/authorization server.
port-number: UDP port number of the secondary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812.
key string: Specifies the shared key for exchanging authentication/authorization packets with the secondary RADIUS authentication/authorization server. A shared key is a case-sensitive string of 1 to 64 characters.
vpn-instance vpn-instance-name: Name of the VPN instance of the secondary RADIUS authentication/authorization server, a string of 1 to 31 case-sensitive characters.
Description Use the secondary authentication command to specify secondary RADIUS authentication/authorization servers for a RADIUS scheme.
Use the undo secondary authentication command to remove the configuration.
By default, no secondary RADIUS authentication/authorization server is specified.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 140 of 167
NOTE: • You can configure multiple secondary RADIUS authentication/authorization servers by
executing this command repeatedly. After the configuration, if the primary server fails, the device looks for a secondary server in active state (a secondary RADIUS authentication/authorization server configured earlier has a higher priority) and tries to communicate with it.
• A RADIUS scheme supports up to 16 secondary RADIUS authentication/authorization servers.
• All authentication/authorization servers, primary or secondary, must use IP addresses of the same IP version.
• The IP addresses of the primary and secondary authentication/authorization servers must be different from each other. Otherwise, the configuration fails.
• The RADIUS service port configured on the device and that of the RADIUS server must be consistent.
• The shared keys configured on the device for authentication/authorization packets and that configured on the RADIUS server must be consistent.
• The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configuredin the key authentication string command will be used.
• If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the secondary authentication command to ensure normal communication with the server.
• The IP addresses of the authentication/authorization servers and those of the accounting servers must be of the same IP version.
• The VPN specified here takes precedence over the VPN specified for the RADIUS scheme.
• If you remove a secondary authentication server in use in the authentication process, the communication with the secondary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order.
Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).
Examples # Specify the secondary authentication/authorization server for RADIUS scheme radius1. <Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] secondary authentication 10.110.1.2 1812
# Specify two secondary authentication/authorization servers for RADIUS scheme radius2, with the server IP addresses of 10.110.1.1 and 10.110.1.2, and the UDP port number of 1813. <Sysname> system-view
[Sysname] radius scheme radius2
[Sysname-radius-radius2] secondary authentication 10.110.1.1 1812
[Sysname-radius-radius2] secondary authentication 10.110.1.2 1812
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 141 of 167
ignore-first-as Syntax
ignore-first-as
undo ignore-first-as
View BGP view
Parameters None
Description Use the ignore-first-as command to configure BGP to ignore the first AS number of eBGP route updates.
Use the undo ignore-first-as command to configure BGP to check the first AS number of eBGP route updates.
By default, BGP checks the first AS number of a received eBGP route update. If the first AS number is not that of the BGP peer, the BGP router discards the route update.
Examples # Configure BGP to ignore the first AS number of eBGP route updates. <Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ignore-first-as
Details of Changed CLI Commands in R1109 irf domain Syntax
irf domain domain-id
undo irf domain
View System view
Default Level 3: Manage level
Parameters domain-id: ID of an IRF domain, in the range 0 to 4294967295
Description Use the irf domain command to assign an ID for an IRF domain.
Use the irf domain command to restore the default.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 142 of 167
You may deploy multiple IRFs in one network for various networking applications. IRF domain IDs are used to distinguish different IRFs.
Examples # Set the ID of the IRF domain to 30. <Sysname> system-view
[Sysname] irf domain 30
bfd multi-hop destination-port Syntax
bfd multi-hop destination-port port-number
undo bfd multi-hop destination-port
View System view
Default Level 2: System level
Parameters port-number: Destination port number of multi-hop BFD control packets, 3784 or 4784.
Description Use the bfd multi-hop destination-port command to configure the destination port number for multi-hop BFD control packets as 3784 or 4784.
Use the undo bfd multi-hop destination-port command to restore the default.
By default, the destination port number for multi-hop BFD control packets is 4784.
Examples # Configure the destination port number for multi-hop BFD control packets as 3784. <Sysname> system-view
[Sysname] bfd multi-hop destination-port 3784
Details of Changed CLI Commands in R1108 reset version-update-record Syntax
reset version-update-record
View System view
Default Level 0: Visit level
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 143 of 167
Parameters None
Description Use the reset version-update-record command to clear the records of updating the device software.
Related commands: display version-update-record.
Examples # Clear the records of updating the device software. <Sysname> system-view
[Sysname] reset version-update-record
display version-update-record Syntax
display version-update-record
View Any view
Default Level 0: Visit level
Parameters None
Description Use the display version-update-record command to display the version update records of the device software (Boot ROM file).
When the device boots, the system records the version of the device software; if the software is updated when the device is running, the system records some brief information, including update time and software version. Currently, the system keeps 10 records at most.
Related commands: reset version-update-record.
Examples # Display the version update records of the device software. <Sysname> display version-update-record
No. Update time version
1 2009-09-28 14:39:11 5.20 Release 1108
Table 22 display version-update-record command output description
Field Description No. Serial number
version The updated version
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 144 of 167
portal server server-detect Syntax
portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all | trap } * [ interval interval ] [ retry retries ]
undo portal server server-name server-detect
View System view
Default Level 2: System level
Parameters server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal server must have existed.
server-detect method { http | portal-heartbeat }: Specifies the portal server detection method. Two detection methods are available: • http: HTTP probe. In this method, the access device periodically sends TCP connection
requests to the HTTP service port of the portal servers enabled on its interfaces. If the TCP connection with a portal server can be established, the access device considers that the HTTP service of the portal server is open and the portal server is reachable, that is, the detection succeeds. If the TCP connection cannot be established, the access device considers that the detection fails, that is, the portal server is unreachable. If a portal server does not support the portal server heartbeat function, you can configure the device to use the HTTP probe method to detect the reachability of the portal server.
• portal-heartbeat: Portal heartbeat probe. In this method, portal servers periodically send portal heartbeat packets to the access. If the access device receives a portal heartbeat packet from a portal server within the specified interval, it considers that the detection succeeds and the portal server is reachable; otherwise, it considers that detection fails and the portal server is unreachable. This method is effective to only the portal servers that support the portal heartbeat function. Currently, only the portal server of iMC supports this function. To implement detection with this method, you also need to configure the portal server heartbeat function on the iMC portal server and make sure that the server heartbeat interval configured on the portal server is shorter than or equal to the probe interval configured on the device.
action { log | permit-all | trap }: Specifies the actions to be taken when the status of a portal server changes. Three actions are available: • log: Specifies the action as sending a log message. When the status
(reachable/unreachable) of a portal server changes, the access device sends a log message. The log message contains the portal server name and the current state and original state of the portal server.
• permit-all: Specifies the action as disabling portal authentication, that is, enabling portal escape. When the device detects that a portal server is unreachable, it disables portal authentication on the interface configured with the portal server, that is, it allows all portal users on this interface to access network resources. Then, if the access device receives the portal server heartbeat packets or authentication packets (such as login requests and logout requests), it re-enables the portal authentication function.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 145 of 167
• trap: Specifies the action as sending a trap message. When the status (reachable/unreachable) of a portal server changes, the access device sends a trap message to the network management server (NMS). Trap message contains the portal server name and the current state of the portal server.
interval interval: Interval at which probe attempts are made. The interval argument ranges from 20 to 600 and defaults to 20, in seconds.
retry retries: Maximum number of probe attempts. The retries argument ranges from 1 to 5 and defaults to 3. If the number of consecutive, failed probes reaches this value, the access device considers that the portal server is unreachable.
Description Use the portal server server-detect command to configure portal server detection, including the detection method, action, probe interval, and maximum number of probe attempts. With this function configured, the device will checks the status of the specified server periodically and takes the specified actions when the server status changes.
Use the undo portal server server-detect command to cancel the detection of the specified portal server.
By default, the portal server detection function is not configured.
NOTE: • You can specify one or more detection methods and the actions to be taken. • If both detection methods are specified, a portal server will be regarded as
unreachable as long as one detection method fails, and an unreachable portal server will be regarded as recovered only when both detection methods succeed.
• If multiple actions are specified, the system will execute all the specified actions when the status of a portal server changes.
• Deleting a portal server on the device will delete the detection function for the portal server.
• If you configure the detection function for a portal server for multiple times, the last configuration will take effect. If you do not specify an optional parameter, the default setting of the parameter will be used.
• The portal server detection function takes effect on an interface only after you enable the portal service on the interface.
• Authentication-related packets from a portal server, such as logon requests and logoff requests, have the same effect as the portal heartbeat packets for the portal server detection function.
Related command: display portal server.
Examples # Configure detection of portal server pts, • Specifying both the HTTP probe and portal heartbeat probe methods • Setting the probe interval to 600 seconds • Specifying the device to send a server unreachable trap message, send a log
message and disable portal authentication to permit unauthenticated portal users, if two consecutive probes fail.
<Sysname> system-view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 146 of 167
[Sysname] portal server pts server-detect method http portal-heartbeat action log permit-all interval 600 retry 2
portal server user-sync Syntax
portal server server-name user-sync [ interval interval ] [ retry retries ]
undo portal server server-name user-sync
View System view
Default Level 2: System level
Parameters server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal server must have existed.
user-sync: Enables the portal user synchronization function.
interval interval: Interval at which the device checks the user synchronization packets. The interval argument ranges from 60 to 3600 and defaults to 300, in seconds.
retry retries: Maximum number of failed checks allowed. The retries argument ranges from 1 to 5 and defaults to 4. If the access device finds that one of its users does not exist in the user synchronization packets from the portal server in N consecutive probe intervals (N = retries), it considers that the user does not exist on the portal server and logs the user off.
Description Use the portal server user-sync command to configure portal user synchronization with a specified portal server. With this function configured, the device periodically checks and responds to the user synchronization packet received from the specified portal server, so as to keep the consistency of the online user information on the device and the portal server.
Use the undo portal server user-sync command to cancel the portal user synchronization configuration with the specified portal server.
By default, the portal user synchronization function is not configured.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 147 of 167
NOTE: • The user synchronization function requires that a portal server supports the portal user
heartbeat function (currently only the portal server of iMC supports portal user heartbeat). To implement the portal user synchronization function, you also need to configure the user heartbeat function on the portal server and the make sure that the user heartbeat interval configured on the portal server is shorter than or equal to the synchronization probe interval configured on the device.
• Deleting a portal server on the device will delete the portal user synchronization configuration with the portal server.
• If you configure the user synchronization function for a portal server for multiple times, the last configuration will take effect. If you do not specify an optional parameter, the default setting of the parameter will be used.
• For redundant user information on the device, that is, information of the users considered as nonexistent on the portal server, the device will delete the information during the (N+1)th probe interval, where N equals to the value of retries configured in the portal server user-sync command.
Examples # Configure portal user synchronization with portal server pts, • Setting the synchronization probe interval to 600 seconds • Specifying the device to log off users if information of the users do not exist in the user
synchronization packets sent from the server in two consecutive probe intervals. <Sysname> system-view
[Sysname] portal server pts user-sync interval 600 retry 2
arp resolving-route enable Syntax
arp resolving-route enable
undo arp resolving-route enable
View System view
Default Level 2: System level
Parameters None
Description Use the arp resolving-route enable command to enable ARP black hole routing.
Use the undo arp resolving-route enable command to disable the function.
By default,the function is enabled.
Examples # Enable ARP black hole routing. <Sysname> system-view
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 148 of 167
[Sysname] arp resolving-route enable
cut connection Syntax
cut connection { access-type { dot1x | mac-authentication | portal } | all | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name user-name | vlan vlan-id } [ slot slot-number ]
View System view
Default Level 2: System level
Parameters access-type: Specifies user connections of an access mode. • dot1x: Specifies 802.1x authentication user connections. • mac-authentication: Specifies MAC authentication user connections. • portal: Specifies portal authentication user connections.
all: Specifies all user connections.
domain isp-name: Specifies all user connections of an ISP domain. The isp-name argument refers to the name of an existing ISP domain and is a string of 1 to 24 characters.
interface interface-type interface-number: Specifies all user connections of an interface.
ip ip-address: Specifies a user connection by IP address.
mac mac-address: Specifies a user connection by MAC address. The MAC address must be in the format of H-H-H.
ucibindex ucib-index: Specifies a user connection by connection index. The value ranges from 0 to 4294967295.
user-name user-name: Specifies a user connection by username. The user-name argument is a case-sensitive string of 1 to 80 characters and must contain the domain name. If you enter a username without any domain name, the system assumes that the default domain name is used for the username.
vlan vlan-id: Specifies all user connections in a VLAN. The VLAN ID ranges from 1 to 4094.
slot slot-number: Specifies the member number of the device in the IRF, which you can display with the display irf command. The value range for the slot-number argument depends on the number of members and numbering conditions in the current IRF. If no IRF exists, the slot-number argument is the current device number.
Description Use the cut connection command to tear down the specified connections forcibly.
At present, this command applies to only LAN access and portal user connections.
Related commands: display connection, service-type.
Examples # Tear down all connections of ISP domain test.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 149 of 167
<Sysname> system-view
[Sysname] cut connection domain test
arp filter source Syntax
arp filter source ip-address
undo arp filter source ip-address
View Layer 2 Ethernet interface view
Default Level 2: System level
Parameters ip-address: IP address of a protected gateway.
Description Use the arp filter source command to enable ARP gateway protection for a specified gateway.
Use the undo arp filter source command to disable ARP gateway protection for a specified gateway.
By default, ARP gateway protection is disabled.
NOTE: • You can enable ARP gateway protection for up to eight gateways on a port. • Commands arp filter source and arp filter binding cannot be both configured on a
port.
Examples # Enable ARP gateway protection for the gateway with IP address 1.1.1.1. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-gigabitethernet1/0/1] arp filter source 1.1.1.1
arp filter binding Syntax
arp filter binding ip-address mac-address
undo arp filter binding ip-address
View Layer 2 Ethernet interface view
Default Level 2: System level
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 150 of 167
Parameters ip-address: Permitted sender IP address.
mac-address: Permitted sender MAC address.
Description Use the arp filter binding command to configure an ARP filtering entry. If the sender IP and MAC addresses of an ARP packet match an ARP filtering entry, the ARP packet is permitted. If not, it is discarded.
Use the undo arp binding command to remove an ARP filtering entry.
By default, no ARP filtering entry is configured.
NOTE: • You can configure up to eight ARP filtering entries on a port. • Commands arp filter source and arp filter binding cannot be both configured on a
port.
Examples # Configure an ARP filtering entry with permitted sender IP address 1.1.1.1 and MAC address 2-2-2. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-gigabitethernet1/0/1] arp filter binding 1.1.1.1 2-2-2
dot1x unicast-trigger Syntax
dot1x unicast-trigger
undo dot1x unicast-trigger
View Ethernet interface view
Default Level 2: System level
Parameters None
Description Use the dot1x unicast-trigger command to enable the unicast trigger function of 802.1X on a port.
Use the undo dot1x unicast-trigger command to disable this function.
By default, the unicast trigger function is disabled.
Related commands: display dot1x.
Examples # Enable the unicast trigger function for GigabitEthernet 1/0/1.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 151 of 167
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dot1x unicast-trigger
display counters rate Syntax
display counters rate { inbound | outbound } interface [ interface-type ]
View Any view
Default Level 1: Monitor level
Parameters inbound: Displays the statistics on the rate of inbound packets.
outbound: Displays the statistics on the rate of outbound packets.
interface-type: Interface type.
Description Use the display counters rate command to display the statistics on the rate of the packets passing the interfaces that are in up state in the latest sampling interval. • If you provide the interface-type argument, this command displays the statistics on the
rate of the packets passing through all the interfaces that are in up state and are of the specified type.
• If you do not provide the argument, this command displays the statistics on the rate of the packets passing through all the interfaces that support this command.
NOTE: You can use the flow-interval command in Ethernet port view to set the sampling interval. The system default is five minutes.
Related commands: flow-interval.
Examples # Display the statistics on the rate of the inbound packets passing through all the GigabitEthernet ports. <Sysname> display counters rate inbound interface gigabitethernet
Interface Total(pkts/sec) Broadcast(pkts/sec) Multicast(pkts/sec)
GE1/0/1 0 -- --
Overflow: more than 14 decimal digits.
--: not supported.
Table 23 display counters rate command output description
Field Description
Interface Abbreviated interface name
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 152 of 167
Field Description
Total (pkts/sec) Average rate (in packets per second) of receiving/sending packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword.
Broadcast (pkts/sec) Average rate (packets per second) of receiving/sending broadcast packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword.
Multicast (pkts/sec) Average rate (packets per second) of receiving/sending multicast packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword.
Overflow: more than 14 decimal digits.
Overflow means the value of the statistics item is larger than the maximum number a 14-digit decimal number can represent.
--: not supported. The statistics item is not supported.
Details of Changed CLI Commands in E1107 packet-filter Syntax
packet-filter { acl-number | name acl-name } { inbound | outbound }
undo packet-filter { acl-number | name acl-name } { inbound | outbound }
View Ethernet interface view, VLAN interface view
Default Level 2: System level
Parameters acl-number: Specifies the number of an ACL, which must be in the following ranges: • 2000 to 2999 for basic IPv4 ACLs • 3000 to 3999 for advanced IPv4 ACLs • 4000 to 4999 for Ethernet frame header ACLs
name acl-name: Specifies the name of the ACL, which is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion.
inbound: Specifies to filter the packets received by the interface.
outbound: Specifies to filter the packets that are to be sent out of the interface.
Description Use the packet-filter command to apply an ACL to an interface to filter IPv4 packets or Ethernet frames.
Use the undo packet-filter command to restore the default.
By default, an interface does not filter packets and Ethernet frames.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 153 of 167
Note that you can apply only one IPv4 ACL or one Ethernet frame header ACL on an interface. To modify the ACL configured on an interface, you need to remove the previous configuration first and then configure a new ACL.
Examples # Apply basic IPv4 ACL 2001 to the inbound direction of interface GigabitEthernet 1/0/1. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEtherhet1/0/1] ethernet-frame-filter 2001 inbound
# Apply advanced IPv4 ACL 3001 to the inbound direction of VLAN interface 10. <Sysname> system-view
[Sysname] interface Vlan-interface 10
[Sysname-Vlan-interface10] ethernet-frame-filter 3001 inbound
packet-filter ipv6 Syntax
packet-filter ipv6 { acl6-number | name acl6-name } { inbound | outbound }
undo packet-filter ipv6 { inbound | outbound }
View Interface view
Default Level 2: System level
Parameters acl6-number: Specifies the number of a basic or advanced IPv6 ACL, which must be in the range of 2000 to 3999.
name acl6-name: Specifies the name of the basic or advanced IPv6 ACL, which is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion.
inbound: Specifies to filter the IPv6 packets received by the interface
outbound: Specifies to filter the IPv6 packets that are to be sent out of the interface
Description Use the packet-filter ipv6 command to apply a basic or advanced IPv6 ACL to an interface to filter IPv6 packets.
Use the undo packet-filter ipv6 command to restore the default.
By default, an interface does not filter IPv6 packets.
Note that you can apply only one IPv6 ACL on an interface. To modify the ACL configured on an interface, you need to remove the previous configuration first and then configure a new ACL.
Examples # Apply basic IPv6 ACL 2500 to the outbound direction of interface GigabitEthernet 1/0/1. <Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 154 of 167
[Sysname-GigabitEthernet1/0/1] packet-filter ipv6 2500 outbound
# Apply advanced IPv6 ACL 3000 to the outbound direction of interface VLAN interface 20 <Sysname> system-view
[Sysname] interface Vlan-interface 20
[Sysname-Vlan-interface20] packet-filter ipv6 3000 outbound
rule (advanced IPv4 ACL view) Syntax
rule [ rule-id ] { deny | permit } protocol [ { established | { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * } | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { established | { ack | fin | psh | rst | syn | urg } * } | destination | destination-port | dscp | fragment | icmp-type | logging | precedence | reflective | source | source-port | time-range | tos | vpn-instance ] *
View Advanced IPv4 ACL view
Default Level 2: System level
Parameters rule-id: Advanced IPv4 ACL rule number, in the range 0 to 65534.
deny: Drops matched packets.
permit: Allows matched packets to pass.
protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in words, gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17). Table 24 shows the parameters that can be specified after the protocol argument.
Table 24 Match criteria and other rule information for advanced IPv4 ACL rules
Parameters Function Description
source { sour-addr sour-wildcard | any }
Specifies a source address.
The sour-addr sour-wildcard argument combination specifies a source IP address in dotted decimal notation. A wildcard of zero indicates a host address. The any keyword indicates any source IP address.
destination { dest-addr dest-wildcard | any }
Specifies a destination address.
The dest-addr dest-wildcard argument combination specifies a destination IP address in dotted decimal notation. A wildcard of zero indicates a host address. The any keyword indicates any destination IP address.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 155 of 167
Parameters Function Description
precedence precedence Specifies an IP precedence value.
The precedence argument can be a number in the range 0 to 7, or in words, routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), or network (7).
tos tos Specifies a ToS preference.
The tos argument can be a number in the range 0 to 15, or in words, max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0).
dscp dscp Specifies a DSCP priority.
The dscp argument can be a number in the range 0 to 63, or in words, af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46).
logging Specifies to log matched packets.
This function requires that the module using the ACL support logging.
reflective Specifies that the rule be reflective.
A rule with the reflective keyword can be defined only for TCP, UDP, or ICMP packets and can only be a permit statement.
vpn-instance vpn-instance-name
Specifies a VPN instance.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this combination, the rule applies to only non-VPN packets.
fragment Indicates that the rule applies to only non-first fragments.
Without this keyword, the rule applies to all fragments and non-fragments.
time-range time-range-name Specifies the time range in which the rule takes effect.
The time-range-name argument is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion.
CAUTION: If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword takes effect.
Setting the protocol argument to tcp or udp, you may define the parameters shown in Table 25 .
Table 25 TCP/UDP-specific parameters for advanced IPv4 ACL rules
Parameters Function Description
source-port operator port1 [ port2 ] Specifies one or more UDP or TCP source ports.
The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range).
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 156 of 167
Parameters Function Description
destination-port operator port1 [ port2 ]
Specifies one or more UDP or TCP destination ports.
The port1 and port2 arguments are TCP or UDP port numbers in the range 0 to 65535. port2 is needed only when the operator argument is range. TCP port numbers can be represented in these words: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented in these words: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).
{ ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } *
Specifies one or more TCP flags
Parameters specific to TCP. The value for each argument can be 0 or 1. The TCP flags in one rule are ANDed.
established Specifies the TCP flags ACK and RST Parameter specific to TCP.
Setting the protocol argument to icmp, you may define the parameters shown in Table 26 .
Table 26 ICMP-specific parameters for advanced IPv4 ACL rules
Parameters Function Description
icmp-type { icmp-type icmp-code | icmp-message }
Specifies the ICMP message type and code.
The icmp-type argument ranges from 0 to 255. The icmp-code argument ranges from 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 27 .
Table 27 ICMP message names supported in advanced IPv4 ACL rules
ICMP message name Type Code echo 8 0
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 157 of 167
ICMP message name Type Code echo-reply 0 0
fragmentneed-DFset 3 4
host-redirect 5 1
host-tos-redirect 5 3
host-unreachable 3 1
information-reply 16 0
information-request 15 0
net-redirect 5 0
net-tos-redirect 5 2
net-unreachable 3 0
parameter-problem 12 0
port-unreachable 3 3
protocol-unreachable 3 2
reassembly-timeout 11 1
source-quench 4 0
source-route-failed 3 5
timestamp-reply 14 0
timestamp-request 13 0
ttl-exceeded 11 0
Description Use the rule command to create an advanced IPv4 ACL rule or modify an existing advanced IPv4 ACL rule.
Use the undo rule command to remove an advanced IPv4 ACL rule or remove some criteria from the rule.
If you specify no optional keywords, the undo rule command removes the entire ACL rule; otherwise, the command removes only the specified criteria. Before performing the undo rule command, you may use the display acl command to view the ID of the rule.
When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest multiple of the step that is bigger than the current biggest number. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30.
You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing rule in the ACL.
You can only modify the existing rules of an ACL that uses the rule order of config. When modifying a rule of such an ACL, you may choose to change just some of the settings, in which case the other settings remain the same.
When the ACL rule order is auto, a newly created rule will be inserted among the existing rules in the depth-first order. Note that the IDs of the rules still remain the same.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 158 of 167
If the ACL rule order is auto, rules are displayed in the depth-first order rather than by rule number.
NOTE: For an advanced IPv4 ACL to be referenced by a QoS policy for traffic classification: • The logging and reflective keywords are not supported. • The operator cannot be neq if the ACL is for the inbound traffic. • The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic.
Related commands: display acl.
Examples # Define a rule to permit TCP packets with the destination port of 80 from 129.9.0.0 to 202.38.160.0. <Sysname> system-view
[Sysname] acl number 3101
[Sysname-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80
mad bfd enable Syntax
mad bfd enable
undo mad bfd enable
View VLAN interface view
Default Level 3: Manage level
Parameters None
Description Use the mad bfd enable command to enable BFD MAD detection.
Use the undo mad bfd enable command to disable BFD MAD detection.
By default, the BFD MAD detection is disabled.
NOTE: • BFD MAD detection links are dedicated, and you are not allowed to configure other
services on BFD MAD detection link. • A VLAN interface enabled with BFD MAC detection and the interfaces of this VLAN do
not support any Layer 2 and Layer 3 protocol applications, including ARP and LACP. • You cannot enable BFD MAD detection on VLAN-interface 1.
Examples # Enable BFD MAD detection on VLAN-interface 3.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 159 of 167
<Sysname> system-view
[Sysname] interface vlan-interface 3
[Sysname-Vlan-interface3] mad bfd enable
mad enable Syntax
mad enable
undo mad enable
View Aggregation interface view
Default Level 3: Manage level
Parameters None
Description Use the mad enable command to enable LACP MAD detection.
Use the undo mad enable command to disable LACP MAD detection.
By default, the LACP MAD detection is disabled.
This command is only effective to a dynamic aggregation interface, so execute this command on a dynamic aggregation interface.
Examples # Enable LACP MAD detection on Layer 2 dynamic aggregation interface 1. <Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] mad enable
mad exclude interface Syntax
mad exclude interface interface-type interface-number
undo mad exclude interface interface-type interface-number
View System view
Default Level 3: Manage level
Parameters interface-type interface-number: Specifies port type and port number.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 160 of 167
Description Use the mad exclude interface command to specify the reserved ports, that is, the ports that will not be disabled when the device is in the recovery state.
Use the undo mad exclude interface command to restore the default.
By default, no reserved port is specified, that is, all service ports will be disabled automatically when the device is in the recovery state.
In an IRF, a link failure causes the IRF to split in to two or more devices with the global configuration, and if these devices operate on the network, network failure probably occurs. Therefore, the multi-active detection (MAD) mechanism is introduced to solve this problem: when an IRF splits, the MAD mechanism can detect the presence of multiple active IRFs: only one active device will be reserved, the other devices will enter the recovery state, and all service ports on the devices that are in the recovery state will be disabled. You can use this command to specify which ports on the devices in the recovery state should be reserved. You are recommended to disable all ports except for the port for telnetting and the port used for MAD detection.
During the failure recovery, the devices in the recovery state will reboot and join the IRF again, the disabled ports will recover automatically. You can use the mad restore command to restore devices in the recovery state to the normal state and the disabled ports will recover automatically.
Examples # Specify GigabitEthernet2/0/1 as the reserved port, that is, this port will not be disabled when the device is in the recovery state. <Sysname> system-view
[Sysname] mad exclude interface gigabitethernet 2/0/1
mad ip address Syntax
mad ip address ip-address { mask | mask-length } member member-id
undo mad ip address ip-address { mask | mask-length } member member-id
View VLAN interface view
Default Level 3: Manage level
Parameters ip-address: IP address of the port, in decimal dotted notation.
mask: Subnet mask corresponding to the IP address of the port, in decimal dotted notation.
mask-length: Length of the subnet mask, that is, the number of successive 1s in the mask. The value ranges from 0 to 32.
member member-id: Member ID of the device in the IRF. The value range depends on the current number of members and their member IDs in the IRF.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 161 of 167
Description Use the mad ip address command to configure the MAD IP address for the specified member device.
Use the undo mad ip address command to delete the configured MAD IP address.
By default, no MAD IP address is configured for a VLAN interface.
All member devices in an IRF need to be configured with their own MAD IP addresses, which are bound to member IDs and are on the same network segment. However, only the MAD IP address of the master is effective, and the MAD IP addresses on the slaves are not effective. When the IRF splits, the original salves become masters, the configured MAD IP addresses become effective, and the BFD session is activated. The device will consider that conflicted IRFs are detected.
NOTE: • Do not configure other services on a VLAN interface with BFD MAD enabled; otherwise,
the MAD detection function will be affected. • You must use the mad ip address command to configure the MAD IP address under the
interface for BFD MAD detection, and cannot configure other IP addresses, including common IP address configured with the ip address command and VRRP virtual IP address; otherwise, the MAD detection function will be affected.
Examples # Configure the MAD IP addresses for VLAN-interface 3 on member 1 and member 2. <Sysname> system-view
[Sysname] interface vlan-interface 3
[Sysname-Vlan-interface3] mad ip address 192.12.0.1 255.255.255.0 member 2
[Sysname-Vlan-interface3] mad ip address 192.12.0.2 255.255.255.0 member 3
mad restore Syntax
mad restore
View System view
Default Level 3: Manage level
Parameters None
Description Use the mad restore command to restore devices in the recovery state to the normal state.
When the IRF link fails and multi-active collision occurs, the original IRF splits into multiple active IRFs. With the MAD detection enabled, the IRF system keeps the state of one IRF active (makes it operate normally), and changes the states of other IRFs to recovery (an IRF in recovery state cannot process service packets). If the active IRF fails and cannot
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 162 of 167
operate normally, use this command to restore IRFs in the recovery state to the normal state.
Examples # Restore IRFs in the recovery state to the normal state. <Sysname> system-view
[Sysname] mad restore
This command will restore the device from multi-active conflict state. Continue? [Y/N]:Y
Restoring from multi-active conflict state, please wait...
logfile save Syntax
logfile save
View Any view
Default Level 2: System level
Parameters None
Description Use the logfile save command to save all the contents in the logfile buffer into the log file.
By default, the system automatically saves the log file based on a frequency configured by the info-center logfile frequency command into a directory configured by the info-center logfile switch-directory command.
Note that all contents in the logfile buffer will be cleared after they are successfully saved into the log file automatically or manually.
Examples # Save the contents in the logfile buffer into the log file. <Sysname> logfile save
buffer apply Syntax
buffer apply
undo buffer apply
View System view
Default Level 2: System level
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 163 of 167
Parameters None
Description Use the buffer apply command to apply the configured data buffer settings.
Use the undo buffer apply command to restore the default.
Table 28 shows the default data buffer allocation schemes of the S5800 and the S5820X series switches.
Table 28 Default data buffer allocation schemes of the S5800 and the S5820X series switches
Hardware platform
Resource type
Shared resource size in percentage
Minimum guaranteed resource size per queue in percentage
Maximum shared resource size per queue in percentage
Maximum shared resource size per port in percentage
Cell resource 69% 12% 6% 33% S5800 series switches Packet
resource 70% 12% 6% 33%
S5820X series switches Cell resource 62% 12% 6% 33%
NOTE: The S5820X series switches do not support the packet resource.
Examples # Apply the data buffer settings. <Sysname> system-view
[Sysname] buffer apply
buffer egress queue guaranteed Syntax
buffer egress [ slot slot-number ] { cell | packet } queue queue-id guaranteed ratio ratio
undo buffer egress [ slot slot-number ] { cell | packet } queue queue-id guaranteed
View System view
Default Level 2: System level
Parameters slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 164 of 167
cell: Configures the minimum guaranteed resource size for a queue in the cell resource.
packet: Configures the minimum guaranteed resource size for a queue in the packet resource. This keyword is not available on an S5820X series switch.
queue-id: Specifies the ID of the queue to be configured, in the range of 0 to 7.
ratio: Sets the minimum guaranteed resource size for the specified queue as a percentage of the dedicated buffer per port in the range of 0 to 100.
Description Use the buffer egress queue guaranteed command to configure the minimum guaranteed resource size for a queue in the cell resource or packet resource.
Use the undo buffer egress queue guaranteed command to restore the default.
By default, the minimum guaranteed resource size for a queue is 12% of the dedicated buffer of the port in both the cell resource and the packet resource.
The minimum guaranteed resource settings of a queue take effect globally, that is, apply to the queue with the same number on each port.
As the dedicated resource of a port is shared by eight queues, modifying the minimum guaranteed resource size for a queue can affect those of the other queues. The system will automatically allocate the remaining dedicated resource among all queues that are not manually assigned a minimum guaranteed resource space. For example, if you set the minimum guaranteed resource size to 30% for a queue, the other seven queues will each share 10% of the remaining dedicated resource of the port.
Examples # Set 20% of the dedicated buffer per port as the minimum guaranteed resource for queue 0 in the cell resource. <Sysname> system-view
[Sysname] buffer egress cell queue 0 guaranteed ratio 20
# In an IRF, set 15% of the dedicated buffer per port as the minimum guaranteed resource for queue 0 in the cell resource on member device 2. <Sysname> system-view
[Sysname] buffer egress slot 2 cell queue 0 guaranteed ratio 15
buffer egress queue shared Syntax
buffer egress [ slot slot-number ] { cell | packet } queue queue-id shared ratio ratio
undo buffer egress [ slot slot-number ] { cell | packet } queue queue-id shared
View System view
Default Level 2: System level
Parameters slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 165 of 167
slot-number specified, this command configures the buffer resource of the master device in the IRF.
cell: Configures the maximum shared resource size for a queue in the cell resource.
packet: Configures the maximum shared resource size for a queue in the packet resource. This keyword is not available on an S5820X series switch.
queue-id: Specifies the ID of the queue to be configured, in the range of 0 to 7.
ratio: Sets the maximum shared resource size for the specified queue as a percentage of the shared resource in the range of 0 to 100.
Description Use the buffer egress queue shared command to configure the maximum shared resource size for a queue in the cell resource or packet resource.
Use the undo buffer egress queue shared command to restore the default.
By default, the maximum shared resource size for a queue is 6% of the shared resource in both the cell resource and the packet resource.
NOTE: The maximum shared resource settings of a queue take effect globally, that is, apply to thequeue with the same number on each port.
Examples # Set the maximum shared resource size for queue 0 to 10% in the cell resource. <Sysname> system-view
[Sysname] buffer egress cell queue 0 shared ratio 10
# In an IRF, set the maximum shared resource size of queue 0 to 5% in the cell resource on member device 2. <Sysname> system-view
[Sysname] buffer egress slot 2 cell queue 0 shared ratio 5
buffer egress shared Syntax
buffer egress [ slot slot-number ] { cell | packet } shared ratio ratio
undo buffer egress [ slot slot-number ] { cell | packet } shared
View System view
Default Level 2: System level
Parameters slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 166 of 167
cell: Configures the maximum shared resource size per port in the cell resource.
packet: Configures the maximum shared resource size per port in the packet resource. This keyword is not available on an S5820X switch.
ratio: Sets the maximum shared resource size per port as a percentage of the shared resource in the range of 0 to 100.
Description Use the buffer egress shared command to configure the maximum shared resource size per port in the cell resource or packet resource.
Use the undo buffer egress shared command to restore the default.
By default, the maximum shared resource size per port is 33% of the shared resource in both the cell resource and the packet resource.
Examples # Set the maximum shared resource size per port to 30% in the cell resource. <Sysname> system-view
[Sysname] buffer egress cell shared ratio 30
# In an IRF, set the maximum shared resource size per port to 40% in the cell resource on member device 2. <Sysname> system-view
[Sysname] buffer egress slot 2 cell shared ratio 40
buffer egress total-shared Syntax
buffer egress [ slot slot-number ] { cell | packet } total-shared ratio ratio
undo buffer egress [ slot slot-number ] { cell | packet } total-shared
View System view
Default Level 2: System level
Parameters slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF.
cell: Configures the shared resource size in the cell buffer.
packet: Configures the shared resource size in the cell buffer. This keyword is not available on an S5820X series switch.
ratio: Sets the shared resource size as a percentage of the cell resource or packet resource in the range of 0 to 100.
Hangzhou H3C Technologies Co., Ltd. H3C S5800_5820X-CMW520-R1211 Release Notes
May 9, 2011 Page 167 of 167
Description Use the buffer egress total-shared command to configure the shared resource size in the cell resource or packet resource.
Use the undo buffer egress total-shared command to restore the default.
By default, on an S5800 series switch, 69% of the cell resource is the shared resource and 70% of the packet resource is the shared resource; on an S5820X series switch, 62% of the cell resource is the shared resource.
Examples # Set 50% of the cell resource as the shared resource. <Sysname> system-view
[Sysname] buffer egress cell total-shared ratio 50
# In an IRF, set 65% of the cell resource as the shared resource on member device 2. <Sysname> system-view
[Sysname] buffer egress slot 2 cell total-shared ratio 65
Copyright © 2011 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice.