Ruijie Networks

RG-WLAN Series Access Point

RGOS Command Reference

Release 10.4(1b19)p2

RG-WLAN Series Access Point RGOS Command Reference Release 10.4(1b19)p2

Revision No.: Version 10.4(1b19)p2

Copyright Statement

Ruijie Networks ©2000-2015

All rights reserved.

Without our written permission, this document may not be excerpted, reproduced, transmitted, or otherwise in all or in part

by any party in any means.

,

, , , , ,

, are all registered trademarks of Ruijie Networks Co., Ltd. and are protected

by law.

Exemption statement

This document is provided “as is”. The contents of this document are subject to change without any notice. Please obtain

the latest information through the Ruijie Networks website. Ruijie Networks endeavors to ensure content accuracy and will

not shoulder any responsibility for losses and damages caused by content omissions, inaccuracies or errors.

Preface

Version Description

This manual matches the software version RGOS®10.4(1b19)p2.

Target Readers

This manual is intended for the following readers:

Network engineers

Technical salespersons

Network administrators

Obtaining Technical Assistance

Ruijie Networks website: http://www.ruijienetworks.com/

Online customer services: http://webchat.ruijie.com.cn

Customer service center: http://www.ruijie.com.cn/service.aspx

Customer services hotline: +86-4008-111-000

BBS: http://support.ruijie.com.cn

Customer services email: [email protected]

Related Documents

Documents Description

Configuration Guide Describes network protocols and related mechanisms that supported by the

product, with configuration examples.

Command Reference Describes the related configuration commands, including command modes,

parameter descriptions, usage guides, and related examples.

Hardware Installation Guide

Describes functional and physical features of the product and provides

installation procedure, hardware troubleshooting, module technical

specifications, and specifications and guidelines of cables and connectors.

Conventions in this Document

1. Universal Format Convention

Arial: Arial with the point size 10 is used for the body.

Note: A line is added respectively above and below the prompts such as caution and note to separate them from the body.

Format of information displayed on the terminal: Courier New, point size 8, indicating the screen output. User's entries

among the information shall be indicated with bolded characters.

2. Command Line Format Convention

Arial is used as the font for the command line. The meanings of specific formats are described below:

http://webchat.ruijie.com.cn/�

http://www.ruijie.com.cn/service.aspx�

http://support.ruijie.com.cn/�

mailto:[email protected]�

Bold: Key words in the command line, which shall be entered exactly as they are displayed, shall be indicated with bolded

characters.

Italic: Parameters in the command line, which must be replaced with actual values, shall be indicated with italic

characters.

[ ]: The part enclosed with [ ] means optional in the command.

{ x | y | ... }: It means one shall be selected among two or more options.

[ x | y | ... ]: It means one or none shall be selected among two or more options.

//:Lines starting with an exclamation mark "//" are annotated.

3. Signs

Various striking identifiers are adopted in this manual to indicate the matters that special attention should be paid in the

operation, as detailed below:

Descript, prompt, tip or any other necessary supplement or explanation for the operation.

The port types mentioned in the examples of this manual may not be consistent with the actual ones. In real network

environments, you need configure port types according to the support on various products.

The display information of some examples in this manual may include the information on other series

products, like model and description. The details are subject to the used equipments.

Warning, danger or alert in the operation.

Command Reference WLAN Basic Configuration Commands

WLAN Basic Configuration Commands

ampdu-retries

In a wireless network, AMPDU software retransmission is adopted to reduce the sub-frame loss. The

more retransmission attempts, the less the package loss. However excessive retransmission attempts

increase the workload of air interfaces, which reduce the immediacy of other packages. So, it is

recommended to configure more retransmission attempts when sub-frame loss frequently occurred.

ampdu-retries times radio radio_id

Parameter Description

times Set the retransmission times; within the range from 1 to 10. Parameter

Description radio-id ID of the radio to be configured

Defaults By default, the retransmission times is 10.

Command

Mode

AP configuration mode

Usage Guide N/A

Configuration

Examples

Example 1: Enter the configuration mode of AP0001 and set the AMPDU software retransmission

times to 5.

Ruijie(config)#ap- config AP0001

Ruieji(config-ap)#ampdu-retries 5 radio radio_id

Command Description Related

Commands N/A N/A

Platform

Description

Supported by both AC and AP.

ampdu-rts

MPDU RTS protection is able to avoid aggregation conflict on air interface to avoid resource waste.

However, RTS interaction consumes some resources of the air interface which brings about side-effect

to the air interface in most scenario. The function is disabled by default.

[no] ampdu-rts radio radio_id


Parameter Description Parameter


Defaults By default, this functio is disabled.

Command

Mode


Usage Guide N/A

Configuration

Examples

Example 1: Enter the configuration mode of AP0001 and enable the AMPDU RTS protection on the

radio 1.

Ruijie(config)# ap- config AP0001

Ruieji(config-ap)# ampdu-rts radio 1


Commands N/A N/A

Platform

Description


autowifi

Use this command to perform one-click WLAN configuration on an unconfigured device. Use the no

form of this command to cancel the configuration.

autowifi


Description N/A N/A

Defaults N/A

Command

Mode

AC/Fat AP configuration mode

Usage Guide

One-click WLAN configuration function is provided for fast configuration on an unconfigured device,

In general, this function aims at helping the scenario investigator to improve efficiency

and helping the channel distributors to test WLAN performance in a more convenient


way.

Configuration

Examples

This function automatically performs the following configurations on the AC or the Fat AP:

(1)Vlan Division: On an AC, VLAN 1 is AP’s VLAN, VLAN 2 is STA’s VLAN; On a Fat AP, VLAN 1 is

STA’s VLAN.

(2) Address Pool: On an AC, the network segment 192.168.1.0 is the AP’s address pool; The

network segment 192.168.2.0 is the STA’s address pool; By default, the IP address of VLAN 1 is

192.168.1.1 and the IP address of VLAN 2 is 192.168.2.1; The default management IP address is

88.88.88.88.

On a Fat AP, the network segment 192.168.1.0 is the STA’s address pool; The IP address of BVI 1 is

192.168.1.1.

(3) WLAN Configuration: Set the WLAN name to autowifi_XXXX, the last four digits is the same as

that of the device’s MAC address; Set the WLAN-ID to 1.

(4) Security: By default,WPA2 is used for encryption; the password is autowifi.

(5) WLAN-VLAN Mapping: On an AC, map WLAN-ID 1 to VLAN 1 in the ap-group default group; On

a Fat AP encapsulate VLAN 1 on the wireless interface and set the WLAN-ID to 1.

(6) Service: Enable DHCP service.


Commands N/A N/A

Platform

Description

Supported by AC and Fat AP.

eth-schd

You can improve the network performance by raising the received Ethernet package limit per time on

an AP, at the cost of reducing immediacy of key packages. With regard to applications which are

multi-user concurrent and real-time sensitive, such as electronic schoolbag, requiring only ordinary

networks, you are recommended to decrease the value of received Ethernet package limit per time to

25.

eth-schd limit


Description limit Received package limit per time

Defaults

By default, the limit value varies by AP model, as shown below:

The default limit value of the following APs: 256

AP220-I v1.0, AP220-I v1.1, AP220-SI v1.0

AP220-SI v1.1, AP220-E v2.03, AP220-E v2.0

AP220-SH v2.0, AP220-SH (C) v3.0, AP220-E(M) v2.0, AP220-E(M) v2.20, AP620-H(C) v2.0, AP220-E(C)

v3.0, AP220-E(M) v2.3, AP220-E v2.99, AP620-H(C) v2.99, AP220-SH(C) v2.99

AP220-E(C) v2.99, AP530-I v1.0


The default limit value of the following APs : 180

AP320-I v1.0, AP220-E(M)-V2 v3.0, AP320-I v1.1

AP3220 v1.0, AP220-E(P) v1.0, AP220-E(C) v4.0

AP220-E(M)-V2 v3.9

The default limit value of the following APs: 64

AP330-I v1.1, AP220-E(P) v2.0

The default limit value of other APs: 25

Command

Mode


Usage Guide N/A

Configuration

Examples

Example 1: Enter the configuration mode of AP0001 and set the value of the received package limit

per time to 100.


Ruieji(config-ap)# eth-schd 100


Commands N/A N/A

Platform

Description


ldpc

As part of FEC (Forward Error Correction) technology, LDPC is a simple and easily-implemented linear

error correcting code developed in the early 1960s that used in the data transmission over noisy

channels to improve the coding reliablity and coding gain,so as to reduce the risk of data loss. However,

only few terminals are incomparible with LDPC, featuring package loss. This command is used to

enable or disable this function.

[no] ldpc radio radio id


Description radio-id ID of the radio to be configured.

Defaults By default, this function is enabled.

Command

Mode



Usage Guide N/A

Configuration

Examples

Example 1: Enter the configuration mode of AP0001 and enable LDPC on radio 1 of the designated

AP.


Ruieji(config-ap)# ldpc radio 1


Commands N/A N/A

Platform

Description


stbc

Space–time block coding is a technique used in wireless communications to transmit multiple copies of

a data stream across a number of antennas at different time and to exploit the various received

versions of the data to improve the reliability of data-transfer. An obvious advantage of STBC is

adopting simple maximum likelihood decoding to realize full antenna gain. But some terminals may be

incompatible with STBC. This commands is used to enable or disable this function.

[no] stbc radio radio_id



Defaults By default, this function is enabled.

Command

Mode


Usage Guide N/A

Configuration

Examples

Example 1: Enter the configuration mode of AP0001 and enable STBC on radio 1 of the designated

AP.


Ruieji(config-ap)# stbc radio 1


Commands N/A N/A

Platform

Description


Command Reference Dot11 Radio Commands

Dot11 Radio Commands

dot11 wlan

Use this command to create a WLAN and enters WLAN configuration mode.

dot11 wlan wlan-id

no dot11 wlan wlan-id

Parameter

Description Parameter Description

no Deletes the WLAN.

wlan-id Specifies a WLAN ID.

Defaults N/A

Command

mode

Global configuration mode

Usage Guide After a WLAN is created, the command line interface enters WLAN configuration mode.

Configuration

Examples

# Create a WLAN called WLAN 1 and enter WLAN configuration mode.

Ruijie(config)# dot11 wlan 1

Ruijie(dot11-wlan-config)#

# Delete the WLAN.

Ruijie(config)# no dot11 wlan 1

Related

Commands Command Description

wlan-id Sets a WLAN ID for the Dot11radio interface.

Platform

Description

N/A

broadcast-ssid

Use this command to display the service set identifier (SSID). Use the no form of this command to

hide the SSID.

broadcast-ssid

no broadcast-ssid


Parameter


no Hides the SSID.

Defaults By default, the WLAN does not hide the SSID.

Command

mode

WLAN configuration mode

Usage Guide N/A

Configuration

Examples

# Enable WLAN1 to display the SSID.


Ruijie(dot11-wlan-config)# broadcast-ssid

# Enable WLAN1 to hide the SSID.


Ruijie(dot11-wlan-config)# no broadcast-ssid

Related


N/A N/A

Platform

Description

N/A

vlan

Use this command to set a VLAN ID bound with the WLAN.

vlan vlan-id

no vlan

Parameter


no Deletes the VLAN ID.

vlan-id Specifies the VLAN ID. The range is from 1 to 4095.

Defaults N/A

Command

mode

# Set the VLAN ID bound with the WLAN 1 to 1.


Ruijie(dot11-wlan-config)# vlan 1

# Delete the VLAN ID of 1 bound with the WLAN 1.


Ruijie(dot11-wlan-config)# no vlan


Usage Guide N/A

Configuration

Examples

# Set the VLAN ID bound with the WLAN 1 to 1.


Ruijie(dot11-wlan-config)# vlan 1

# Delete the VLAN ID of 1 bound with the WLAN 1.


Ruijie(dot11-wlan-config)# no vlan

Related


N/A N/A

Platform

Description

N/A

ssid

Use this command to set a SSID for the WLAN.

ssid ssid-string

no ssid

Parameter


no Deletes the SSID.

ssid-string Specifies the SSID. The length is from 1 to 32.

Defaults N/A

Command

mode


Usage Guide A SSID can be associated with multiple WLANs, but a WLAN cannot be associated with multiple

SSIDs at the same time.

Configuration

Examples

# Set the SSID for WLAN 1 to RUIJIE.


Ruijie(dot11-wlan-config)# ssid RUIJIE

Related


N/A N/A


Platform

Description

N/A

interface dot11radio

Use this command to set the dot11radio interface or sub-interface and enter dot11radio interface

configuration mode.

interface dot11radio interface-name

no interface dot11radio interface-name

Parameter


no Deletes dot11radio sub-interface

interface-name

Specifies the Dot11radio interface number, including the

sub-interface number.

Defaults N/A

Command

mode Global configuration mode

Usage Guide The no form of this command is only applicable to sub-interface.

Configuration

Examples

# Enter dot11radio interface configuration mode.

Ruijie(config)#interface dot11radio 1/0

Ruijie(config-if-Dot11radio 1/0)#

# Enter dot11radio sub-interface configuration mode.

Ruijie(config)#interface dot11radio 1/0.1

Ruijie(config-subif)#

# Delete the dot11radio sub-interface configuration.

Ruijie(config)#no interface dot11radio 1/0.1

Related


N/A N/A

Platform

Description

N/A

antenna

Use this command to set parameters for transmitting and receiving antennas.

antenna { receive | transmit } chain-mask


no antenna { receive | transmit }

Parameter


no Deletes settings for antennas.

chain-mask Specifies the antenna selection mask. The range is from 1 to 7.

Defaults The default antenna selection mask varies with product models and the number of antennas. The

default setting depends on the product model.

Command

mode

Dot11radio interface configuration mode

Usage Guide N/A

Configuration

Examples

# Set the transmitting and receiving mask.


Ruijie(config-if-Dot11radio 1/0)# antenna transmit 7

Ruijie(config-if-Dot11radio 1/0)# antenna receive 7

Related


N/A N/A

Platform

Description

N/A

beacon dtim-period

Use this command to set a DTIM period for beacon frames.

beacon dtim-period seconds

no beacon dtim-period

Parameter


no Deletes the setting of DTIM period.

seconds

Specifies the DTIM period. The unit is one beacon period. The range

is from 1 to 255.

Defaults The default DTIM period is 1 beacon period.

Command

mode



Usage Guide N/A

Configuration

Examples

# Set the DTIM period to 20.


Ruijie(config-if-Dot11radio 1/0)#beacon dtim-period 20

Related


N/A N/A

Platform

Description

N/A

beacon period

Use this command to set a beacon period.

beacon period milliseconds

no beacon period

Parameter


no Deletes the setting of beacon period.

milliseconds

Specifies the beacon period in milliseconds. The range is from 20 to

1000.

Defaults The default value is 100 milliseconds.

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the beacon period to 200 milliseconds.


Ruijie(config-if-Dot11radio 1/0)#beacon period 200

Related


N/A N/A

Platform

Description

N/A


channel

Use this command to set the channel that the radio operates in.

channel channel-num

no channel

Parameter


no Sets to auto search and configures the radio channel.

channel-num

Specifies a radio channel. The range is from 1 to 13 on the 2.4-GHz

radio, from 36 to 165 on the 5-GHz radio. (For a specific product, the

supported radio channels depend on the country code.)

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the radio to operate in channel 11.


Ruijie(config-if-Dot11radio 1/0)#channel 11

Related


radio-type Sets the radio type.

Platform

Description

N/A

radio-type

Use this command to set the RF mode of a radio.

radio-type { 802.11a | 802.11b }

Parameter


802.11a Supports 5 GHz frequency band.

802.11b Supports 2.4 GHz frequency band.

Defaults By default, Radio 1 is configured with 802.11b and Radio 2 802.11a.


Command

mode


Usage Guide N/A

Configuration

Examples

# Set the RF mode to 2.4 GHz frequency band.


Ruijie(config-if-Dot11radio 1/0)#radio-type 802.11b

Related


N/A N/A

Platform

Description

N/A

chan-width

Use this command to set the bandwidth of radio channels

chan-width { 20 | 40 }

no chan-width

Parameter


no Deletes the setting of channel bandwidth.

20 Sets the channel width to 20 MHz.

40 Sets the channel width to 40 MHz.

Defaults The default channel bandwidth is 20 MHz.

Command

mode


Usage Guide It is not allowed to configure channel bandwidth when 802.11n is forbidden.

Configuration

Examples

# Set the channel width to 40 MHz.


Ruijie(config-if-Dot11radio 1/0)#chan-width 40

# Delete the setting of channel width.


Ruijie(config-if-Dot11radio 1/0)#no chan-width

Related



N/A N/A

Platform

Description

N/A

country-code

Use this command to set a country code for a specified radio.

country-code country-code

no country-code

Parameter


no Restores the default country code.

country-code Specifies the country code, which varies with products.

Defaults The default country code is CN.

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the country code of the radio to USI.


Ruijie(config-if-Dot11radio 1/0)#country-code USI

# Delete the setting of country code.


Ruijie(config-if-Dot11radio 1/0)#no country-code

Related


N/A N/A

Platform

Description

N/A

fragment-threshold

Use this command to set a fragmentation threshold for a radio.

fragment-threshold threshold-value

no fragment-threshold


Parameter


no Deletes the setting of fragmentation thresholds.

Threshold-value

Specifies the value of a fragmentation threshold. The range is from

256 to 2346 bytes.

Defaults The default value is 2346 bytes.

Command

mode


Usage Guide It is only allowed to configure fragmentation thresholds when 802.11n is forbidden.

Configuration

Examples

# Set the fragmentation threshold to 1500 bytes.


Ruijie(config-if-Dot11radio 1/0)# fragment-threshold 1500

Related


N/A N/A

Platform

Description

N/A

rts threshold

Use this command to set an RTS threshold for a radio.

rts threshold threshold-value

no rts threshold

Parameter


no Deletes the setting of RTS thresholds.

threshold-value Specifies the RTS threshold. The range is from 257 to 2347 bytes.

Defaults The default value is 2347 bytes.

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the RTS threshold to 1500 bytes.



Ruijie(config-if-Dot11radio 1/0)# rts threshold 1500

Related


N/A N/A

Platform

Description

N/A

slottime

Use this command to set the slot time for a radio.

slottime { long | short }

Parameter


long Sets the long slot time.

short Sets the short slot time.

Defaults The default setting is short slot time.

Command

mode


Usage Guide This command only takes effect when the AP operates in 2.5GHz frequency band and non-802.11b.

In 5 GHz frequency band, the default setting is short slot time, which cannot be modified.

Configuration

Examples

# Sets long slot time on the radio.


Ruijie(config-if-Dot11radio 1/0)# slottime long

Related


N/A N/A

Platform

Description

N/A

short-gi

Use this command to set a short Guard Interval (GI) on the radio.

short-gi enable chan-width { 20 | 40 }

no short-gi enable chan-width { 20 | 40 }


Parameter


no Deletes the setting of short GI.

20 Short GI in the channel width of 20 MHz.

40 Short GI in the channel width of 40 MHz.

Defaults By default, short GI cannot be enabled in the channel bandwidth of 20 MHz, but can be enabled in the

channel bandwidth of 40 MHz.

Command

mode


Usage Guide Short GI in the channel width of 20 MHz is not supported on some products.

Configuration

Examples

# Enable short GI in the channel width of 20 MHz.


Ruijie(config-if-Dot11radio 1/0)# short-gi enable chan-width 20

# Disable short GI in the channel width of 20 MHz.


Ruijie(config-if-Dot11radio 1/0)# no short-gi enable chan-width 20

Related


N/A N/A

Platform

Description

N/A

short-preamble

Use this command to set a preamble for a radio.

short-preamble

no short-preamble

Parameter


no Sets a long preamble.

Defaults The default setting is short preamble in 2.4 GHz frequency band while long preamble in 5 GHz.

Command

mode



Usage Guide This command only takes effect when the AP operates in 2.4 GHz frequency band. The default

setting is long preamble in 5 GHz frequency band, which cannot be modified.

Configuration

Examples

# Set the short preamble.


Ruijie(config-if-Dot11radio 1/0)# short-preamble

Related


N/A N/A

Platform

Description

N/A

response-rssi

Use this command to set the minimum value of the received signal strength indicator (RSSI) for a

wireless client to connect to the AP. If a wireless client's RSSI is less than this value, this client is not

allowed to associate with this AP.

response-rssi rssi-value

no response-rssi

Parameter


no Deletes a RSSI value.

rssi-value Specifies the RSSI. The range is from 0 to 100 dBm.

Defaults The default value is 0.

Command

mode


Usage Guide N/A

Configuration

Examples

# set the RSSI value for wireless access.


Ruijie(config-if-Dot11radio 1/0)# response-rssi 10

Related


N/A N/A

Platform

Description

N/A


power local

Use this command to set the transmitting power of a radio.

power local power-value

no power local

Parameter


no Deletes the power value.

power-value

Specifies the value of transmitting power. The range is from 1 to 100

percent.


Command

mode


Usage Guide N/A

Configuration

Examples

# Set the transmitting power of the radio to 50 percent.


Ruijie(config-if-Dot11radio 1/0)# power local 50

Related


N/A N/A

Platform

Description

N/A

retries

Use this command to set the retries of long or short frames.

retries { short | long } retries-value

no retries { short | long }

Parameter


no Restores the default setting.

short

Specifies the retransmission times of short frames. The range is from

1 to 7.

long

Specifies the retransmission times of long frames. The range is from

1 to 4 times.


Defaults The default value is 4 for long frames and 7 for short frames.

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the retries of long frames.


Ruijie(config-if-Dot11radio 1/0)# retries long 2

# Restore the default retries of short frames.


Ruijie(config-if-Dot11radio 1/0)#no retries short

Related


N/A N/A

Platform

Description

N/A

sta-idle-timeout

Use this command to set the idle timeout for wireless clients.

sta-idle-timeout seconds

no sta-idle-timeout

Parameter


no Restores the default value.

seconds Specifies the idle timeout. The range is from 60 to 86400 seconds.

Defaults The default value is 300 seconds.

Command

mode


Usage Guide N/A

Configuration

Examples

# Set the idle time to 900 seconds.


Ruijie(config-if-Dot11radio 1/0)# sta-idle-timeout 900


Related


N/A N/A

Platform

Description

N/A

coverage-area-control

Use this command to set the power of transmitting beacon, or to control the coverage area of wireless

signals.

coverage-area-control power-value

no coverage-area-control

Parameter


no Restores the default setting.

power-value Specifies the coverage area. The range is from 0 to 32.


Command

mode


Usage Guide N/A

Configuration

Examples

# Set the coverage area of wireless signals.


Ruijie(config-if-Dot11radio 1/0)# coverage-area-control 12

Related


N/A N/A

Platform

Description

N/A

mcast_rate

Use this command to set multicast rate.

mcast_rate { 11 | 24 | 54 | 65 | 78 | 104 | 130 }

no mcast_rate


Parameter




Command

mode


Usage Guide A multicast rate takes effect only when the current AP frequency band supports this rate. If this rate is

not supported, the default rate is used.

Configuration

Examples

# Set a multicast rate.


Ruijie(config-if-Dot11radio 1/0)# mcast_rate 24

Related


N/A N/A

Platform

Description

N/A

sta-limit

Use this command to set the maximum number of wireless clients that can be connected to the AP.

sta-limit client-num

no sta-limit

Parameter



client-num Specifies the maximum number of clients. The range is from 1 to 128.


Command

mode


Usage Guide N/A

Configuration

Examples

# Set the maximum number of wireless clients to 50.


Ruijie(config-if-Dot11radio 1/0)# sta-limit 50


Related


N/A N/A

Platform

Description

N/A

rate-set

Use this command to set a rate set.

rate-set { 11a | 11b | 11g mandatory | support | disable speed }

rate-set 11n mcs-mandatory | mcs-support index

Parameter


11a The 5-GHz radio has the legacy 802.11a, 802.11na data rates.

11b The 2.4-GHz radio has the legacy 802.11b data rates.

11g The 2.4-GHZ radio has the legacy 802.11g, 802.11ng data rates.

speed

Specifies the rate to be configured, which varies with radio types.

802.11a : 6, 9, 12, 18, 24, 36, 48 and 54 Mbps

802.11b : 1, 2, 5.5 and 11 Mbps

802.11g: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48 and 54 Mbps

disable Sets a data rate to be disabled on the specified radio type.

support Sets a data rate to be supported on the specified radio type.

mandatory Sets a data rate to be mandatory on the specified radio type.

11n Sets the MCS value on the 802.11n radio.

mcs-mandatory Specifies the mandatory MCS value.

mcs-support Specifies the supported MCS value.

index Specifies the range, which is from 0 to 23.

Defaults The default setting differs:

802.11a: Rates 6, 9, 12 are set to mandatory and the rest are set to supported.

802.11b: Rates 1, 2, 5.5, 11 are set to mandatory.

802.11g: Rates 1, 2, 5.5, 11 are set to mandatory and the rest to supported.

mcs- support: The default MCS value is 7 for one traffic, 15 for two traffics, and 23 for three traffics.

mcs- mandatory：0

Command

mode


Usage Guide N/A


Configuration

Examples

# Set 54 MHz to support on the 802.11a radio.


Ruijie(config-if-Dot11radio 1/0)# rate-set 11a support 54

# Set 24 MHz to mandatory on the 802.11g radio.


Ruijie(config-if-Dot11radio 1/0)# rate-set 11g mandatory 54

# Set MCS 12 to mandatory on the 802.11n radio.


Ruijie(config-if-Dot11radio 1/0)# rate-set 11n mcs-mandatory 12

Related


N/A N/A

Platform

Description

N/A

11bsupport enable

Use the command to enable the specified radio to support 802.11b on 2.4 GHz.

11bsupport enable

no 11bsupport enable

Parameter


no Disables the radio to support 802.11b.

Defaults By default, the 802.11b is supported.

Command

mode


Usage Guide N/A

Configuration

Examples

# Disable the radio to support 802.11b.


Ruijie(config-if-Dot11radio 1/0)# no 11bsupport enable

Related


N/A N/A

Platform

Description

N/A


11gsupport enable

Use this command to enable the specified radio to support 802.11g, or 802.11b/g on 2.5 GHz.

11gsupport enable

no 11gsupport enable

Parameter


no Disables the radio to support 802.11g.

Defaults By default, the 802.11g is supported.

Command

mode


Usage Guide N/A

Configuration

Examples

# Disable the radio to support 802.11g.


Ruijie(config-if-Dot11radio 1/0)# no 11gsupport enable

Ruijie(config)#interface vfc 2

Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f

Related


N/A N/A

Platform

Description

N/A

11nsupport enable

Use this command to enable the specified radio to support 802.11n.

11nsupport enable

no 11nsupport enable

Parameter


no Disables the radio to support 802.11n.

Defaults By default, the 802.11n is supported.

Command Dot11radio interface configuration mode


mode

Usage Guide N/A

Configuration

Examples

# Enable the radio to support 802.11n.


Ruijie(config-if-Dot11radio 1/0)#11nsupport enable

Related


N/A N/A

Platform

Description

N/A

wlan-id

Use this command to enable WLAN while enabling the radio.

wlan-id wlan-id

no wlan-id wlan-id

Parameter


no Deletes the WLAN ID.

wlan-id Specifies the WLAN ID.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

# Enable WLAN 1.


Ruijie(config-if-Dot11radio 1/0)#wlan-id 1

Related


dot11 wlan Creates the configuration-related WLAN.

Platform

Description

N/A


show dot11 wireless

Use this command to show wireless information and configuration of the wireless network card.

show dot11 wireless interface-name

Parameter


interface-name Specifies the Dot11radio interface number.

Defaults N/A

Command

mode

Privileged EXEC mode

Usage Guide N/A

Configuration

Examples

Ruijie#show dot11 wireless 1/0

Related


N/A N/A

Platform

Description

N/A

show dot11 associations

Use this command to show connections of the wireless network card.

show dot11 associations H.H.H interface-nam

Parameter


H.H.H Specifies the MAC address of a wireless client.

interface-name Specifies the Dot11radio interface number, including the


Defaults N/A

Command

mode


Usage Guide N/A


Configuration

Examples

Ruijie#show dot11 associations 0023.9090.2900 1/0

Related


N/A N/A

Platform

Description

N/A

show dot11 associations all-client

Use this command to show information of all clients connected to the wireless network card.

show dot11 associations all-client interface-name

Parameter




Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

Ruijie#show dot11 association all-client 1/0

Related


N/A N/A

Platform

Description

N/A

show dot11 channels active

Use this command to show the information of active channels supported by the wireless network

card.

show dot11 channels active interface-name


x

Parameter




Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

Ruijie#show dot11 channels active 1/0

Related


N/A N/A

Platform

Description

N/A

show dot11 channels all

Use this command to show information of all active channels supported by the wireless network card.

show dot11 channels all interface-name

Parameter




Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

Ruijie#show dot11 channels all 2/0


Related


N/A N/A

Platform

Description

N/A

Command Reference WLAN-VLAN Mapping Commands

WLAN-VLAN Mapping Commands

vlan-assign-mode

Use this command to set a VLAN assignment mode for the current or all VLAN groups on an AP

device. Use the no form of this command to remove the setting.

vlan-assign-mode dot1x

no vlan-assign-mode


Parameter

Description

dot1x Indicates that the authentication server is responsible for

assigning VLANs to users that pass 802.1x

authentication.

Defaults No VLAN assignment mode is specified.

Configuration

Mode VLAN group configuration mode or global configuration mode

Usage Guide

The VLAN assignment mode set in global configuration mode takes effect on all VLAN groups.

The VLAN assignment mode set in VLAN group configuration mode takes effect only on the

current VLAN group.

The VLAN assignment mode set in VLAN group configuration mode prevails over that set in

global configuration mode.

Configuration

Examples

The following example shows how to configure the 802.1x-based VLAN assignment mode for

VLAN group 100 on an AP.

Ruijie# configure terminal

Ruijie(config)# vlan-group 100

Ruijie(config-vlan-group)# vlan-assign-mode dot1x


Commands show vlan-group [group-id] Display information about a VLAN group.

Platform

Description

This command is supported by the RGOS10.4 (1T17) or later versions.


vlan-group

Use this command to create a VLAN group on an AP device. Use the no form of this command to

delete the configuration.

vlan-group group-id

no vlan-group group-id


Description group-id Specifies the ID of a VLAN group, which ranges from 1 to

128.

Defaults None

Configuration

Mode Global configuration mode

Usage Guide None

Configuration

Examples

The following example shows how to create VLAN group 100 on an AP:



Ruijie(config-vlan-group)#



Platform

Description This command is supported by the RGOS10.4 (1T17) or later versions.

default-vlan

When the 802.1x-based VLAN assignment mode is configured on an AP device, the authentication

server is responsible for assigning VLANs to users. Use this command to enable the device to

assign the default VLAN after authentication. Use the no form of this command to delete the

configuration.

default-vlan vlan-id

no default-vlan


Description vlan-id Specifies a VLAN ID.


Defaults The default VLAN is not specified.

Configuration

Mode VLAN group configuration mode

Usage Guide

Before setting the mode of assigning the default VLAN, add the default VLAN to the specific

VLAN group.

The default VLAN takes effect only after it is assigned to a user who passes 802.1x

authentication by the authentication server of the current WLAN.

Configuration

Examples

The following example shows how to set VLAN 10 to the default VLAN of VLAN group 100 on

an AP:



Ruijie(config-vlan-group)# default-vlan 10



Platform


vlan-list

Use this command to set the list of VLANs in a VLAN group on an AP device. Use the no form of this

command to remove the setting.

vlan-list vlan-list

no vlan-list


Description vlan-lis Specifies a list of VLANs in a VLAN group. A VLAN group

includes a maximum of 32 VLANs.

Defaults A VLAN group has no VLAN.

Configuration

Mode VLAN group configuration mode

Usage Guide If a WLAN needs to map multiple VLANs, add them to the same VLAN group, and then

associate the VLAN group with the WLAN.


Configuration

Examples

The following example shows how to add VLANs 100 to 105 to VLAN group 100 on an AP or

AC:



Ruijie(config-vlan-group)# vlan-list 100-105



Platform


vlan-group

Use this command to associate a VLAN group with the current WLAN on an AP. Use the no form of

this command to remove the configuration.

vlan-group group-id

no vlan-group


Description group-id Specifies the ID of a VLAN group, which ranges from 1 to

128.

Defaults The WLAN is not associated with any VLAN group.

Configuration

Mode WLAN configuration mode

Usage Guide None

Configuration

Examples

The following example shows how to associate WLAN 1 with VLAN group 100:



Ruijie(dot11-wlan-config)# vlan-group 100


Commands

Platform



encapsulation dot1Q

Use this command to configure encapsulation for a VLAN or VLAN group on the dot11 radio

sub-interface of an AP. Use the no form of this command to remove the configuration.

encapsulation dot1Q [group] {vlan-id | vlan-group-id}

no encapsulation dot1Q [group] {vlan-id | vlan-group-id}


vlan -id Specifies a VLAN ID. Parameter

Description

vlan-group-id Specifies the ID of a VLAN group, which ranges from 1 to

128.

Defaults Packets of a VLAN or VLAN group are not encapsulated.

Configuration

Mode Interface mode

Usage Guide

To configure VLAN encapsulation on a dot1q sub-interface, run the encapsulation dot1Q

vlan-id command.

To configure VLAN group encapsulation on a dot1q sub-interface, run the encapsulation

dot1Q group vlan-group-id command.

Configuration

Examples

The following example shows how to configure encapsulation for VLAN group 100 on the

sub-interface Dot11radio 1/0.1 on an AP:


Ruijie(config)# interface dot11radio 1/0.1

Ruijie(config-subif)# encapsulation dot1Q group 100


Commands

Platform


show vlan-group

Use this command to display information about a VLAN group on an AP device.

show vlan-group [group-id]

Parameter Parameter Description


Description group-id Specifies the ID of a VLAN group.

Defaults None

Configuration

Mode Privileged mode

Usage Guide None

Configuration

Examples

The following example shows how to display information about VLANs in the VLAN group on

an AP:

Ruijie# show vlan-group

VLAN-Group ID Default VLAN Assign-Mode VLAN-List

------------- ------------ -----------------

-----------------------------

100 10 dhcp-server-state 1-10, 21-30, 51-70

128 NA dot1x 110-130, 141-150


Commands

Platform


Command Reference WLAN-WLOG Commands

WLAN-WLOG Commands

wlan diag enable

Use this command to enable the WLAN-WLOG function on ACs and APs. Use the no form of this

command to disable this function.

wlan diag enable

no wlan diag enable

Parameter


N/A N/A

Defaults The WLAN-WLOG function is disabled on ACs and APs.

Command

mode


Usage Guide The memory pre-allocation is performed when the WLAN-WLOG function is enabled. If the memory is

insufficient, the WLAN-WLOG function cannot be enabled.

Memories of all saved information and pre-allocated memories are reclaimed when the WLAN-WLOG

function is disabled.

Configuration

Examples

The following example shows how to enable or disable the WLAN-WLOG function:


Enter configuration commands, one per line. End with CNTL/Z.

Ruijie(config)#wlan diag enable

Ruijie(config)#no wlan diag enable

Related


N/A N/A

Platform

Description

This command is supported on ACs and APs in WLANs.

show wlan diag sta

Use the following command to display terminal statistics on an AC:

show wlan diag sta [ sta-mac STA_MAC ] [ ip-range IP_PREFIX ] [ action ACTION [ result

RESULT ] ] [ number NUMBER ]


Use the following command to display terminal statistics on an AP:

show wlan diag sta [ sta-mac STA_MAC ] [ number NUMBER ]

Parameter


STA_MAC Specifies the MAC address of an STA.

IP_PREFIX

Specifies the range of IP addresses for the STA, which is limited by

an IP prefix.

ACTION Specifies the type of STA action records.

RESULT Specifies the result of STA action records.

NUMBER Specifies the maximum number of records to be displayed.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

This example shows how to display terminal statistics on an AC:

Ruijie# show wlan diag sta

sta_record: c83a.35c6.0c72

TIME IP Address Rssi Link Rate AP MAC SSID

RADIO Action Result Reason

------------------- --------------- ------- ----------- --------------

---------------------------------- --------- -----------------------------

------ ------------------------------

09:59:28 192.168.248.2 0 0 00d0.f822.33b0 lxh-ssid

1 STA UP BY APMG SUCCESS

10:12:07 192.168.248.2 21 5500 00d0.f822.33b0 lxh-ssid

1 STA DOWN BY RSNA SUCCESS AP circular AC user is offline

This example shows how to Display terminal statistics on an AP:

Ruijie# show wlan diag sta

sta mac: c83a.35c6.0c72

==========================================================================

===============================================================

2012-05-28 19:31:08

wlan id state rssi_rt rs_rate_mcs tx_frm_cnts rx_frm_cnts tx_frm_flow

rx_frm_flow tx_cnts_error tx_flow_error mgmt_cnts mgmt_flow

-------- -------- -------- ----------- ----------- ----------- -----------

----------- ------------- ------------- --------- ---------

1 3 23 80 18 59 4384 5967

0 0 3 381


tx/rxmcs mcs0, mcs1 mcs2, mcs3 mcs4, mcs5 mcs6, mcs7 mcs8, mcs9

mcs10, mcs11 mcs12, mcs13 mcs14, mcs15

------------- ------------- ------------- ------------- -------------

------------- ------------- ------------- -------------

txmcspercent : 0 0 0 0 0 0 0 0

rxmcspercent : 0 0 0 0 0 0 0 0

tx/rxrate 1, 2 5.5, 11 6, 9 12, 18 24, 36 48, 54 -- --

------------- ------- ------- ------- ------- ------- ------- ------- -------

txratepercent: 16 0 0 7 50 27 0 0

rxratepercent: 57 3 0 5 13 22 0 0

Field Description

sta_record Specifies STA records.

TIME Specifies the time when STA records are collected.

IP Address Specifies the IP address of an STA whose statistics are

collected.

Rssi Specifies signal strength.

Link Rate Specifies a connection rate.

AP MAC Specifies the MAC address of an AP associated with

the STA.

SSID Specifies the SSID of the WLAN associated with the

STA.

RADIO Specifies the ID of the radio associated with the STA.

Action Specifies the type of STA action records.

Result Specifies the result of STA action records.

Reason Specifies the reason for STA action records.

Related


N/A N/A

Platform

Description

This command is supported on ACs and APs in WLANs.

Command Reference WLAN Location Commands

WLAN Location Commands

wlocation enable

Use this command to enable the WLAN Location (WL) function on the specified AP. Use the no form

of this command to disable this function.

[ no ] wlocation enable

Parameter


N/A N/A

Defaults Disabled

Command

mode

AP configuration mode on the fit AP or AC

Or:

Wlocation mode on the fat AP.

Usage Guide N/A

Configuration

Examples

This example shows how to enable wireless location on the AP.

Ruijie(config-ap)# wlocation enable

This example shows how to disable wireless location on the AP.

Ruijie(config-ap)# wlocation enable

Related


N/A N/A

Platform

Description

N/A

wlocation ae-ip x.x.x.x

Use this command to configure the IP address of the AE server connected with the specified AP.

[ no ] wlocation ae-ip x.x.x.x

Parameter


x.x.x.x The IP address of AE

Defaults 0.0.0.0


Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to configure the IP address of the AE server on the specified AP.

Ruijie(config-ap)# wlocation ae-ip 1.1.1.1

This example shows how to restore the IP address of the AE to the default configuration.

Ruijie(config-ap)# no wlocation ae-ip

Related


N/A N/A

Platform

Description

N/A

wlocation ae-port number

Use this command to set the port number of the AE server connected with the specified AP.

[ no ] wlocation ae-port number

Parameter


number The port number of AE.

Defaults 12092

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to set the port number of the AE server connected with the specified AP.

Ruijie(config-ap)# wlocation ae-port 12093

This example shows how to restore the port number of the AE server connected with the specified AP

to the default configuration.

Ruijie(config-ap)# no wlocation ae-port

Related Command Description


Commands

N/A N/A

Platform

Description

N/A

wlocation compound enable

Use this command to enable the function of transmitting aggregate data of wireless location. Use the

no form of this command to disable this function.

[ no ] wlocation compound enable

Parameter


N/A N/A

Defaults Disabled

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to enable the function of transmitting aggregate data of wireless location on

the specified AP.

Ruijie(config-ap)# wlocation compound enable

This example shows how to disable the function of transmitting aggregate data of wireless location on

the specified AP.

Ruijie(config-ap)# no wlocation compound enable

Related


N/A N/A

Platform

Description

N/A

wlocation mu enable

Use this command to enable Mobile Unit (MU) wireless location on the specified AP. Use the no form



[ no ] wlocation mu enable

Parameter


N/A N/A

Defaults Disabled

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to enable MU wireless location on the specified AP.

Ruijie(config-ap)# wlocation mu enable

This example shows how to disable MU wireless location on the specified AP.

Ruijie(config-ap)# no wlocation mu enable

Related


N/A N/A

Platform

Description

N/A

wlocation tag enable

Use this command to enable tag wireless location on the specified AP. Use the no form of this


[ no ] wlocation tag enable

Parameter


N/A N/A

Defaults Disabled.

Command

mode


Or:


Usage Guide N/A


Configuration

Examples

This example shows how to enable tag wireless location on the specified AP.

Ruijie(config-ap)# wlocation tag enable

This example shows how to disable tag wireless location on the specified AP.

Ruijie(config-ap)# no wlocation tag enable

Related


N/A N/A

Platform

Description

N/A

wlocation send-mu-time time

Use this command to set frequency of sending MU location packets on the specified AP.

[ no ] wlocation send-mu-time time

Parameter


time Packets sending interval within the range from 100-5000 ms

Defaults 300 ms

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to set frequency to send MU location packets on the specified AP.

Ruijie(config-ap)# wlocation send-mu-time 400

This example shows how to restore the frequency of sending MU location packets to the default

value.

Ruijie(config-ap)# no wlocation send-mu-time

Related


N/A N/A

Platform

Description

N/A


wlocation send-tag-time time

Use this command to set frequency to send tag location packets on the specified AP.

[ no ] wlocation send-tag-time time

Parameter


time Packets sending interval within the range from 100-5000 ms.

Defaults 300 ms

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to set frequency to send tag location packets on the specified AP.

Ruijie(config-ap)# wlocation send-tag-time 400

This example shows how to restore frequency of sending tag location packets to the default value.

Ruijie(config-ap)# no wlocation send-tag-time

Related


N/A N/A

Platform

Description

N/A

Command Reference Wireless Security Commands

Wireless Security Commands

security rsn

The command is used to configure the authentication mode of a WLAN to RSN. This command has

no no prefix, and any configuration prefixed with no does not work at all. The command format is:

security rsn { enable | disable }

Parameter


enable Indicates that you enable the RSN authentication mode.

disable Indicates to disable the RSN authentication mode.

Defaults N/A

Command

mode

WLAN security configuration mode.

Usage Guide The command is used to enable the RSN authentication mode. Only after the RSN authentication

mode is enabled can encryption and authentication methods be configured in the RSN mode.

Otherwise, any configuration is invalid. When you use the RSN authentication, you need to configure

an encryption method and an authentication method. If only an encryption or authentication method is

configured, or neither is configured, the wireless client cannot be associated with the wireless

network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both

WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and

authentication methods in these two authentication modes are identical, and the newly configured

encryption and authentication methods will override the previous ones.

Configuration

Examples

The following example configures the authentication mode of WLAN1 to RSN.

Ruijie(config)#wlansec 1

Ruijie(wlansec)# security rsn enable

The followint example disables the RSN authentication mode of WLAN1.

Ruijie (config)#wlansec 1

Ruijie(wlansec)# security rsn disable

Related


security rsn akm { psk | 802.1x } { enable |

disable }

Configures an authentication method in the

RSN authentication mode.

security rsn ciphers { aes | tkip } { enable |

disable } Configures an encryption method in the RSN

authentication mode.

security rsn akm psk set-key ascci Configures a shared password for RSNs.


Platform

Description

N/A

security rsn akm

The command is used to configure an authentication method for a WLAN in the RSN authentication

mode. This command has no no prefix, and any configuration prefixed with no does not work at all.

The command format is:

security rsn akm { psk | 802.1x } { enable | disable }

Parameter


psk

Indicates to configure the authentication method to pre-shared key

identity verification.

802.1x

Indicates to configure the authentication method to IEEE802.1x

authentication.

enable

Indicates that you enable an authentication method in the RSN


disable

Indicates to disable an authentication method in the RSN


Defaults N/A

Command

mode WLAN security configuration mode.

Usage Guide The command is used to enable an authentication method in the RSN authentication mode. Only

after the RSN authentication mode is enabled can an authentication method be configured. There are

two authentication methods: PSK and 802.1x.

Configuration

Examples

The following example configures the authentication method for WLAN1 in the RSN authentication

mode to PSK.


Ruijie(wlansec)# security rsn akm psk enable

The following example disables the PSK authentication for WLAN1 in the RSN authentication mode.


Ruijie(wlansec)# security rsn akm psk disable

The following example configures the authentication method for WLAN1 in the RSN authentication

mode to 802.1x authentication.


Ruijie(wlansec)# security rsn akm 802.1x enable

The following example disables the 802.1x authentication for WLAN1 in the RSN authentication

mode.



Ruijie(wlansec)# security rsn akm 802.1x disable

Related


security rsn { enable | disable } Configures the WLAN configuration mode.


disable }

Configures an encryption method in the RSN



Platform

Description

N/A

security rsn akm psk set-key ascci

The command is used to configure a shared password for RSNs of a WLAN.

security wpa akm psk set-key ascci key

Parameter


key Indicates a shared password.

Defaults N/A

Command

mode


Usage Guide This shared password is of use only when the PSK authentication mode is enabled.

Configuration

Examples

The following example configures the shared password for WLAN 1 RSN to 12345678.


Ruijie(wlansec)# security rsn enable

Ruijie(wlansec)# security rsn akm psk enable

Ruijie(wlansec)# security rsn akm psk set-key ascci 12345678

Related


security rsn { enable | disable } Configures the RSN authentication mode.


disable }

Configures an encryption method in the RSN



disable }




Platform

Description

N/A

security rsn ciphers

The command is used to configure an encryption method for a WLAN in the RSN authentication



security rsn ciphers { aes | tkip } { enable | disable }

Parameter


aes Indicates to configure the encryption method to AES.

tkip The parameter indicates to configure the encryption method to TKIP.

enable

Indicates that you enable an encryption method in the RSN


disable

Indicates to disable an encryption method in the RSN authentication

mode.

Defaults N/A

Command

mode


Usage Guide The command is used to enable an encryption method in the RSN authentication mode. Only after

the RSN authentication mode is enabled can an encryption method be configured. There are two

encryption methods: AES and TKIP. When you use the RSN authentication, you need to configure an

encryption method and an authentication method. If only an encryption or authentication method is


network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both

WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and

authentication methods in these two authentication modes are identical, and the newly configured

encryption and authentication methods will override the previous ones.

Configuration

Examples

The following example configures the encryption method for WLAN1 in the RSN authentication mode

to AES.


Ruijie(wlansec)# security rsn ciphers aes enable

The following example disables the AES encryption method for WLAN1 in the RSN authentication

mode.


Ruijie(wlansec)# security wpa ciphers aes disable

The following example configures the encryption method for WLAN1 in the RSN authentication mode

to TKIP.



Ruijie(wlansec)# security rsn ciphers tkip enable

The following example disables the TKIP encryption method for WLAN1 in the RSN authentication

mode.


Ruijie(wlansec)# security rsn ciphers tkip disable

Related


security rsn { enable | disable } Configures the RSN authentication mode.


disable }




Platform

Description

N/A

security static-wep-key authentication

The command is used to configure an authentication method for a WLAN in the static WEP mode.

This command has no no prefix, and any configuration prefixed with no does not work at all. The

command format is:

security static-wep-key authentication { open | share-key }

Parameter


open Indicates the open system authentication mode.

share-key Indicates the shared key configuration mode.

Defaults The default setting is open.

Command

mode


Usage Guide This command must be used with the security static-wep-key encryption command. Usually, the

static WEP key must be configured before the shared key authentication method can be configured.

In any security mode other than the static WEP security mode, it is of no use to configure the link


Configuration

Examples

The following example configures the authentication mode of WLAN1 to open system authentication.


Ruijie(wlansec)# security static-wep-key authentication open

The following example configures the authentication mode of WLAN1 to shared key authentication.



Ruijie(wlansec)# security static-wep-key authentication share-key

Related


security static-wep-key encryption

Configures the static WEP key, and enable the

static WEP security mode.

Platform

Description

N/A

security static-wep-key encryption

The command is used to configure the static WEP key for a WLAN and configure the security mode of

this WLAN to static WEP. The no option of the command can be used to delete the configured key,

and restore the WLAN to the OPEN mode. The command format is:

[ no ]security static-wep-key encryption key-length { ascii|hex } key-index key

Parameter


key-length

The key length is measured by bit, which can be 40, 104, and 128

bits.

key-index Indicates a key index number, ranging from 1 to 4.

key

Indicates key data. In the ascii mode, 5-byte, 13-byte, and 16-byte

data can serve as a key depending on the key-length parameter. In

the hex mode, 10-byte, 26-byte, and 32-byte data can serve as a key

depending on the key-length parameter.

ascii Indicates that the password takes the form of ASCII code.

hex Indicates that the password is hexadecimal.

no

As a command prefix, the parameter indicates cancellation of the

configured static key.

Defaults N/A

Command

mode


Usage Guide The prerequisite of configuring security mode for a WLAN is that this WLAN has been created.

Attention should be paid to the following points:

1. This command can be used repeatedly for configuration, and the last configuration will take

effect.

2. This command configures the static WEP key as well as the static-WEP security mode.

Configuration

Examples

The following example configures the static WEP key of WLAN 1 to 12345.



Ruijie(wlansec)# security static-wep-key encryption 40 ascii 1 12345

Or use the hexadecimal form, which has the same effect:

Ruijie(wlansec)# security static-wep-key encryption 40 hex 1 3132333435

Related


security static-wep-key authentication { open |

share-key }

Configures the authentication method in the

static WEP security mode to open system

authentication or shared key authentication.

Platform

Description

The client cannot support a 128-bit WEP password if you use the Windows XP operating system in

the wireless client management software. If the client software does not support a 128-bit WEP

password, as Ruijie’s devices are configured with 128-bit encryption, the consequence is either the

client software cannot be associated with the wireless network or the data channel is unavailable,

depending on the authentication mode.

security wpa

The command is used to configure the authentication mode of a WLAN to WPA. This command has

no no prefix, and any configuration prefixed with no does not work at all. The command format is:

security wpa { enable | disable }

Parameter


enable Indicates that you enable the WPA authentication mode.

disable Indicates to disable the WPA authentication mode.

Defaults N/A

Command

mode


Usage Guide The command is used to enable the WPA authentication mode. Only after the WPA authentication

mode is enabled can encryption and authentication methods be configured in the WPA mode.

Otherwise, configuration is impossible. When you use the WPA authentication, you need to configure

an encryption method and an authentication method. If only an encryption or authentication method is


network.

Configuration

Examples

The following example configures the authentication mode of WLAN1 to WPA.


Ruijie(wlansec)# security wpa enable

The following example disables the WPA authentication mode of WLAN1.



Ruijie(wlansec)# security wpa disable

Related


security wpa akm { psk | 802.1x } { enable |

disable }


WPA authentication mode.

security wpa ciphers { aes | tkip } { enable |

disable } Configures an encryption method in the WPA


security wpa akm psk set-key ascci

Configures the shared password in the WPA


Platform

Description

N/A

security wpa akm

The command is used to configure an authentication method for a WLAN in the WPA authentication



security wpa akm { psk | 802.1x } { enable | disable }

Parameter


psk

Indicates to configure the authentication method to pre-shared key

identity verification.

802.1x

Indicates to configure the authentication method to IEEE802.1x

authentication.

enable

Indicates that you enable an authentication method in the WPA


disable

indicates to disable an authentication method in the WPA


Defaults N/A

Command

mode


Usage Guide The command is used to enable an authentication method in the WPA authentication mode. Only

after the WPA authentication mode is enabled can an authentication method be configured. There are

two authentication methods: PSK and 802.1x. When you use the WPA authentication, you need to

configure an encryption method and an authentication method. If only an encryption or authentication

method is configured, or neither is configured, the wireless client cannot be associated with the

wireless network.


Configuration

Examples

The following example configures the authentication method for WLAN1 in the WPA authentication

mode to pre-shared key identity authentication.


Ruijie(wlansec)# security wpa akm psk enable

The following example disables the pre-shared key identity authentication for WLAN1 in the WPA



Ruijie(wlansec)# security wpa akm psk disable

The following example configures the authentication method for WLAN1 in the WPA authentication

mode to 802.1x authentication.


Ruijie(wlansec)# security wpa akm 802.1x enable

The following example disables the 802.1x authentication for WLAN1 in the WPA authentication

mode.


Ruijie(wlansec)# security wpa akm 802.1x disable

Related


security wpa { enable | disable } Configures the WLAN configuration mode.


disable }

Configures an encryption method in the WPA


Platform

Description

N/A


The command is used to configure a WPA shared password for a WLAN.

security wpa akm psk set-key ascci key

Parameter


key Indicates a shared password.

Defaults N/A

Command

mode


Usage Guide This shared password is of use only when the PSK authentication mode is enabled.

Configuration

Examples

The following example configures the shared password for WLAN 1 WPA to 12345678.



Ruijie(wlansec)# security wpa enable

Ruijie(wlansec)# security wpa akm psk enable

Ruijie(wlansec)# security wpa akm psk set-key ascci 12345678

Related




disable }

Configures an encryption method in the WPA



disable }



Platform

Description

N/A

security wpa ciphers

The command is used to configure an encryption method for a WLAN in the WPA authentication



security wpa ciphers { aes | tkip } { enable | disable }

Parameter


aes Indicates to configure the encryption method to AES.

tkip Indicates to configure the encryption method to TKIP.

enable

Indicates that you enable an encryption method in the WPA


disable

Indicates to disable an encryption method in the WPA authentication

mode.

Defaults N/A

Command

mode


Usage Guide The command is used to enable an encryption method in the WPA authentication mode. Only after

the WPA authentication mode is enabled can an encryption method be configured. There are two

encryption methods: AES and TKIP. When you use the WPA authentication, you need to configure an

encryption method and an authentication method. If only an encryption or authentication method is


network.

Configuration The following example configures the encryption method for WLAN1 in the WPA authentication mode


Examples to AES.


Ruijie(wlansec)# security wpa ciphers aes enable

The following example disables the AES encryption method for WLAN1 in the WPA authentication

mode.


Ruijie(wlansec)# security wpa ciphers aes disable

The following example configures the encryption method for WLAN1 in the WPA authentication mode

to TKIP.


Ruijie(wlansec)# security wpa ciphers tkip enable

The following example disables the TKIP encryption method for WLAN1 in the WPA authentication

mode.


Ruijie(wlansec)# security wpa ciphers tkip disable

Related




disable }




Configures a shared password in the WPA


Platform

Description

N/A

webauth prevent-jitter

Use this command to set the timeout for jitter prevention during Web authentication of a particular

WLAN. Use the no or default form of this command to restore the default setting.

webauth prevent-jitter timeout

Parameter


timeout

Sets the timeout for jitter prevention during Web

authentication. The range is from 0 to 86400 seconds.

no/default Restores the default value of 300 seconds.

Defaults N/A

Command

mode



Usage Guide N/A

Configuration

Examples

The following example sets the timeout for jitter prevention during Web authentication of WLAN 1 to

900 seconds.

Step 1: Enter WLAN security configuration mode:

(config)#wlansec 1

Step 2: Use the webauth prevent-jitter command to configure the timeout:

webauth prevent-jitter 900

Related


N/A N/A

Platform

Description

N/A

show wlan security

The command is used to display security configuration of a WLAN.

show wlan security wlan-id

Parameter


wlan-id Indicates the ID of the WLAN to be checked, ranging from 1 to 512.

Defaults N/A

Command

mode

Privileged mode

Usage Guide N/A

Configuration

Examples

The following example displays the security configuration of WLAN1.

Ruijie# show wlan security 1

Related


N/A N/A

Platform

Description

N/A


show wclient security

The command is used to display security configuration of a wireless client. It takes the form as

follows:

Show wclient security mac-address

Parameter


mac-address

Indicates the MAC address of the wireless client to be shown, in the

format of H.H.H.

Defaults N/A

Command

mode

Privileged mode.

Usage Guide N/A

Configuration

Examples

The following example displays the security configuration of wireless client 1 with a MAC address of

0023.cdad.d3d5.

Ruijie# show wclient security 0023.cdad.d3d5

Security policy finished :TRUE

Security policy type :WPA-802.1X

Security cipher mode :CCMP

Security EAP type :NONE

Security NAC status :CLOSE

Related


N/A N/A

Platform

Description

N/A

Command Reference WIDS Commands

WIDS Commands

attack-detection enable

Use this command to enable the IDS attack detection function. Use the no form of this command to

disable the IDS attack detection function.

attack-detection enable { all | flood | weak-iv | spoof }

no attack-detection enable { all | flood | weak-iv | spoof }

Parameter


all The parameter indicates that you enable all types of IDS attack

detection function.

flood The parameter indicates that you enable the Flooding IDS attack

detection function.

weak-iv The parameter indicates that you enable the Weak-IV IDS attack

detection function.

spoof The parameter indicates that you enable the Spoofing IDS attack

detection function.

no The parameter indicates that you disable the IDS attack detection

function.

Defaults The default is no.

Command

mode

WIDS configuration mode.

Usage Guide N/A

Configuration

Examples

#Enable the Weak-IV IDS attack detection function.

Ruijie(config)# wids

Ruijie(config-wids)# attack-detection enable weak-iv

Related


N/A N/A

Platform

Description

N/A


countermeasures ap-max

Use this command to configure the maximum number of APs for the countermeasures.

Use the no form of this command to restore the default setting.

countermeasures ap-max number

no countermeasures ap-max

Parameter


number Specifies the maximum number of APs for the countermeasures.

Value range: 1 to 256

no Restores the maximum number of APs for the countermeasures to

30.

Defaults The maximum number of APs for the countermeasures is 30 by default.

Command

mode

WIDS configuration mode

Usage Guide N/A

Configuration

Examples

#Set the maximum number of APs for the countermeasures to 100.


Ruijie(config-wids)# countermeasures ap-max 100

Related


N/A N/A

Platform

Description

N/A

countermeasures enable

Use this command to enable the device countermeasures. Use the no form of this command to

disable the device countermeasures.

countermeasures enable

no countermeasure enable

Parameter


no The parameter indicates that you disable the device

countermeasures.


Defaults This function is disabled by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Enable the device countermeasures.


Ruijie(config-wids)# countermeasure enable

Related


N/A N/A

Platform

Description

This command is supported on ACs and fat APs.

countermeasures mode

Use this command to configure the device countermeasures mode. Use the no form of this command

to restore the default countermeasures mode.

countermeasures mode { SSID | rogue | adhoc | config }

no countermeasure mode

Parameter


SSID The parameter indicates the SSIDs that are detected by the

countermeasures and are not on the same AC.

rogue The parameter indicates that only detected rogue devices are

subjected to the countermeasures.

adhoc The parameter indicates that only detected adhoc devices are

subjected to the countermeasures.

config The parameter indicates that only the devices configured in the static

attack list are subjected to the countermeasures.

no The parameter indicates that the current countermeasures mode is

cancelled.

Defaults N/A

Command

mode



Usage Guide N/A

Configuration

Examples

#Set the device countermeasure mode to rogue.


Ruijie(config-wids)# countermeasure mode rogue

Related


N/A N/A

Platform

Description


countermeasures rssi-min

Use this command to configure the lower limit of the signal for the countermeasures.


countermeasures rssi-min number

no countermeasures rssi-min

Parameter


number Specifies the lower limit of the signal strength for the

countermeasures.


no Restores the lower limit of the signal strength for the

countermeasures to 25.

Defaults The lower limit of the signal strength for the countermeasures is 25 by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the lower limit of the signal strength for the countermeasures to 0.


Ruijie(config-wids)# countermeasures rssi-min 0

Related


N/A N/A

Platform N/A


Description

device aging duration

Use this command to configure device aging duration. Use the no form of this command to restore

the default aging duration.

device aging duration seconds

no device aging duration

Parameter


seconds The parameter indicates device aging duration, ranging from 500 to

5000 seconds.

no The parameter indicates that you restore the aging duration to the

default.

Defaults The default aging duration is 1200 seconds.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the device aging duration to 1200s.


Ruijie(config-wids)# device aging duration 1200

Related


N/A N/A

Platform

Description

N/A

device attack mac-address

Use this command to configure a static attack list for device countermeasures. Use the no form of this

command to delete a configured static attack address entry.

device attack mac-address H.H.H

no device attack mac-address H.H.H

Parameter



H.H.H The parameter indicates that the device with this source MAC

address is subjected to the countermeasures.

no The parameter indicates that you delete a static attack address.

Defaults No setting by default.

Command

mode


Usage Guide This configuration is one of the policies for detecting Rogue devices.

Configuration

Examples

#Set the device with the static attack source MAC address of 0000.0000.0001.


Ruijie(config-wids)# device attack mac-address 0000.0000.0001

Related


N/A N/A

Platform

Description This command is supported on ACs and fat APs.

device attack max

Use this command to configure the maximum number of attack MAC address list members.


device attack max number

no device attack max

Parameter


number Specifies the maximum number of attack MAC address list members.


no Restores the maximum number of attack MAC address list members

to 128.

Defaults The maximum number of attack MAC address list members is 128 by default.

Command

mode


Usage Guide N/A

Configuration The following example sets the maximum number of attack MAC address list members to 100.


Examples Ruijie(config)# wids

Ruijie(config-wids)# device attack max 100

Related


N/A N/A

Platform

Description

N/A

device mode

Use this command to configure the working mode of the AP. Use the no form of this command to

restore the default working mode.

device mode { monitor | normal | hybrid }

no device mode

Parameter


monitor The parameter indicates AP works in the monitor mode.

normal The parameter indicates AP works in the normal mode.

hybrid The parameter indicates AP works in the hybrid mode.

no The parameter indicates that you restore the working mode of AP to

the default.

Defaults The AP works in normal mode by default..

Command

mode

WIDS configuration mode on an AP; AP configuration mode on an AC.

Usage Guide N/A

Configuration

Examples

#Set the working mode of the AP to monitor.


Ruijie(config-wids)# device mode monitor

Related


N/A N/A

Platform

Description

N/A


device permit mac-address

Use this command to configure a permissible MAC address list. Use the no form of this command to

delete a configured static attack entry.

device permit mac-address H.H.H

no device permit mac-address H.H.H

Parameter


H.H.H The parameter indicates that the device with this source MAC

address is legal.

no The parameter indicates to delete a permissible MAC address.

Defaults There is no permissible MAC entry by default.

Command

mode



Configuration

Examples

#Set the device with the permissible source MAC address of 0000.0000.0001.


Ruijie(config-wids)# device permit mac-address 0000.0000.0001

Related


N/A N/A

Platform

Description

N/A

device permit mac-address max

Use this command to configure the maximum number of permissible MAC address list members.


device permit mac-address max number

no device permit mac-address max

Parameter


number Specifies the maximum number of permissible MAC address list

members.



no Restores the maximum number of permissible MAC address list

members to 1024.

Defaults The maximum number of permissible MAC address list members is 1024 by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the maximum number of permissible MAC address list members to 100.


Ruijie(config-wids)# device permit mac-address max 100

Related


N/A N/A

Platform

Description

N/A

device permit max-ssid

Use this command to configure the maximum number of permissible SSID list members.


device permit max-ssid number

no device permit max-ssid

Parameter


number Specifies the maximum number of permissible SSID list members.


no Restores the maximum number of permissible SSID list members to

512.

Defaults The maximum number of permissible SSID list members is 512 by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the maximum number of permissible SSID list members to 100.



Ruijie(config-wids)# device permit max-ssid 100

Related


N/A N/A

Platform

Description

N/A

device permit ssid

Use this command to configure a permissible SSID list. Use the no form of this command to delete a

configured permissible SSID entry.

device permit ssid ssid

no device permit ssid ssid

Parameter


ssid The parameter indicates this is the permissible SSID.

no The parameter indicates that you delete a permissible SSID.

Defaults There is no permissible SSID entry by default.

Command

mode



Configuration

Examples

#Set the SSID of my-wlan as the permissible SSID.


Ruijie(config-wids)# device permit ssid my-wlan

Related


N/A N/A

Platform

Description

N/A

device permit vendor bssid

Use this command to configure a permissible vendor list. Use the no form of this command to delete a

configured permissible vendor entry.


device permit vendor bssid H.H.H

no device permit vendor bssid H.H.H

Parameter


H.H.H The parameter indicates this vendor’s address is a permissible

address.

no The parameter indicates that you delete a permissible vendor entry.

Defaults There is no permissible vendor entry by default.

Command

mode


Usage Guide The vendor number is used to configure the first three bytes of a MAC address. Do not configure

multiple MAC addresses with the same vendor number. This configuration is one of the policies for

detecting Rogue devices.

Configuration

Examples

#Set the MAC address 0011.2200.0001 as a permissible vendor address.


Ruijie(config-wids)# device permit vendor bssid 0011.2200.0001

Related


N/A N/A

Platform

Description

N/A

device permit vendor bssid max

Use this command to configure the maximum number of permissible vendor list members.


device permit vendor bssid max number

no device permit vendor bssid max

Parameter


number Specifies the maximum number of permissible vendor list members.


no Restores the maximum number of permissible vendor list members to

512.

Defaults The maximum number of permissible vendor list members is 512 by default.


Command

mode


Usage Guide N/A

Configuration

Examples

#Set the maximum number of permissible vendor list members to 100.


Ruijie(config-wids)# device permit vendor bssid max 100

Related


N/A N/A

Platform

Description

N/A

device statistics max

Use this command to configure the maximum number of statistic list members.


device statistics max number

no device statistics max

Parameter


number Specifies the maximum number of statistic list members.


no Restores the maximum number of statistic list members to 512.

Defaults The maximum number of statistic list members is 1024 by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the maximum number of statistic list members to 100.


Ruijie(config-wids)# device statistics max 100

Related


N/A N/A


Platform

Description

N/A

dynamic-blacklist enable

Use this command to enable the dynamic blacklist. Use the no form of this command to disable the

dynamic blacklist.

dynamic-blacklist enable

no dynamic-blacklist enable

Parameter


no The parameter indicates that you disable the dynamic blacklist.

Defaults Dynamic blacklist is disabled by de fault.

Command

mode


Usage Guide N/A

Configuration

Examples

#Enable the dynamic blacklist.


Ruijie(config-wids)# dynamic-blacklist enable

Related


N/A N/A

Platform

Description

N/A

dynamic-blacklist lifetime

Use this command to configure the dynamic blacklist entry lifetime. Use the no form of this command

to restore the default dynamic blacklist entry lifetime.

dynamic-blacklist lifetime seconds

no dynamic-blacklist lifetime

Parameter


seconds The parameter indicates the dynamic blacklist entry lifetime, ranging


from 60 to 5000 seconds.

no The parameter indicates that you restore the dynamic blacklist entry

lifetime to the default.

Defaults The default is 300s.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the dynamic blacklist entry lifetime to 600s.


Ruijie(config-wids)# dynamic-blacklist lifetime 600

Related


N/A N/A

Platform

Description

N/A

dynamic-blacklist max

Use this command to configure the maximum number of MAC addresses in the dynamic blacklist.


dynamic-blacklist max number

no dynamic-blacklist max

Parameter


number Specifies the maximum number of MAC addresses in the dynamic

blacklist.


no Restores the maximum number of MAC addresses in the dynamic

blacklist to 512.

Defaults The maximum number of MAC addresses in the dynamic blacklist is 1024 by default.

Command

mode


Usage Guide N/A


Configuration

Examples

#Set the maximum number of MAC addresses in the dynamic blacklist to 100.


Ruijie(config-wids)# dynamic-blacklist max 100

Related


N/A N/A

Platform

Description

N/A

flood-detect { auth | deauth | assoc | disassoc } total number number

time time

Use this command to configure attack detection in which an attack is considered to have occurred if

the threshold for determining an attack using frames of the specified type is reached in the specified

detection duration for different MAC addresses.

flood-detect { auth | deauth | assoc | disassoc } total number number time time

Parameter


auth Threshold for determining an authentication frame attack during

attack detection for different MAC addresses

Default value: 500

deauth Threshold for determining a de-authentication frame attack during

attack detection for different MAC addresses

Default value: 500

assoc Threshold for determining an association frame attack during attack

detection for different MAC addresses

Default value: 500

disassoc Threshold for determining a de-association frame attack during attack

detection for different MAC addresses

Default value: 500

time Duration of attack detection

Default value: 10 seconds

Defaults Attack detection is disabled by default.

Command

mode

Ap-config mode for fit APs and WIDS configuration mode for fat APs

Usage Guide Use this command on ACs and fat APs.


Configuration

Examples

#Configure attack detection in which the threshold for determining an authentication packet attack

within 10 seconds for different MAC addresses is 200.

Ruijie-AC(config)# ap-config ap-name

Ruijie-AC(config-ap)# flood-detect auth total number 200 time 10

Ruijie-AP(config)# wids

Ruijie-AP(config-wids ) flood-detect auth total number 200 time 10

Related


N/A N/A

Platform

Description


kickout threshold

Use this command to kick out the low-rate STA.

kickout threshold rate

Parameter


rate Packet sending-receiving rate with the unit of M/Second.

Defaults The low-rate STA is not filtered by default,

Command

mode


Usage Guide This command is used to filter the low-rate STA. When the wireless access end detects that the

sending-receiving rate of STA is less than the configured threshold, it disconnects the association.

Configuration

Examples

#Filter the STA with sending-receiving rate less than 30M/S


Ruijie(config-ac)# kickout threshold 30

Related


wids Enters WIDS configuration mode.

Platform

Description

N/A


reset attack-list all

Use this command to clear the entries of all attack lists.

reset attack-list all

Parameter


all Specifies that the entries of all attack lists are cleared.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all attack lists.


Ruijie(config-wids)# reset attack-list all

Related


N/A N/A

Platform

Description

N/A

reset detected

Use this command to reset the device list detected in a WLAN.

reset detected { all | rogue { ap | client } | mac-address H.H.H }

Parameter


all The parameter indicates that you reset all devices detected in a

WLAN.

rogue ap The parameter indicates that you reset the detected Rogue AP.

rogue client The parameter indicates that you reset the detected Rogue Client.

mac-address H.H.H The parameter indicates that you reset the device with the source

MAC address H.H.H.

Defaults N/A


Command

mode


Usage Guide N/A

Configuration

Examples

#Reset the Rogue AP detected in a WLAN.


Ruijie(config-wids)# reset detected rogue ap

Related


N/A N/A

Platform

Description

N/A

reset dynamic-blacklist

Use this command to reset dynamic blacklist entries.

reset dynamic-blacklist { all | mac-address H.H.H }

Parameter


all The parameter indicates that you reset all dynamic blacklist entries.

mac-address H.H.H The parameter indicates that you reset the dynamic blacklist entry

with the source MAC address H.H.H.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Reset the dynamic blacklist entry with the source MAC address 0000.0000.0001.


Ruijie(config-wids)# reset dynamic-blacklist mac-address 0000.0000.0001

Related


N/A N/A

Platform

Description

N/A


reset permit-mac all

Use this command to clear the entries of all permissible MAC address lists.

reset permit-mac all

Parameter


all Specifies that the entries of all permissible MAC address lists are

cleared.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all permissible MAC address lists.


Ruijie(config-wids)# reset permit-mac all

Related


N/A N/A

Platform

Description

N/A

reset permit-ssid all

Use this command to clear the entries of all permissible SSID lists.

reset permit-ssid all

Parameter


all Specifies that the entries of all permissible SSID lists are cleared.

Defaults N/A

Command

mode


Usage Guide N/A


Configuration

Examples

#Clear the entries of all permissible SSID lists.


Ruijie(config-wids)# reset permit-ssid all

Related


N/A N/A

Platform

Description

N/A

reset permit-vendor all

Use this command to clear the entries of all permissible vendor lists.

reset permit-vendor all

Parameter


all Specifies that the entries of all permissible vendor lists are cleared.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all permissible vendor lists.


Ruijie(config-wids)# reset permit-vendor all

Related


N/A N/A

Platform

Description

N/A

reset static-blacklist all

Use this command to clear the entries of all static blacklists.

reset static-blacklist all


Parameter


all Specifies that the entries of all static blacklists are cleared.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all static blacklists.


Ruijie(config-wids)# reset static-blacklist all

Related


N/A N/A

Platform

Description

N/A

reset statistics

Use this command to reset the IDS attack detection statistics in a WLAN.

reset statistics

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Reset the attack statistics detected in a WLAN.


Ruijie(config-wids)# reset statistics



Commands

N/A N/A

Platform

Description

N/A

reset user-isolation-permit-list all

Use this command to clear the entries of all permissible lists for user isolation.

reset user-isolation-permit-list all

Parameter


all Specifies that the entries of all permissible lists for user isolation are

cleared.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all permissible lists for user isolation.


Ruijie(config-wids)# reset user-isolation-permit-list all

Related


N/A N/A

Platform

Description

N/A

reset whitelist all

Use this command to clear the entries of all whitelists.

reset whitelist all

Parameter


all Specifies that the entries of all whitelists are cleared.


Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear the entries of all whitelists.


Ruijie(config-wids)# reset whitelist all

Related


N/A N/A

Platform

Description

N/A

sigmac { auth | deauth | assoc | diassoc } number number time time

Use this command to configure attack detection in which an attack is considered to have occurred if

the threshold for determining an attack using frames of the specified type is reached in the specified

detection duration for the same MAC address.

sigmac { uth | deauth | assoc | disassoc } number number time time

Parameter


auth Threshold for determining an authentication frame attack during

attack detection for the same MAC address

Default value: 300

deauth Threshold for determining a de-authentication frame attack during

attack detection for the same MAC address

Default value: 300

assoc Threshold for determining an association frame attack during attack

detection for the same MAC address

Default value: 300

disassoc Threshold for determining a de-association frame attack during attack

detection for the same MAC address

Default value: 300

time Duration of attack detection

Default value: 10 seconds

Defaults Attack detection disabled by default.


Command

mode

Ap-config mode for fit APs and WIDS configuration mode for fat APs

Usage Guide Use this command on ACs and fat APs.

Configuration

Examples

#Configure attack detection in which the threshold for determining an authentication packet attack

within 10 seconds for the same MAC addresses is 200.

Ruijie-AC(config)# ap-config ap-name

Ruijie-AC(config-ap)# sigmac {auth | deauth | assoc | disassoc} number 200

time 10

Ruijie-AP(config)# wids

Ruijie-AP(config-wids) sigmac {auth | deauth | assoc | disassoc} number 200

time 10

Related


N/A N/A

Platform

Description

N/A

static-blacklist mac-address

Use this command to configure the static blacklist. Use the no form of this command to delete the

static blacklist

static-blacklist mac-address H.H.H

no static-blacklist mac-address H.H.H

Parameter


H.H.H The parameter indicates that you set the device with the source MAC

address H.H.H as a static blacklist entry.

no The parameter indicates that you delete the static blacklist.

Defaults No setting by default..

Command

mode


Usage Guide N/A

Configuration

Examples

#Configure the device with the source MAC address 0000.0000.0001 to the static blacklist.



Ruijie(config-wids)# static-blacklist mac-address 0000.0000.0001

Related


N/A N/A

Platform

Description

N/A

static-blacklist max

Use this command to configure the maximum number of static blacklists.


static-blacklist max number

no static-blacklist max

Parameter


number Specifies the maximum number of static blacklists.


no Restores the maximum number of static blacklists to 512.

Defaults The maximum number of static blacklists is 512 by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the maximum number of static blacklists to 100.


Ruijie(config-wids)# static-blacklist max 100

Related


N/A N/A

Platform

Description

N/A

whitelist mac-address

Use this command to configure the whitelist. Use the no form of this command to delete the whitelist


whitelist mac-address H.H.H

no whitelist mac-address H.H.H

Parameter


H.H.H The parameter indicates that you set the device with the source MAC

address H.H.H as a whitelist entry.

no The parameter indicates that you delete the whitelist.

Defaults The default is null.

Command

mode


Usage Guide N/A

Configuration

Examples

#Configure the device with the source MAC address 0000.0000.0001 to the whitelist.


Ruijie(config-wids)# whitelist mac-address 0000.0000.0001

Related


N/A N/A

Platform

Description

N/A

whitelist max

Use this command to configure the maximum number of whitelists.


whitelist max number

no whitelist max

Parameter


number Specifies the maximum number of whitelists.


no Restores the maximum number of whitelists to 512.

Defaults The maximum number of whitelists is 512 by default.

Command

mode



Usage Guide N/A

Configuration

Examples

#Set the maximum number of whitelists to 100.


Ruijie(config-wids)# whitelist max 100

Related


N/A N/A

Platform

Description

N/A

wids

Use this command to enter WIDS configuration mode.

wids

Parameter


N/A N/A

Defaults N/A

Command

mode

Global configuration mode.

Usage Guide N/A

Configuration

Examples

#Enter WIDS configuration mode.


Ruijie(config-wids)#

Related


N/A N/A

Platform

Description

N/A


show wids attack-list

Use this command to show the WIDS attack list.

show wids attack-list

Parameter


N/A N/A

Defaults N/A

Command

mode

Privileged EXEC mode.

Usage Guide N/A

Configuration

Examples

#Show the WIDS attack list.

Ruijie# show wids attack-list

Related


N/A N/A

Platform

Description

N/A

show wids blacklist

Use this command to show the static or dynamic blacklist.

show wids blacklist { static | dynamic }

Parameter


static Shows the static blacklist.

dynamic Shows the dynamic blacklist.

Defaults N/A

Command

mode


Usage Guide N/A


Configuration

Examples

#Show the dynamic blacklist.

Ruijie# show wids blacklist dynamic

Related


N/A N/A

Platform

Description

N/A

show wids detected

Use this command to show the devices detected in a WLAN.

show wids detected { adhoc | all | friendly ap | interfering ap | rogue { adhoc-ap | ap | client |

config-ap | ssid-ap } | mac-address H.H.H }

Parameter


adhoc Shows the detected ad-hoc network.

all Shows all devices detected in a WLAN.

friendly ap Shows the detected friendly AP.

interfering ap Shows the detected interference AP.

rogue adhoc-ap Shows the detected Rogue ad-hoc AP.

rogue ap Shows the detected Rogue AP.

rogue client Shows the detected Rogue Client.

rogue config-ap Shows the detected Rogue config AP.

rogue ssid -ap Shows the detected Rogue SSID AP.

mac-address H.H.H Shows the detected device with the source MAC address H.H.H.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show the Rogue AP detected in a WLAN.

Ruijie# show wids detected rogue ap

Related


N/A N/A


Platform

Description

N/A

show wids permitted

Use this command to show the MAC address, SSID, and vendor lists trusted in a WLAN.

show wids permitted { mac-address | ssid | vendor }

Parameter


mac-address Shows the trusted MAC address list.

ssid Shows the trusted SSID list.

vendor Shows the trusted vendor list.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show the SSID list trusted in WLAN.

Ruijie# show wids permitted ssid

Related


N/A N/A

Platform

Description

N/A

show wids statistics

Use this command to show the detected attack statistics.

show wids statistics

Parameter


N/A N/A

Defaults N/A

Command Privileged EXEC mode.


mode

Usage Guide N/A

Configuration

Examples

#Show the detected attack statistics.

Ruijie# show wids statistics

Related


N/A N/A

Platform

Description


show wids user-isolation permit-mac

Use this command to show the information of the permissible MAC address list for user isolation.

show wids user-isolation permit-mac

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show the information of the permissible MAC address list for user isolation.

Ruijie# show wids user-isolation permit-mac

Related


N/A N/A

Platform

Description

N/A

show wids whitelist

Use this command to show the whitelist.


show wids whitelist

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show the whitelist.

Ruijie# show wids whitelist

Related


N/A N/A

Platform

Description

N/A

Command Reference WDS Commands

WDS Commands

data-plane wireless-broadcast

Use this command to configure broadcast packets to be forwarded from wired ports to wireless ports.

data-plane wireless-broadcast { enable | disable }

Parameter


N/A N/A

Defaults This command is not configured by default.

Command

Mode


Usage Guide Use this command when broadcast packets need to be forwarded from wired ports to wireless ports

in Wireless Distribution Systems (WDSs).

Configuration

Examples

#Configure to forward packets from wired ports to wireless ports.

Ruijie(config)# data-plane wireless-broadcast enable

Related


station-role { access-point | non-root-bridge |

root-bridge } Configures AP working modes.

Platform

Description

N/A

parent mac-address

Use this command to set the MAC address of the parent node.

parent mac-addrss HHHH.HHHH.HHHH

Parameter


HHHH.HHHH.HHHH MAC address of the parent node to be configured.

Defaults N/A

Command Interface configuration mode


Mode

Usage Guide Use this command to configure the MAC address of the parent node when AP is in the

non-root-bridge mode.

Configuration

Examples

#Set the MAC address of the parent node as HHHH.HHHH.HHHH

Ruijie(config-if-Dot11radio 1/0)# parent mac-address HHHH.HHHH.HHHH

Related


station-role { access-point | non-root-bridge |

root-bridge | repeater workgroup-bridge } Configures the AP working mode.

Platform

Description

N/A

station-role

Use this command to set the AP working mode.

station-role { access-point | non-root-bridge | root-bridge }

Parameter


access-point Sets the AP working mode as root access point.

repeater Sets the AP working mode as repeater.

non-root-bridge Sets the AP working mode as non-boot bridge.

root-bridge Sets the AP working mode as root bridge.

workgroup-bridge Sets the AP working mode as workgroup bridge.

Defaults The default working mode is access-point.

Command

Mode

Interface configuration mode

Usage Guide N/A

Configuration

Examples

#Set the AP working mode as root-bridge.

Ruijie(config-if-Dot11radio 1/0)# station-role root-bridge

Related


parent mac-address HHHH.HHHH.HHHH

Configures the MAC address of the parent

node.


Platform

Description

N/A

Command Reference Anti-ARP Spoofing Commands

Anti-ARP Spoofing Commands

anti-arp-spoofing ip

Use this command to enable anti-ARP spoofing. Use the no form of this command to disable this

function.

anti-arp-spoofing ip ip-address

no anti-arp-spoofing ip ip-address

Parameter


ip-address IP address of the gateway.

Defaults Anti-ARP spoofing is disabled by default.

Command

Mode

Interface configuration mode.

The interface can be a wired interface or a wireless wlansec interface.

Usage Guide You can use the show anti-arp-spoofing command to display the configuration.

Up to 16 IP addresses can be configured with this command in an interface.

Configuration

Examples

The following example enables anti-ARP spoofing in a wired interface.

Ruijie(config)#interface fastEthernet 0/1

Ruijie(config-if)#anti-arp-spoofing ip 192.168.1.1

The following example enables anti-ARP spoofing in a wireless wlansec interface.


Ruijie(config-wlansec)#anti-arp-spoofing ip 192.168.1.2

Related


show anti-arp-spoofing

Displays the configuration of anti-ARP spoofing

on all interfaces.

Platform

Description

N/A


Use this command to display the configuration of anti-ARP spoofing on all interfaces.

Command Reference Anti-ARP Spoofing Commands


Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show anti-arp-spoofing

Anti-arp-spoofing

port ip

------- -------

GigabitEthernet 0/1 192.168.1.1

Wlan 1 192.168.1.2

Related


anti-arp-spoofing ip Enables anti-ARP spoofing.

Platform

Description

N/A

Command Reference Link Checking Commands

Link Checking Commands

link-check

Use this command to enable link checking. Use the no form of this command to disable link checking.

link-check { enable | disable }

no link-check { enable | disable }

Parameter


no Disables link checking.

Defaults Link checking is disabled by default.

Command

mode


Usage Guide N/A

Configuration

Examples

The following example enables link checking.

Ruijie(config)# link-check enable

The following example disables link checking.

Ruijie(config)# link-check disable

or

Ruijie(config)# no link-check enable

Related


show running-config Checks whether link checking is enabled.

Platform

Description

This command is supported only on wireless AC and fat AP series.

schedule session

Use this command to configure a scheduling session. Use the no form of this command to delete the

configuration.

schedule session num

no schedule session num



Description

num

Specifies the ID of the scheduling session to be created or to be

applied to a WLAN. The range is from 1 to 64.

no

Deletes the scheduling session or

cancels the ID (in the range from 1 to 64) of the scheduling session

applied to a WLAN.

Defaults No scheduling session is configured by default.

No scheduling session is applied to a WLAN by default.

Command

mode


or WLAN configuration mode on fit AP networking topology

Usage Guide In global configuration mode, you can use this command to create a scheduling session and

configure parameters for it. If the scheduling session has been created, the configuration is invalid.

On fit AP networking topology, the scheduling session created in WLAN configuration mode will be

applied to a WLAN.

Configuration

Examples

The following example creates or configures scheduling session 1.

Ruijie(config)# schedule session 1

The following example deletes scheduling session 1.

Ruijie(config)#no schedule session 1

The following example applies scheduling session 1 to WLAN 1 on fit AP networking topology.

Ruijie(config)# wlan-config 1

Ruijie(config-wlan)# schedule session 1

The following example deletes scheduling session 1 from WLAN 1 on fit AP networking topology.


Ruijie(config-wlan)# no schedule session 1

Related


show schedule session

Checks configuration information about the

scheduling session.

show running-config Checks current configuration information.

Platform

Description


schedule session period/time

Use this command to set a scheduling period for a scheduling session. Use the no form of this

command to delete the configuration.

schedule session num time-range time-range period day1 [to day2] time hh1:mm1 [to

hh2:mm2]


no schedule session num time-range time-range period day1 [to day2] time hh1:mm1 [to

hh2:mm2]

Parameter


num

Specifies the ID of the scheduling session for which a scheduling

period is set. The range is from 1 to 64.

time-range Time range ID. The range is from 1 to 4.

day1

Specifies the starting day of the period.

The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,

Friday, or Saturday.

day2

Specifies the end day of the period.

The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,

Friday, or Saturday.

hh1:mm1

Specifies the start time for scheduling. The range is from 00:00 to

24:00.

hh2:mm2

Specifies the end time for scheduling. The range is from 00:00 to

24:00.

no Deletes the scheduling period.

Defaults No scheduling period is set for a scheduling session by default.

Command

mode


Usage Guide You can run this command for many times. The configuration at the last time overwrites that at the

previous time.

Configuration

Examples

The following example creates scheduling session 1 and sets the scheduling period.

Ruijie(config)# schedule session 1

Ruijie(config)# schedule session 1 time-range 1 period mon to fri time 00:00

to 10:00

Ruijie(config)# schedule session 1 time-range 2 period sat to sun time 10:00

to 12:00

Related




scheduling session.

Platform

Description



schedule session radio

Use this command to apply a scheduling session to the radio on an AP or AP group. Use the no form

of this command to delete the configuration.

schedule session num radio mem

no schedule session num radio mem

Parameter


num

Specifies the ID of the scheduling session to be applied. The range is

from 1 to 64.

mem

Specifies the ID of the radio to which the scheduling session is

applied.

The range is from 1 to the number of radios on an AP or AP group.

no Cancels the application of the scheduling session.

Defaults No scheduling session is applied to an AP or AP group by default.

No scheduling session is applied to a fat AP by default.

Command

mode

AP or AP group configuration mode on fit AP networking topology or

or global configuration mode on fat AP networking topology

Usage Guide Apply a scheduling session to the radio on an AP or AP group. The scheduling session must have

been created and the radio marked by the radio ID exists on the AP or AP group. Otherwise, the

configuration fails.

Configuration

Examples

The following example applies scheduling session 1 to radio 2 of single AP on fit AP networking

topology.

Ruijie(config)#ap-config AP-001 AP-001 specifies the AP to which the

scheduling session is applied.

You are going to config AP(AP-001), which is on line now.

Ruijie(config-ap)# schedule session 1 radio 2

The following example applies scheduling session 1 to radio 2 of a specific AP group on fit AP

networking topology.

Ruijie(config)#ap-group APG-001 AP-001 specifies the AP group to which the

scheduling session is applied.

Ruijie(config-ap-group)# schedule session 1 radio 2

The following example applies scheduling session 1 to radio 2 on fat AP networking topology.

Ruijie(config)# schedule session 1 radio 2

Related




scheduling session.



Platform

Description


schedule session wlan

Use this command to apply a scheduling session to a WLAN on fat AP networking topology. Use the

no form of this command to delete the configuration.

schedule session num wlan wid

no schedule session num wlan wid

Parameter


num

Specifies the ID of the scheduling session to be applied. The range is

from 1 to 64.

wid

Specifies the ID of the WLAN to which the scheduling session is

applied.

The range is from 1 to 4094.

no Deletes the scheduling time of the specific scheduling session.

Defaults No scheduling session is configured by default.

Command

mode

Global configuration mode on fat AP networking topology

Usage Guide Use this command to apply a scheduling session to a WLAN. The scheduling session and WLAN

must have been created. Otherwise, the configuration fails.

Configuration

Examples

The following example applies scheduling session 1 to WLAN 2 on fat AP networking topology.

Ruijie(config)# schedule session 1 wlan 2

Related




scheduling session.


Platform

Description

This command is supported only on wireless fat AP series.



Use this command to display configuration about scheduling sessions.

show schedule session [ num ]

Parameter


num Specifies a scheduling session ID in the range from 1 to 64.

Defaults N/A

Command

mode


Usage Guide If no scheduling session ID is specified, configuration about all scheduling sessions will be displayed.

Configuration

Examples

The following example displays configuration about scheduling session 1.

Ruijie(config)#show schedule session 1

Schedule session [1]:

Schedule period ............................... Sun, Wed to Fri

Schedule time ................................. 0:00 to 9:30

The following example displays configuration about all scheduling sessions.

Ruijie(config)#show schedule session


Schedule period ............................... Sun, Wed to Fri

Schedule time ................................. 0:00 to 9:30


Schedule period ............................... Mon to Fri

Schedule time ................................. 2:00 to 9:00

Related


schedule session Configures a scheduling session.

Platform

Description


Command Reference RADIUS Dynamic Authorization Extension Commands

RADIUS Dynamic Authorization Extension Commands

clear radius dynamic-authorization-extension statistics

Use this command to clear statistics about RADIUS dynamic authorization extension.

clear radius dynamic-authorization-extension statistics

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Clear statistics about RADIUS dynamic authorization extension:

Ruijie# show radius dynamic-authorization-extension statistics

Disconnect-Request Received: 50

Incorrect Disconnect-Request Received: 1

Disconnect-Request Dropped for Queue Full: 0

Disconnect-Request Process Timeout: 0

Disconnect-Request Process Success: 49

Disconnect-ACK Sent: 25

Disconnect-ACK Sent Failed: 0

Disconnect-NAK Sent: 24

Disconnect-NAK Sent Failed: 0

Ruijie# clear radius dynamic-authorization-extension statistics












Related


show radius dynamic-authorization-extension

statistics

Shows statistics about RADIUS dynamic

authorization extension.

Platform

Description

N/A

radius dynamic-authorization-extension enable

Use this command to enable RADIUS dynamic authorization extension. Use the no form of this


radius dynamic-authorization-extension enable

no radius dynamic-authorization-extension enable

Parameter


N/A N/A

Defaults RADIUS dynamic authorization extension is disabled by default.

Command

mode


Usage Guide Check whether RADIUS dynamic authorization extension can be properly enabled or disabled.

Configuration

Examples

#Enable RADIUS dynamic authorization extension.

Ruijie(config)# radius dynamic-authorization-extension enable

Related


show running-config

Checks whether RADIUS dynamic

authorization extension is enabled.

Platform

Description

N/A

radius dynamic-authorization-extension port

Use this command to set a UDP port for receiving packets about RADIUS dynamic authorization

extension. Use the no form of this command to remove the setting.

radius dynamic-authorization-extension port num

no radius dynamic-authorization-extension port


Parameter


num Specifies a UDP port for receiving packets about RADIUS dynamic

authorization extension. The port number ranges from 1025 to 65535.

The default value is 3799.

Defaults The default UDP port number is 3799.

Command

mode


Usage Guide Ensure that the configured UDP port is not being used.

Configuration

Examples

#Set the UDP port numbered 4000:

Ruijie(config)# radius dynamic-authorization-extension port 4000

Related


show running-config

Shows the UDP port for receiving packets

about RADIUS dynamic authorization

extension.

Platform

Description

N/A

radius dynamic-authorization-extension timeout

Use this command to set the timeout time for processing packets about RADIUS dynamic

authorization extension. Use the no form of this command to remove the setting.

radius dynamic-authorization-extension timeout seconds

no radius dynamic-authorization-extension timeout

Parameter


seconds Specifies the timeout time for processing packets about RADIUS

dynamic authorization extension, in seconds. The value ranges from

0 to 600. 0 indicates that the timeout time for processing packets

about RADIUS dynamic authorization extension will not expire.

Defaults The default timeout time is 30 seconds.

Command

mode



Usage Guide The timeout time needs to be changed based on application requirements.

Configuration

Examples

#Set the timeout time for processing packets about RADIUS dynamic authorization extension to 40

seconds:

Ruijie(config)# radius dynamic-authorization-extension timeout 40

Related


show running-config Shows the configuration.

Platform

Description

N/A

radius dynamic-authorization-extension event-timestamp interval

Use this command to set the timeout time for the event-timestamp attribute of packets about

RADIUS dynamic authorization extension. Use the no form of this command to remove the setting.

radius dynamic-authorization-extension event-timestamp interval seconds

no radius dynamic-authorization-extension event-timestamp interval

Parameter


seconds Specifies the timeout time for the event-timestamp attribute of

packets about RADIUS dynamic authorization extension, in seconds.

The value ranges from 0 to 600. The default value is 6. 0 indicates

that the timeout time for the event-timestamp attribute will not

expire.

Defaults 6

Command

mode


Usage Guide The timeout time needs to be changed based on application requirements. It takes effect only after

the event-timestamp attribute check function is enabled.

Configuration

Examples

#Set the timeout time for the event-timestamp attribute of packets about RADIUS dynamic

authorization extension to 40 seconds:

Ruijie(config)# radius dynamic-authorization-extension event-timestamp

interval 40

Related




radius dynamic-authorization-extension

attribute check

Enables the function of checking the

event-timestamp attribute of packets about

RADIUS dynamic authorization extension.

Platform

Description

N/A

radius dynamic-authorization-extension attribute check

Use this command to enable the function of checking the event-timestamp attribute of packets about

RADIUS dynamic authorization extension. Use the no form of this command to disable this function.

radius dynamic-authorization-extension attribute check event-timestamp

no radius dynamic-authorization-extension attribute check event-timestamp

Parameter


N/A N/A

Defaults The function of checking the event-timestamp attribute of packets about RADIUS dynamic

authorization extension is disabled by default.

Command

mode


Usage Guide N/A

Configuration

Examples

#Enable the function of checking the event-timestamp attribute of packets about RADIUS dynamic

authorization extension:

Ruijie(config)# radius dynamic-authorization-extension attribute check

event-timestamp

Related



radius dynamic-authorization-extension

event-timestamp interval

Sets the timeout time for the event-timestamp

attribute of packets about RADIUS dynamic


Platform

Description

N/A


radius dynamic-authorization-extension duplicate-packet discard

Use this command to discard duplicated packets about RADIUS dynamic authorization extension.

Use the no form of this command to disable the function.

radius dynamic-authorization-extension duplicate-packet discard

no radius dynamic-authorization-extension duplicate-packet discard

Parameter


N/A N/A

Defaults Duplicated packets about RADIUS dynamic authorization extension are not discarded.

Command

mode


Usage Guide N/A

Configuration

Examples

#Discard duplicated packets about RADIUS dynamic authorization extension:

Ruijie(config)# radius dynamic-authorization-extension duplicate-packet

discard

Related



Platform

Description

N/A

radius dynamic-authorization-extension max-request

Use this command to set the number of RADIUS Disconnect-Request packets that can be processed

concurrently. Use the no form of this command to remove the setting.

radius dynamic-authorization-extension max-request num

no radius dynamic-authorization-extension max-request

Parameter


num Specifies the number of RADIUS Disconnect-Request packets that

can be processed concurrently. This value ranges from 0 to 1000. 0

indicates that the number of concurrently processed RADIUS

Disconnect-Request packets is not limited. The default value is 100.


Defaults 100

Command

mode


Usage Guide N/A

Configuration

Examples

#Set the number of concurrently processed RADIUS Disconnect-Request packets to 1:

Ruijie(config)# radius dynamic-authorization-extension max-request 1

Related



Platform

Description

N/A

show radius dynamic-authorization-extension statistics

Use this command to show statistics about RADIUS dynamic authorization extension.

show radius dynamic-authorization-extension statistics

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide Use this command to show statistics about RADIUS dynamic authorization extension, including

received and sent packets and the processing results about received request packets.

Configuration

Examples

#Show statistics about RADIUS dynamic authorization extension:












Related


clear radius dynamic-authorization-extension

statistics

Clears statistics about RADIUS dynamic


Platform

Description

N/A

Command Reference WLAN QoS Commands

WLAN QoS Commands

enable-qos

Use this command to enable the wireless QoS function. Use the no form of this command to disable

this function.

enable-qos

no enable-qos

Parameter


no The parameter indicates that you disable the wireless QoS function.

Defaults The wireless QoS function is enabled by default.

Command

mode

WLAN configuration mode.

Usage Guide N/A

Configuration

Examples

Example 1: Disable the wireless QoS function for WLAN 1.


Ruijie(wids-config)# no enable-qos

Related


N/A N/A

Platform

Description

N/A

fair-schedule

Use this command to enable the fair scheduling function on the wireless AP. Use the no form of this


fair-schedule

no fair-schedule

Parameter



no

The parameter indicates that you disable the fair scheduling function

on the AP.

Defaults This function is enabled by default.

Command

mode

AC: AP configuration mode

AP: configuration mode

Usage Guide On a fat AP, the command of configuring fair scheduling is used in configuration mode and you

can use the show run command to show configuration.

When the AP works in fit AP mode, the fair scheduling can be configured only on the AC.

Configuration

Examples

Example 1: Disable the fair scheduling on the AP.

Ruijie(config)# ap-config ap-name

Ruijie(wids-config)# no fair-schedule

Related


N/A N/A

Platform

Description


wlan-based

Use this command to configure the upstream and downstream traffic limit of the current WLAN. Use

the no form of this command to restore the default value.

wlan-based { down-streams | up-streams } average-data-rate average-data-rate burst-data-rate

burst-data-rate

no wlan-based { down-streams | up-streams }

Parameter


per-user-limit Limit for each user on the WLAN

total-user-limit Limit for the entire WLAN

down-streams Total downstream traffic limit of the WLAN

up-streams Total upstream traffic limit of the WLAN

average-data-rate

average-data-rate Average rate limit, ranging from 1 to 819200 in 8Kbps

burst-data-rate

burst-data-rate Burst rate limit, ranging from 1 to 819200 in 8Kbps

no Restores the traffic limit to the default value.


Defaults No traffic limit is set by default.

Command

mode

WLAN configuration mode.

Usage Guide N/A

Configuration

Examples

Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to

1600Kbps.


Ruijie(wids-config)# wlan-based down-streams average-data-rate 800

burst-data-rate 1600

Related


ap-based { down-streams | up-streams }

average-data-rate average-data-rate

burst-data-rate burst-data-rate

Configures the AP-based in-band and

out-of-band traffic rate limit.

netuser H.H.H { inbound | outbound }



Configures the Client-based in-band and

out-of-band traffic rate limit.

Platform

Description

This command is supported on ACs.

wlan-qos ap-based

Use this command to configure the upstream and downstream traffic limit of the current AP.

Use the no form of this command to restore the default value.

wlan-qos ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }

average-data-rate average-data-rate burst-data-rate burst-data-rate

no ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }

Parameter


per-user-limit Limit for each user on the AP

total-user-limit Limit for the entire AP

down-streams Total downstream traffic limit of the AP

up-streams Total upstream traffic limit of the AP

average-data-rate

average-data-rate

Average rate limit, ranging from 1 to 819200 in 8Kbps



Command

mode

Configuration mode.

Usage Guide N/A

Configuration

Examples

Example 1: Configure the average downstream rate of AP wlan-ap-001 to 800Kbps and burst rate to

1600Kbps.

Ruijie(config)# wlan-qos ap-based per-user-limit down-streams

average-data-rate 800 burst-data-rate 1600

Related


wlan-qos netuser mac-address { inbound |

outbound } average-data-rate average-data-rate



out-of-band traffic rate limits.

wlan-qos wlan-based { wlan-id | ssid }

{ per-user-limit | total-user-limit }

{ down-streams | up-streams }



Configures the WLAN-based in-band and


Platform

Description

This command is supported on fat APs.

wlan-qos netuser

Use this command to configure the in-band and out-of-band traffic limits for a specified user in the

current WLAN.


wlan-qos netuser mac-address { inbound | outbound } average-data-rate average-data-rate


no netuser mac-address { inbound | outbound }

Parameter


mac-address User's MAC address to be set

inbound User’s in-band traffic limit

outbound User’s out-of-band traffic limit

average-data-rate


burst-data-rate





Command

mode

Configuration mode.

N/A

Usage Guide

Configuration

Examples

Example 1: Set the average in-band rate to 800Kbps and burst rate to 1600Kbps for the user

0000.0000.0001 in WLAN 1.

Ruijie(config)# wlan-qos netuser 0000.0000.0001 inbound average-data-rate 800

burst-data-rate 1600

Related


wlan-qos wlan-based { wlan-id | ssid }

{ per-user-limit | total-user-limit}

{ down-streams | up-streams }



Configures the WLAN-based in-band and


wlan-qos ap-based { per-user-limit |

total-user-limit } { down-streams | up-streams }





Platform

Description


wlan-qos wlan-based

Use this command to configure the upstream and downstream traffic limit of the current WLAN.


wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |

up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate

no wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |

up-streams }

Parameter


wlan-id WLAN ID

ssid SSID configured by the WLAN

per-user-limit Limit for each user on the WLAN


total-user-limit Limit for the entire WLAN

down-streams Total downstream traffic limit of the WLAN

up-streams Total upstream traffic limit of the WLAN

average-data-rate


burst-data-rate




Command

mode

Configuration mode.

Usage Guide N/A

Configuration

Examples

Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to

1600Kbps.

Ruijie(config)# wlan-based 1 per-user-limit down-streams average-data-rate

800 burst-data-rate 1600

Related


wlan-qos ap-based { per-user-limit |

total-user-limit } { down-streams | up-streams }





netuser mac-address { inbound | outbound }





Platform

Description


wmm edca-client

Use this command to configure the client EDCA. Use the no form of this command to restore the

parameters to the default values.

wmm edca-client { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin

[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] [ noack ] | cac [ optional ] } radio

[ radio-id ]

no wmm edca-client { back-groud | best-effort | video | voice } radio [ radio-id ]


Parameter


back-groud Sets the back-ground queue.

best-effort Sets the best-effort queue.

video Sets the video queue.

voice Sets the voice queue.

aifsn aifsn-value aifsn value, ranging from 1 to 127

cwmin cwmin-value cwmin value, ranging from 0 to 32767

cwmax cwmax-value cwmax value, ranging from 0 to 1023

txop txop-value txop value, ranging from 0 to 344

radio [ radio-id ] Radio of the client EDCA, ranging from 1 to 2

Defaults For the default EDCA policy for the AP, see the 802.11 standard.

Command

mode

AP configuration mode.

Usage Guide N/A

Configuration

Examples

Example 1: Configure the value of aifsn, that is the business type of edca-client voice to 10, cwmin to

1, cwmax to 5, and txop to 50, and allocate edca-client voice to interface radio 1 on the AP.

ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio

1

Related


wmm edca-radio { back-groud | best-effort |

video | voice } { aifsn [ aifsn-value ] cwmin

[ cwmin-value ] cwmax [ cwmax-value ] txop

[ txop-value ] length [ queue-length ] | cac

[ optional ] } radio [ radio-id ]

Configures the EDCA used by AP.

Platform

Description

N/A

wmm edca-radio

Use this command to configure the EDCA used by AP. Use the no form of this command to restore

the parameters to the default values.

wmm edca-radio { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin

[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] length [ queue-length ] | cac [ optional ] }

radio [ radio-id ]

no wmm edca-radio { back-groud | best-effort | video | voice } radio [ radio-id ]


Parameter


back-groud Sets the back-ground queue.

best-effort Sets the best-effort queue.

video Sets the video queue.

voice Sets the voice queue.

aifsn aifsn-value aifsn value, ranging from 1 to 127.

cwmin cwmin-value cwmin value, ranging from 0 to 32767.

cwmax cwmax-value cwmax value, ranging from 0 to 1023.

txop txop-value txop value, ranging from 0 to 344.

radio [ radio-id ] Radio selected for setting the client EDCA parameter, which ranges

from 1 to 2

Defaults For the default EDCA policy for the AP, see the 802.11 standard.

Command

mode


Usage Guide N/A

Configuration

Examples

Example 1: Configure the value of aifsn, that is the business type of edca-radio voice to 10, cwmin to

1, cwmax to 5, and txop to 50, and allocate edca-radio voice to interface radio 1 on the AP.

ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio

1

Related


wmm edca-client { back-groud | best-effort |

video | voice } { aifsn [ aifsn-value ] cwmin

[ cwmin-value ] cwmax [ cwmax-value ] txop

[ txop-value ] [ noack ] | cac [ optional ] } radio

[ radio-id ]

Configures the client EDCA.

Platform

Description

N/A

show client details

Use this command to display the QoS information related to a specified client.

show client details H.H.H


Parameter


H.H.H

Displays the QoS information of the client with the specified source

MAC address.

Defaults N/A

Command

mode Privileged EXEC mode.

Usage Guide N/A

Configuration

Examples

Example 1: Display the QoS information of the user with the source MAC address of 0000.0000.0001.

Ruijie# show client details 0000.0000.0001

Related


N/A N/A

Platform

Description

N/A

Command Reference Smart Antenna Commands

Smart Antenna Commands

smart antenna enable

Use this command to enable the Smart antenna (SA) function of the specified radio on the specified

AP. Use the no form of this command to disable the SA function.

smart antenna enable radio radio-id

no smart antenna enable radio radio-id

Parameter


radio-id Configures the ID for a radio.

Defaults The SA function is enabled by default.

Command

Mode


Usage Guide N/A

Configuration

Examples

#Enable the SA function of Radio 1 on a specified AP.

Ruijie(config-ap)# smart antenna enable radio 1

#Disable the SA function of Radio 1 on a specified AP.

Ruijie(config-ap)# no smart antenna enable radio 1

Related


N/A N/A

Platform

Description

This command is supported only on wireless AC/AP series products.

Command Reference i-Share Antenna Feeder Commands

i-Share Antenna Feeder Commands

antdetect enable

Use this command to enable feeder link detection function. Use the no form of this command to

restore to the default value.

antdetect enable

no antdetect enable

Parameter


N/A N/A

Defaults Disabled

Command

Mode

AP-Config Configuration Mode

Usage Guide N/A

Configuration

Examples

The following example enables I-share antenna feeder link detection function:

ruijie(config-ap)#antdetect enable

Related


N/A N/A

Platform

Description

This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only

on the AP220-E(M) v3.0 and above.

show antenna all

Use this command to display feeder status of all APs.

show antenna all

Parameter


N/A N/A

Defaults N/A

Command Reference i-Share Antenna Feeder Commands

Command

Mode

Privileged EXEC Mode.

Usage Guide Use this command to display the feeder status.

Configuration

Examples

The following example displays the feeder status:

ruijie# Show antenna all

Related


N/A N/A

Platform

Description



show sntenna single

Use this command to display antenna feeder status of a single AP.

show antenna single ap-name

Parameter


ap-name The name of a single AP.

Defaults N/A

Command

Mode

Privileged EXEC Mode.

Usage Guide Use this command to display the feeder status.

Configuration

Examples

The following example displays the feeder status:

ruijie# Show antenna single ap-name

Related


N/A N/A

Platform

Description



Command Reference WLAN Capture Commands

WLAN Capture Commands

channel all

Use this command to enable AP sniffing all channels. Use the no form of this command to restore the

preceding configuration.

channel all radio-id

no channel all radio-id

Parameter


radio-id The parameter indicates the ID of the radio to be configured, which

ranges from 1 to the actual number of radio the AP has.

Defaults By default, the AP is sniffering the working channel only.

Command

mode

WLAN Capture configuration mode

Usage Guide

Deployment of AP sniffing all channels can be enabled only in the monitor mode.

In the mirror mode, an AP can only captures and forwards all the packets on a particular

channel to a remote device running the analyzer software.

Configuration

Examples

Example 1: Configure the AP to capture packets on all channels of radio 1


Ruijie(config)#wlan-cap

Ruijie(wlan-cap)#channel all 1

Ruijie(wlan-cap)#exit

Related


service enable Enables the WLAN capture service.

show wlan-cap config Shows the WLAN capture configuration.

Platform

Description

This command is supported only on the fat AP.


service enable

Use this command to enable the WLAN capture service. Use the no form of this command to disable

the WLAN capture service.

service enable

no service enable

Parameter


N/A N/A

Defaults Disabled

Command

mode

After the WLAN capture service is enabled can the remote device connect and control the fat AP.

Usage Guide Only when the WLAN capture service is enabled, can the remote host access and control the fat AP.

After you enable the WLAN capture, all configurations in this mode are unmodifiable.

Configuration

Examples

Example 1: enable the WLAN capture service.



Ruijie(wlan-cap)#service enable


Related



Platform

Description

This command is supported only on the fat AP.

forward

Use this command to configure the forwarding mode of WLAN capture packets.

forward { central | local }

Parameter


central Centralized forwarding mode. Packets of the WLAN capture from AP


are centralized by AC, and then will be forwarded to the remote

device.

local

Local forwarding mode. Packets of the WLAN capture are forwarded

by AP directly to the remote device.

Defaults Centralized forwarding mode.

Command

mode

WLAN capture configuration mode

Usage Guide This command does not have the no form.

The forwarding mode must be configured before the WLAN capture service is

configured.

Configuration

Examples

Example 1: Configure the local forwarding mode for the AP.



Ruijie(wlan-cap)#forward local


Related


service enable Enables the WLAN capture.


Platform

Description

This command is supported only on the AC.

rpcap port

Use this command to configure a TCP port to be a Wireless Sniffer. Use the no form of this command

to restore the default settings.

rpcap port port-value

no rpcap port

Parameter


port-value Monitoring port number, ranging from 1 to 65535.

Defaults The default value is 2002


Command

mode


Usage Guide

The sniffing ports must be configured before the WLAN capture is configured.

The designated ports must be idle TCP ports, or failure occurs when binding the WLAN

capture to the designated ports.

Configuration

Examples

Example 1: Configure monitoring port 3000



Ruijie(wlan-cap)#rpcap port 3000


Related




Platform

Description

This command is supported only on the AC and fat AP.

rpcap login

Use this command to configure remote devices login authentication, including username and

password. Use the no form of this command to restore the default settings.

rpcap login username password

no rpcap login

Parameter


username Username, string, maximum length is 64 characters.

password Password, string, maximum length is 64 characters.

Defaults By default, the username and the password are null.

Command

mode



Usage Guide Only one set of the username and the password is allowed when configuring remote device login

authentication.

Only when the username and the password are null, can anonymous logins are allowed.

Login authentication must be configured before the WLAN capture service is configured.

Configuration

Examples

Example 1: Configure both the username and the password as “wlan-capture”



Ruijie(wlan-cap)#rpcap login wlan-capture wlan-capture


Related


service enable Enable the WLAN capture service.


Platform

Description


wlan-cap

Use this command to create the WLAN capture service or enter WLAN capture configuration service.

Use the no form of this command to remove the configuration.

wlan-cap

no wlan-cap

Parameter


N/A N/A

Defaults By default, the WLAN capture service is disabled.

Command

mode


Usage Guide When this command is executed for the first time, terminals create and enable the WLAN capture

service.

Configuration

Examples

Example 1: create and enable the WLAN capture service.



http://www.iciba.com/anonymous_login�



Related



Platform

Description


wlan-cap channel

Use this command to enable AP sniffing all channels.Use the no form of this command to restore the

preceding configuration.

wlan-cap channel all radio-id

no wlan-cap channel all radio-id

Parameter



ranges from 1 to 31.

Defaults By default, an terminal can only captures and forwards all the packets on current channel.

Command

mode


Usage Guide

Configuration to a non-existent Radio is invalid.

This command is invalid in ap-config all mode.

Configuration

Examples

Example 1: Configure the online AP (1414.4b61.09c7) to capture packets on all channels in the

monitor mode of the radio 1.


Ruijie(config)#ap-config 1414.4b61.09c7

You are going to config AP(1414.4b61.09c7), which is on line now.

Ruijie(config-ap)#wlan-cap channel all 1

Ruijie(config-ap)#exit

Related





Platform

Description


wlan-cap enable

Use this command to enable the WLAN capture service on the radio of the AP.

Use the no form of this command to disable the WLAN capture service on the radio of the AP.

wlan-cap enable radio-id

no wlan-cap enable radio-id

Parameter



ranges from 1 to 31.

Defaults By default, this function is disabled.

Command

mode


Usage Guide

Configuration to a non-existent Radio is invalid.

This command is invalid in ap-config all mode.

Configuration

Examples

Example 1: Configure the online AP (1414.4b61.09c7) to capture packets on all channels of radio 1.


Ruijie(config)#ap-config 1414.4b61.09c7

You are going to config AP(1414.4b61.09c7), which is on line now.

Ruijie(config-ap)#wlan-cap enable 1

Ruijie(config-ap)#exit

Related


show wlan-cap interfaces Shows the WLAN capture interfaces list.

Platform

Description


show wlan-cap

Use these commands to show information about the WLAN capture service.


show wlan-cap config

show wlan-cap state

show wlan-cap interface

Parameter


config Shows current configuration of the WLAN capture.

state Shows current state of the WLAN capture.

interface Shows the WLAN capture interfaces list.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

Example 1: Show current configuration of the WLAN capture.

Ruijie#show wlan-cap config

========================= Wlan-cap-config =======================

Listen port: 2002

Login info: Anonymous

Forward: Central

Service enable: No

Example 2: Show current state of the WLAN capture.

Ruijie#show wlan-cap interface

Wlan capture interface info:

Total interface num: 1

Total running num: 0 (monitor: 0, mirror: 0)

Total idle num: 1

Index AP Name AP Mac Radio Channel Status User Num

----- ---------------- -------------- ----- ------- ------ --------

1 ap320 00d0.f822.33d0 1 11 Idle 0

Example 3: Show the WLAN capture interfaces list.

Ruijie#show wlan-cap state

Total user num: 1

Capture mode: mirror(0); monitor(1)

Forward mode: central(1); local(0)

Index AP Name AP Mac Radio Channel Capture Forward Peer_ip

Port

----- ------------------ -------------- ----- ------- -------- --------

--------------- -----

1 apr2 1414.4b61.0a0f 1 11 Monitor Central


20.0.0.10 54990

Related


N/A N/A

Platform

Description


Command Reference EF-DHCP Commands

EF-DHCP Commands

central dhcp enable

Use this command to forward the DHCP packet through the wireless access controller in local

forwarding mode. Use the no form of this command to restore the default setting.

central dhcp enable

no central dhcp enable

Parameter


N/A N/A

Defaults By default, the DHCP packets are sent in local forwarding mode, namely the packets are forwarded

through the access point.

Command

mode


Usage Guide Ruijie recommends enabling this function for easy management of the DHCP address pool in WLAN

and simplification of the DHCP topology.

Configuration

Examples

The following example enables this function.

Ruijie(config)#wlan-config 100 ruijie_wlan

Ruijie(config-wlan)#tunnel local

Ruijie(config-wlan)#central dhcp enable

Related


N/A N/A

Platform

Description

This command is supported only in RGOS10.4(1b19)p1, including RGOS10.4(1b19)p2.

This command is supported on access points and wireless access controllers.

Command Reference Spectral Analysis Commands

Spectral Analysis Commands

spectral enable

Use this command to enable the Spectral Analysis (SA) function on the AP. Use the no form of this


spectral enable

no spectral enable

Parameter


N/A N/A

Defaults The spectral function is disabled by default.

Command

mode


Or:

Spectral configuration mode on the fat AP

Usage Guide N/A

Configuration

Examples

This example shows how to enable the SA function on the specified AP.

Ruijie(config-ap)# spectral enable

This example shows how to disable the SA function on the specified AP.

Ruijie(config-ap)# no spectral enable

Related


N/A N/A

Platform

Description

This command is supported on all wireless AC products and several AP products, including

AP220-SH v1.0 v1.1, AP320－I, AP330－I, AP110-W, AP220－I v2.0, AP220-E v5.0.

spectra l stability vbr | bth | bts | cph | mwo | cwa num

Use this command to configure interference with recognition accuracy.

[ no ] spectral stability vbr | bth | bts | cph | mwo | cwa num

Parameter


vbr Configures recognition accuracy of the video bridge within the range

from 1 to 5.


bth Configures recognition accuracy of the Bluetooth headset within the

range from 1 to 4.

bts Configures recognition accuracy of the Bluetooth voice within the

range from 1 to 2.

cph Configures recognition accuracy of the cordless phone within the

range from 3 to 5.

mwo Configures recognition accuracy of the microwave within the range

from 1 to 5.

cwa Configures recognition accuracy of the continuous wave within the

range from 4 to 10.

Defaults vbr: 5

bth: 1

bts: 1

cph: 5

mwo: 1

cwa: 8

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to configure recognition accuracy of the SA video bridge on the specified

AP.

Ruijie(config-ap)# spectral stability vbr 2

This example shows how to restore recognition accuracy of the video bridge to the default value on

the specified AP.

Ruijie(config-ap)# no spectral stability vbr

Related


N/A N/A

Platform

Description

This command is supported on wireless AC products and several AP products, including AP220-SH

v1.0 v1.1, AP320－I, AP330－I, AP110-W, AP220－I v2.0, AP220-E v5.0.

spectral period num

Use this command to configure the AP scanning cycle.

[ no ] spectral period num



Description

num Configures the scanning cycle within the range from 1 to 100. The

unit of the cycle is 5 microseconds.

Defaults 5 microseconds

Command

mode


Or:


Usage Guide N/A

Configuration

Examples

This example shows how to configure the SA scanning cycle of the specified AP.

Ruijie(config-ap)# spectral period 10

This example shows how to restore the scanning cycle of the specified AP to the default value.

Ruijie(config-ap)# no spectral speriod

Related


N/A N/A

Platform

Description

This command is supported on all wireless AC products and several AP products, including

AP220-SH v1.0 v1.1, AP320－I, AP330－I, AP110-W, AP220－I v2.0, AP220-E v5.0.

Command Reference CLI Authorization

CLI Authorization

alias

Use this command to configure a command alias in global configuration mode. Use the no form of

this command to remove the alias of a specified command or all the aliases in a specified mode.

alias mode command-alias original-command

no alias mode command-alias

Parameter


mode Mode of the command represented by the alias

command-alias Command alias

original-command Syntax of the command represented by the alias

Defaults Some commands in EXEC mode have default alias.

Command

Mode


Usage Guide The following table lists the default alias of the commands in privileged EXEC mode.

Alias Actual Command

h help

p ping

s show

u undebug

un undebug

The default alias cannot be removed by the no alias exec command.

After configuring the alias, you can use a word to replace a command. For example, you can create

an alias to represent the first part of a command, and then type the rest part of the command.

The mode of the command represented by the alias is the command mode existing in the current

system. In the global configuration mode, you can use the alias ? command to list all the modes

under which you can configure alias for commands.

Ruijie(config)# alias ?

aaa-gs AAA server group mode

acl acl configure mode

bgp Configure bgp Protocol

config globle configure mode

......


The alias also has its help information that is displayed after * in the following format:

*command-alias=original-command

For example, in the privileged EXEC mode, the default alias s stands for show. You can enter s? to

query the key words beginning with s and the help information of the alias.

Ruijie#s?

*s=show show start-chat start-terminal-service

If an alias represents more than one word, the command will be displayed in brackets. For example, if

you set sv stand for show version in the privileged EXEC mode, then:

Ruijie#s?

*s=show *sv="show version" show start-chat

start-terminal-service

The alias must begin with the first letter of the command. The first letter of the command cannot be a

space. The space before the command cannot be used as a valid alias.

Ruijie# s?

show start-chat start-terminal-service

The command alias also has its help information. For example, if the alias ia represents ip address in

the interface configuration mode, then:

Ruijie(config-if)#ia ?

A.B.C.D IP address

dhcp IP Address via DHCP

Ruijie(config-if)# ip address

The above help information lists the parameters of ip address and shows the actual command name.

You must enter an entire alias; otherwise it cannot be recognized.

Use the show aliases command to show the aliases setting in the system.

Configuration

Examples

#In global configuration mode, use def-route to represent the default route setting of ip route 0.0.0.0

0.0.0.0 192.168.1.1:


Ruijie(config)# alias config def-route ip route 0.0.0.0 0.0.0.0 192.168.1.1

Ruijie(config)#def-route?

*def-route="ip route 0.0.0.0 0.0.0.0 192.168.1.1"

Ruijie(config)# end

Ruijie# show aliases config

globle configure mode alias:

def-route ip route 0.0.0.0 0.0.0.0

192.168.1.1

Related


show aliases Shows the aliases settings.

Platform

Description

N/A


privilege

Use this command to attribute the execution rights of a command to a command level in global

configuration mode. Use the no form of this command to restore the execution rights of a command to

the default setting.

privilege mode [ all ] [ level level | reset ] command-string

no privilege mode [ all ] [ level level ] command-string

Parameter


mode CLI mode of the command to which the execution rights are

attributed.

all Command alias

level Specifies the execution right levels (0–15) of a command or

sub-commands

reset Restores the command execution rights to its default level

command-string: Command string to be authorized

Defaults N/A.

Command

Mode


Usage Guide The following table lists some key words that can be authorized by the privilege command in CLI

mode. The number of command modes that can be authorized may vary with different devices. In the

global configuration mode, you can use the privilege ? command to list all CLI command modes that

can be authorized.

Mode Descripton

config Global configuration mode.

exec Privileged EXEC mode

interface Interface configuration mode

ip-dhcp-pool DHCP address pool configuration mode

ip-dhcp-pool DHCP address pool configuration mode

keychain KeyChain configuration mode

keychain-key KeyChain-key configuration mode

Configuration

Examples

#Set the password of CLI level 1 as test and attribute the reload rights to reset the device:

Ruijie(config)#enable secret level 1 0 test

Ruijie(config)#privilege exec level 1 reload

After the above setting, you can access the CLI window as level-1 user to use

the reload command:

Ruijie>reload ?

LINE Reason for reload

<cr>


#You can use the key word all to attribute all sub-commands of reload to level-1 users:

Ruijie(config)# privilege exec all level 1 reload

#After the above setting, you can access the CLI window as level-1 user to use all sub commands of

the reload command:

Ruijie>reload ?

LINE Reason for reload

at reload at a specific time/date

cancel cancel pending reload scheme

in reload after a time interval

<cr>

Related


enable secret Sets the CLI-level password.

Platform

Description

N/A.

show aliases

Use this command to show all the command aliases or aliases in special command modes.

show aliases [ mode ]

Parameter


mode Mode of the command represented by the alias.

Defaults N/A.

Command

Mode

EXEC mode.

Usage Guide Show the configuration of all aliases if no command mode is input.

Configuration

Examples

#Show the command alias in EXEC mode:

Ruijie#show aliases exec

exec mode alias:

h help

p ping

s show

u undebug

un undebug



Commands

alias Sets a command alias.

Platform

Description

N/A.

Command Reference LINE Commands

LINE Commands

access-class

Set the applied ACL (Access Control List) in Line. Use the access-class { access-list-number |

access-list-name } { in | out } command to configure the ACL in Line. Use the no access-class

{ access-list-number | access-list-name} { in | out } command to cancel the ACL configuration in

LINE.

access-class { access-list-number | access-list-name } { in | out }

no access-class { access-list-number | access-list-name } { in | out }

Parameter


access-list-number|

access-list-name Specifies the ACL defined by access-list

in Performs access control over the incoming connections

out Performs access control over the outgoing connections

Defaults By default, no ACL is configured under Line. All connections are accepted, and all outgoing

connections are allowed.

Command

Mode

Line configuration mode.

Usage Guide This command is used to configure ACLs under Line. By default, all the incoming and

outgoing connections are allowed, and no connection is filtered. After access-class is

configured, only the connections that pass access list filtering can be established successfully.

Use the show running command to view configuration information under Line.

Configuration

Examples

In line vty 0 4, configure access-list for the accepted connections to 10:


Ruijie(config)# line vty 0 4

Ruijie(config-line)# access-class 10 in

Related


show running Shows status information

Platform

Description


line

To enter the specified LINE mode, use the following command:

line [ aux | console | tty | vty ] first-line [ last-line ]

Parameter


aux Auxiliary port, on the routers.

console Console port

tty Asynchronous port, on the routers.

vty Virtual terminal line, applicable for telnet/ssh connection.

first-line Number of first-line to enter

Last-line Number of last-line to enter

Defaults N/A

Command

Mode


Usage Guide Access to the specified LINE mode.

Configuration

Examples

Enter the LINE mode from LINE VTY 1 to 3:


Related


N/A N/A

Platform

Description

N/A

line vty

This command can be used to increase the number of VTY connections currently available. The

number of currently available VTY connections can be decreased by using the no form of this

command.

line vty line-number

no line vty line-number

Parameter


line-number Number of vty to enter


Defaults By default, there are five available VTY connections, numbered 0 to 4.

Command

Mode


Usage Guide When you need to increase or decrease the number of available VTY connections, use the

above commands.

Configuration

Examples

Increase the number of available VTY connections to 20. The available VTY connections are

numbered 0 to 19.

Ruijie(config)# line vty 19

Decrease the number of available VTY connections to 10. The available VTY connections are

numbered 0-9.


Related


N/A N/A

Platform

Description

N/A

transport input

To set the specified protocol under Line that can be used for communication, use the transport input

command. Use the default transport input command to restore the protocols under Line that can

be used for communication to the default value.

transport input { all | ssh | telnet | none }

default transport input

Parameter


all

Allows all the protocols under Line to be used for

communication

ssh

Allows only the SSH protocol under Line to be used for

communication

telnet

Allows only the Telnet protocol under Line to be used for

communication

none

Allows none of protocols under Line to be used for

communication

Defaults By default, VTY allows all the protocols to be used for communication. The default value of

other types of TTYs is NONE, indicating that no protocols are allowed for communication.

After some protocols are set to be available for communication, use the default transport


input command to restore the setting to the default value.

Command

Mode


Usage Guide This command is used to set the protocols in the Line mode that are available for

communication. By default, VTY allows all the protocols for communication. After protocols

available for communication are set, only these protocols can connect on the specific VTY

successfully. Use the show running command to view configuration information under Line.

Note: You can restore the default configuration by using the default transport input

command. The no transport input command is used to disable all the communication

protocols in the LINE mode. The setting result is the same as that of transport input

none.

Configuration

Examples

Specify that only the Telnet protocol is allowed to login in line vty 0 4:



Ruijie(config-line)# transport input telnet

Related


show running Shows status information

Platform

Description

Command Reference Basic Management Commands

Basic Management Commands

disable

To switch from privileged user mode to normal user mode or lower the privilege level, run the disable

command.

disable [ privilege-level ]


Description privilege-level Privilege level

Defaults None

Command

Mode Privileged EXEC mode

Usage Guide

Use this command to switch to user mode from privileged EXEC mode. If a new privilege level is

added, the current privilege level will be lowered.

The privilege level that follows the disable command must be lower than the current

level.

Configuration

Examples

The following example lowers the current privilege level of the device to level 10:

Ruijie# disable 10


Commands enable Moves from user mode enter to privileged EXEC mode or

reaches a higher level of authority.

Platform

Description None

enable password

To configure passwords for different privilege levels, run the global configuration command enable

password. The no form of this command is used to delete the password of a specified level.

enable password [level level] {password | [0|7] encrypted-password}

no enable password [level level]



password Password for the user to enter the EXEC configuration layer

level User's level.

0|7

Password encryption type, "0" for no encryption, "7" for simple encryption

(Optional) Ruijie’s private algorithm will be used for password encryption.

If the password type is 0, the password is in plain text. If the type is 7, the

password is encrypted by a Ruijie device.

Parameter

Description

encrypted-password Password text.

Defaults None

Command


Usage Guide

No encryption is required in general. The encryption type must be specified for copying and pasting a

encrypted password for the device.

A valid password is defined as follows:

Consists of 1-26 upper/lower case letters and numbers

Leading spaces are allowed but usually ignored. Spaces in between or at the end are regarded

as part of the password.

If an encryption type is specified and a plaintext password is entered, you cannot enter

privileged EXEC mode. A lost password that has been encrypted using any method

cannot be restored. In this case, you can only reconfigure the device password.

Configuration

Examples

The following example configures the password as pw10:

Ruijie(config)# enable password pw10


Commands enable secret Sets the security password

Platform

Description None

enable secret

To configure a security password for different privilege levels, run the global configuration command

enable secret. The no form of this command is used to delete the password of a specified level.

enable secret [level level] {secret | [0|5] encrypted-secret}

no enable secret [level level]



secret Password for the user to enter the EXEC configuration layer

level User's level.

0|5 Password encryption type, "0" for no encryption, "5" for security encryption

Parameter

Description

encrypted-password Password text

Defaults None

Command


Usage Guide

A password comes under two caetgories: "password" and "security". "Password" indicates a simple

password, which can be set only for level 15. "Security" means a security password, which can be set

for levels 0-15. If both types of passwords coexist in the system, no "password" type is allowed. If a

"password" type password is set for a level other than 15, the system gives an alert and the password

is automatically converted into a "security" password. If a "password" type password is set for level 15

and the same as a "security" password, an alert is given. The password must be encrypted, with

simple encryption for "password" type passwords and security encryption for "security" type

passwords.

Configuration

Examples

The following example configures the security password as pw10:

Ruijie(config)# enable secret 0 pw10


Commands enable password Sets passwords for different privilege levels.

Platform

Description None

enable service

To enable or disable a specified service such as SSH Server/Telnet Server/Web Server/SNMP

Agent, use the enable service command in global configuration mode:

enable service { ssh-sesrver | telnet-server | web-server | snmp-agent}

Keyword Description

ssh-server Enables SSH Server. IPv4 and IPv6 services are enabled at the same time.

telnet-server Enables Telnet Server. IPv4 and IPv6 services are enabled at the same time.

web-server Enables HTTP Server. IPv4 and IPv6 services are enabled at the same time.

Parameter

Description

snmp-agent Enables SNMP Agent. IPv4 and IPv6 services are enabled at the same time.

Defaults None


Command


Usage Guide

Use this command to enable or disable a specified service. Use the no enable service command to

disable the specified service.

The enable service web-server command is followed by three optional keywords: [http |

https | all]. If the command is followed by no keyword or by all, the command enables

http and https services. Followed by http, the command enables http service only.

Followed by https, the command enables https service only.

Configuration

Examples

The following example enables the SSH Server:

Ruijie(Config)# enable service ssh-sesrver


commands show service Views the service status in the current system.

Platform

Description None

execute

To run the commands in batches, use the execute command in privileged EXEC mode.

run [flash: ] filename


flash: Parent directory of the batch file Parameter

Description filename Name of the batch file

Defaults None

Command


Usage Guide

This command is used to run commands in batches.

You can define the filename and content of each batch file. When edited, the batch files on your

computer are transferred to the flash memory of the device through TFTP. These batch files imitate


user input, so you should edit the content in the order of CLI command configuration. For some

interactive commands, the response message should be pre-written into the batch files to ensure the

commands can be normally rund.

Caution: The size of each batch file must not exceed 128 KB. Otherwise, the execution may fail. For

over-sized batch files, you can divide them into several files smaller than 128 KB.

Configuration

Examples

The following example runs the batch file line_rcms_script.text, which is used to enable the reverse

Telnet function for all asynchronous interfaces with contents as follows:

configure terminal

line tty 1 16

transport input all

no exec

end

The execution result is as follows:

Ruijie# execute flash:line_rcms_script.text

executing script file line_rcms_script.text ......

executing done



Ruijie(config)# line tty 1 16

Ruijie(config-line)# transport input all

Ruijie(config-line)# no exec

Ruijie(config-line)# end


Commands N/A N/A

Platform

Description None

ip http authentication

An Http Server requires logon authentication for access to a Web page. Use this command to set

Web logon authentication mode.

ip http authentication {enable | local }

Keyword Description

enable

Uses the password set by the enable password or enable command.

The password must be level 15.

The system performs enable authentication by default.

Parameter

Description

local Uses the username and password set by the local username

command. The user must be bound to the privileges of level 15.


Defaults enable

Command


Usage Guide This command is used to set the mode of Web logon authentication. Use the no ip http

authentication command to restore it to the default setting.

Configuration

Examples

The following example sets the mode of Web logon authentication as local:

Ruijie(Config)# ip http authentication local


Commands enable service Enables or disables the specified service.

Platform

Description None

ip http port

To set an HTTP service port, use this command in global configuration mode:

ip http port number

Keyword Description Parameter

Description number Port number of the HTTP server, 80 by default.

Defaults 80

Command


Usage Guide This command is used to set an HTTP service port. Use the no ip http port command to restore it to


Configuration

Examples

The following example sets an HTTP service port as 8080:

Ruijie(Config)# ip http port 8080


Commands enable service Enables or disables the specified service.

Platform None


Description

ip telnet source-interface

To specify the IP address of an interface as the source address for Telnet connection, use the ip

telnet source-interface command in global configuration mode:

ip telnet source-interface interface-name

Keyword Description Parameter

Description interface-name Specifies the IP address of the interface as the source address for

Telnet connection.

Defaults None

Command


Usage Guide

This command is used to specify the IP address of an interface as the source address for global

Telnet connetction. When using the telnet command to log in a Telnet server, apply the global setting

if no source interface or source address is specified. Use the no ip telnet source-interface

command to restore it to the default setting.

Configuratio

n Examples

The following example specifies the IP address of the Loopback1 interface as the source address

for global Telnet connection.

Ruijie(Config)# ip telnet source-interface Loopback 1


Commands telnet Logs in a Telnet server.

Platform

Description None

lock

To set a temporary password for the terminal, run the lock command in EXEC mode .

lock


Description N/A N/A

Defaults None


Command


Usage Guide

You can lock the terminal interface and maintain the session continuity to prevent access to the

interface by setting a temporary password. Take the following steps to lock the terminal interface:

Enter the lock command, and the system will prompt you for a password:

Enter the password, which can be any character string. The system will prompt you to confirm

the password, clear the screen, and show the "Locked" information.

To access the terminal, enter the preset temporary password.

To lock the terminal, run the lockable command in line configuration mode and enable terminal

locking in the corresponding line.

Configuration

Examples

The following example locks a terminal interface:

Ruijie(config-line)# lockable


Ruijie# lock

Password: <password>

Again: <password>

Locked


Ruijie#


Commands lockable Supports terminal locking in the line.

Platform

Description None

lockable

To support the lock command at the terminal, run the lockable command in line configuration mode.

The terminal does not support the lock command by default. Use the no command to cancel the

setting.

lockable

no lockable


Description N/A N/A

Defaults None


Command

Mode Line configuration mode

Usage Guide This command is used to lock a terminal interface in the corresponding line. To lock the terminal, run

the lock command in EXEC mode.

Configuration

Examples

The following example enables terminal locking at the console port and locks the console:

Ruijie(config)# line console 0

Ruijie(config-line)# lockable


Ruijie# lock


Again: <password>

Locked



Commands lock Locks the terminal.

Platform

Description None

login

If AAA is disabled, run the login command to enable simple login password authentication on the

interface. The no form of this command is used to delete the line login password authentication.

login

no login


Description N/A N/A

Defaults None

Command


Usage Guide If the AAA security server is inactive, this command enables simple password authentication at login.

The password is configured for a VTY or console interface.


Configuration

Examples

The following example shows how to set a login password authentication on VTY.

Ruijie(config)# no aaa new-model


Ruijie(config-line)# password 0 normatest

Ruijie(config-line)# login


Commands password Configures the line login password

Platform

Description None

login authentication

If the AAA is enabled, login authentication must be performed on the AAA server. Use this command

to associate login authentication method list. The no form of this command is used to delete the list.

login authentication {default | list-name}

no login authentication {default | list-name}


default Name of the default authentication method list Parameter

Description list-name Name of the method list

Defaults None

Command


Usage Guide If the AAA security server is active, this command is used for login authentication using the specified

method list.

Configuration

Examples

The following example shows how to associate the method list on VTY and perform login

authentication on a radius server.

Ruijie(config)# aaa new-model

Ruijie(config)# aaa authentication login default radius


Ruijie(config-line)# login authentication default


Commands aaa new-model Enables the AAA security service.


aaa authentication login Configures the login authentication method list.

Platform

Description None

login local

If AAA is disabled, run the login local command to enable local user authentication on the interface.

The no form of this command is used to delete the line for local user authentication.

login local

no login local


Description N/A N/A

Defaults None

Command


Usage Guide If the AAA security server is inactive, this command is used for local user login authentication. The

user is allowed to use the username command.

Configuration

Examples

The following example shows how to set local user authentication on VTY.

Ruijie(config)# no aaa new-model

Ruijie(config)# username test password 0 test


Ruijie(config-line)# login local


Commands username Configures local user information.

Platform

Description None

privilege mode

See the “Configuring CLI Authorization Commands” chapter.



Description N/A N/A

Defaults See the “Configuring CLI Authorization Commands” chapter.

Command

Mode See the “Configuring CLI Authorization Commands” chapter.

Usage Guide See the “Configuring CLI Authorization Commands” chapter.

Configuration

Examples See the “Configuring CLI Authorization Commands” chapter.


Commands N/A N/A

Platform

Description None

password

To configure a password for line login, run the password command. The no form of this command is

used to delete the line login password.

password {password | [0|7] encrypted-password}

no password


password Password for remote line login

0|7

Password encryption type, "0" for no encryption, "7" for simple encryption

(Optional) Ruijie’s private algorithm will be used for password encryption. If

the password type is 0, the password is in plain text. If the type is 7, the


Parameter

Description


Defaults None

Command



Usage Guide This command is used to configure a authentication password for remote line login.

Configuration

Examples

The following example configures the line login password as "red":


Ruijie(config-line)# password red


Commands login Moves from user mode to privileged EXEC mode or enables a higher level of

authority.

Platform

Description None

service password-encryption

To encrypt a password, run this command. The no form of this command is used to restore to the

default value, but a password in cipher text cannot be restored to plain text.

service password-encryption


Description N/A N/A

Defaults None

Command


Usage Guide This command is disabled by default. Various passwords are displayed in plain text, unless they are

encrypted. After you run the service password-encryption and show running or write command to

save your configuration, the password changes into cipher text. If you disable the command, the

password in cipher text cannot be restored to plain text.

Configuration

Examples

The following example encrypts the password:

Ruijie(config)# service password-encryption


Commands enable password Sets passwords of different privileges.

Platform None


Description

telnet

To log in a server that supports telnet connection, use the telnet command in EXEC (privileged)

mode.

telnet host [port] [/source {ip A.B.C.D | ipv6 X:X:X:X::X | interface interface-name}] [/vrf vrf-name]


Host The IP address of the host or host name you want to log in.

Port Selects the TCP port number for login, 23 by default.

/source Specifies the source IP address or source interface used by the

Telnet client.

ip A.B.C.D Specifies the source IPv4 address used by the Telnet client.

ipv6 X:X:X:X::X Specifies the source IPv6 address used by the Telnet client.

interface interface-name Specifies the source interface used by the Telnet client.

Parameter

Description

/vrf vrf-name Specifies the VRF routing table you want to query.

Defaults None

Command


Usage Guide

This command is used to log in a telnet server.

The /vrf keyword only applies to the RSR series of routers.

Configuration

Examples

Example 1: The following example sets telnet to 192.168.1.11. The port number is the default, and

the source interface is Gi 0/1. The queried VRF routing table is vpn1.

Ruijie# telnet 192.168.1.11 /source-interface gigabitEthernet 0/1 /vrf vpn1

Example 2: The following example sets telnet to 2AAA:BBBB::CCCC

Ruijie# telnet 2AAA:BBBB::CCCC

Command Description

ip telnet source-interface Specifies the IP address of the interface as the source

address for Telnet connection.

show sessions Shows the currently established Telnet sessions.

Related

Commands

exit Exits current connection.

Platform None


Description

username

To set a local username, run the username command in global configuration mode.

username name {nopassword | password { password | [0|7]

encrypted-password }} username name privilege privilege-level

no username name


name Username

password User password

0|7

Password encryption type, 0 for no encryption, 7 for simple encryption

(Optional) Ruijie’s private algorithm will be used for password encryption. If

the password type is 0, the password is in plain text. If the type is 7, the



Parameter

Description

privilege-level User bound privilege level

Defaults None

Command


Usage Guide This command is used to establish a local user database for authentication.

If encryption type is 7, the cipher text you enter should contain seven characters to be

valid.

In general, do not set the entryption type 7.

Instead, specify the type of encryption as 7 only when the encrypted password is copied

and pasted.

Configuration

Examples

The following example configures a username and password and bind the user to level 15.

Ruijie(config)# username test privilege 15 password 0 pw15


Commands login local Enables local authentication

Platform

Description None


banner login

To configure the login banner, run the banner login command in clobal configuration mode. Use the

no banner login command to remove the configuration.

banner login c message c


c Separator of the message contained in the login banner.

Delimiters are not allowed in the MOTD.

Parameter

Description

message Contents of the login banner

Defaults None

Command


Usage Guide This command sets the login banner message, which is displayed at login. The system discards all

the characters next to the terminating symbol.

Configuration

Examples

The following example shows how to configure the login banner:

Ruijie(config)# banner login $ enter your password $


Commands N/A N/A

Platform

Description None

banner motd

To set the Message-of-the-Day (MOTD), run the banner motd command in global configuration

mode. To delete the MOTD setting, run the no banner motd command.

banner motd c message c


c Separator of the MOTD. Delimiters are not allowed in the MOTD. Parameter

Description message Contents of an MOTD

Defaults None

Command



Usage Guide This command sets the MOTD, which is displayed at login. The letters that follow the separator will be

discarded.

Configuration

Examples

The following example shows the configuration of MOTD:

Ruijie(config)# banner motd $ hello,world $


Commands N/A N/A

Platform

Description None

clock set

To configure system clock manually, run one of the two formats of the clock set command in

privileged user mode:

clock set hh:mm:ss month day year


hh:mm:ss Current time: Hour (24-hour): Minute: Second

day Date (1-31) of month

month Month (1-12) of year

Parameter

Description

year Year (1993-2035): No abbreviation is allowed.

Defaults None

Command


Usage Guide

Use this command to set the system time to facilitate management.

For devices without hardware clock, the time set by the clock set command applies only for the

current setting. Once the device is powered off, the set time becomes invalid.

Configuration

Examples

The following example configures the current time as 10:20:30AM March 17th 2003.

Ruijie# clock set 10:20:30 Mar 17 2003

Ruijie# show clock

clock: 2003-3-17 10:20:32


Commands show clock Shows current clock.


Platform

Description None

clock update-calendar

In privileged EXEC mode, use the clock update-calendar command to overwrite the value of

hardware clock by software clock.



Description N/A N/A

Defaults None

Command


Usage Guide

Some platforms use hardware clock as a complement. As the battery enables hardware clock to run

continuously hardware clock still runs, whether the device is turned off or restarted.

If hardware clock and software clock are out of sync, the software clock is more reliable. Execute the

clock update-calendar command to copy the date and time indicated by the software clock to the

hardware clock.

Configuration

Examples

The following example copies the current time and date indicated by the software clock to the

hardware clock:

Ruijie# clock update-calendar


Commands N/A N/A

Platform

Description N/A

exec-timeout

To configure connection timeout for this device in LINE mode, use the exec-timeout command.

Once the connection timeout in LINE is cancelled by using the no exec-timeout command, the

connection never expires.

exec-timeout minutes [seconds]

no exec-timeout



minutes Timeout in minutes. Description

seconds (Optional) Timeout in minutes

Defaults The default timeout is 10 minutes.

Command


Usage Guide If there is no input or output for this connection within a specified time, this connection will expire, and

this LINE will be restored to the free status.

Configuration

Examples

The following example specifies the connection timeout as 5’30’’.

Ruijie(config-line)#exec-timeout 5 30


Commands N/A N/A

Platform

Description None

hostname

To specify or modify the hostname of a device, run the hostname command in global configuration

mode.

hostname name


Description name Device hostname, string, number or hyphen, up to 63 characters.

Defaults The default hostname is Ruijie.

Command


Usage Guide This hostname is mainly used to identify the device and is taken as the username for the local device

during dialup and CHAP authentication.

Configuration

Examples

The following example configures the hostname of the device as BeiJingAgenda:

Ruijie(config)# hostname BeiJingAgenda

BeiJingAgenda(config)#



Commands N/A N/A

Platform

Description None

prompt

To set the prompt command, run the prompt command in global configuration mode. To delete the

prompt setting, run the no prompt command.

prompt string


Description string Character string of the prompt command, containing up to 32 letters.

Defaults None

Command


Usage Guide If no prompt string is configured, the system name applies and varies with the system name. The

prompt command is valid only in EXEC mode.

Configuration

Examples

Sets the prompt string to rgnos:

Ruijie(config)# prompt rgnos

Ruijie(config)# end

RGOS


Commands N/A N/A

Platform

Description None

reload

To restart the device system, run the privileged user command reload.

reload [ text | in [ hh: ] mm [ text ] | at hh:mm [month day year ] [ text ] | cancel ]


text Causes the system to restart, 1-255 bytes

in [ hh: ] mm The system is restarted after a specified time interval of up to 24 days.

Parameter

Description

at hh:mm The system is restarted at the specified time.


month Indicates a month using characters, such as Mar for March.

day Date in the range of 1 to 31

year Year in the range of 1993 to 2035. No abbreviation is allowed.

cancel Cancels the scheduled restart.

Defaults None

Command


Usage Guide This command is used to restart the device at a specified time to facilitate management.

Configuration

Examples

The following example restarts the system in 10 minutes:

Ruijie# reload in 10

Router will reload in 600 seconds.


Commands N/A N/A

Platform

Description None

session-timeout

To configure the session timeout for a remote terminal in current LINE mode, use the

session-timeout command. When the session timeout for the remote terminal in LINE mode is

cancelled, the session never expires.

session-timeout minutes [output]

no session-timeout


minutes Timeout in minutes. Parameter

Description output Regards data output as the input to determine whether the session expires.

Defaults The default timeout is 0 min.

Command

Mode LINE configuration mode

Usage Guide If no input or output in current LINE mode is found on the remote terminal for the session within a

specified time, this connection will expire, and this LINE will be restored to the free status.

Configuration The following example specifies the timeout as 5 minutes.


Examples Ruijie(config-line)#exec-timeout 5 output


Commands N/A N/A

Platform

Description None

speed

To set the speed at which the terminal transmits packets, run the speed speed command in line

configuration mode. To restore the speed to its default, run the no speed command.

speed speed


Description speed Transmission rate (bps) on the terminal. For serial ports, optional rates include 9600,

19200, 38400, 57600, and 115200 bps. The default rate is 9600 bps.

Defaults The default rate is 9600.

Command


Usage Guide This command is used to set the speed at which the terminal transmits packets.

Configuration

Examples

The following example shows how to set the rate of the serial port to 57600 bps:

Ruijie(config)# line console 0

Ruijie(config-line)# speed 57600


Commands N/A N/A

Platform

Description None

write

Use this command to save running-config to a specified location.

write [ memory | network | terminal ]


Description memory Writes the system configuration (running-config) into NVRAM, which is equivalent


to copy running-config startup-config.

network Saves the system configuration to the TFTP server, which is equivalent to copy

running-config tftp.

terminal Shows the system configuration, which is equivalent to show running-config.

Defaults

Command


Usage Guide

Despite the presence of alternative commands, these commands are widely used and accepted.

Therefore, they are reserved to facilitate user operations.

On a device that enables you to specify a boot configuration file, use the write [memory]

command to do the following:

● If you have not specified a boot configuration file using the boot config command, the

system stores configurations in /config.text in the built-in flash memory by default.

● If you have specified a boot configuration file using the boot config command, the

system stores configurations in the file.

● If you have used the boot config command to specify a boot configuration file but the

file does not exist:

■ The system automatically creates the specified file and writes it into system

configuration if the device that stores the file exists;

■ The system will ask you whether to save the current configuration in the default

boot configuration file /config and perform an action as required if the device

that stores the file does not exist possibly because the boot configuration file is

stored on a removable storage device such as USB drive or SD card, and the

device has not been loaded when you run the write [memory] command.

The boot config command is supported only on the RSR10, RSR20, R2700 V5.0,

RSR50, and NPE50 series of routers.

Configuration

Examples

Example 1: The following example shows how to save system configuration on a device that does not

support boot config.

Ruijie# write

Building configuration...

[OK]

Example 2: The following example shows how to use the write command on a device that supports

boot config before and after removing a USB drive you have set up to store the boot configuration

file:

Ruijie(config)# boot config /mnt/usb1/config.text

Ruijie# write


Write to boot config file: [/mnt/usb1/config.text]


[OK]

Ruijie# usb remove 1

0:1:1:38 Ruijie: USB-5-USB_DISK_REMOVED: USB Device <USB Mass Storage Device>

Removed!

Ruijie# write


Write to boot config file: [/mnt/usb1/config.text]

[Failed]

The device [usb1] does not exist, write to the default config file

[/config.text]? [no] yes

Write to the default config file: [/config.text]

[OK]

Command Description

boot config Names the boot configuration file on the device.

copy Copies device configuration files.

Related

Commands

show running-config Views the system configuration.

Platform

Description None

show clock

To view the system time, run the show clock command in privileged user mode.

show clock


Description N/A N/A

Defaults None

Command


Usage Guide This command is used to view the current system clock.

Configuration

Examples

The following example shows a result of the show clock command:

Ruijie# show clock

clock: 2003-3-17 10:27:21


Commands clock set Sets the system clock.


Platform

Description None

show line

To show the configuration of a line, run the show line command in privileged EXEC mode.

show line {console line-num | vty line-num | line-num}


console Shows the configuration of a console line.

aux Checks configuration information relating to the aux line.

vty Shows the configuration of a vty line.

Parameter

Description

line-num Number of the line.

Defaults None

Command


Usage Guide This command shows the configuration of a line.

Configuration

Examples

The following example shows the configuration of a console port:

Ruijie# show line console 0

CON Type speed Overruns

* 0 CON 9600 45927

Line 0, Location: "", Type: "vt100"

Length: 24 lines, Width: 79 columns

Special Chars: Escape Disconnect Activation

^x none M

Timeouts: Idle EXEC Idle Session

never never

History is enabled, history size is 10.

Total input: 53564 bytes

Total output: 395756 bytes

Data overflow: 27697 bytes

stop rx interrupt: 0 times


Commands N/A N/A

Platform

Description None


show reload

To show the system restart settings, run the show reload command in privileged EXEC mode.

show reload


Description N/A N/A

Defaults None

Command


Usage Guide This command is used to show the restart settings of the system.

Configuration

Examples

The following example shows the restart settings of the system:

Ruijie# show reload

Reload scheduled in 595 seconds.

At 2003-12-29 11:37:42

Reload reason: test.


Commands N/A N/A

Platform

Description None

show running-config

To show how the current device system is configured, run the show running-config command in

privileged user mode.

show running-config


Description N/A N/A

Defaults None

Command



Usage Guide None

Configuration

Examples None


Commands N/A N/A

Platform

Description None

show startup-config

To view the device configuration stored in the Non Volatile Random Access Memory (NVRAM), run

the show startup-config command in privileged user mode.

show startup-config


Description N/A N/A

Defaults None

Command


Usage Guide

The device configuration stored in the NVRAM is executed while the device is starting.

On a device that does not support boot config, startup-config is contained in the default

configuration file /config.text in the built-in flash memory.

On a device that supports boot config, configure startup-config as follows:

If you have specified a boot configuration file using the boot config command and the file exists,

startup-config is stored in the specified configuration file.

If the boot configuration file you have specified using the boot config command does not exist or you

have not specified a boot configuration file using the command, startup-config is contained in

/config.text in the built-in flash memory.

Configuration

Examples None


Commands boot config Sets the name of the boot configuration

file.


Platform

Description None

show version

To view information about the system, run the show version command in privileged EXEC mode.

show version [devices | module | slots]


devices Current information about the device.

module Current information about the module.

Parameter

Description

slots Current information about the slot.

Defaults None

Command


Usage Guide This command is used to view current system information, including the system start time, version,

device information, and serial number.

Configuration

Examples

The following example shows system information.

Ruijie# show version

System description : Ruijie Dual Stack Multi-Layer Switch(S3760-24) By Ruijie

Network

System start time: 1970-6-14 11:49:53

System uptime: 3:17:1:17

System hardware version: 2.0

System software version: RGOS 10.3.00(4), Release(34679)

System boot version: 10.2.34077

System CTRL version: 10.2.24136

System serial number: 1234942570001


Commands N/A N/A

Platform

Description

The parameters such as devices and module are only supported on some modular networking

devices.

Command Reference HTTP Service Commands

HTTP Service Commands

enable service web-server

Use this command to enable the HTTP service function.

Use the no form of this command to disable the HTTP service function.

enable service web-server [ http | https | all ]

no enable service web-server [ http | https ]

Parameter


http Enables the HTTP service.

https Enables the HTTPS service.

all Enables both the HTTP service and the HTTPS service.

Defaults By default, the HTTP service function is disabled.

Command

mode


Usage Guide If run a command ends with the keyword all or without keyword, it indicates enabling both the HTTP

service and the HTTPS service; if run a command ends with keyword http, it indicates enabling the

HTTP service; if run a command ends with keyword https, it indicates enabling the HTTPS service.

Use the command no enable service web-server to disable the corresponding HTTP service.

Configuration

Examples

The following example enables both the HTTP service and the HTTPS service:

Ruijie#configure terminal


Ruijie(config)#enable service web-server

Related


show service Displays the configuration information and

status of system service.

show web-server status Displays the configuration information and

status of the web service.

Platform

Description

N/A

http web-file update

Use this command to update the Web package.


http web-file update

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide When the latest installation package is acquired and is stored in local device, user can run this

command directly without restarting the device to update the Web package.

To enable the new web package to take effect, log in to the web interface again.

Configuration

Examples

The following example updates the Web package

Ruijie#http web-file update

Related


N/A N/A

Platform

Description

N/A

ip http port

Use this command to configure the HTTP port number.

Use the no form of this command to restore the HTTP port number to the default value.

ip http port port-number

no ip http port

Parameter


port-number Configures the HTTP port number, the value includes 80,

1025-65535.

Defaults The default HTTP port number is 80.

Command

mode



Usage Guide Use this command to configure the HTTP port number.

Configuration

Examples

The following example configures the HTTP port number as 8080:



Ruijie(config)#ip http port 8080

Related


enable service web-server Enables the HTTP service function.



Platform

Description

N/A

ip http secure-port

Use this command to configure the HTTPS port number.

Use the no form of this command to restore the HTTPS port number to the default value.

ip http secure-port port-number

no ip http secure-port

Parameter


port-number Configures the HTTPS port number, the value includes 443,

1025-65535.

Defaults The default HTTP port number is 443.

Command

mode


Usage Guide Use this command to configure the HTTPS port number.

Configuration

Examples

The following example configures the HTTPS port number as 4443:



Ruijie(config)#ip http secure-port 4443

Related






Platform

Description

N/A

webmaster level

Use this command to configure HTTP authentication information, including the username and

password.

webmaster level privilege-level username name password { password | [ 0 | 7 ]

encrypted-password }

no webmaster level privilege-level [ username name ]

Parameter


privilege-level Configures the user privilege-level.

name Username.

password Password.

0 | 7 Password type; 0 indicates plaintext, 7 indicates ciphertext.

encrypted-password Password text.

Defaults N/A

Command

mode


Usage Guide When HTTP is enabled, users can log in to the web interface only after being authenticated. Use this

command to configure the username and password for the HTTP authentication information.

Run the command no webmaster level privilege-level I to delete all the usernames and the

password with a designated privilege-level.

Run the command no webmaster level privilege-level username name to delete the designated

username and password.

Usernames and passwords come with three permission levels, each of which includes

at most 20 usernames and passwords.

Configuration

Examples

The following example configures HTTP authentication information, including the username and

password:



Ruijie(config)#webmaster level 0 username ruijie password admin

Related




Platform

Description

N/A

http check-version

Use this command to detect the available upgrade files on the HTTP server.

http check-version

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide Use this command to detect the available upgrade files. The detected upgrade files version is later

than that of local files,

Configuration

Examples

The following example demonstrates the version of the detected HTTP upgrade file.

Ruijie#http check-version

Files need to be updated: web.

app name:web

sn version filename

-- ------------------- -------------------------

0 1.2.1(82381) web1.2.1(145680).upd

1 1.2.1(82380) web1.2.1(145680).upd

2 1.2.1(82379) web1.2.1(145680).upd

3 1.2.1(82378) web1.2.1(145680).upd

Related


http update Manually updates designated files.

Platform

Description

N/A

http update

Use this command to manually update the web file.

http update web [ version string ]


Parameter


string Version of the Web package to be updated.

Defaults N/A

Command

mode


Usage Guide Use this command to download the available Web package from a remote server to local device.

If the version is specified, then use the update package with specified version to update the Web

package; otherwise, use the latest update package to update the Web package.

Configuration

Examples

The following example demonstrates how to manually download the latest Web package form the

designated remote server.

Ruijie#http update web

Related


http check-vesion Detects the available update package on the

HTTP server.

Platform

Description

N/A

http update mode

Use this command to configure the HTTP update mode.

http update mode auto-detect

no http update mode

Parameter


auto-detect Auto-detect mode

Defaults By default, the auto-detect function is disabled.

Command

mode


Usage Guide Use this command to configure the HTTP update mode

Use this command to configure the HTTP working in the auto-detect mode. The device will detect files

on the server at detection time. User can check the available Web update files on the Web interface.

Use the no form of this command to convert the auto-detect mode into manual mode. The device

working in the manual mode cannot update automatically, so the user must configure the update


manually.

Configuration

Examples

The following example enables the Auto-detect mode:



Ruijie(config)#http update mode auto-detect

Related


N/A N/A

Platform

Description

N/A

http update server

Use this command to configure the IP address and the HTTP port number of the HTTP upgrade

server.

http update server { host-name | ip-address } [ port port-number ]

no http update server

Parameter


host-name Host name of the HTTP remote upgrade server.

ip-address IP address of the HTTP remote upgrade server.

port-number Port number of the HTTP remote upgrade server; value ranges from

1-65535.

Defaults By default, the IP address of the HTTP remote upgrade server is 0.0.0.0 and the port number is 80.

Command

mode


Usage Guide Use this command to configure the IP address and the HTTP port number of the HTTP upgrade

server. When processing the update, the user-configured server address is preferentially used. If the

connection fails, the server address in store in the local upgrade record file will be used to establish

the connection. When all the above connection fails, the update will be suspended.

At least one IP address of upgrade server is stored in the local upgrade record file, and this IP

address cannot be modified.

The HTTP upgrade server address is not need to be configured because the local

upgrade record file records available upgrade server addresses.


If the server domain needs to be configured, enable the DNS function on the device and

configure the DNS server address.

The server IP address cannot be an IPv6 address.

Configuration

Examples

The following example configures the IP address and the HTTP port number of the HTTP upgrade

server:



Ruijie(config)#http update server 10.83.132.1 port 90

Related


N/A N/A

Platform

Description

N/A

http update time

Use this command to configure the HTTP auto-detection time

http update time daily hh:mm

no http update time

Parameter


hh:mm Specific auto-detection time; (24-hour system); accurate to minute.

Defaults By default, the remote HTTP auto-detection time is random.

Command

mode


Usage Guide Use this command to configure the HTTP auto-detection time. The device detects the files available

for upgrade on the server at the specified detection time. Use can read these detected file information

through Web interface.

Use the no form of this command to reset the auto-detection time as random.

Configuration

Examples

The following example configures the HTTP auto-detection time：



Ruijie(config)#http update time daily 23:40



Commands

http update mode Configures the HTTP update mode

Platform

Description

N/A

show web-server status

Use this command to display the configuration information and status of the web.

show web-server status

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

The following example displays the configuration information and status of the web:

Ruijie#show web-server status

http server status : enabled

http server port : 80

https server status: enabled

https server port: 443

http(s) use memory block: 768, create task num: 0

Related



ip http port Configures the HTTP port number.

ip http secure-port Configures the HTTPS port number.

Platform

Description

N/A

Command Reference Network Connectivity Test Tool Commands

Network Connectivity Test Tool Commands

ping

Use this command to test the connectivity of a network to locate the network connectivity problem. The

command format is as follows:

ping [ vrf vrf-name | ip ] [ ip-address [ length length ] [ ntimes times ] [ timeout seconds] [ data

data ] [ source source ] [ df-bit ] [ validate ] ]

Parameter


vrf-name VRF name

ip-address Specifies an IPv4 address.

length Specifies the length of the packet to be sent.

times Specifies the number of packets to be sent.

seconds Specifies the timeout time.

data Specifies the data to fill in.

seconds

Specifies the source IPv4 address or the source interface. The

loopback interface address (for example: 127.0.0.1) is not allowed to

be the source address.

df-bit

Sets the DF bit for the IP address. DF bit=1 indicates not to

segmentate the datagrams. By default, the DF bit is 0.

validate Sets whether to validate the reply packets or not.

Defaults Five packets with 100Byte in length are sent to the specified IP address within specified time (2s by

default).

Command

Mode


Usage Guide The ping command can be used in the ordinary user mode and the privileged EXEC mode. In the

ordinary mode, only the basic functions of ping are available. In the privileged EXEC mode, in addition

to the basic functions, the extension functions of the ping are also available. For the ordinary functions

of ping, five packets of 100Byte in length are sent to the specified IP address within the specified

period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed,

and the statistics is displayed at the end. For the extension functions of ping, the number, quantity and

timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end.

To use the domain name function, configure the domain name server firstly. For the concrete

configuration, refer to the DNS Configuration section.

Configuration

Examples

The example below shows the ordinary ping.

Ruijie# ping 192.168.5.1

Sending 5, 100-byte ICMP Echoes to 192.168.5.1, timeout is 2 seconds:


< press Ctrl+C to break >

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms

The example below shows the extension ping.

Ruijie# ping 192.168.5.197 length 1500 ntimes 100 timeout 3

Sending 100, 1500-byte ICMP Echoes to 192.168.5.197, timeout is 3 seconds, data

ffff source 192.168.4.10:


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!


Ruijie#

Related


N/A N/A

Platform

Description

The command is supported by all equipments.

ping ipv6

Use this command to test the connectivity of a network to locate the network connectivity problem. The

command format is as follows:

ping [ ipv6 ] [ ipv6-address [ length length ] [ ntimes times ] [ timeout seconds ] [ data data ] [ source

source ]

Parameter

Descriptio

n


Ipv6-address Specifies an IPv6 address.

length Specifies the length of the packet to be sent.

times Specifies the number of packets to be sent.


data Specifies the data to fill in.

source




Defaults Five packets with 100Byte in length are sent to the specified IP address within specified time 2s by default

Command

Mode



Usage

Guide

The ping ipv6 command can be used in the ordinary user mode and the privileged EXEC mode. In the

ordinary mode, only the basic functions of ping ipv6 are available. In the privileged EXEC mode, in addition

to the basic functions, the extension functions of the ping ipv6 are also available. For the ordinary functions

of ping ipv6, five packets of 100Byte in length are sent to the specified IP address within the specified

period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed, and

the statistics is displayed at the end. For the extension functions of ping ipv6, the number, quantity and

timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end. To

use the domain name function, configure the domain name server firstly. For the concrete configuration,

refer to the DNS Configuration section.

Configurat

ion

Examples

The example below shows the ordinary ping ipv6.

Ruijie# ping ipv6 2000::1

Sending 5, 100-byte ICMP Echoes to 2000::1, timeout is 2 seconds:


!!!!!


The example below shows the extension ping ipv6.

Ruijie# ping ipv6 2000::1 length 1500 ntimes 100 timeout 3 data ffff source

192.168.4.10:

Sending 100, 1500-byte ICMP Echoes to 2000::1, timeout is 3 seconds


!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!


Related

Command

s

Command Description

N/A N/A

Platform

Descriptio

n

The command is supported by all ipv6 equipments.

traceroute

Execute the traceroute command to show all gateways passed by the test packets from the source

address to the destination address.

traceroute [ vrf vrf-name | ip ] [ ip-address [ probe number ] [ source source ] [ timeout seconds]

[ ttl minimum maximum ] ]



Description

vrf-name VRF name

ip-address Specifies an IPv4 address.

number Specifies the number of probe packets to be sent.

source





minimum maximum Specifies the minimum and maximum TTL values.

Defaults N/A

Command

Mode


Usage Guide Use the traceroute command to test the connectivity of a network to exactly locate the network

connectivity problem when the network failure occurs. To use the function domain name, configure

the domain name server. For the concrete configuration, refer to the DNS Configuration part.

Configuration

Examples

The following is two examples of the application bout traceroute, the one is of the smooth network,

and the other is the network in which some gateways aren’t connected successfully.

1. When the network is connected smoothly:

Ruijie# traceroute 61.154.22.36


Tracing the route to 61.154.22.36

1 192.168.12.1 0 msec 0 msec 0 msec

2 192.168.9.2 4 msec 4 msec 4 msec

3 192.168.9.1 8 msec 8 msec 4 msec

4 192.168.0.10 4 msec 28 msec 12 msec

5 192.168.9.2 4 msec 4 msec 4 msec

6 202.101.143.154 12 msec 8 msec 24 msec

7 61.154.22.36 12 msec 8 msec 22 msec

From above result, it’s clear to know that the gateways passed by the packets sent to the host with an

IP address of 61.154.22.36 (gateways 1~6) and the spent time are displayed. Such information is

helpful for network analysis.

2. When some gateways in the network fail:

Ruijie# traceroute 202.108.37.42



1 192.168.12.1 0 msec 0 msec 0 msec

2 192.168.9.2 0 msec 4 msec 4 msec

3 192.168.110.1 16 msec 12 msec 16 msec


4 * * *

5 61.154.8.129 12 msec 28 msec 12 msec

6 61.154.8.17 8 msec 12 msec 16 msec

7 61.154.8.250 12 msec 12 msec 12 msec

8 218.85.157.222 12 msec 12 msec 12 msec

9 218.85.157.130 16 msec 16 msec 16 msec

10 218.85.157.77 16 msec 48 msec 16 msec

11 202.97.40.65 76 msec 24 msec 24 msec

12 202.97.37.65 32 msec 24 msec 24 msec

13 202.97.38.162 52 msec 52 msec 224 msec

14 202.96.12.38 84 msec 52 msec 52 msec

15 202.106.192.226 88 msec 52 msec 52 msec

16 202.106.192.174 52 msec 52 msec 88 msec

17 210.74.176.158 100 msec 52 msec 84 msec

18 202.108.37.42 48 msec 48 msec 52 msec

The above result clearly shown that the gateways passed by the packets sent

to the host with an IP address of 202.108.37.42 (gateways 1~17) and the spent

time are displayed, and gateway 4 fails.

Ruijie# traceroute www.ietf.org

Translating "www.ietf.org"...[OK]



1 192.168.217.1 0 msec 0 msec 0 msec

2 10.10.25.1 0 msec 0 msec 0 msec

3 10.10.24.1 0 msec 0 msec 0 msec

4 10.10.30.1 10 msec 0 msec 0 msec

5 218.5.3.254 0 msec 0 msec 0 msec

6 61.154.8.49 10 msec 0 msec 0 msec

7 202.109.204.210 0 msec 0 msec 0 msec

8 202.97.41.69 20 msec 10 msec 20 msec

9 202.97.34.65 40 msec 40 msec 50 msec

10 202.97.57.222 50 msec 40 msec 40 msec

11 219.141.130.122 40 msec 50 msec 40 msec

12 219.142.11.10 40 msec 50 msec 30 msec

13 211.157.37.14 50 msec 40 msec 50 msec

14 222.35.65.1 40 msec 50 msec 40 msec

15 222.35.65.18 40 msec 40 msec 40 msec

16 222.35.15.109 50 msec 50 msec 50 msec

17 * * *

18 64.170.98.32 40 msec 40 msec 40 msec



Commands

N/A N/A

Platform

Description

The command is supported by all equipments. Where, the VRF function can only be provided in the

RSR equipment.

traceroute ipv6

Use this command to show all gateways passed by the test packets from the source address to the

destination address.

traceroute [ ipv6 ] [ ip-address [ probe number ] [ timeout seconds ] [ ttl minimum maximum ] ]

Parameter


ipv6-address Specifies an IPv6 address.

number Specifies the number of probe packets to be sent.


minimum maximum Specifies the minimum and maximum TTL values.

Defaults N/A

Command

Mode


Usage Guide Use the traceroute ipv6 command to test the connectivity of a network to exactly locate the network

connectivity problem when the network failure occurs. To use the function domain name, configure

the domain name server. For the concrete configuration, refer to the DNS Configuration part.

Configuration

Examples

The following is two examples of the application bout traceroute ipv6, the one is of the smooth

network, and the other is the network in which some gateways aren’t connected successfully.

1. When the network is connected smoothly:

Ruijie# traceroute ipv6 3004::1


Tracing the route to 3004::1

1 3000::1 0 msec 0 msec 0 msec



4 3004::1 4 msec 28 msec 12 msec

From above result, it’s clear to know that the gateways passed by the packets sent to the host with an

IP address of 3004::1 (gateways 1~4) and the spent time are displayed. Such information is helpful

for network analysis.

2. When some gateways in the network fail:

Ruijie# traceroute ipv6 3004::1



Tracing the route to 3004::1




4 * * *

5 3004::1 4 msec 28 msec 12 msec

The above result clearly shown that the gateways passed by the packets sent to the host with an IP

address of 3004::1 (gateways 1~5) and the spent time are displayed, and gateway 4 fails.

Related


N/A N/A

Platform

Description

N/A

Command Reference Upgrade and Maintenance Commands

Upgrade and Maintenance Commands

copy tftp

Upgrade and maintain by the tftp protocol or upload and download by the tftp protocol.

copy flash: filename tftp://location/filename

copy tftp://location/filename flash: filename

copy flash: filename tftp://location/filename vrf vrfname

copy tftp://location/filename flash: filename vrf vrfname

Parameter


filename File name

vrfname VRF name

Defaults N/A

Command

mode

Privileged user mode.

Usage Guide If there is a space in the source file name, quotation mask is necessary for the TFTP link, for

example:

copy tftp:”//location/filename” flash: filename vrf vrfname

So does the destination file name, for example:

copy tftp://localtion/filename flash:”filename” vrf vrfname


If there is a space in the source file name, quotation mask is necessary for the TFTP

link, for example:

copy tftp:”//location/filename” flash: filename vrf vrfname

So does the destination file name, for example:


Configuration

Examples

The following is two examples: The first one transmits the backup parameter file (config.bak) from the

local host (ip 192.168.12. 1) to the switch; The second one transmits the file (switch.bin) from the

switch to the local switch (ip 192.168.12.1):

Ruijie# copy tftp://192.168.12.1/config.bak flash:

config.text

Ruijie# copy flash: switch.bin tftp://192.168.12.1/


Config.bak

Related


N/A N/A

Platform

Description

N/A

copy tftp ipv6

Use this command to perform the following operations:

Download files: download the specified source files from the TFTP server to the local.

Upload files:upload the local specified source files to the TFTP server.

copy flash: :filename tftp:// location /filename

copy tftp://location/filename flash: filename

Parameter


filename File name

Defaults N/A

Command

mode

N/A

Usage Guide N/A

Configuration

Examples

The following example downloads the config.text file to the TFTP server.

Ruijie# copy tftp://[2000::100]/config.text

flash:config.text

Accessing tftp://[2000::100]/config.text...

Success : Transmission success,file length 1496

Related


N/A N/A

Platform

Description

N/A

copy xmodem

Upgrade and maintain by using the xmodem protocol or upload and download by using the xmodem


protocol.

copy flash: filename xmodem

copy xmodem flash: filename

Parameter


filename The name of files in the equipment.

Defaults N/A

Command

mode


Usage Guide If the file is transmitted successfully, show the length of the transmitted file; otherwise, show the

failure information. Any files can be transmitted by TFTP, such as main program file and parameter

file. The Xmodem can only be transmitted in the out-band (serial ports).

The following shows two examples: The first one transmits the files to the switch from the host via the

xmodem protocol. The second uploads the configuration file in the switch to the host via the xmodem

protocol.

If there is a space in the file name, quotation mask is necessary, for example:

copy xmodeam flash: “filename” or copy flash: ”filename” xmodem

Configuration

Examples

The following is an example of upload and download:

Ruijie# copy xmodem flash: config.text

Ruijie# copy flash: config.text xmodem

Success : Transmission success,file length 1496

Related


N/A N/A

Platform

Description

N/A

Command Reference Interface Commands

Interface Commands

carrier-delay

In the interface configuration mode, execute the carrier-delay command to set the carrier delay on

the interface, and the no carrier-delay command to restore it to the default value.

carrier-delay [ seconds ]

no carrier-delay

Parameter


seconds Optional parameter in the range of 1 to 60 seconds

Defaults The default carrier delay is 2 seconds.

Command

Mode


Usage Guide This parameter refers to the delay after which the carrier detection signal DCD of the interface link

changes from the Down status to the Up status. If the DCD changes within the delay, the system will

ignore such changes without disconnecting the upper data link layer for renegotiation.

If the DCD carrier is disconnected for a long time, the parameter should be set longer to accelerate

route aggregation so that the routing table can be converged more quickly. On the contrary, if the

DCD carrier interruption period is shorter than the time used for route aggregation, you should set the

parameter to a higher value to avoid unnecessary route vibration.

Configuration

Examples

The following example shows how to configure the carrier delay of serial interface to 5 seconds:

Ruijie(config)# interface gigabitethernet 1/1

Ruijie(config)# carrier-delay 5

Related


N/A N/A

Platform

Description

N/A

clear counters

Use this command to clear the counters on the specified interface.

clear counters [ interface-id ]


Parameter


interface-id Interface type and interface ID

Defaults N/A

Command

Mode


Usage Guide In the privileged EXEC mode, use the show interfaces command to display the counters or the clear

counters command to clear the counters. If the interface is not specified, the counters on all

interfaces will be cleared.

Configuration

Examples

Ruijie# clear counters gigabitethernet 1/1

Related


show interfaces Show the interface information.

Platform

Description

N/A

clear interface

Reset the interface hardware.

clear interface interface-id

Parameter


interface-id Interface type and interface ID

Defaults N/A

Command

Mode


Usage Guide This command is only used on the switch port, member port of the L2 Aggregate port, routing port,

and member port of the L3 aggregate port. This command is equal to the shutdown and no

shutdown commands.

Configuration

Examples

Ruijie# clear interface gigabitethernet 1/1


Related


shutdown Shutdown the interface.

Platform

Description

N/A

description

Use this command to set the alias of interface.. Use the no form of the command to restore the

default setting.

description string

no description

Parameter


string Interface alias

Defaults By default, there is no alias.

Command

Mode


Usage Guide Use show interfaces to display the interface information, including the alias.

Configuration

Examples


Ruijie(config-if)# description GBIC-1

Related



Platform

Description

N/A

duplex

Use the duplex command in the interface configuration mode to specify the duplex mode for the

interface. Use the no form of the command to restore it to the default setting.

duplex { auto | full | half }

no duplex


Parameter


auto Self-adaptive full duplex and half duplex

full Full duplex

half Half duplex

Defaults Auto.

Command

Mode


Usage Guide The duplex mode is associated with the interface type. Use show interfaces to display the duplex

mode of the interface

Configuration

Examples

Ruijie(config-if)# duplex full

Related



Platform

Description

N/A

interface fastEthernet

Use this command to select a Ethernet interface, and enter the interface configuration mode.

interface fastEthernet mod-num/port-num

Parameter


mod-num/port-num The range depends on the device and the extended module.

Defaults N/A

Command

Mode


Usage Guide The no form of the command is not available, and this interface type cannot be deleted. Use show

interfaces or show interfaces fastEthernet to display the interface configurations.

Configuration

Examples

Ruijie(config)# interface fastEthernet 1/2

Ruijie(config-if)#


Related



Platform

Description

N/A

interface giagbitEthernet

Use this command to select a Gigabit Ethernet interface, and enter the interface configuration mode.

interface gigabitEthernet mod-num/port-num

Parameter


mod-num/port-num The range depends on the device and the extended module.

Defaults N/A

Command

Mode


Usage Guide The no form of the command is not available, and this interface type cannot be deleted. Use show

interfaces or show interfaces gigabitEthernet to display the interface configurations.

Configuration

Examples

Ruijie(config)# interface gigabitEthernet 1/2

Ruijie(config-if)#

Related



Platform

Description

N/A

medium-type

Use this command to select the medium type for an interface. Use the no form of the command to

restore it to the default setting.

medium-type { auto-select [ prefer [ fiber | copper ] ] | fiber | copper }

no medium-type



Description

fiber Optical interface.

prefer[fiber| copper] The preferred medium type for the interface is selected.

auto-select Auto-select the medium type for the interface.

copper Copper interface.

Defaults Copper interface.

Command

Mode

Interface configuration (physical interface, except for AP and SVI)

Usage Guide If a port can be selected as an optical port or electrical port, you can only select one of them. Once

the media type is selected, the attributes of the port, for example, status, duplex, flow control, and

rate, all mean those of the currently selected media type. After the port type is changed, the attributes

of the new port type take the default values, which can be modified as needed.

Configuration

Examples


Ruijie(config-if)# medium-type copeer

Related



Platform

Description

The 12 SFP interfaces of the 24SFP/12GT line cards and 1210/100/1000M BASE-T interfaces allow

for dynamic switching.

The combo interface is not supported to automatically determine whether the current port is the SFP

interface or the 10/100/1000M BASE-T interface.

mtu

Use this command to set the MTU supported on the interface.

mtu num

Parameter


num 64 to 9216 (or 65536, which varies by products)

Defaults By default, the num is 1500.

Command

Mode


Usage Guide Set the maximum transmission unit (MTU) supported on the interface.


Configuration

Examples


Ruijie(config-if)# mtu 9216

Related



Platform

Description

N/A

shutdown

Use the shutdown command in the interface configuration mode to disable an interface. Use the no

form of the command to enable a disabled port.

shutdown

no shutdown

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to stop the forwarding on the interface (Gigabit Ethernet interface, Aggregate port

or SVI). You can enable the port with the no shutdown command. If you shut down the interface, the

configuration of the interface exists, but does not take effect. You can view the interface status by

using the show interfaces command.

If you use the script to run no shutdown frequently and rapidly, the system may prompt

the interface status reversal.

Configuration

Examples

Shut down Ap 1:

Ruijie(config)# interface aggregateport 1

Ruijie(config-if)# shutdown

Enable Ap 1:

Ruijie(config)# interface aggregateport 1

Ruijie(config-if)# no shutdown


Related


clear interface Reset the hardware.


Platform

Description

N/A

snmp trap link-status

You can set whether to send LinkTrap on a port. If the function is enabled, the SNMP will send the

LinkTrap when the link status of the port changes. The no form of this command prevents the SNMP

from sending the LinkTrap.


no snmp trap link-status

Parameter


N/A N/A

Defaults This function is enabled. If the link status of the port changes, the SNMP sends the LinkTrap.

Command

Mode


Usage Guide For an interface (for instance, Ethernet interface, AP interface, and SVI interface), this command sets

whether to send LinkTrap on the interface. If the function is enabled, the SNMP sends the LinkTrap

when the link status of the interface changes.

Configuration

Examples

Do not send LinkTrap on the interface:


Ruijie(config-if)# no snmp trap link-status

Following configuration shows how to configure the interface to forwarding Link trap:


Ruijie(config-if)# snmp trap link-status

Related


snmp trap link-status Enable sending LinkTrap on the interface.

no snmp trap link-status Disable sending LinkTrap on the interface.

Platform

Description

N/A


speed

Use this command to configure the speed on the port. Use the no form of the command to restore it to


Parameter


10 Means that the transmission rate of the interface is 10Mbps.



10G Means that the transmission rate of the interface is 10Gbps.

auto Self-adaptive

Defaults Auto.

Command

Mode


Usage Guide If an interface is the member of an aggregate port, the rate of the interface depends on the rate of the

aggregate port. You can set the rate of the interface, but it does not take effect until the interface exits

the aggregate port. Use show interfaces to display configuration. The rate varies by interface types.

For example, you cannot set the rate of a SFP interface to 10M or 100M.

Configuration

Examples


Ruijie(config-if)# speed 100

Related



Platform

Description

N/A

show interfaces

Use this command to show the interface information and optical module information.

show interfaces [interface-id] [counters | description | status | switchport | trunk | transceiver

[alarm | diagnosis] | mtu | usage]

Parameter


interface-id

Interface (including Ethernet interface, aggregate port, SVI or

loopback interface).


counters The counters on the interface.

description The description of the interface, including the link status.

status

All the link status of the Layer 2 interface, including the rate and

duplex.

switchport Layer 2 interface information.

trunk Trunk port, applicable for physical port and aggregate port.

transceiver Basic optical module information.

alarm

Alarm information of the optical module. The “None” is displayed

when no fault exists.

diagnosis Diagnosis parameter value of the optical module.

line-detect Line detecting status of the port.

mtu Show the value of MTU on the interface.

usage Show the bandwidth usage of the interface.

Defaults Show all the information.

Command

Mode


Usage Guide Show the basic information if no parameter is specified.

The functions of showing the optical module information, alarming the fault and diagnosing the

parameters shall be used combining with the optical module of the RG network.

To show the optical module and alarm the fault and diagnose the parameters, the function of Digital

Diagnostic Monitoring must be supported by the optical module.

Configuration

Examples

The follow example shows the interface information when the Gi0/1 is Trunk port:

SwitchA#show interfaces gigabitEthernet 0/1

Index(dec):1 (hex):1

GigabitEthernet 0/1 is DOWN , line protocol is DOWN

Hardware is Broadcom 5464 GigabitEthernet

Interface address is: no ip address

MTU 1500 bytes, BW 1000000 Kbit

Encapsulation protocol is Bridge, loopback not set

Keepalive interval is 10 sec , set

Carrier delay is 2 sec

RXload is 1 ,Txload is 1

Queueing strategy: FIFO

Output queue 0/0, 0 drops;

Input queue 0/75, 0 drops

Switchport attributes:

interface's description:""

medium-type is copper

lastchange time:0 Day: 0 Hour: 0 Minute:13 Second

Priority is 0


admin duplex mode is AUTO, oper duplex is Unknown

admin speed is AUTO, oper speed is Unknown

flow receive control admin status is OFF,flow send control admin status is

OFF,flow receive control oper status is Unknown,flow send control oper status

is Unknown

broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm

Control is OFF

Port-type: trunk

Native vlan:1

Allowed vlan lists:1-4094

Active vlan lists:1, 3-4

5 minutes input rate 0 bits/sec, 0 packets/sec

5 minutes output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer, 0 dropped

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort

0 packets output, 0 bytes, 0 underruns , 0 dropped

0 output errors, 0 collisions, 0 interface resets

The following example shows the interface information when the Gi0/1 is Access port:


















Priority is 0



flow receive control admin status is OFF,flow send control admin status

is OFF,flow receive control oper status is Unknown,flow send control oper status

is Unknown



Control is OFF

Port-type: access

Vlan id : 2








The following example shows the layer-2 interface information when the Gi0/1 is Hybrid port.


















Priority is 0



flow receive control admin status is OFF,flow send control admin status

is OFF,flow receive control oper status is Unknown,flow send control oper status

is Unknown


Control is OFF

Port-type: hybrid

Tagged vlan id:2

Untagged vlan id:none









The following example shows the layer-2 information of the Gi0/1.

Ruijie# show interfacesgigabitEthernet 0/1 switchport

Interface Switchport ModeAccess Native Protected VLAN lists

--------- ---------- --------- ------ ------ ---------

GigabitEthernet 0/1 enabled Access 11 Disabled ALL

The following example shows the MTU information on the interface GigabitEthernet 1/1.

Ruijie#show interfaces GigabitEthernet 1/1 mtu

interface MTU

------------------- -------

GigabitEthernet 1/1 1500

The following example shows the bandwidth usage on the interface GigabitEthernet 1/1.

Ruijie#show interfaces GigabitEthernet 1/1 usage

Interface Bandwidth Bandwidth Usage

------------------- --------------- ----------------

GigabitEthernet 1/1 1,000,000 Kbit 20%

Related


duplex Duplex

flowcontrol Flow control status.

interface gigabitEthernet

Select the interface and enter the interface

configuration mode.

interface aggregateport

Create or access the aggregate port, and enter

the interface configuration mode.

interface vlan

Create or access the switch virtual interface

(SVI), and enter the interface configuration

mode.

shutdown Disable the interface.

speed Configure the speed on the port.

switchport priority Configure the default 802.1q interface priority.

switchport protected Specify the interface as a protected port.

Platform

Description

N/A

Command Reference MAC Address Commands

MAC Address Commands

address-bind ipv6-mode

Use this command to set the IP mode of address binding. Use the no form of this command to delete

the configuration.

Set the IP mode to the compatible mode.

address-bind ipv6-mode compatible

Set the IP mode to the loose mode.

address-bind ipv6-mode loose

Set the IP mode to the strict mode.

address-bind ipv6-mode strict

no address-bind ipv6-mode


Description N/A N/A

Defaults Strict mode

Command

Mode


Usage Guide There are three IP address binding modes: compatible, loose and strict. The following table shows

the forwarding rule corresponding to each binding mode.

Mode IPv4 forwarding rule

Strict Only the packets matching IPv4 and MAC are forwarded.

Loose Only the packets matching IPv4 and MAC are forwarded.

compatible Only the packets matching IPv4 and MAC are forwarded.

Mode IPv4 forwarding rule

Strict No IPv6 packets are forwarded. (Default)

Loose All IPv6 packets are forwarded.

compatible Only the IPv6 packets whose source MAC addresses are

bound MAC addresses are forwarded.


Configuration

Examples

The following example binds the IP address 192.168.5.2 and the MAC address 00do.f822.33aa and

forward the corresponding packets:



Ruijie(config)# address-bind 192.168.5.2 00d0.f822.33aa

Ruijie(config)# address-bind ipv6-mode compatible


Commands N/A N/A

Platform

Description

N/A

clear mac-address-table dynamic

Use this command to clear the dynamic MAC address.

clear mac-address-table dynamic [ address mac-addr [ interface interface-id ] [ vlan vlan-id ]


dynamic Clear all the dynamic MAC addresses.

address mac-addr Clear the specified dynamic MAC address.

interface interface-id Clear all the dynamic MAC addresses of the specified interface.

Parameter

Description

vlan vlan-id Clear all the dynamic MAC addresses of the specified VLAN.

Defaults N/A

Command

Mode


Usage Guide Use the show mac-address-table dynamic command to display all the dynamic MAC addresses.

Configuration

Examples

The following example clears all the dynamic MAC addresses:

Ruijie# clear mac-address-table dynamic


Commands show mac-address-table dynamic Use this command to display dynamic MAC address.

Platform

Description

N/A

mac-address-table aging-time

Use this command to specify the aging time of the dynamic MAC address. Use the no form of the


command to restore the default value.

mac-address-table aging-time seconds

no mac-address-table aging-time


Description seconds

Aging time of the dynamic MAC address, in seconds. The

time range varies with switches.

Defaults 300 seconds.

Command

Mode


Usage Guide Use the show mac-address-table aging-time command to display configuration.

Use the show mac-address-table dynamic command to display the dynamic MAC address table.

Configuration

Examples

Ruijie(config)# mac-address-table aging-time 150


Commands show mac-address-table aging-time Display the aging time of the dynamic MAC address.

show mac-address-table dynamic Display the dynamic MAC address table.

Platform

Description

N/A

mac-address-table filtering

Use this command to configure the MAC address to be filtered. Use the no form of the command to

remove the configuration.

mac-address-table filtering mac-address vlan vlan-id [ source | destination ]

no mac-address-table filtering mac-address vlan vlan-id


mac-address MAC address to be filtered

vlan vlan-id VLAN ID. Its range varies with switches.

source Filter frames based on the source MAC address only.

Parameter

Description

destination Filter frames based on the destination MAC address only.

Defaults No filtered address is configured by default.

When this command is configured without the source or destination specified, the frame received in

the specified VLAN, which has the same source or destination MAC address with the specified MAC

address, will be filtered.


Command

Mode


Usage Guide The filtered MAC address shall not be a multicast address. Use show mac-address-table filtering to

display the filtered MAC addresses.

Configuration

Examples

Ruijie(config)# mac-address-table filtering 00d0f8000000 vlan 1


Commands clear mac-address-table filtering Clear the MAC address filtering table

show mac-address-table filtering Show the configuration of the address filtering table.

Platform

Description

N/A

mac-address-table notification

Use this command to enable the MAC address notification function. Use the no form of the command

to disable this function.

mac-address-table notification [ interval value | history-size value ]

no mac-address-table notification [interval | history-size ]


interval value Specify the interval of sending the MAC address trap message,

1 second by default.

Parameter

Description

history-size value Specify the maximum number of the entries in the MAC

address notification table, 50 entries by default.

Defaults By default, the interval is one second and the maximum number of the entries in the MAC address

notification table is 50.

Command

Mode


Usage Guide The MAC address notification function is specific for only dynamic MAC address and secure MAC

address. No MAC address trap message is generated for static MAC addresses. In the global

configuration mode, you can use the snmp-server enable traps mac-notification command to

enable or disable the switch to send the MAC address trap message.

Configuration

Examples

Ruijie(config)# mac-address-table notification

Ruijie(config)# mac-address-table notification interval 40

Ruijie(config)# mac-address-table notification history-size 100


Command Description

snmp-server enable traps Set the method of handling the MAC address trap message..

show mac-address-table

notification

Show the MAC address notification configuration and the MAC

address trap notification table.

Related

Commands

snmp trap mac-notification Enable the MAC address trap notification function on the

specified interface.

Platform

Description

N/A

mac-address-table static

Use this command to configure a static MAC address. Use the no form of the command to remove a

static MAC address.

mac-address-table static mac-addr vlan vlan-id interface interface-id

no mac-address-table static mac-addr vlan vlan-id interface interface-id


mac-addr Destination MAC address of the specified entry

vlan-id VLAN ID of the specified entry.

Parameter

Description

interface-id Interface (physical interface or aggregate port) that packets are forwarded to

Defaults No static MAC address is configured by default.

Command

Mode


Usage Guide A static MAC address has the same function as the dynamic MAC address that the switch learns.

Compared with the dynamic MAC address, the static MAC address will not be aged out. It can only be

configured and removed by manual. Even if the switch is reset, the static MAC address will not be

lost. A static MAC address shall not be configured as a multicast address. Use the show

mac-address-table static command to show the configuration of the static MAC address table. Use

the clear mac-address-table static command to clear the settings to the static address table.

Configuration

Examples

When the packet destined to 00d0 f800 073c arrives at VLAN4, it will be forwarded to the specified

port gigabitethernet 1/1:

Ruijie(config)# mac-address-table static 00d0.f800.073c vlan 4 interface gigabitethernet 1/1


Commands show mac-address-table static Show the configuration of the static address table.

clear mac-address-table static Clear the settings to the static address table.


Platform

Description

N/A

show address-bind

Use this command to show IP address-MAC address binding.

show address-bind


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show address-bind

IP Address Binding MAC Addr

------------ -----------------

3.3.3.3 00d0.f811.1112

3.3.3.4 00d0.f811.1117


Commands address-bind Enable IP address-MAC address binding.

Platform

Description

N/A

show address-bind uplink

Use this command to show the uplink port.

show address-bind uplink


Description N/A N/A

Defaults N/A

Command

mode

N/A


Usage Guide N/A

Configuration

Examples

Ruijie# show address-bind uplink

Ports State

------------ ------

Fa0/1 Disabled

Fa0/2 Disabled

……


Commands address-bind uplink Set the uplink port.

Platform

Description

N/A

show mac-address-table address

Use this command to show all types of MAC addresses (including dynamic address, static address

and filtering address)

show mac-address-table [ address mac-addr ] [ interface interface-id ] [ vlan vlan-id ]


address mac-addr Specified MAC address.

interface interface-id Interface ID

Parameter

Description

vlan vlan-id VLAN ID

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

Ruijie# show mac-address-table address 00d0.f800.1001

Vlan MAC Address Type Interface

---------- -------------------- --------

1 00d0.f800.1001 STATIC Gi1/1

Command Description

show mac-address-table static Show the static MAC address.

Related

Commands

show mac-address-table filtering Show the filtering MAC address.

show mac-address-table dynamic Show the dynamic MAC address.

show mac-address-table interface Show all types of MAC addresses of the specified interface


show mac-address-table vlan Show all types of MAC addresses of the specified VLAN

show mac-address-table count Show the address counts in the MAC address table.

show mac-address-table static Show the static MAC address.

show mac-address-table filtering Show the filtering MAC address.

Platform

Description

N/A

show mac-address-table aging-time

Use this command to display the aging time of the dynamic MAC address.

show mac-address-table aging-time


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide

Configuration

Examples

Ruijie# show mac-address-table aging-time

Aging time : 300


Commands mac-address-table aging-time Specify the aging time of the dynamic MAC address.

Platform

Description

N/A

show mac-address-table count

This command is used to display the number of address entries in the address table.

show mac-address-table count [interface interface-id | vlan vlan-id]


Description N/A N/A

Defaults N/A

Command Privileged EXEC mode.


Mode

Usage Guide N/A

Configuration

Examples

Ruijie# show mac-address-table count

Dynamic Address Count : 51

Static Address Count : 0

Filter Address Count : 0

Total Mac Addresses : 51

Total Mac Address Space Available: 8139

Command Description

show mac-address-table static Display the static address.

show mac-address-table filtering Display the filtering address.

show mac-address-table dynamic Display the dynamic address.

show mac-address-table address Display all the address information of the specified

address.

show mac-address-table interface Display all the address information of the specified

interface.

Related

Commands

show mac-address-table vlan Display all the address information of the specified vlan.

Platform

Description

N/A

show mac-address-table dynamic

Use this command to show the dynamic MAC address.

show mac-address-table dynamic [ address mac-add r] [ interface interface-id ] [ vlan vlan-id ]


mac-addr Destination MAC address of the entry

vlan-id VLAN of the entry

Parameter

Description

interface-id Interface that the packet is forwarded to.

It may be a physical port or an aggregate port

Defaults All the MAC addresses are displayed by default.

Command

Mode


Usage Guide N/A

Configuration Ruijie# show mac-address-table dynamic


Examples Vlan MAC Address Type Interface

------------------------- -------- -------------------

1 0000.0000.0001 DYNAMIC gigabitethernet 1/1

1 0001.960c.a740 DYNAMIC gigabitethernet 1/1

1 0007.95c7.dff9 DYNAMIC gigabitethernet 1/1

1 0007.95cf.eee0 DYNAMIC gigabitethernet 1/1

1 0007.95cf.f41f DYNAMIC gigabitethernet 1/1

1 0009.b715.d400 DYNAMIC gigabitethernet 1/1

1 0050.bade.63c4 DYNAMIC gigabitethernet 1/1


Commands clear mac-address-table dynamic Clear the dynamic MAC address.

Platform

Description

N/A

show mac-address-table filtering

Use this command to show the filtering MAC address.

show mac-address-table filtering [ ddr mac-addr ] [ vlan vlan-Id ]



Parameter

Description

vlan-id VLAN ID of the entry

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show mac-address-table filtering


------- ----------------- ------- -----------

1 0000.2222.2222 FILTER Not available


Commands clear mac-address-table

filtering Clear the address filtering table.

mac-address-table filtering Set the address filtering table.

Platform

Description

N/A


show mac-address-table interface

Use this command to show the dynamic MAC address management and learning mode.

show mac-address-table mac-manage-learning


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show mac-address-table mac-manage-learning

######MAC manage-learning

running mode: uniform

configuration mode: uniform

dynamic address learning-synchronization: off.

Command Description

mac-manage-learing uniform Set the dynamic MAC address management and learning

mode to uniform mode.

mac-manage-learning uniform

learning-synchronization

Set synchronization of the dynamic MAC addresses of the

entire switch. .

Related

Commands

mac-manage-learning dispersive Set the dynamic MAC address management and learning

mode to dispersive mode.

Platform

Description

N/A

show mac-address-table notification

Use this command to show the MAC address notification configuration and the MAC address

notification table.

show mac-address-table notification [ interface [ interface-id ] | history ]


interface interface-id Interface ID. Show the MAC address notification configuration

on the interface.

Parameter

Description

history Show the MAC address notification history.


Defaults The MAC address notification configuration is shown by default.

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show mac-address-table notification interface

Interface MAC Added Trap MAC Removed Trap

--------- -------------- --------------

GigabitEthernet1/14 Disabled Disabled

Ruijie# show mac-address-table notification

MAC Notification Feature: Disabled

Interval between Notification Traps: 1 secs

Maximum Number of entries configured in History Table:1

Current History Table Length: 0

Ruijie# show mac-address-table notification history

History Index: 0

MAC Changed Message:

Operation:ADD Vlan: 1 MAC Addr: 00f8.d012.3456 GigabitEthernet 3/1

Command Description

mac-address-table notification Enable MAC address notification.

Related

Commands

snmp trap mac-notification Enable the MAC address trap notification function on the


Platform

Description

N/A

show mac-address-table static

Use this command to show the static MAC address.

show mac-address-table static [addr mac-add r] [ interface interface-Id ] [ vlan vlan-id ]



vlan-id VLAN ID of the entry

Parameter

Description

interface-id Interface of the entry physical interface or aggregate port

Defaults N/A

Command

Mode



Usage Guide N/A

Configuration

Examples

Show only static MAC addresses

Ruijie# show mac-address-table static


---------- -------------------- -------- ---------

1 00d0.f800.1001 STATIC gigabitethernet 1/1




Commands mac-address-table static Configure the static MAC address.

clear mac-address-table static Clear the static addresses.

Platform

Description

N/A

show mac-address-table vlan

Use this command to display all addresses of the specified VLAN.

show mac-address-table vlan [vlan-id]


vlan-id VLAN ID

Parameter

Description

Defaults -

Command

Mode

Privileged mode

Usage Guide -

Configuration

Examples

Ruijie# show mac-address-table vlan 1


----- ------------- ------- ------------------




Command Description

show mac-address-table static This command is used to display static addresses.

show mac-address-table filtering This command is used to display filtered addresses.

Related

Commands

show mac-address-table dynamic This command is used to display dynamic addresses.


show mac-address-table address This command is used to display all address information

about the specified address.

show mac-address-table interface This command is used to display all address information

about the specified interface.

show mac-address-table count This command is used to display the number of addresses

in the address table.

Platform

Description

-

snmp trap mac-notification

Use this command to enable the MAC address trap notification on the specified interface. You can

use The no form of the command to disable this function.

snmp trap mac-notification { added | removed }

no snmp trap mac-notification { added | removed }


added Notify when a MAC address is added.

Parameter

Description

removed Notify when a MAC address is removed

Defaults Disabled.

Command

Mode


Usage Guide Use show mac-address-table notification interface to display configuration.

Configuration

Examples


Ruijie(config-if)# snmp trap mac-notification added

Command Description

mac-address-table notification Enable MAC address notification.

Related

Commands

show mac-address-table

notification

Show the MAC address notification configuration and the MAC

address notification table.

Platform

Description

N/A

Command Reference VLAN Commands

VLAN Commands

vlan

Use this command to enter vlan configuration mode. Use the no form of this command to delete vlan.

vlan vlan-id

no vlan vlan-id

Parameter


vlan-id VLAN ID.

Note: The default VLAN 1 cannot be deleted.

Defaults N/A

Command

Mode


Usage Guide Execute the end command or press Ctrl+C to return to priviledged EXEC mode.

Execute the exit command to returen to global configuration mode.

Configuration

Examples

Ruijie(config)# vlan 1

Ruijie(config-vlan)#

Related


show vlan Displays VLAN member ports information.

Platform

Description

N/A

Command Reference IP Address Commands

IP Address Commands

ip-address

Use this command to configure the IP address of an interface. Use the no form of this command to

delete the IP address of the interface.

ip address ip-address network-mask [ secondary ] | [ gateway ip-address ]

no ip address [ip-address network-mask [ secondary ] | [ gateway ] ]

Parameter


ip-address

32-bit IP address, which comprises multiple groups of 8 bits in

decimal format. Groups are separated by dots.

network-mask

32-bit network mask, which comprises multiple groups of 8 bits in

decimal format. 1 stands for the mask bit, and 0 stands for the

host bit. Groups are separated by dots.

secondary Indicates the secondary IP address that has been configured.

gateway ip-address

Configures the gateway address for the Layer-2 switch. The

gateway address is only supported on Layer-2 switches. No

address follows the gateway parameter when using the no form of

this command.

Defaults No IP address is configured for the interface.

Command

Mode


Usage Guide The device cannot receive and send IP packets before it is configured with an IP address. After an IP

address is configured for the interface, the interface is allowed to run the Internet Protocol (IP).

The network mask is also a 32-bit value that identifies which bits of the IP address is the network

address portion. Among the network mask, the IP address bits set to 1s are the network address

portion. The IP address bits that set to 0s are the host address. For example, the network mask of a

Class A IP address is 255.0.0.0. You can divide a network into different subnets using the network

mask. Subnet division means to use the bits in the host address as the network address portion, so

as to reduce the capacity of a host and increase the number of networks. In this case, the network

mask is called a subnet mask.

The RGOS software supports multiple IP addresses for an interface. One is the primary IP address

and the others are secondary IP addresses. Theoretically, there is no limit on the number of

secondary IP addresses. The primary IP address, however, must be configured before the secondary

IP addresses are configured. The secondary IP addresses and the primary IP address must belong


to different networks, and different secondary IP addresses must also belong to different networks.

Secondary IP addresses are often used in network construction. Typically, you can try to use

secondary IP addresses in the following situations:

A network does not have enough host addresses. At present, a LAN should be a class C network

where 254 hosts can be configured. However, when there are more than 254 hosts in the LAN,

another class C network address is necessary since one class C network is not enough. Therefore,

the device should be connected to two networks and multiple IP addresses should be configured.

Many older networks are L2-based bridge networks that have not been divided into different subnets.

Use of secondary IP addresses will make it very easy to upgrade this network to an IP layer-based

routing network. The equipment is configured with an IP address for each subnet.

Two subnets of a network are separated by another network. You can create a subnet for the

separated network, and connect the separated subnet by configuring a secondary IP address. One

subnet cannot appear on two or more interfaces of a device.

In general, the Layer-2 switch is configured with a default gateway by using the ip default-gateway

command. Sometimes the Layer-2 switch may be managed through Telnet, and the management IP

address and default gateway of the Layer-2 switch need to be modified. In this case, after configuring

either of the ip address and ip default-gateway commands, the other command cannot be

configured any more due to the configuration change which causes a failure to access this device

through the network. So you need to use the keyword gateway in the ip address command to modify

both the management IP address and the default gateway. The keyword gateway is not in the output

of the show running config command but in the output of the ip default-gate command.

Configuration

Examples

The following example sets the primary IP address to 10.10.10.1, and the network mask to

255.255.255.0.

ip address 10.10.10.1 255.255.255.0

The following example sets the default gateway to 10.10.10.254.

ip address 10.10.10.1 255.255.255.0 gateway 10.10.10.254

Related


show interface

Shows detailed information about the

interface.

Platform

Description

For the Layer 2 switch, the IP address can be configured only for a Layer 3 interface. The Level-2

address is not supported, that is, the secondary IP address option is unavailable.

The keyword gateway is only supported by Layer-2 switches.


ip unnumbered

Use this command to configure an unnumbered interface. After an interface is configured as an

unnumbered interface, it is allowed to run the IP protocol and can receive and send IP packets. Use

the no form of this command to cancel this configuration.

ip unnumbered interface-type interface-number

no ip unnumbered

Parameter


interface-type Interface type

interface-number Interface number

Defaults No unnumbered interface is configured.

Command

Mode


Usage Guide An unnumbered interface is an interface on which IP is enabled but no IP address is assigned to it.

The unnumbered interface should be associated to an interface with an IP address. The source IP

address of the IP packet generated by an unnumbered interface is the IP address of the associated

interface. In addition, the routing protocol process determines whether to send route update packets

to an unnumbered interface according to the IP address of the associated interface. The following

restrictions apply when an unnumbered interface is used:

(1) An Ethernet interface cannot be configured as an unnumbered interface.

(2) A serial interface can be configured as an unnumbered interface when it is encapsulated with

SLIP, HDLC, PPP, LAPB and Frame Relay. However, when Frame Relay is used for encapsulation,

only the point-to-point interface can be configured as an unnumbered interface. X.25 encapsulation

does not allow configuration as an unnumbered interface.

(3) You cannot detect whether an unnumbered interface works normally using the ping command,

because no IP address is configured for the unnumbered interface. However, the status of the

unnumbered interface can be monitored remotely using SNMP.

(4) The network cannot be started using an unnumbered interface.

Configuration

Examples

The following example configures the local interface as an unnumbered interface, and sets the

associated interface to the FE interface 0/1. An IP address must be configured for the associated

interface.

ip unnumbered fastEthernet 0/1

Related


show interface Shows detailed information about the interface.


Platform

Description

This command is not supported on Layer 2 switches.

arp

Use this command to add a permanent IP-MAC address mapping to the ARP cache table. Use the no

form of this command to delete the static MAC address mapping.

arp [ vrf name ] ip-address MAC-address type

no arp [ vrf name ] ip-address

Parameter


vrf name

Specifies the VRF instance. The name parameter indicates the name

of the VRF instance.

ip-address

The IP address that corresponds to the MAC address. It

comprises four groups of numeric values in decimal format

separated by dots.

MAC-address 48-bit data link layer address

type

ARP encapsulation type. The keyword is arpa for Ethernet

interfaces.

Defaults There is no static mapping record in the ARP cache table.

Command

Mode


Usage Guide RGOS finds the 48-bit MAC address according to the 32-bit IP address using the ARP cache table.

Since most hosts support dynamic ARP resolution, usually static ARP mapping is not necessary. The

clear arp-cache command can be used to delete the ARP mapping that is learned dynamically.

Configuration

Examples

The following example sets an ARP static mapping record for an Ethernet host.

arp 1.1.1.1 4e54.3800.0002 arpa

Related


clear arp-cache Clears the ARP cache table

Platform

Description

N/A


arp anti-ip-attack

For a message that hits a directly-connected route, if the switch does not learn the ARP entry that

corresponds to the destination IP address, the switch is not able to forward the message via hardware

and needs to send the message to the CPU to parse the address. This process is called ARP

learning. Sending a large number of such messages to the CPU, however, will influence the other

tasks of the switch. To prevent the IP messages from attacking the CPU, a discard entry is set to the

hardware during address resolution, so that all sequential messages with that destination IP address

are not sent to the CPU at all. After the address resolution, the entry is updated to the forwarding

status, so that the switch can forward the messages with that destination IP address via hardware.

In general, during the ARP request ,if the switch CPU receives three destination IP address

messages that hit the ARP entry, the switch considers that there is possibility to attack the CPU and

thus sets a discard entry to prevent unknown unicast messages from attacking the CPU. Users can

set the num parameter of this command to decide whether it attacks the CPU in the specific network

environment or disable this function. Use the arp anti-ip-attack num command to set the parameter

or disable this function. Use the no form of this command to restore the num parameter to the default

value 3.

arp anti-ip-attack num

no arp anti-ip-attack

Parameter


num

The number of IP messages to trigger the ARP to set a discard entry.

The value ranges from 0 to 100. 0 stands for disabling the ARP

anti-IP-attack function.

Defaults The switch sets a discarded entry after three unknown unicast messages are sent to the CPU.

Command

Mode


Usage Guide The ARP anti-IP-attack function will occupy the switch hardware routing resources when the switch is

attacked by unknown unicast messages. If there are enough resources, you can set the num

parameter in the arp anti-ip-attack to a smaller value. If not, in order to first ensure normal routing,

you can set the num parameter to a larger value or simply disable this function.

Configuration

Examples

The following example sets the number of IP messages that will trigger ARP to set a discard entry to.

Ruijie(config)# arp anti-ip-attack 5

The following example disables the ARP anti-IP-attack function.

Ruijie(config)# arp anti-ip-attack 0



Commands

N/A N/A

Platform

Description

This command is supported on Layer 3 switches.

arp gratuitous-send interval

Use this command to set the interval of sending free ARP request messages on an interface. Use the

no form of this command to disable this function on the interface.

arp gratuitous-send interval seconds

no arp gratuitous-send

Parameter


seconds

The time interval in seconds for sending free ARP request messages

in the range from 1 to 3600

Defaults Periodically sending free ARP request messages is disabled on an interface.

Command

Mode


Usage Guide If a network interface of the switch is used as the gateway of its downlink devices but a downlink

device pretends to be the gateway, you can configure the function to send free ARP request

messages regularly on this interface to notify that the switch is the real gateway.

Configuration

Examples

The following example sets the interval for sending free ARP request messages to SVI 1 to 1 second.

Ruijie(config)# interface vlan 1

Ruijie(config-if)# arp gratuitous-send interval 1

The following example disables the function of sending free ARP request messages to SVI 1.


Ruijie(config-if)# no arp gratuitous-send

Related


N/A N/A

Platform

Description

N/A


arp retry interval

Use this command to set the interval for sending ARP request messages locally, namely, the time

interval between two continuous ARP requests sent for parsing one IP address. Use the no form of

this command to restore the default value, that is, retry an ARP request per second.

arp retry interval seconds

no arp retry interval

Parameter


seconds

Time interval in seconds for retrying ARP request messages in the

range from 1 to 3600

1 second by default

Defaults The retry interval of ARP requests is 1 second.

Command

Mode


Usage Guide The switch sends ARP request messages frequently, thus causing problems like network congestion.

In this case, you can set the retry interval of ARP request messages to a larger value. In general, it

should not exceed the aging time of dynamic ARP entries.

Configuration

Examples

The following example sets the retry interval of ARP request messages to 30 seconds.

arp retry interval 30

Related


arp retry times number Sets the retry times of ARP request messages.

Platform

Description

N/A

arp retry times

Use this command to set the local retry times of ARP request messages, namely, the times of

sending ARP request messages to parse one IP address. Use the no form of this command to

restore the default settings (five ARP requests).

arp retry times number

no arp retry times

Parameter



number

The times of sending the same ARP request in the range from 1 to

100. 1 indicates that the ARP request is not retransmitted but only

one ARP request message is sent.

Defaults If the ARP response message is not received, the ARP request message will be sent for 5 times, and

then timeout occurs.

Command

Mode


Usage Guide The switch sends ARP request messages frequently, thus causing problems like network congestion.

In this case, you can set the retry times of ARP request messages to a smaller value. In general, the

retry times should not be set to an excessively large value.

Configuration

Examples

The following example sets the retry times of local ARP request messages to 1.

arp retry times 1

The following example sets the retry times of local ARP request messages to 2.

arp retry times 2

Related


arp retry interval seconds

Sets the retry interval of ARP request

messages.

Platform

Description

N/A

arp timeout

Use this command to configure the timeout for ARP static mapping records in the ARP cache. Use

the no form of this command to restore the default settings.

arp timeout seconds

no arp timeout

Parameter


seconds The timeout in seconds ranging from 0 to 2147483

Defaults The default timeout is 3600 seconds.

Command

Mode



Usage Guide The ARP timeout setting is only applicable to the IP and MAC address mapping records that are

learned dynamically. The shorter the timeout, the truer the mapping table saved in the ARP cache,

but the more network bandwidth occupied by ARP. Therefore, weight the advantages and

disadvantages of ARP timeout before using it. Generally you do not need to configure the ARP

timeout unless specially required.

Configuration

Examples

The following example sets the timeout for dynamic ARP mapping records that are learned

dynamically from FE port 0/1 to 120 seconds.

interface fastEthernet 0/1

arp timeout 120

Related


clear arp-cache ClearS the ARP cache table.

show interface Shows interface information.

Platform

Description

N/A

arp unresolve

Use this command to configure the maximum number of unresolved ARP entries. Use the no form of

this command to restore the default value 8192.

arp unresolve number

no arp unresolve

Parameter


number

The maximum number of unresolved ARP entries in the range from 1

to 8192. The default value is 8192.

Defaults The ARP cache table can contain up to 8192 unresolved entries.

Command

Mode


Usage Guide If there are a large number of unresolved entries in the ARP cache table and they do not disappear

after a period of time, use this command to limit the number of unresolved entries.

Configuration The following example sets the maximum number of unresolved entries to 500.


Examples arp unresolve 500

Related


N/A N/A

Platform

Description

N/A

ip proxy-arp

Use this command to enable the proxy ARP function on the interface. Use the no form of this

command to disable the proxy ARP function.

ip proxy-arp

no ip proxy-arp

Parameter


N/A N/A

Defaults The proxy ARP function is disabled on L3 switches of 10.2(3) and later versions, but enabled on

routers.

Command

Mode


Usage Guide Proxy ARP helps hosts without routing information to obtain MAC addresses of other networks or

subnet IP addresses. For example, a device receives an ARP request. The IP addresses of the

request sender and receiver are in different networks. However, the device knows a route to the IP

address of the request receiver and sends an ARP response, in which the MAC address is the

Ethernet MAC address of the device itself. This process is known as proxy ARP.

Configuration

Examples

The following example enables proxy ARP on FE port 0/1.


ip proxy-arp

Related


N/A N/A

Platform

Description



service trustedarp

Use this command to enable the trusted ARP function. Use the no form of this command to disable

the trusted ARP function.

service trustedarp

no service trustedarp

Parameter


N/A N/A

Defaults The trusted ARP function is disabled.

Command

Mode


Usage Guide The trusted ARP function of the device is used to prevent ARP proofing. As a part of the GSN

scheme, it should be used together with the GSN scheme.

Configuration

Examples

The following example enables the trusted ARP function in global configuration mode.

config

service trustedarp

Related


N/A N/A

Platform

Description

N/A

ip broadcast-address

Use this command to define a broadcast address for an interface in interface configuration mode. Use

the no form of this command to cancel the broadcast address configuration.

ip broadcast-address ip-address

no ip broadcast-address

Parameter


ip-address Broadcast address of the IP network

Defaults The IP broadcast address is 255.255.255.255.


Command

Mode


Usage Guide At present, the destination address of an IP broadcast packet is all-1s, indicating 255.255.255.255.

The RGOS software can generate broadcast packets with other defined IP addresses, and can

receive both all-1s packets and broadcast packets defined by itself.

Configuration

Examples

The following example sets the destination address of IP broadcast packets generated by this

interface to 0.0.0.0.

ip broadcast-address 0.0.0.0

Related


N/A N/A

Platform

Description


ip directed-broadcast

Use this command to enable the conversion from IP directed broadcast to physical broadcast in

interface configuration mode. Use the no form of this command to cancel the configuration.

ip directed-broadcast [ access-list-number ]

no ip directed-broadcast

Parameter


access-list-number

(Optional) Access list number ranging from 1 to 199 or from 1300 to

2699. After an access list number is defined, only the IP directed

broadcast packets that match this access list are converted.

Defaults The conversion function is disabled.

Command

Mode


Usage Guide An IP directed broadcast packet is an IP packet whose destination address is an IP subnet broadcast

address. For example, a packet with the destination address 172.16.16.255 is called a directed

broadcast packet. However, the node that generates this packet is not a member of the destination

subnet.

The device that is not directly connected to the destination subnet receives an IP directed broadcast


packet and handles this packet in the same way as forwarding a unicast packet. After the directed

broadcast packet reaches a device that is directly connected to this subnet, the device converts the

directed broadcast packet into a flooding broadcast packet (typically the broadcast packet whose

destination IP address is all-1s), and then sends the packet to all hosts in the destination subnet as

with link layer broadcast.

You can enable conversion from directed broadcast into physical broadcast on a specified interface,

so that this interface can forward a directed broadcast packet to a directly connected network. This

command affects only the final transmission of directed broadcast packets that have reached the

destination subnet instead of normal forwarding of other directed broadcast packets.

You can also define an access list on an interface to control which directed broadcast packets to

forward. After an access list is defined, only the packets that conform to the conditions defined in the

access list will perform the conversion from directed broadcast to physical broadcast.

If the no ip directed-broadcast command is configured on an interface, RGOS will discard the

directed broadcast packets received from the directly connected network.

Configuration

Examples

The following example enables the forwarding of directed broadcast packet on the FE port 0/1 of the

device.


ip directed-broadcast

Related


N/A N/A

Platform

Description


ip address-pool

Use this command to enable the IP address pool function. Use the no form of this command to

disable the IP address pool function.

ip address-pool local

no ip address-pool local

Parameter


N/A N/A

Defaults The IP address pool function is enabled.

Command

Mode



Usage Guide By default, the IP address pool function is enabled, the user can configure the IP address pool, and

the PPP user can assign an IP address to the peer end from the IP address pool. Use the no ip

address-pool local command to disable the IP address pool function and delete all IP address pools

previously configured.

Configuration

Examples

The following example enables the IP address pool function.

ip address-pool local

Related


ip local pool Configures the IP address pool.

Platform

Description

This command is not supported on switches.

clear arp-cache

Use this command to remove dynamic ARP mapping records from the ARP cache table in privileged

mode.

clear arp-cache [ vrf vrf_name | trusted ] [ p [mask ] ] | interface interface-name ]

Parameter


trusted Removes trusted ARP entries.

vrf vrf_name Removes dynamic ARP entries of the specified VRF instance.

ip

Specifies the IP address so as to remove ARP entries of this IP

address. If the trusted keyword is specified, trusted ARP entries are

removed; otherwise, dynamic ARP entries are removed.

mask

Specifies the subnet mask so as to remove ARP entries of the

specified subnet. The preceding IP address must be a subnet

number. If the trusted keyword is specified, trusted ARP entries of the

subnet are removed; otherwise, dynamic ARP entries of the subnet

are removed.

interface interface-name Removes dynamic ARP entries of the specified interface.

Defaults N/A

Command

Mode

Privileged user mode


Usage Guide This command can be used to refresh an ARP cache table.

A Network Foundation Protection Policy (NFPP) device receives one ARP packet for

every MAC or IP address per second by default. If the interval between twice ARP

clearing is within 1 second, the second response packet will be filtered out and the ARP

packet will fail to be parsed in a short time.

Configuration

Examples

The following example removes all dynamic ARP mapping records.

clear arp-cache

The following example removes the dynamic ARP entry 1.1.1.1.

clear arp-cache 1.1.1.1

The following example removes dynamic ARP table entries on interface SVI1.

clear arp-cache interface Vlan 1

Related


arp Adds a static mapping record to the ARP table.

Platform

Description

The parameter trusted is not supported by routers.

clear ip route

Use this command to remove the entire IP routing table or a particular routing record in the IP routing

table in privileged user mode.

clear ip route { * | network [ netmask ] }

Parameter


* Removes all the routes.

network The network or subnet address to be removed

netmask (Optional) Network mask

Defaults N/A

Command

Mode



Usage Guide Once an invalid route is found in the routing table, you can immediately refresh the routing table to get

the updated routes. Note that, however, refreshing the entire routing table will result in a temporary

communication failure on the entire network.

Configuration

Examples

The following example refreshes only the route 192.168.12.0.

1 clear ip route 192.168.12.0

Related


show ip route Shows the IP routing table.

Platform

Description


show arp

Use this command to show the ARP cache table

show arp [ [ vrf vrf-name ] [ trusted ] ip [ mask ] | static | complete | incomplete | mac-address ]

Parameter


vrf vrf-name Shows ARP entries of the specified VRF instance.

trusted

Shows trusted ARP entries. Currently, only the global VRF supports

the trusted ARP.

ip

Shows the ARP entries of the specified IP address.

If the trusted keyword is specified, only trusted ARP entries are

shown; otherwise, non-trusted ARP entries are shown.

ip mask

Shows the ARP entries of the IP subnet.

If the trusted keyword is specified, only trusted ARP entries are

shown; otherwise, non-trusted ARP entries are shown.

static Shows all the static ARP entries.

complete Shows all the resolved dynamic ARP entries.

incomplete Show alls the unresolved dynamic ARP entries.

mac-address Shows the ARP entry with the specified MAC address.

Defaults N/A

Command

Mode

Priviledged user mode

Usage Guide N/A


Configuration

Examples

The following example shows the output result of the show arp command.

Ruijie# show arp

Total Numbers of Arp: 7

Protocol Address Age(min) Hardware

Type Interface

Internet 192.168.195.68 0 0013.20a5.7a5f arpa VLAN 1

Internet 192.168.195.67 0 001a.a0b5.378d arpa VLAN 1

Internet 192.168.195.65 0 0018.8b7b.713e arpa VLAN 1

Internet 192.168.195.64 0 0018.8b7b.9106 arpa VLAN 1

Internet 192.168.195.63 0 001a.a0b5.3990 arpa VLAN 1

Internet 192.168.195.62 0 001a.a0b5.0b25 arpa VLAN 1

Internet 192.168.195.5 -- 00d0.f822.33b1 arpa VLAN 1

Field Description

Protocol Protocol of the network address,which is always set to Internet

Address IP address corresponding to the hardware address

Age (min) Age of the ARP cache record in minutes

If it is locally or statically configured, the value of the field is represented with “-”.

Hardware Hardware address corresponding to the IP address

Type Hardware address type, which is ARPA for Ethernet addresses

Interface Interface associated with the IP address

The following example shows the output result of the show arp 192.168.195.68 command.

Ruijie# show arp 192.168.195.68

Protocol Address Age(min) Hardware Type Interface

Internet 192.168.195.68 1 0013.20a5.7a5f arpa VLAN 1

The example shows the output result of the show arp 192.168.195.0 255.255.255.0 command.

Ruijie# show arp 192.168.195.0 255.255.255.0


Internet 192.168.195.64 0 0018.8b7b.9106 arpa VLAN 1

Internet 192.168.195.2 1 00d0.f8ff.f00e arpa VLAN 1

Internet 192.168.195.5 -- 00d0.f822.33b1 arpa VLAN 1

Internet 192.168.195.1 0 00d0.f8a6.5af7 arpa VLAN 1


Internet 192.168.195.51 1 0018.8b82.8691 arpa VLAN 1

The following example shows the output result of the show arp 001a.a0b5.378d command.

Ruijie# show arp 001a.a0b5.378d


Internet 192.168.195.67 4 001a.a0b5.378d arpa VLAN 1

Related


N/A N/A

Platform

Description

This command is not supported by routers or Layer 2 switches.

show arp counter

Use this command to show the number of ARP entries in the ARP cache table.

show arp counter

Parameter


N/A N/A

Defaults N/A

Command

Mode

Any mode

Usage Guide N/A

Configuration

Examples

The following example shows the output result of the show arp counter command:

Ruijie# show arp counter

The Arp Entry counter:0

The Unresolve Arp Entry:0

Related


N/A N/A

Platform

Description

N/A


show arp detail

Use this command to show details about the ARP cache table.

show arp detail [ interface-type interface-number | ip [ mask ] | mac-address | static | complete |

incomplete ]

Parameter


interface-type

interface-number Shows the ARP entry of a Layer 2 or Layer 3 port.

ip Shows the ARP entry of the specified IP address.

ip mask

Shows the ARP entries of the network segment included within the IP

mask.

mac-address Shows the ARP entry of the specified MAC address.

static Shows all the static ARP entries.

complete Show all the resolved dynamic ARP entries.

incomplete Show all the unresolved dynamic ARP entries.

Defaults N/A

Command

Mode


Usage Guide Use this command to show ARP details, such as the ARP type (Dynamic, Static, Local, Trust) and

information about a specific Layer 2 port.

Configuration

Examples

The following example shows the output result of the show arp detail command.

Ruijie# show arp detail

IP Address MAC Address Type Age(min) Interface Port

20.1.1.1 000f.e200.0001 Static -- -- --

20.1.1.1 000f.e200.0001 Static -- Vl3 --

20.1.1.1 000f.e200.0001 Static -- Vl3 Gi2/0/1

193.1.1.70 00e0.fe50.6503 Dynamic 1 Vl3 Gi2/0/1

192.168.0.1 0012.a990.2241 Dynamic 10 Gi2/0/3 Gi2/0/3

192.168.0.1 0012.a990.2241 Dynamic 20 Ag1 Ag1

192.168.0.1 0012.a990.2241 Dynamic 30 Vl2 Ag2

192.168.0.39 0012.a990.2241 Local -- Vl3 --

192.168.0.39 0012.a990.2241 Local -- Gi2/0/3 --

192.168.0.1 0012.a990.2241 Local -- Vl3 --

192.168.0.1 0012.a990.2241 Local -- Gi2/3/2 --


IP Address IP address corresponding to the hardware address

MAC Address hardware address corresponding to the IP address

Type ARP type, including Static, Dynamic, Trust, and Local.

Age (min) Age of the ARP learning in minutes

Interface Layer 3 interface associated with the IP address

Related


N/A N/A

Platform

Description

This command is supported on Layer 3 switches but not supported on routers.

show arp timeout

Use this command to show the aging time of the dynamic ARP entry on an interface.

show arp timeout

Parameter


N/A N/A

Defaults N/A

Command

Mode

Any mode

Usage Guide N/A

Configuration

Examples

The following example shows the output result of the show arp timeout command:

Ruijie# show arp timeout

Interface arp timeout(sec)

---------------------- ----------------

VLAN 1 3600


Related


N/A N/A

Platform

Description


show ip arp

Use this command to show the ARP cache table in privileged user mode.

show ip arp

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the output result of the show ip arp command.

Ruijie# show ip arp

Protocol Address Age(min)Hardware Type Interface

Internet 192.168.7.233 23 0007.e9d9.0488 ARPA FastEthernet 0/0

Internet 192.168.7.112 10 0050.eb08.6617 ARPA FastEthernet 0/0

Internet 192.168.7.79 12 00d0.f808.3d5c ARPA FastEthernet 0/0

Internet 192.168.7.1 50 00d0.f84e.1c7f ARPA FastEthernet 0/0

Internet 192.168.7.215 36 00d0.f80d.1090 ARPA FastEthernet 0/0

Internet 192.168.7.127 0 0060.97bd.ebee ARPA FastEthernet 0/0

Internet 192.168.7.195 57 0060.97bd.ef2d ARPA FastEthernet 0/0

Internet 192.168.7.183 -- 00d0.f8fb.108b ARPA FastEthernet 0/0

Field Description

Protocol Network address protocol, which is always set to Internet

Address IP address corresponding to the hardware address

Age (min)Age of the ARP cache record in minutes

If it is locally or statically configured, the value of the field is represented with “-”.


Type The type of hardware address, which is ARPA for Ethernet addresses

Related


N/A N/A

Platform

Description


show ip interface

Use this command to show information about the IP status of an interface.

show ip interface [ interface-type interface-number | brief ]

Parameter


interface-type Speciies the interface type.

interface-number Specifies the interface number.

brief

Shows brief configuration information about the IP addresses of the

layer-3 interface, including the interface primary IP address,

secondary IP address, and interface status.

Defaults N/A

Command

Mode


Usage Guide When an interface is available, RGOS will create a direct route in the routing table. An available

interface means that the RGOS software can receive and send packets through this interface. If the

interface changes from available status to unavailable status, the RGOS software removes the direct

route from the routing table.

If the interface is unavailable (two-way communication is allowed), the line protocol status will be

shown as UP. If only the physical line is available, the interface status will be shown as UP.

The results shown may vary with the interface type, because some contents are interface-specific

options.

Configuration

Examples

The following example shows the output result of the show ip interface brirf command.

Ruijie#show ip interface brief

Interface IP-Address(Pri) IP-Address(Sec) Status Protocol

GigabitEthernet 0/10 2.2.2.2/24 3.3.3.3/24 down down

GigabitEthernet 0/11 no address no address down down


2 VLAN 1 1.1.1.1/24 no address down down

Status: link status of the interface. The options include up, down, and administratively

down. The link status of an interface will be administratively down if you run the

shutdown command to forcibly shut down the interface.

Protocol: IPv4 protocol status of the interface.

The following example shows the output result of the show ip interface vlan command.

SwitchA#show ip interface vlan 1

VLAN 1

IP interface state is: DOWN

IP interface type is: BROADCAST

IP interface MTU is: 1500

IP address is:

1.1.1.1/24 (primary)

IP address negotiate is: OFF

Forward direct-broadcast is: OFF

ICMP mask reply is: ON

Send ICMP redirect is: ON

Send ICMP unreachabled is: ON

DHCP relay is: OFF

Fast switch is: ON

Help address is:

Proxy ARP is: OFF

ARP packet input number: 0

Request packet: 0

Reply packet: 0

Unknown packet: 0

TTL invalid packet number: 0

ICMP packet input number: 0

Echo request: 0

Echo reply: 0

Unreachable: 0

Source quench: 0

Routing redirect: 0

Field Description

IP interface state is: The network interface is available, and both its interface hardware

status and line protocol status are UP.

IP interface type is: Shows the interface type, such as broadcast or point-to-point.

IP interface MTU is: Shows the MTU value of the interface.


IP address is: Shows the IP address and mask of the interface.

IP address negotiate is: Shows whether to obtain the IP address through negotiation.

Forward

direct-broadcast is: Shows whether to forward directed broadcast packets.

ICMP mask reply is: Shows whether to send ICMP mask response messages.

Send ICMP redirect is: Shows whether to send ICMP redirection messages.

Send ICMP

unreachabled is: Shows whether to send ICMP unreachable messages.

DHCP relay is: Shows whether DHCP relay is enabled.

Fast switch is: Shows whether the IP fast switching function is enabled.

Route horizontal-split is: Shows whether horizontal split is enabled, which will affect the route

update behavior of the distance vector protocol.

Help address is: Shows the helper IP address.

Proxy ARP is: Shows whether the proxy ARP is enabled.

ARP packet input

number: 0

Request

packet: 0

Reply

packet: 0

Unknown

packet: 0

Shows the total number of ARP packets received on the interface,

including:

ARP request packets

ARP reply packets

Unknown packets

TTL invalid packet

number: Shows the number of packets with invalid TTL.

ICMP packet input

number: 0

Echo request:

0

Echo reply:

0

Unreachable:

0

Source quench:

0

Routing redirect:

0

Shows the total number of ICMP packets received on the interface,

including:

Echo request packets

Echo reply packets

Unreachable packets

Source quench packets

Routing redirection packets

Outgoing access list is Shows whether an outgoing access list has been configured for an

interface.

Inbound access list is Shows whether an incoming access list has been configured for an

interface.


Related


N/A N/A

Platform

Description

N/A

show ip pool

Use this command to display an IP address pool of the system.

show ip pool [ pool-name ]

Parameter


pool-name Address pool name

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the output result of the show ip pool command.

Ruijie#show ip pool

Pool Begin End Free In use

aaa 1.1.1.1 1.1.1.200 200 0

ccc 2.2.2.2 2.2.2.211 210 0

Related


ip local pool Configures the IP address pool.

Platform

Description

This command is not supported on switches.


ip mask-reply

Use this command to configure the RGOS software to respond to the ICMP mask request and send

an ICMP response message in interface configuration mode. Use the no form of this command to

disable the sending of the ICMP mask response message.

ip mask-reply

no ip mask-reply

Parameter


N/A N/A

Defaults No ICMP mask response message is sent.

Command

Mode


Usage Guide Sometimes a network device needs to know the subnet mask of a subnet on the Internet. To obtain

such information, the network device can send an ICMP mask request message, and the network

device that receives this message will return a mask response message.

Configuration

Examples

The following example sets the FE interface 0/1 of a device to respond to the ICMP mask request

message.


ip mask-reply

Related


N/A N/A

Platform

Description


ip mtu

Use this command to set the Maximum Transmission Unit (MTU) for IP packets in interface

configuration mode. Use the no form of this command to restore the default settings.

ip mtu bytes

no ip mtu

Parameter



bytes

Maximum transmission unit of IP packets ranging from 68 to 1500

bytes

Defaults The MTU is the same as the MTU value configured by the interface command mtu.

Command

Mode


Usage Guide If an IP packet is larger than the IP MTU, the RGOS software will split this packet. All the devices in

the same physical network segment must have the same IP MTU for the interconnected interface.

If the interface configuration command mtu is used to set the MTU value of the interface, IP MTU will

automatically match with the MTU value of the interface. However, if the IP MTU value is changed,

the MTU value of the interface will remain unchanged.

Configuration

Examples

The following example sets the IP MTU value of the FE interface 0/1 to 512 bytes.


ip mtu 512

Related


mtu Sets the MTU value of an interface.

Platform

Description


ip redirects

Use this command to allow the RGOS software to send an ICMP redirection message in interface

configuration mode. Use the no form of this command to disable the ICMP redirection function.

ip redirects

no ip redirects

Parameter


N/A N/A

Defaults The ICMP redirection function is enabled.

Command

Mode



Usage Guide When the route is not optimal, it may cause the device to receive packets through one interface and

send it though the same interface. If the device sends the packet from the same interface through

which this packet is received, the device will send an ICMP redirection message to the data source,

telling the data source that the gateway for the destination address is another device in the subnet. In

this way, the data source will send subsequent packets along the optimal path.

The RGOS software enables ICMP redirection by default.

Configuration

Examples

The following example disables ICMP redirection on the FE interface 0/1.


no ip redirects

Related


N/A N/A

Platform

Description


ip source-route

Use this command to allow the RGOS software to process an IP packet with source route information

in global configuration mode. Use the no form of this command to disable the source route

information processing function.

ip source-route

no ip source-route

Parameter


N/A N/A

Defaults The function is enabled.

Command

Mode


Usage Guide RGOS supports IP source routes. When the device receives an IP packet, it will check the options of

the IP packet, such as strict source route, loose source route and record route. Details about these

options can be found in RFC 791. If an option is found to be enabled in this packet, a response will be

made. If an invalid option is detected, an ICMP parameter error message will be sent to the data

source, and then this packet is discarded.

The RGOS software supports IP source routes by default.


Configuration

Examples

The following example disables the IP source route feature.

no ip source-route

Related


N/A N/A

Platform

Description


ip unreachables

Use this command to allow the RGOS software to generate ICMP destination unreachable

messages. Use the no form of this command to disable this function.

ip unreachables

no ip unreachables

Parameter


N/A N/A

Defaults The function is enabled.

Command

Mode


Usage Guide RGOS software will send an ICMP destination unreachable message if it receives a unicast message

in which the destination address is itself and cannot process the upper protocol of this message.

RGOS software will send an ICMP host unreachable message to the data source if it cannot forward

a message due to no routing.

This command influences all ICMP destination unreachable messages.

Configuration

Examples

The following example disables the sending of ICMP destination unreachable messages on the FE

interface 0/1.


no ip unreachables


Related


N/A N/A

Platform

Description


Command Reference TCP Commands

TCP Commands

ip tcp mss

Use this command to configure the upper limit of the MSS value. Use the no form of this command to


ip tcp mss max-segment-size

no ip tcp mss

Parameter


max-segment-size Upper limit of the MSS value in the range from 68 to 10000 bytes

Defaults The upper limit is not set by default.

Command

Mode


Usage Guide This command is used to limit the maximum value of MSS for the TCP connection to be created. The

negotiated MSS cannot exceed the configured value. You can use this command to reduce the

maximum value of MSS. However, this configuration is not needed in general.

Configuration

Examples

Ruijie(config)# ip tcp mss 1300

Related


N/A N/A

Platform

Description

This command is supported by RGOS 10.3 and later versions.

ip tcp not-send-rst

Use this command to prohibit sending the reset packet when a port-unreachable packet is received.

Use the no form of this command to remove the configuration.

ip tcp not-send-rst

no ip tcp not-send-rst

Parameter



N/A N/A

Defaults The reset packet is sent when a port-unreachable packet is received.

Command

Mode


Usage Guide When the TCP module distributes TCP packets, if the TCP connection to which such packets belong

cannot be found, a reset packet will be returned to the peer end to terminate the TCP connection. The

attacker may initiate attacks by sending a large number of port-unreachable TCP packets. You can

use this command to prohibit sending the reset packet when a port-unreachable packet is received.

Configuration

Examples

Ruijie(config)# ip tcp not-send-rst

Related


N/A N/A

Platform

Description


ip tcp path-mtu-discovery

Use this command to enable Path Maximum Transmission Unit (PMTU) discovery function for TCP in

global configuration mode. Use the no form of this command to disable this function.

ip tcp path-mtu-discovery [ age-timer minutes | age-timer infinite ]

no ip tcp path-mtu-discovery

Parameter


age-timer minutes

The time interval for further discovery after discovering PMTU. Its

value ranges from 10 to 30 minutes. The default value is 10.

age-timer infinite No further discovery after discovering PMTU

Defaults The PMTU discovery function is disabled.

Command

Mode


Usage Guide Based on RFC1191, the TCP path MTU function improves the network bandwidth utilization and data

transmission when the user uses TCP to transmit the data in batch.

Enabling or disabling this function takes no effect for existent TCP connections and is only effective

for TCP connections to be created. This command is valid for both IPv4 and IPv6 TCP.


According to RFC1191, after discovering the PMTU, the TCP uses a greater MSS to detect the new

PMTU at a certain interval, which is specified by the parameter age-timer. If the PMTU discovered is

smaller than the MSS negotiated between two ends of the TCP connection, the device will be trying to

discover the greater PMTU at the specified interval untill the PMTU value reaches the MSS or the

user stops this timer. Use the parameter age-timer infinite to stop this timer.

Configuration

Examples

Ruijie(config)# ip tcp path-mtu-discovery

Related


show tcp pmtu

Shows the PMTU value for the TCP

connection.

Platform

Description


ip tcp syntime-out

Use this command to set the timeout value for SYN packets (the maximum time from SYN

transmission to successful three-way handshake). Use the no form of this command to restore the

default value.

ip tcp syntime-out seconds

no ip tcp syntime-out

Parameter


seconds

Timeout value for SYN packets in the range from 5 to 300 seconds.

The default value is 20.

Defaults 20 seconds

Command

Mode


Usage Guide If there is an SYN attack in the network, reducing the SYN timeout value can prevent resource

consumption, but it takes no effect for successive SYN attacks. When the device actively requests a

connection with an external device, reducing the SYN timeout value can shorten the time for the user

to wait, such as telnet login. For poor network conditions, the timeout value can be increased

properly.

Configuration

Examples

Ruijie(config)# ip tcp syntime-out 10


Related


N/A N/A

Platform

Description


ip tcp window-size

Use this command to change the size of receiving buffer and sending buffer for TCP connections.


ip tcp window-size size

no ip tcp window-size

Parameter


size

Size of receiving buffer and sending buffer for TCP connections in the

range from 0 to 65535 bytes. The default value is 4096.

Defaults The size of receiving buffer and sending buffer is 4096 bytes.

Command

Mode


Usage Guide The TCP receiving buffer is used to buffer the data received from the peer end. These data will be

subsequently read by application programs. Generally, the window size of TCP packets implies the

size of free space in the receiving buffer. For connections involving a large bandwidth and mass data,

increasing the size of receiving buffer will remarkably improve TCP transmission performance.

The sending buffer is used to buffer the data of application programs. Each byte in the sending buffer

has a sequence number, and bytes with sequence numbers acknowledged will be removed from the

sending buffer. Increasing the sending buffer will improve the interaction between TCP and

application programs, thus enhancing the performance. However, increasing the receiving buffer and

sending buffer will result in more memory consumption of TCP.

This command is used to change the size of receiving buffer and sending buffer for TCP connections.

This command changes both the receiving buffer and sending buffer, and only applies to subsequent

connections.

Configuration

Examples

Ruijie(config)# ip tcp window-size 16386

Related


N/A N/A


Platform

Description


show tcp connect

Use this command to display basic information about the current TCP connections.

show tcp connect

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie#sh tcp connect

tcp connect status:

TCB Local Address Foreign Address State

cf25000 0.0.0.0.2650 0.0.0.0.0 LISTEN

c441000 0.0.0.0.23 0.0.0.0.0 LISTEN

c441800 1.1.1.1.23 1.1.1.2.64201 ESTABLISHED

c444cc0 ::.23 ::.0 LISTEN

c429980 3000::1.23 3000::2.64236 ESTABLISHED

Field Description

TCB The control block’s location in the current memory

Local Address Th Local address and port number. The number after the last

“.” is the port number. For example, in “2002::2.23” and

“192.168.195.212.23” , “23” is the port number.

Foreign Address The remote address and port number. The number after the

last “.” is the port number. For example, in “2002::2.23” and


State Current status of the TCP connection. There are eleven

possible states:

CLOSED: The connection has been closed.

LISTEN: Listening state

SYNSENT: In the three-way handshake phase when the SYN

packet has been sent out.

SYNRCVD: In the three-way handshake phase when the SYN

packet has been received.


ESTABLISHED: The connection has been established.

FINWAIT1: The local end has sent the FIN packet.

FINWAIT2: The FIN packet sent by the local end has been

acknowledged.

CLOSEWAIT: The local end has received the FIN packet from

the peer end.

LASTACK: The local end has received the FIN packet from the

peer end, and then sent its own FIN packet.

CLOSING: The local end has sent the FIN packet from the peer

end, and received the FIN packet from the peer end before the

ACK packet for the peer end to respond with this FIN packet is

received.

TIMEWAIT: The FIN packet sent by the local end has been

acknowledged, and the local end has also acknowledged the

FIN packet.

Related


N/A N/A

Platform

Description


show tcp pmtu

Use this command to display information about TCP PMTU.

show tcp pmtu

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show tcp pmtu

No. Local Address Foreign Address PMTU

[1] 2002::1.18946 2002::2.23 1440

[2] 192.168.195.212.23 192.168.195.112.13560 1440


Field Description

No. Sequence number

Local Address The local address and the port number. The number after the last

“.” is the port number. For example, in “2002::2.23” and


Foreign Address The remote address and the port number. The number after the

last "." is the port number. For example, in “2002::2.23” and


PMTU PMTU value

Related


ip tcp path-mtu-discovery Enables the TCP PMTU discovery function.

Platform

Description


show tcp port

Use this command to show information about the current TCP port.

show tcp port

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie#sh tcp port

tcp port status:

Tcpv4 listen on 2650 have connections:

TCB Foreign Address Port State

Tcpv4 listen on 2650 have total 0 connections.



c340800 1.1.1.2 64571 ESTABLISHED





c429980 3000::2 64572 ESTABLISHED


Field Description

TCB The control block’s location in the current memory

Foreign Address Remote address

Port Remote port number

State Status of the current TCP connection. There are eleven possible

states:

CLOSED: The connection has been closed.

LISTEN: Listening state

SYNSENT: In the three-way handshake phase when the SYN

packet has been sent.

SYNRCVD: In the three-way handshake phase when the SYN

packet has been received.

ESTABLISHED: The connection has been established.

FINWAIT1: The local end has sent the FIN packet.

FINWAIT2: The FIN packet sent by the local end has been

acknowledged.

CLOSEWAIT: The local end has received the FIN packet from

the peer end.

LASTACK: The local end has received the FIN packet from the

peer end, and then sent its own FIN packet.

CLOSING: The local end has sent the FIN packet from the peer

end, and received the FIN packet from the peer end before the

ACK packet for the peer end to respond with this FIN packet is

received.

TIMEWAIT: The FIN packet sent by the local end has been

acknowledged, and the local end has also acknowledged the FIN

packet.

Related


N/A N/A

Platform

Description


Command Reference DHCP Commands

DHCP Commands

bootfile

Use this command to define the startup mapping file name of the DHCP client in DHCP address pool

configuration mode. Use the no form of this command to remove the definition.

bootfile file-name

no bootfile


Description file-name Startup file name

Defaults No startup file name is defined by default.

Command

Mode

DHCP address pool configuration mode.

Usage Guide Some DHCP clients need to download the operating system and the configuration file during startup.

The DHCP server should provide the mapping file name required for the startup, so that DHCP clients

can download the file from the corresponding server such as Trivial File Transfer Protocol (TFTP).

Other servers are defined by the next-server command.

Configuration

Examples

The following example defines device.conf as the startup file name.

bootfile device.conf


Commands ip dhcp pool

Defines the name of the DHCP address pool and enters DHCP address pool

configuration mode.

next-server Configures the next server IP address of the DHCP client startup process.

Platform

Description

N/A

client-identifier

Use this command to define the unique ID of the DHCP client (indicated in hexadecimal separated by

dot) in DHCP address pool configuration mode. Use the no form of this command to delete the client

ID.

client-identifier unique-identifier

no client-identifier



Description

unique-identifier

DHCP client ID indicated in hexadecimal and separated by dot, for

instance,

0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31.

Defaults N/A

Command

Mode

DHCP address pool configuration mode

Usage Guide When some DHCP clients request the DHCP server to assign IP addresses, they use their client IDs

rather then their hardware addresses. The client ID consists of the media type, MAC addresses and

interface name. For example, the MAC address is 00d0.f822.33b4, the interface name is

GigabitEthernet 0/1, and the corresponding client ID is

0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31, where, 01 denotes the type of

the Ethernet media.

The 67.6967.6162.6974.4574.6865.726e.6574.302f.31 is the hexadecimal code of GigabitEthernet0/1.

For the definition of the media code, see the section "Address Resolution Protocol Parameters" in the

RFC1700.

This command is used only when the DHCP is defined by manual binding.

Configuration

Examples

The following example defines the client ID of the Ethernet DHCP client whose MAC address is

00d0.f822.33b4.

Ruijie(dhcp-config)# client-identifier

0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31

Command Description

hardware-address Defines the hardware address of DHCP client.

host Defines the IP address and network mask, which is used to configure the

DHCP manual binding.

Related

Commands

ip dhcp pool Defines the name of the DHCP address pool and enters DHCP address pool

configuration mode.

Platform

Description

N/A

client-name

Use this command to define the name of the DHCP client in DHPC address pool configuration mode.

Use the no form of this command to delete the name of the DHCP client.

client-name client-name

no client-name



Description

client-name

Name of DHCP client, which is a set of standard-based ASCII

characters. The name should not include the suffix domain

name. For example, you can define the name of the DHCP

client as river, not river.i-net.com.cn.

Defaults No client name is defined by default.

Command

Mode


Usage Guide This command can be used to define the name of the DHCP client only when the DHCP is defined by

manual binding. This name should not include the suffix domain name.

Configuration

Examples

The following example defines a string river as the name of the client.

Ruijie(dhcp-config)# client-name river

Command Description

host Defines the IP address and network mask, which is used to

configure the DHCP manual binding.

Related

Commands

ip dhcp pool Defines the name of the DHCP address pool and enters DHCP

address pool configuration mode.

Platform

Description

N/A

default-router

Use this command to define the default gateway of the DHCP client in DHPC address pool

configuration mode. Use the no form of this command to delete the definition of the default gateway.

default-router ip-address [ ip-address2…ip-address8 ]

no default-router


ip-address Defines the IP address of the equipment. It is required to

configure one IP address at least.

Parameter

Description

ip-address2…ip-address8 (Optional) Up to eight gateways can be configured.

Defaults No gateway is defined by default.

Command

Mode


Usage Guide In general, the DHCP client should get the information of the default gateway from the DHCP server.

The DHCP server should specify at least one gateway address for the client, and this address should


be of the same network segment as the address assigned to the client.

Configuration

Examples

The following example defines 192.168.12.1 as the default gateway.

Ruijie(dhcp-config)# default-router 192.168.12.1



Defines the name of the DHCP address pool and enters DHCP


Platform

Description

N/A

dns-server

Use this command to define the Domain Name System (DNS) server of the DHCP client in DHPC

address pool configuration mode. Use the no form of this command to delete the definition of the

DNS server.

dns-server { ip-address [ ip-address2…ip-address8 ] | use-dhcp-client interface-type

interface-number }

no dns-server


ip-address Defines the IP address of the DNS server. At least one IP address

should be configured.

Parameter

Description

ip-address2…ip-address8 (Optional) Up to eight DNS servers can be configured.

Defaults No DNS server is defined by default.

Command

Mode


Usage Guide When multiple DNS servers are defined, the former will possess higher priory, so the DHCP client will

select the next DNS server only when its communication with the former DNS server fails.

Configuration

Examples

The following example specifies the DNS server 192.168.12.3 for the DHCP client.

Ruijie(dhcp-config)# dns-server 192.168.12.3

Command Description

domain-name Defines the suffix domain name of the DHCP client.

ip address dhcp Enables the DHCP client on the interface to obtain the IP address information.

Related

Commands


configuration mode.


Platform

Description

N/A

domain-name

Use this command to define the suffix domain name of the DHCP client in DHPC address pool

configuration mode. Use the no form of this command to delete the suffix domain name.

domain-name domain-name

no domain-name


domain-name Defines the suffix domain name string of the DHCP client.

Parameter

Description

Defaults No suffix domain name is defined by default.

Command

Mode


Usage Guide After the DHCP client obtains specified suffix domain name, it can access a host with the same suffix

domain name by the host name directly.

Configuration

Examples

The following example defines the suffix domain name i-net.com.cn for the DHCP client.

Ruijie(dhcp-config)# domain-name i-net.com.cn

Command Description

dns-server Defines the DNS server of the DHCP client.

Related

Commands


configuration mode.

Platform

Description

N/A

hardware-address

Use this command to define the hardware address of the DHCP client in DHPC address pool

configuration mode. Use the no form of this command to delete the definition of the hardware

address.

hardware-address hardware-address [ type ]

no hardware-address


Description hardware-address Defines the hardware address of the DHCP client.


type

Uses the string definition or digits definition to indicate the hardware

platform protocol of the DHCP client,:

String options:

Ethernet

ieee802

Digits options:

1 (10M Ethernet)

6 (IEEE 802)

Defaults No hardware address is defined by default.

If there is no option when the hardware address is defined, it is Ethernet by default.

Command

Mode


Usage Guide This command can be used only when the DHCP is defined by manual binding.

Configuration

Examples

The following example defines the MAC address 00d0.f838.bf3d with the type ethernet.

Ruijie(dhcp-config)# hardware-address 00d0.f838.bf3d

Command Description

client-identifier Defines the unique ID of the DHCP client (Indicated in hexadecimal

separated by dot).

Related

Commands

host Defines the IP address and network mask, which is used to configure

the DHCP manual binding.

ip dhcp pool

Defines the name of the DHCP address pool and enters DHCP


Platform

Description

N/A

host

Use this command to define the IP address and network mask of the DHCP client host in DHCP

address pool configuration mode. Use the no form of this command to delete the definition of the IP

address and network mask for the DHCP client.

host ip-address [ netmask ]

no host


ip-address Defines the IP address of DHCP client.

Parameter

Description

netmask Defines the network mask of DHCP client.

Defaults No IP address or network mask of the host is defined by default.


Command

Mode


Usage Guide If the network mask is not defined definitely, the DHCP server will use the natural network mask of

this IP address: 255.0.0.0 for class A IP address, 255.255.0 for class B IP address, and

255.255.255.0 for class C IP address.

This command can be used only when the DHCP is defined by manual binding.

Configuration

Examples

The following example sets the client IP address as 192.168.12.91, and the network mask as

255.255.255.240.

Ruijie(dhcp-config)# host 192.168.12.91 255.255.255.240

Command Description

client-identifier Defines the unique ID of the DHCP client (Indicated in

hexadecimal separated by dot).

hardware-address Defines the hardware address of DHCP client.

Related

Commands



Platform

Description

N/A

ip address dhcp

Use this command to make the Ethernet interface or the Point-to-Point Protocol (PPP),

High-Level Data Link Control (HDLC) and Frame Relay (FR) encapsulated interface obtain the IP

address information by DHCP in interface configuration mode. Use the no form of this command to

cancel this configuration.

ip address dhcp

no ip address dhcp


Description N/A N/A

Defaults The interface cannot obtain the ID address by the DHCP by default.

Command

Mode


Usage Guide When requesting the IP address, the DHCP client of the RGOS software also requires the DHCP

server to provide information about five configuration parameters: 1) DHCP option 1, indicates the

client subnet mask; 2) DHCP option 3, indicates the same as the gateway information of the same

subnet; 3) DHCP option 6, indicates the DNS server information; 4) DHCP option 15, indicates the


host suffix domain name; 5) DHCP option 44, indicates the WINS server information (optional).

The client of the RGOS software is allowed to obtain the address on the PPP, FR or HDL link by the

DHCP, which should be supported by the server. At present, our server supports this function.

Configuration

Examples

The following example makes the FastEthernet 0 port obtain the IP address automatically.


Ruijie(config-FastEthernet 0/1)# ip address dhcp

Command Description

dns-server Defines the DNS server of DHCP client.

Related

Commands



Platform

Description

N/A

ip dhcp excluded-address

Use this command to define some IP addresses and prevent the DHCP server from assigning them

to the DHCP client in global configuration mode. Use the no form of this command to cancel this

definition.

ip dhcp excluded-address low-ip-address [ high-ip-address ]

no ip dhcp excluded-address low-ip-address [ high-ip-address ]


low-ip-address Excludes the IP address, or excludes the start IP address

within the range of the IP address.

Parameter

Description

high-ip-address Excludes the end IP address within the range of the IP

address.

Defaults The DHCP server assigns the IP addresses of the whole address pool by default.

Command

Mode


Usage Guide If no excluded IP address is configured, the DHCP server attempts to assign all IP addresses in the

DHCP address pool. This command can reserve some IP addresses for specific hosts to prevent the

DHCP from assigning these addresses to the DHCP client, and define the excluded IP address

accurately to reduce the conflict detecting time when the DHCP server assigns the address.

Configuration

Examples

The following example configures that the DHCP server will not assign the IP addresses within

192.168.12.100 to 150.

Ruijie(config)# ip dhcp excluded-address 192.168.12.100 192.168.12.150




Defines the name of the DHCP address pool and enters


network (DHCP)

Defines the network number and network mask of the

DHCP address pool.

Platform

Description

N/A

ip dhcp ping packets

Use this command to configure the times of pinging the IP address when the DHCP server detects

the address conflict in global configuration mode. Use the no form of this command to restore the

default configuration

ip dhcp ping packets [ number ]

no ip dhcp ping packets


Description

number

(Optional) Number of packets in the range from 0 to 10, where 0

indicates disabling the ping operation. The ping operation sends

two packets by default.

Defaults The ping operation sends two packets by default.

Command

Mode


Usage Guide When the DHCP server attempts to assign the IP address from the DHCP address pool, use the ping

operation to check whether this address is occupied by other hosts. Record it if the address is

occupied, otherwise, assign it to the DHCP client. The ping operation will send up to 10 packets (two

packets by default).

Configuration

Examples

The following example sets the number of the packets sent by the ping operation to 3.

Ruijie(config)# ip dhcp ping packets 3


Commands clear ip dhcp conflict Clears the DHCP history conflict record.


Configures the timeout that the DHCP server waits for

the ping response. If all the ping packets are not

responded within the specified time, this IP address

can be assigned. Otherwise, it will record the address

conflict.

show ip dhcp conflict Shows the DHCP server detects address conflict


when it assigns an IP address.

Platform

Description

N/A

ip dhcp ping timeout

Use this command to configure the timeout that the DHCP server waits for a response when it uses

the ping operation to detect the address conflict in global configuration mode. Use the no form of this

command to restore it to the default configuration.

ip dhcp ping timeout milli-seconds

no ip dhcp ping timeout


Description milli-seconds

Time that the DHCP server waits for ping response in

the range 100 to 10000 milliseconds.

Defaults The timeout is 500 seconds by default.

Command

Mode


Usage Guide This command defines the time that the DHCP server waits for a ping response packet.

Configuration

Examples

The following example configures that the waiting time of the ping response packet is 600ms.

Ruijie(config)# ip dhcp ping timeout 600


Commands clear ip dhcp conflict Clears the DHCP history conflict record.


Defines the number of the packets sent by the ping

operation for the detection of the address conflict

when the DHCP server assigns an IP address.

show ip dhcp conflict

Shows the address conflict the DHCP server detects

when it assigns an IP address.

Platform

Description

N/A

ip dhcp pool

Use this command to define a name of the DHCP address pool and enter DHCP address pool

configuration mode in global configuration mode. Use the no form of this command to delete the

DHCP address pool.


ip dhcp pool pool-name

no ip dhcp pool pool-name


Description pool-name

String of characters and positive integers, for

example, mypool or 1.

Defaults No DHCP address pool is defined by default.

Command

Mode


Usage Guide Execute the command to enter DHCP address pool configuration mode, which is shown as:

Ruijie(dhcp-config)#

In this configuration mode, you can configure the IP address range, the DNS server and the default

gateway.

Configuration

Examples

The following example defines a DHCP address pool with the name mypool0.

Ruijie(config)# ip dhcp pool mypool0

Ruijie(dhcp-config)#

Related


host

Defines the IP address and network mask, which is

used to configure the DHCP manual binding.

ip dhcp excluded-address

Defines the IP addresses that the DHCP server

cannot assign to the clients.

network (DHCP)

Defines the network number and network mask of the

DHCP address pool.

Platform

Description

N/A

lease

Use this command to define the lease time of the IP address that the DHCP server assigns to the

client in DHCP address pool configuration mode. Use the no form of this command to restore the

default configuration.

lease { days [ hours ] [ minutes ] | infinite }

no lease


Description days Lease time in days


hours (Optional) Lease time in hours. It is necessary to

define the days before defining the hours.

minutes

(Optional) Lease time in minutes. It is necessary to

define the days and hours before defining the

minutes.

infinite Infinite lease time

Defaults The lease time is 1 day by default.

Command

Mode


Usage Guide When the lease is getting near to expire, the DHCP client will send the request of renewing the lease.

In general, the DHCP server will allow renewing the lease of the original IP address.

Configuration

Examples

The following example sets the DHCP lease to 1 hour.

Ruijie(dhcp-config)# lease 0 1

The following example sets the DHCP lease to 1 minute.

Ruijie(dhcp-config)# lease 0 0 1



Defines the name of the DHCP address pool and

enters DHCP address pool configuration mode.

Platform

Description

N/A

netbios-name-server

Use this command to configure the WINS name server of the Microsoft DHCP client NETBIOS in

DHCP address pool configuration mode. Use the no form of this command to delete the WINS

server.

netbios-name-server ip-address [ ip-address2…ip-address8 ]

netbios-name-server


Description ip-address

IP address of the WINS server. It is required to


ip-address2…ip-address8

(Optional) IP addresses of WINS servers. Up to

eight WINS servers can be configured.

Defaults No WINS server is defined by default.

Command DHCP address pool configuration mode


Mode

Usage Guide When more than one WINS server is defined, the former has higher priory. The DHCP client will

select the next WINS server only when its communication with the former WINS server fails.

Configuration

Examples

The following example specifies the WINS server 192.168.12.3 for the DHCP client.

Ruijie(dhcp-config)# netbios-name-server 192.168.12.3

Command Description

ip address dhcp Enables the DHCP client on the interface to obtain

the IP address.

Related

Commands

ip dhcp pool Defines the name of the DHCP address pool and

enter DHCP address pool configuration mode.

Platform

Description

N/A

netbios-node-type

Use this command to define the node type of the master NetBIOS of the Microsoft DHCP client in the

DHCP address configuration mode. Use the no form of this command to delete the configuration of

the NetBIOS node type.

netbios-node-type type

no netbios-node-type


Description

type

Type of node in two modes:

Digit in hexadecimal form in the range of 0 to FF.

Only the following numerals are available:

1: b-node.

2: p-node.

4: m-node.

8: h-node.

String:

b-node: broadcast node

p-node: peer-to-peer node

m-node: mixed node

h-node: hybrid node

Defaults No type of the NetBIOS node is defined by default.

Command

Mode



Usage Guide There are four types of the NetBIOS nodes of the Microsoft DHCP client: 1) Broadcast, which carries

out the NetBIOS name resolution by the broadcast method, 2) Peer-to-peer, which directly requests

the WINS server to carry out the NetBIOS name resolution, 3) Mixed, which requests the name

resolution by the broadcast method firstly, and then carry out the name resolution by the WINS server

connection, 4) Hybrid, which requests the WINS server to carry out the NetBIOS name resolution

firstly, and it will carry out the NetBIOS name resolution by the broadcast method if the response is

not received.

By default, the node type for Microsoft operating system is broadcast or hybrid. If the WINS server is

not configured, broadcast node is used. Otherwise, hybrid node is used. It is recommended to set the

type of the NetBIOS node to Hybrid.

Configuration

Examples

The following example sets the NetBIOS node of Microsoft DHCP client as Hybrid.

Ruijie(dhcp-config)# netbios-node-type h-node



Defines the name of DHCP address pool and enter


netbios-name-server

Configures the WINS name server of the Microsoft

DHCP client NETBIOS.

Platform

Description

N/A

network (DHCP)

Use this command to define the network number and network mask of the DHCP address pool. Use

the no form of this command to delete the definition.

network net-number net-mask

no network


net-number Network number of the DHCP address pool

Parameter

Description

net-mask

Network mask of the DHCP address pool. If the

network mask is not defined, the natural network

mask will be used by default.

Defaults No network number or network mask is defined by default.

Command

Mode


Usage Guide This command defines the subnet and subnet mask of a DHCP address pool, and provides the

DHCP server with an address space which can be assigned to the clients. Unless excluded

addresses are configured, all the addresses of the DHCP address pool can be assigned to the


clients. The DHCP server assigns the addresses in the address pool in priority order. If the DHCP

server found an IP address is in the DHCP binding table or in the network segment, it checks the next

until it assigns an effective IP address.

The show ip dhcp binding command can be used to view the address assignment, and the show ip

dhcp conflict command can be used to view the address conflict detection.

Configuration

Examples

The following example defines the network number of the DHCP address pool as 192.168.12.0, and

the network mask as 255.255.255.240.

Ruijie(dhcp-config)# network 192.168.12.0 255.255.255.240

Command Description

ip dhcp excluded-address Defines the IP addresses that the DHCP server

cannot assign to the clients.

Related

Commands



Platform

Description

N/A

next-server

Use this command to define the startup sever list that the DHCP client accesses during startup. Use

the no form of this command to delete the definition of the startup server list.

next-server ip-address [ ip-address2…ip-address8 ]

no next-server


Description

ip-address

Defines the IP address of the startup server, which

is usually the TFTP server. It is required to


ip-address2…ip-address8

(Optional) Configures IP addresses of up to eight

startup servers.

Defaults N/A

Command

Mode


Usage Guide When multiple servers are defined, the former will possess higher priory. The DHCP client will select

the next startup server only when its communication with the former startup server fails.

Configuration

Examples

The following example specifies the startup server 192.168.12.4 for the DHCP client.

Ruijie(dhcp-config)# next-server 192.168.12.4


Command Description

bootfile Defines the default startup mapping file name of

the DHCP client.



Related

Commands

ip help-address Defines the Helper address on the interface.

option

Configures the option of the RGOS software DHCP

server.

Platform

Description

N/A

option

Use this command to configure the option of the DHCP server. Use the no form of this command to

delete the definition of option.

option code { ascii string | hex string | ip ip-address }

no option

Parameter


code Defines the DHCP option codes.

ascii string Defines an ASCII string.

hex string Defines a hexadecimal string.

ip ip-address Defines an IP address list.

Defaults N/A

Command

Mode


Usage Guide The DHCP provides a mechanism to transmit the configuration information to the host in the TCP/IP

network. The DHCP message has a variable option field that can be defined according to the actual

requirement. The DHCP client needs to carry the DHCP message with at least 312 bytes of option

information. Furthermore, the fixed data field in the DHCP message is also referred to as an option.

For the current definition of DHCP option, see the RFC 2131.

Configuration

Examples

The following example defines the option code 19, which determines whether the DHCP client can

enable the IP packet forwarding. 0 indicates to disable the IP packet forwarding, and 1 indicates to

enable the IP packet forwarding. The following configuration enables the IP packet forwarding on the

DHCP client.

Ruijie(dhcp-config)# option 19 hex 1


The following example defines the option code 33, which provides the DHCP client with the static

route information. The DHCP client will install two static routes: 1) the destination network

172.16.12.0 and the gateway 192.168.12.12, 2) the destination network 172.16.16.0 and the gateway

192.168.12.16.

option 33 ip 172.16.12.0 192.168.12.12 172.16.16.0 192.168.12.16



Defines the name of the DHCP address pool and


Platform

Description

N/A

service dhcp

Use this command to enable the DHCP server and the DHCP relay on the device in global

configuration mode. Use the no form of this command to disable the DHCP server and the DHCP

relay agent.

service dhcp

no service dhcp


Description N/A N/A

Defaults The DHCP server and the DHCP relay agent are disabled by default.

Command

Mode


Usage Guide The DHCP server can assign the IP addresses to the clients automatically and provide them with the

network configuration information such as the configuration information about the DNS server and

default gateway. The DHCP relay can forward the DHCP requests to other servers, and the returned

DHCP responses to the DHCP client, serving as the relay for DHCP packets.

Configuration

Examples

The following example enables the DHCP server and the DHCP relay agent on the device.

Ruijie(config)# service dhcp


Commands show ip dhcp server statistics

Shows various statistics information of the

DHCP server.

Platform

Description

N/A


clear ip dhcp binding

Use this command to clear the DHCP binding table in privileged user mode.

clear ip dhcp binding { * | ip-address }


Description * Deletes all DHCP bindings.

Defaults N/A

Command

Mode


Usage Guide This command can only clear the automatic DHCP binding, but the manual DHCP binding can be

deleted by the no ip dhcp pool command.

Configuration

Examples

The following example clears the DHCP binding with the IP address 192.168.12.100.

Ruijie# clear ip dhcp binding 192.168.12.100


Commands show ip dhcp binding Shows the address binding of the DHCP server.

Platform

Description

N/A

clear ip dhcp conflict

Use this command to clear the DHCP address conflict record in privileged user mode.

clear ip dhcp conflict { * | ip-address }


* Deletes all DHCP address conflict records.

Parameter

Description

ip-address Deletes the conflict record of the specified IP

addresses.

Defaults N/A

Command

Mode


Usage Guide The DHCP server uses the ping session to detect the address conflict, while the DHCP

client uses the address resolution protocol (ARP) to detect the address conflict. The

clear ip dhcp conflict command can be used to delete the history conflict record.


Configuration

Examples

The following example clears all address conflict records.

Ruijie# clear ip dhcp conflict *

Command Description


Defines the number of the packets sent by the ping

operation for the detection of the address conflict when

the DHCP server assigns an IP address.

Related

Commands

show ip dhcp conflict Shows the address conflict that the DHCP server

detects when it assigns an IP address.

Platform

Description

N/A

clear ip dhcp server statistics

Use this command to reset the counter of the DHCP server in privileged user mode.



N/A N/A

Parameter

Description

Defaults N/A

Command

Mode


Usage Guide The counter of the DHCP server records the entries of the DHCP address pool, automatic binding,

manual binding and expired binding. Furthermore, it also collects statistics about the number of sent

and received DHCP packets. The clear ip dhcp server statistics command can be used to delete

the history counter record and restart the statistics collecting.

Configuration

Examples

The following example clears the statistics record of the DHCP server.



Commands show ip dhcp server statistics Shows the statistics record of the DHCP server.

Platform

Description

N/A

Command Reference DHCP Relay Commands

DHCP Relay Commands

ip dhcp relay check server-id

Use this command to enable the ip dhcp relay check server-id function. Use the no form of this

command to disable the ip dhcp relay check server-id function.

ip dhcp relay check server-id

no ip dhcp relay check server-id

Parameter


N/A N/A

Defaults The ip dhcp relay check server-id function is disabled by default.

Command

Mode


Usage Guide Use this command to select the destination DHCP server according to server-id option when

forwarding a DHCP request. If this comand is not configured, the DHCP request is forwarded to all

DHCP servers.

Configuration

Examples

The following example enables the ip dhcp relay check server-id function.


Ruijie(config)# ip dhcp relay check server-id

Related


service dhcp Enables the DHCP Relay.

Platform

Description

This command is only supported by the switches.

ip dhcp relay information option dot1x

Use this command to enable the dhcp option dot1x function of DHCP relay.

Use the no form of the command to disable the dhcp option dot1x function.

ip dhcp relay information option dot1x

no ip dhcp relay information option dot1x



Description

N/A N/A

Defaults The dhcp option dot1x function is disabled by default.

Command

Mode


Usage Guide It is necessary to enable the DHCP Relay, and combine with the 802.1x related configuration to

configure this command.

Configuration

Examples

The following example enables the DHCP option dot1x function on the device.


Ruijie(config)# ip dhcp relay information option dot1x

Related



ip dhcp relay information

option dot1x access-group Configures the option dot1x acl.

Platform

Description

This command is only supported by switches.

ip dhcp relay information option dot1x access-group

Use this command to configure the ACL associated with the DHCP relay option dot1x. Use the no

form of this command to disable the ACL associated with the DHCP relay option dot1x.

ip dhcp relay information option dot1x access-group acl-name

no ip dhcp relay information option dot1x access-group acl-name

Parameter


N/A N/A

Defaults No ACL is associated by default.

Command

Mode


Usage Guide Ensure that the ACL does not conflict with the existing ACE of the configured ACL on the interface.

Configuration

Examples

The following example enables the dhcp option dot1x acl function.



Ruijie(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize

Ruijie(config-ext-nacl)# permit ip any host 192.168.3.1

//Permit sending the packets to the gateway.



Ruijie(config-ext-nacl)# permit ip host 192.168.3.1 any

// Permit the communication between the packets whose source IP address is that

of the gateway.



Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255

//Deny the exchange between the unauthenticated users.

Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.4.0

0.0.0.255


0.0.0.255


0.0.0.255


0.0.0.255


0.0.0.255


0.0.0.255


0.0.0.255

Ruijie(config-ext-nacl)# exit

Ruijie(config)# ip dhcp relay information option dot1x access-group

DenyAccessEachOtherOfUnauthrize

Related


service dhcp Enables DHCP relay.

ip dhcp relay information

option dot1x Enables the DHCP option dot1x function.

Platform

Description


ip dhcp relay information option82

Use this command to configure to enable the option82 function of DHCP relay. Use the no form of

this command to disable the function.

ip dhcp relay information option82


no ip dhcp relay information option82

Parameter


N/A N/A

Defaults The option82 function of DHCP relay is disabled by default.

Command

Mode


Usage Guide This function is exclusive with the option dot1x function.

Configuration

Examples

The following example enables the option82 function on the DHCP relay.


Ruijie(config)# Ip dhcp relay information option82

Related



ip dhcp relay information option dot1x Enables the DHCP option dot1x function.

Platform

Description


ip dhcp relay suppression

Use this command to enable the DHCP relay suppression function on a specified interface. Use the

no form of this command to disable ththis function.

ip dhcp relay suppression

no ip dhcp relay suppression

Parameter


N/A N/A

Defaults The function is disabled by default.

Command

Mode


Usage Guide After this command is executed, the system will not relay the DHCP request message on the

interface.


Configuration

Examples

The following example enables the DHCP relay suppression function on interface 1.



Ruijie(config-if)# ip dhcp relay suppression

Ruijie(config-if)# exit

Ruijie(config)#

Related


service dhcp Enables the DHCP relay.

Platform

Description


ip helper-address

Use this command to add the IP address of a DHCP server. Use the no form of this command to

delete the IP address of the DHCP server.

The server address can be configured in global configuration mode or interface configuration mode.

ip helper-address [ vrf vrf-name ]A.B.C.

no ip helper-address [ vrf vrf-name ]A.B.C.

Parameter


N/A N/A

Defaults No server address is configured by default.

Command

Mode

Global configuration mode, or interface configuration mode

Usage Guide Up to 20 DHCP server can be configured globally or on each layer-3 interface.

If the DHCP server address is not configured on the interface, the DHCP relay uses the address of

the global DHCP server. If the DHCP address is configured on the interface, the DHCP relay uses the

configured server address.

For the vrf parameter, the global configuration and interface-based configuration are slightly different.

In global configuration mode, if the vrf parameter is not specified, the default address of the current

server does not belong to any vrf. In interface-based configuration, if the vrf parameter is not

specified, the current default server and port configurations belong to the same vrf.

Configuration

Examples

The following example:

1. Configures the IP address for the global server to 192.168.1.1.

2. Configures the IP address for the vrf instance-based server delp1 to 192.168.2.1.



Ruijie(config)# ip helper-address 192.168.1.1

Ruijie(config)# ip helper-address vrf dep1 192.168.2.1

Related


service dhcp Enables the DHCP relay.

Platform

Description

N/A

service dhcp

Use this command to enable the DHCP relay in global configuration mode. Use the no form of this


no service dhcp

Parameter


N/A N/A


Command

Mode


Usage Guide The DHCP relay can forward the DHCP request to other servers and the DHCP response packets to

the DHCP client, serving as the relay for DHCP packets.

Configuration

Examples

The following configuration example enables the DHCP relay.


Ruijie(config)# service dhcp

Related


ip helper-address Adds the IP address of an DHCP server.

Platform

Description

N/A

Command Reference DHCP Snooping Commands

DHCP Snooping Commands

clear ip dhcp snooping binding

Use this command to delete the dynamic user information from the DHCP snooping binding

database.

clear ip dhcp snooping binding [mac | vlan vlan-id | ip | interface interface-id ]

Parameter


mac MAC address of the specified user to be deleted.

vlan-id VLAN ID of the specified user to be deleted.

ip IP address of the specified user to be deleted.

interface-id Interface where the specified user to be deleted belongs.

Defaults N/A.

Command

Mode


Usage Guide If users want to clear the current dynamic user information from the DHCP snooping binding

database, use this command.

Configuration

Examples

The following example demonstrates how to clear the dynamic database information from the DHCP

snooping binding database.

Ruijie# clear ip dhcp snooping binding

Ruijie# show ip dhcp snooping binding

Total number of bindings: 0

MacAddress IpAddress Lease(sec) Type VLAN Interface

---------- ---------- ---------- -------- ---- ---------

Related


show ip dhcp snooping binding

Show the information of the DHCP snooping

binding database.

Platform

Description

N/A.


ip dhcp snooping

Use this command to enable the DHCP snooping function globally. The no form of this command will

disable the DHCP snooping function globally.

ip dhcp snooping

no ip dhcp snooping

Parameter


N/A. N/A.

Defaults Disabled

Command

Mode


Usage Guide Enable the DHCP snooping function on the switch. You can use the show ip dhcp snooping

command to view whether the DHCP snooping function is enabled.

DHCP Snooping cannot coexist with private VLAN.

Configuration

Examples

The following is an example of enabling the DHCP snooping function.


Ruijie(config)# ip dhcp snooping

Ruijie(config)# end

Ruijie# show ip dhcp snooping

Switch DHCP snooping status: ENABLE

DHCP snooping Verification of hwaddr field status: DISABLE

DHCP snooping database write-delay time: 0 seconds

DHCP snooping option 82 status: ENABLE

DHCP Snooping Support Bootp bind status: ENABLE

Interface Trusted Rate limit (pps)

------------------------ ------- ---------------

Related


show ip dhcp snooping

View the configuration information of DHCP

snooping.

Platform

Description

N/A.


ip dhcp snooping bootp-bind

Use this command to enable DHCP snooping bootp bind function. The no form of this command will

disable the function.

ip dhcp snooping bootp-bind

no ip dhcp snooping bootp-bind

Parameter


N/A. N/A.

Defaults Disabled

Command

Mode


Usage Guide By default, the DHCP Snooping only forwards Bootp packets. With this function enabled, it can snoop

Bootp packets. After the Boop client requests an address successfully, the DHCP Snooping adds the

Bootp user to the static binding database.

Configuration

Examples

The following example enables the DHCP snooping bootp bind function.


Ruijie(config)# ip dhcp snooping bootp-bind

Ruijie(config)# end


Switch DHCP snooping status :ENABLE

Verification of hwaddr field status :DISABLE



DHCP snooping Support Bootp bind status: ENABLE


------------------------ ------- ------------

Related


show ip dhcp snooping Show the configuration of the DHCP snooping.

Platform

Description

N/A.

ip dhcp snooping database write-delay

Use this command to configure the switch to write the dynamic user information of the DHCP


snooping binding database into the flash periodically. The no form of this command will disable this

function

ip dhcp snooping database write-delay time

\

no ip dhcp snooping database write-delay time

Parameter


time

The interval at which the system writes the dynamic user information

of the DHCP snooping database into the flash. The range is from 600

to 86400 seconds.

Defaults Disabled

Command

Mode


Usage Guide This function can avoid loss of user information after restart. In that case, users need to obtain IP

addresses again for normal communication.

Configuration

Examples

The following is an example of setting interval at which the switch writes the user information into the

flash as 3600s:


Ruijie(config)# ip dhcp snooping database write-delay 3600

Ruijie(config)# end



DHCP snooping Verification of hwaddr field status: ENABLE

DHCP snooping database write-delay time: 3600

DHCP snooping option 82 status: DISABLE



------------------------ ------- ---------------

Related



View the configuration information of the DHCP

snooping.

Platform

Description

N/A.

ip dhcp snooping database write-to-flash

Use this command to write the dynamic user information of the DHCP binding database into flash in


real time.

ip dhcp snooping database write-to-flash

Parameter


N/A. N/A.

Defaults N/A.

Command

Mode


Usage Guide Use this command to write the dynamic user information of the DHCP binding database into flash in

real time.

Configuration

Examples

The following is an example of writing the dynamic user information of the DHCP binding database

into flash.


Ruijie(config)# ip dhcp snooping database write-to-flash

Ruijie(config)# end

Ruijie#

Related


N/A. N/A.

Platform

Description

N/A.

ip dhcp snooping information option

Use this command to add option82 to the DHCP request message. The no form of this command

disables this function.

ip dhcp snooping information option [ standard-format ]

no ip dhcp snooping information option [ standard-format ]

Parameter


standard-format The option82 uses the standard format.

Defaults Disabled.

Command

Mode



Usage Guide This command adds option82 to the DHCP request message based on which the DHCP server

assigns IP address.

Configuration

Examples

Add option82 to the DHCP request message:


Ruijie(config)# ip dhcp snooping information option

Ruijie(config)# end


Switch DHCP snooping status : ENABLE

DHCP snooping Verification of hwaddr status : ENABLE

DHCP snooping database write-delay time : 0

DHCP snooping option 82 status : DISABLE



------------------------ ------- ----------------

Related


show ip dhcp snooping Show the configuration of the DHCP Snooping.

Platform

Description

N/A.

ip dhcp snooping trust

Use this command to set the ports of the switch as trusted ports. The no form of this command sets

the ports as untrust ports.

ip dhcp snooping trust

no ip dhcp snooping trust

Parameter


N/A. N/A.

Defaults All ports are untrust ports.

Command

Mode


Usage Guide Use this command to set the port as trust port. The DHCP response messages received under the

trust port are forwarded normally, but the response messages received under the untrust port will be

discarded.


Configuration

Examples

The following is an example of setting fastEthernet 0/1 as a trust port:



Ruijie(config-if)# ip dhcp snooping trust

Ruijie(config-if)# end



DHCP snooping Verification of hwaddr field status: DISABLE



DHCP Snooping Support Bootp bind status:ENABLE


----------------- ------- ----------------

FastEthernet0/1 yes unlimited

Related




snooping.

Platform

Description

N/A.

ip dhcp snooping verify mac-address

Use this command to check whether the source MAC address of the DHCP request message

matches against the client addr field of the DHCP message. The no form of this command disables

this function.


no ip dhcp snooping verify mac-address

Parameter


N/A. N/A.

Defaults Disabled.

Command

Mode


Usage Guide Use this command to enable checking the validity of the source MAC address of the DHCP request

message. Once the function is enabled, the system will discard the DHCP request message that fails

to pass the source MAC address check.


Configuration

Examples

The following is an example of enabling the check of the source MAC address of the DHCP request

message.


Ruijie(config)# ip dhcp snooping verify mac-address

Ruijie(config)# end



Verification of hwaddr field status: ENABLE





Related




snooping.

Platform

Description

N/A.


Use this command to view the setting of the DHCP snooping.


Parameter


N/A. N/A.

Defaults N/A.

Command

Mode


Usage Guide N/A.

Configuration

Examples

Show the information of DHCP Snooping.


Switch DHCP snooping status :ENABLE

Verification of hwaddr field status :DISABLE




DHCP snooping Support Bootp bind status: ENABLE


------------------------ ------- ------------

Related


ip dhcp snooping Enable the DHCP snooping globally.


Enable the check of source MAC address of

DHCP Snooping packets.

ip dhcp snooping write-delay

Set the interval of writing user information to

FLASH periodically.

ip dhcp snooping information option Add option82 to the DHCP request message.

ip dhcp snoooping bootp-bind

Enable the DHCP snooping bootp bind

function.

ip dhcp snooping trust Set the port as a trust port.

Platform

Description

N/A.


Use this command to view the information of the DHCP snooping binding database.


Parameter


N/A. N/A.

Defaults N/A.

Command

Mode


Usage Guide N/A.

Configuration

Examples

Show the information of the DHCP Snooping binding database.

Ruijie# show ip dhcp snooping binding

Total number of bindings: 1

MacAddress IpAddress Lease Type VLAN Interface

00d0.f801.0101 192.168.1.1 - static 1 fastethernet 0/1

Related



ip dhcp snooping binding

Add the static user information to the DHCP

Snooping database.

clear ip dhcp snooping binding

Clear the dynamic user information from the

DHCP snooping binding database.

Platform

Description

N/A.

Command Reference DNS Module Commands

DNS Module Commands

ip domain-lookup

Use this command to enable the DNS to carry out the domain name resolution. Use the no form of

this command to disable the DNS domain name resolution function.

ip domain-lookup

no ip domain-lookup

Parameter


N/A N/A

Defaults Enabled

Command

Mode


Usage Guide This command enables the domain name resolution function.

Configuration

Examples

The following example enables the DNS domain name resolution function.

Ruijie(config)# ip domain-lookup

Related


show hosts

Shows the DNS related configuration

information.

Platform

Description

N/A

ip name-server

Use this command to configure the IP address of the domain name server. Use the no form of this

command to delete the configured domain name server.

ip name-server { ip-address | ipv6-address }

no ip name-server [ ip-address | ipv6-address ]

Parameter


ip-address The IP address of the domain name server.


ipv6-address The IPv6 address of the domain name server.

Defaults N/A

Command

Mode


Usage Guide Add the IP address of the DNS server. Once this command is executed, the equipment will add a

DNS server. When the device cannot obtain the domain name from a DNS server, it will attempt to

send the DNS request to subsequent servers until it receives a response.

Up to 6 DNS servers are supported. You can delete a DNS server with the ip-address option or all the

DNS servers.

Configuration

Examples

Ruijie(config)# ip name-server 192.168.5.134

Ruijie(config)# ip name-server

2001:0DB8::250:8bff:fee8:f800 2001:0DB8:0:f004::1

Related


show hosts


information.

Platform

Description

N/A

ip host

Use this command to configure the mapping of the host name and the IP address by manual. Use the

no form of the command to remove the host list.

ip host host-name ip-address

no ip host host-name ip-address

Parameter


host-name The host name of the equipment, in the maximum of 255 characters.

ip-address The IP address of the equipment

Defaults N/A

Command

Mode


Usage Guide To delete the host list, use the no ip host host-name ip-address command.


Configuration

Examples

Ruijie(config)# ip host switch 192.168.5.243

Related


show hosts


information.

Platform

Description

N/A

clear host

Use this command to clear the dynamically learned host name in privileged user mode.

clear host [ host-name ]

Parameter


host-name

Deletes the dynamically learned host. “*” denotes to clear all the

dynamically learned host names.

Defaults N/A

Command

Mode


Usage Guide You can obtain the mapping record of the host name buffer table in two ways: 1) the ip host static

configuration, 2) the DNS dynamic learning. Execute this command to delete the host name records

learned by the DNS dynamically.

Configuration

Examples

The following configuration will delete the dynamically learned mapping records from the host

name-IP address buffer table.

clear host *

Related


show hosts Shows the host name buffer table.

Platform

Description

N/A


show hosts

Use this command to display DNS configuration.

show hosts [ hostname ]

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide Show the DNS related configuration information.

Configuration

Examples

Ruijie# show hosts

Name servers are:

192.168.5.134 static

Host type Address TTL(sec)

switch static 192.168.5.243 ---

www.ruijie.com dynamic 192.168.5.123 126

Related


ip host

Configures the host name and IP address

mapping by manual.

ipv6 host

Configures the host name and IPv6 address

mapping by manual.

ip name-server Configures the DNS server.

Platform

Description

N/A

Command Reference SNTP Commands

SNTP Commands

sntp enable

Use this command to enable the Simple Network Time Protocol (SNTP). Use the no form of this

command to restore the default value Disable.

sntp enable

no sntp enable

Parameter


N/A N/A

Defaults SNTP is disabled by default.

Command

Mode


Usage Guide This command shows SNTP parameters.

Configuration

Examples

Ruijie(config)# sntp enable

Related


show sntp Shows the SNTP configuration.


Synchronizes the software clock with the

hardware clock.

clock set Sets the software clock.

Platform

Description

N/A

sntp interval

Use this command to set the interval for the SNTP Client to synchronize its clock with the NTP/SNTP

Server.

sntp interva seconds

no sntp interval



Description

seconds Synchronization interval in the range 60 to 65535 seconds

Defaults The interval is 1800 seconds by default.

Command

Mode


Usage Guide The show sntp command shows SNTP parameters.

The interval will take effect after the sntp enable command is executed.

Configuration

Examples

Ruijie(config)# sntp interval 3600

Related


sntp enable Enables SNTP.

show sntp Shows the SNTP configuration.


Synchronizes the software clock with the

hardware clock.

Platform

Description

N/A

sntp server

Use this command to set the SNTP server. You can configure the SNTP server as the public NTP

server on the Internet, since SNTP is completely compatible with NTP.

sntp server ip-address

no sntp server

Parameter


ip-address IP address of the NTP/SNTP server.

Defaults No NTP/SNTP server is configured by default.

Command

Mode


Usage Guide The show sntp command shows SNTP parameters.


Configuration

Examples

Ruijie(config)# sntp server 192.168.4.12

Related


show sntp Shows the SNTP configuration status.


Platform

Description

N/A

show sntp

Use this command to show SNTP parameters.

show sntp

Parameter


N/A N/A

Defaults N/A

Command

Mode

Privileged mode

Usage Guide This command shows SNTP parameters.

Configuration

Examples

Ruijie# show sntp

SNTP state : Enable

SNTP server : 192.168.4.12

SNTP sync interval : 60

Time zone : +8

Related



show sntp Shows the SNTP parameters.

Platform

Description

N/A

Command Reference NTP Commands

NTP Commands

no ntp

Use this command to disable the ntp synchronization service with the time server and clear all

configuration information of ntp.

no ntp

Parameter


N/A N/A

Defaults The NTP service is disabled by default.

Command

Mode


Usage Guide By default, the NTP service is disabled. However, the NTP service will be enabled once the NTP

server or the NTP security identification mechanism is configured.

Configuration

Examples

The following example disables the NTP service.

Ruijie(config)# no ntp

Related


ntp server Specifies the NTP server.

Platform

Description

N/A

ntp access-group

Use this command to configure the access control priority of the NTP service. Use the no form of this

command to cancel the access control priority.

ntp access-group { peer | serve | serve-only | query-only } access-list-number | access-list-name

no ntp access-group { peer | serve | serve-only | query-only } access-list-number |

access-list-name

Parameter


peer Allows the time request for, control and query for the local NTP


service, as well as time synchronization between the local device and

the peer device (full access permission).

serve

Allows the time request for, and control and query for the local NTP

service, but not time synchronization between the local device and

the peer device

serve-only Allows the time request for the time of local NTP service.

query-only Allows the control and query for the local NTP service.

access-list-number

Number of the IP access control list (ACL), in the range 1 to 99 and

1300 to 1999.

access-list-name Name of the IP ACL

Defaults No NTP access control rule is configured by default.

Command

Mode


Usage Guide Use this command to configure the access control priority of the NTP service. The NTP services

access control function provides a minimal security measure (the more secure way is to use the NTP

authentication mechanism).

When an access request arrives, the NTP service matches the rules in accordance from the smallest

to the largest to access restriction, and the first matched rule shall prevail. The matching order is

peer, serve, serve-only, and query-only.

The control and query function is not supported in the current system. Although it

matches with the order in accordance with the preceding rules, requests related to the

control and query function are not supported.

If you do not configure any access control rules, all accesses are allowed. Once the

access control rules are configured, only the rule that allows access can be carried out.

Configuration

Examples

The following example shows how to allow the peer device in acl1 to control, query, request for, and

synchronize the time with the local device; and limit the peer device in acl2 to request the time for the

local device:

Ruijie(config)# ntp access-group peer 1

Ruijie(config)# ntp access-group serve-only 2

Related


ip access-list Creates the IP access control list.


Platform

Description

N/A

ntp authenticate

Use this command to enable NTP authentication globally.

ntp authenticate

no ntp authenticate

Parameter


N/A N/A

Defaults Global NTP authentication is disabled by default.

Command

Mode


Usage Guide If the global security identification mechanism is not used, the synchronization communication is not

encrypted. To enable encrypted communication on the server, enable the security identification

mechanism and configure other keys globally.

The authentication standard is that the trusted key has been specified by ntp authentication-key

and ntp trusted-key.

Configuration

Examples

The following example enables the authentication mechanism after an authentication key is

configured and specified as the global trusted key.

Ruijie(config)# ntp authentication-key 6 md5 wooooop

Ruijie(config)# ntp trusted-key 6

Ruijie(config)# ntp authenticate

Related


ntp authentication-key Sets the global authentication key.

ntp trusted-key Configures the global trusted key.

Platform

Description

N/A

ntp authentication-key

Use this command to configure a global NTP authentication key for the NTP service.

ntp authentication-key key-id md5 key-string [ enc-type ]

no ntp authentication-key key-id


Parameter


key-id Key ID

key-string Key string

enc-type

(Optional) Whether this key is encrypted.

0 indicates the key is not encrypted, and 7 indicates the key is

encrypted simply.

Defaults N/A

Command

Mode


Usage Guide Configure the global authentication key and adopt md5 for encryption. Each key has unique key-id.

You can use the ntp trusted-key to set the key of key-id as the global trusted key.

At most 1024 keys are allowed. However, each server can support only one key.

Configuration

Examples

The following example configures an authentication key with ID 6.


Related


ntp authenticate

Enables the global security identification

mechanism.

ntp trusted-key Configures the global trusted key.

ntp server Specifies an NTP server.

Platform

Description

N/A

ntp disable

Use this command to disable the function of receiving the NTP packet on the interface.

ntp disable

Parameter


N/A N/A

Defaults The NTP packet is received on the interface by default.

Command Interface configuration mode


Mode

Usage Guide The NTP packet received on any interface can be provided to the client to perform the clock

adjustment by default. The function can shield the NTP packet received from the corresponding

interface.

Note: This command takes effect only for the interface whose IP address can be configured to receive

and send packets.

Configuration

Examples

The following example disables the function of receiving the NTP packet on the interface.

Ruijie(config)# no ntp disable

Related


N/A N/A

Platform

Description

N/A

ntp server

Use this command to specify an NTP server for the NTP client.

ntp server ip-addr [ version version ] [ source if-name ] [ key keyid ] [ prefer ]

no ntp server ip-addr

Parameter


ip-addr Sets the IP address of the NTP server. IPv4 and IPv6 are supported.

version

(Optional) Specifies the version (1-3) of NTP. The default version is

NTPv3.

if-name

(Optional) Specifies the source interface from which the NTP packet

is sent (Layer 3 interface).

keyid

(Optional) Specifies the encryption key adopted in communication

with the corresponding server.

prefer (Optional) Specifies the corresponding server as the Prefer server.

Defaults No NTP server is configured by default.

Command

Mode


Usage Guide Currently, Ruijie system only acts as clients that can synchronize time from a maximum of 20 servers.

To initiate the encrypted communication with the server, set the global encryption key and global

trusted key firstly, and then specify the corresponding key as the trusted key of the server to launch

the encrypted communication of the server. To complete the encrypted communication with the


server, the server should have the identical global encryption key and global trust key.

In the same condition (for instance, precision), the prefer clock is used for synchronization.

Note that the NTP-packet-sending source interface is configured with the IP address and can

communicate with the corresponding NTP server.

Configuration

Examples

The following example configures the network device as the NTP server.

IPv4 configuration: Ruijie(config)# ntp server 192.168.210.222

IPv6 configuration: Ruijie(config)# ntp server 10::2

Related


no ntp Disables the NTP service.

Platform

Description

This command is unavailable on some devices that do not support this function.

ntp synchronize

Use this command to perform real-time synchronization.

ntp synchronize

no ntp synchronize

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide Eight consecutive packets are synchronized for the first synchronization between the client and the

server. Follow-up NTP synchronization occurs automatically every one minute. To manually

implement real-time synchronization during the auto-synchronization interval, you can use this

command.

Configuration

Examples

The following example implement NTP real-time synchronization.

Ruijie(config)# ntp synchronize

Related


ntp server

Specifies an NTP server and implements

synchronization.


Platform

Description

This command is supported only by specific products.

ntp trusted-key

Use this command to set a key corresponding to an ID as the global trusted key.

ntp trusted-key key-id

no ntp trusted-key key-id

Parameter


key-id Global trusted key ID

Defaults No trusted key is configured by default.

Command

Mode


Usage Guide The NTP communication parties must use the same trusted key. To improve security, the key is

identified by ID and is not transmitted.

Configuration

Examples

The following example configures an authentication key and sets it as the trusted key of

corresponding server.


Ruijie(config)# ntp trusted-key 6

Ruijie(config)# ntp server 192.168.210.222 key 6

Related


ntp authenticate

Enables the security authentication

mechanism.

ntp authentication-key Sets the NTP authentication key.

ntp server Specifies an NTP server.

Platform

Description

N/A

ntp update-calendar

Use this command to update the calendar for the NTP client using the time synchronized from an

external clock source. Use the no form of this command to disable the update-calendar function

ntp update-calendar

no ntp update-calendar


Parameter


N/A N/A

Defaults The NTP update-calendar function is not configured by default.

Command

Mode


Usage Guide This function enables NTP clients to update the calendars of devices periodically using the time

synchronized from an external clock source. The calendar of the device is still available even if the

device is shut down or reset.

By default, the NTP update-calendar function is not configured. After configuration, the NTP client

updates the calendar every time the time synchronization of external clock source is successful.

Configuration

Examples

The following example configures the NTP update-calendar function.

Ruijie(config)# ntp update-calendar

Related


N/A N/A

Platform

Description

N/A

debug ntp

Use this command to show NTP debugging information.

debug ntp

no debug ntp

Parameter


N/A N/A


Command

Mode


Usage Guide Use this command to debug the NTP service, export necessary debugging information for failure

diagnosis and troubleshooting.


Configuration

Examples

The following example enables NTP debugging.

Ruijie(config)# debug ntp

Related


N/A N/A

Platform

Description

N/A

show ntp status

Use this command to show the NTP information.

Parameter


N/A N/A

Defaults N/A

Command

Mode

Privileged mode

Usage Guide If the NTP service of the system is enabled, the command shows existing NTP information. This

command will display no information until the synchronization server is added for the first time.

Configuration

Examples

The following example shows the existing NTP information of the system.

Ruijie# show ntp status

Related


N/A N/A

Platform

Description

N/A

Command Reference FTP Server Commands

FTP Server Commands

debug ftp server

Use this command to enable outputting the debugging messages in the FTP server. Use the no form


debug ftpserve

no debug ftpserver

Parameter


N/A N/A

Defaults Disabled

Command

Mode

Privileged user mode.

Usage Guide Use this command to display the detailed debugging information during FTP server operation.

Configuration

Examples

The following example shows how to enable outputting the debugging messages in the FTP Server:

Ruijie# debug ftpserver

FTPSRV_DEBUG:(RECV) SYST

FTPSRV_DEBUG:(REPLY) 215 RGOS Type: L8

FTPSRV_DEBUG:(RECV) PORT 192,167,201,82,7,120

FTPSRV_DEBUG:(REPLY) 200 PORT Command okay.

The following example shows how to disable outputting the debugging messages in the FTP Server:

Ruijie# no debug ftpserver

Related


N/A N/A

Platform

Description

N/A

ftp-server enable

Use this command to enable the FTP server. Use the no form of this command to disable the FTP

server.


ftp-server enable

no ftp-server enable

Parameter


N/A N/A

Defaults Disabled

Command

Mode


Usage Guide This command is used to enable the FTP server to connect the FTP client to upload/download the

files.

To enable the FTP client to access to the FTP server files, this command shall be

co-used with the ftp-server topdir command.

Configuration

Examples

The following example shows how to enable the FTP Server and make the FTP client access to the

syslog content only:

Ruijie(config)# ftp-server topdir /syslog

Ruijie(config)# ftp-server enable

The following example shows how to disable the FTP Server:

Ruijie(config)# no ftp-server enable

Related


N/A N/A

Platform

Description

N/A

ftp-server password

Use this command to set the login password for the FTP server. Use the no form of this command to

cancel the password configuration.

ftp-server password [ type ] password

no ftp-server password


Parameter


type

Define the encryption type of the password: 0 or 7. The default type is

0.

0 indicates the password is not encrypted.

7 indicates the password is encrypted.

password The login password for the FTP server.

Defaults By default, there is no password.

Command

Mode


Usage Guide For the FTP server, the login username and the login password must be configured to verify the client

connection. One password can be set at most.

The password must include the letter or number. The space in front of / behind the password is

allowed, but it is ignored. While the space in the middle of the password is a part of password.

The minimum and maximum lengths of the plain-text password are 1 character and 25 characters.

The minimum and maximum lengths of the encrypted password are 4 characters and 52 characters

respectively.

The encrypted password is generated by plain-text password encryption and its format must comply

with the encryption specification. If the encrypted password is used for the setting, the client must use

the corresponding plain-text password for the purpose of successful login.

Null password is not supported by the FTP server. Without the password configuration,

the client fails to pass the identity verification of the server.

Configuration

Examples

The following example shows how to set the plain-text password as pass:

Ruijie(config)# ftp-server password pass

OR:

Ruijie(config)# ftp-server password 0 pass

The following example shows how to set the cipher-text password as 8001:

Ruijie(config)# ftp-server password 7 8001

The following example shows how to delete the password configuration:

Ruijie(config)# no ftp-server password

Related


N/A N/A


Platform

Description

N/A

ftp-server timeout

Use this command to set the FTP session idle timeout. Use the no form of this command to restore

the idle timeout to the default value 30 minutes

ftp-server timeout time

no ftp-server timeout

Parameter


time Set the session idle timeout, in minutes. The valid range is 1-3600.

Defaults Default time is 30 minutes.

Command

Mode


Usage Guide Use this command to set the FTP session idle timeout. If the session is idle, the FTP server deems

the session connection is invalid and disconnects with the user.

The session idle time refers to the time for the FTP session between two FTP operations

Configuration

Examples

The following example shows how to set the session idle timeout as 5m:

Ruijie(config)# ftp-server timeout 5

The following example shows how to restore the session idle timeout to the default value 30m

Ruijie(config)# no ftp-server timeout

Related


N/A N/A

Platform

Description

N/A


ftp-server topdir

Use this command to set the directory range for the FTP client to access to the FTP server files. Use

the no form of this command to prevent the FTP client from accessing to the FTP server files.

ftp-server topdir directory

no ftp-server topdir

Parameter


directory Set the top-directory.

Defaults By default, no top-directory is configured.

Command

Mode


Usage Guide The FTP server top directory specifies the directory range of the files accessed by the client. Can the

FTP client accesses to the files on the FTP server with the top directory correctly specified.

Without this command configured, FTP client fails to access to any file or directory on the FTP server.

Configuration

Examples

The following example shows how to enable the FTP Server and make the FTP client access to the

syslog content only:

Ruijie(config)# ftp-server topdir /syslog

Ruijie(config)# ftp-server enable

The following example shows how to remove the top-directory configuration:

Ruijie(config)# no ftp-server topdir

Related


N/A N/A

Platform

Description

N/A

ftp-server username

Use this command to set the login username for the FTP server. Use the no form of this command to

cancel the username configuration.

ftp-server username username

no ftp-server username



Description

username Set the login username.

Defaults By default, no username is set.

Command

Mode


Usage Guide Use this command to set the login username for the FTP server. To log in to the FTP server, the

correct username and password shall be provided.

The maximum length of the username is 64 characters and the spaces are not allowed in the middle

of the username. The username consists of letters, semiangle number and semiangle mark. One

username can be configured for the FTP server at most.

The anonymous user login is not supported on the FTP server. The client fails to pass

the identity verification if the username is removed.

Configuration

Examples

The following example shows how to set the username as user:

Ruijie(config)# ftp-server username user

The following example shows how to remove the username configuration:

Ruijie(config)# no ftp-server username

Related


N/A N/A

Platform

Description

N/A

show ftp-server

Use this command to show the status information of the FTP server.

show ftp-server

Parameter


N/A N/A

Defaults N/A


Command

Mode


Usage Guide The FTP server status information includes:

Enabled/Disabled server

The control connection is set up or not (the related IP, Port are shown)

The data connection is set up or not (the related IP, Port and the working mode are shown)

The current file transmission type

The login username and password

The FTP server top directory

The session idle timeout setting

Configuration

Examples

The following example shows the related status information of the FTP server:

Ruijie# show ftp-server

ftp-server information

=======================================

enable : Y

topdir : /

timeout: 20min

username config : Y

password config : Y

type: BINARY

control connect : Y

ftp-server: ip=192.167.201.245 port=21

ftp-client: ip=192.167.201.82 port=4978

port data connect : Y

ftp-server: ip=192.167.201.245 port=22

ftp-client: ip=192.167.201.82 port=4982

passive data connect : N

Related


N/A N/A

Platform

Description

N/A

Command Reference UDP-Helper Module Commands

UDP-Helper Module Commands

ip forward-protocol

Use this command to configure the User Datagram Protocol (UDP) port to enable relay forwarding.

Use the no form of this command to disable forwarding on the UDP port.

ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]

no ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]

Parameter


port

Port where relay forwarding is enabled. If this parameter is not

specified, the broadcast packet from the ports 69, 53, 37, 137, 138,

and 49 will be forwarded by default.

tftp

Specified by Trivial File Transfer Protocol(69).

If this parameter is specified, the broadcast packet from port 69 is

relayed and forwarded.

domain

Specified by Domain Name System(53).


forwarded.

time

Specified by Time service(37).


forwarded.

netbios-ns

Specified by NetBIOS Name Service(137).


forwarded.

netbios-dgm

Specified by NetBIOS Datagram Service(138).


forwarded.

tacacs

Specified by TAC Access Control System(49).


forwarded.

Defaults No UDP port for forwarding is configured by default.

Command

Mode


Usage Guide Enabling UDP-Helper means to forward the broadcast packet of the UDP ports 69, 53, 37, 137, 138,

and 49 without any additional configuration, by default.


Configuration

Examples

Ruijie(config)# ip forward-protocol udp 134

Related


udp-helper enable

Enables the forwarding of the UDP broadcast

packet.

ip forward-protocol

Configures the UDP port to enalbe relay

forwarding.

Platform

Description

N/A

ip helper-address

Use this command to configure the destination server which the UDP broadcast packet will be

forwarded to. Use the no form of this command to delete the destination server.

ip helper-address address

no ip helper-address address]

Parameter


address

IP address of the destination server in the dotted decimal format.

Each interface supports up to 20 server addresses.

Defaults N/A

Command

Mode


Usage Guide Up to 20 destination servers can be configured on an interface. If the destination server is configured

on an interface and UDP-Helper is enabled, the broadcast packet of the specified port received from

this interface will be sent to the destination server configured on this interface in unicast form.

Use the no ip helper-address command to remove the destination server.

Configuration

Examples

#Configure the destination server where the UDP broadcast packet will be forwarded to.

Ruijie(config-if)# ip helper-address 192.168.100.1

Related


ip forward-protocol

Enables the forwarding function on the UDP

port.

Platform N/A


Description

udp-helper enable

Use this command to enable relay forwarding for the UDP broadcast packet. Use the no form of this


udp-helper enable

no udp-helper enable

Parameter


N/A N/A

Defaults The relay and forwarding of the UDP broadcast packet is disabled by default.

Command

Mode


Usage Guide Enable the forwarding function of UDP-Helper. The UDP broadcast packets from the port 69, 53, 37,

137, 138, and 49 are relayed and forwarded by default.

Configuration

Examples

#Enable the UDP forwarding function.

Ruijie(config)# udp-helper enable

Related


ip forward-protocol

Enables the forwarding function on the UDP

port.

Platform

Description

N/A

Command Reference SNMP Commands

SNMP Commands

no snmp-server

Use this command to disable the SNMP agent function in global configuration mode.

no snmp-server

Parameter


N/A N/A

Defaults The SNMP agent function is disabled.

Command


Usage Guide This command disables the SNMP agent services of all Versions supported on the device.

Configuration

Examples

The following example disables the SNMP agent service.

Ruijie(config)# no snmp-server

Related


N/A N/A

Platform

Description N/A

snmp-server chassis-id

Use this command to specify the SNMP system serial number in global configuration mode. Use the

no form of this command to restore it to the initial value.

snmp-server chassis-id text

no snmp-server chassis-id

Parameter


text Text of the system serial number, digits or characters.

Defaults The default serial number is 60FF60.


Command


Usage Guide The SNMP system serial number is generally the serial number of the machine to facilitate the device

identification. The serial number can be viewed by the show snmp command.

Configuration

Examples

The following example specifies the SNMP system serial number as 123456:

Ruijie(config)# snmp-server chassis-id 123456

Related


show snmp Shows the SNMP statistics.

Platform

Description N/A

snmp-server community

Use this command to specify the SNMP community access string in global configuration mode. Use

the no form of this command to cancel the specified SNMP community access string.

snmp-server community string [ view view-name ] [ [ ro | rw ] [ host ipaddr ] [ ipv6 ipv6-aclname ]

[ aclnum ] [ aclname ]

no snmp-server community string

Parameter


string

Community string, which is equivalent to the communication

password between the NMS and the SNMP agent

view-name Name of the view used for view-based management

ro Indicates that the NMS can only read the variables of the MIB.

rw Indicates that the NMS can read and write the variables of the MIB.

aclnum

Serial number of the ACL, which is associated with a specified

access list, specifies the IPV4 address range of the NMS that are

permitted to access the MIB.

aclname

Name of the ACL, which is associated with a specified access list,

specifies the IPV4 address range of the NMS that are permitted to

access the MIB.

ipv6-aclname

Name of the IPv6 ACL, which is associated with a specified access

list, specifies the IPv6 address range of the NMS that are permitted to

access the MIB

ipaddr

Specifies IP address of the NMS accessing the MIB, which is

associated with NMS addresses.


Defaults All communities are read only by default.

Command


Usage Guide This command is the first important command to enable the SNMP agent function. It specifies the

community attribute, range of the NMSs that can access the MIB, and more.

To disable the SNMP agent function, run the no snmp-server command.

Configuration

Examples

The following example restricts the access to the MIB using the access list, which allows only the

NMS of the IP address 192.168.12.1 to access the MIB.

Ruijie(config)# access-list 2 permit 192.168.12.1

Ruijie(config)# access-list 2 deny any

Ruijie(config)# snmp-server community public ro 2

Related


access-list Defines the access list.

Platform

Description N/A

snmp-server contact

Use this command to specify the SNMP system contact in global configuration mode. Use the no

form of this command to delete the system contact.

snmp-server contact text

no snmp-server contact

Parameter


text Character string describing the system contact.

Defaults N/A

Command


Usage Guide N/A

Configuration The following example specifies the SNMP system contract to [email protected]:


Examples Ruijie(config)# snmp-server contact [email protected]

Related


show snmp-server Checks the SNMP information.

Platform

Description N/A

snmp-server enable traps

Use this command to enable the SNMP server to actively send the SNMP Trap massage to NMS

when some emergent and important events occur in global configuration mode. Use the no form of

this command to disable the SNMP server to actively send the SNMP Trap massage to NMS.

snmp-server enable traps [ snmp ]

no snmp-server enable traps

Parameter


snmp Enables the trap notification of SNMP events.

Defaults The Trap notification is disabled by default.

Command


Usage Guide This command must work with the global configuration command snmp-server host to send the

SNMP Trap message.

Configuration

Examples

The following example enables the SNMP server to actively send the SNMP Trap message.

Ruijie(config)# snmp-server enable traps snmp

Ruijie(config)# snmp-server host 192.168.12.219 public snmp

Related


snmp-server host Specifies the SNMP host

Platform

Description N/A


snmp-server group

Use this command to set the SNMP user group in the global configuration mode. The no form of this

command is used to remove the user group.

snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } } [ read readview ] [ write

writeview ] [ access { ipv6 ipv6-aclname | aclnum | aclname } ]

no snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } }

Parameter


v1 | v2c | v3 Specifies SNMP Version.

auth

Authenticates the messages transmitted by the user group without

encryption. This applies to only SNMPv3.

noauth

Neither authenticate nor encrypt the messages transmitted by the

user group. This applies only to SNMPv3.

priv

Authenticates and encrypts the messages transmitted by the user

group. This applies only to SNMPv3.

readview Associates with a read-only view.

writeview Associates with a read-write view.

aclnum

Serial number of the ACL, which is associated with a specified



aclname

Name of the ACL, which is associated with a specified access list,


access the MIB.

ipv6_aclname

Name of the IPv6 ACL, which is associated with a specified access


access the MIB

Defaults No user group is set by default.

Command


Usage Guide None

Configuration

Examples

The following example sets a user group.

Ruijie(config)# snmp-server group mib2user v3 priv read mib2

Related


show snmp group Shows the SNMP user group configuration.


Platform

Description N/A

snmp-server host

Use this command to specify the SNMP host (NMS) to send the trap message in global configuration

mode. Use the no form of this command to remove the specified SNMP host.

snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3 { auth |

noauth | priv } ] community-string [ udp-port port-num ] [ notification-type ]

no snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3

{ auth | noauth | priv } ] community-string [ udp-port port-num ]

Parameter


host-addr SNMP host address

ipv6-addr SNMP host address(ipv6)

vrfname Sets the name of vrf forwarding table

Version SNMP Version: V1, V2C or V3

auth | noauth | priv Security level of SNMPv3 users

community-string Community string or username (SNMPv3 Version)

port-num Port of the SNMP host

notification-type The type of the SNMP trap message sent actively, such as snmp.

Defaults No SNMP host is specified by default.

If no type of the SNMP trap message is specified, all types of the SNMP trap message are included.

Command


Usage Guide This command must work with the snmp-server enable traps command in global configuration

mode to actively send the SNMP trap messages to NMS.

You can configure multiple SNMP hosts to receive the SNMP Trap messages. One host can use

different combinations of the types of the SNMP trap message, different ports and different VRF

forwarding tables, but the last configuration for the same host (same port, same VRF configuration)

will overwrite the previous configurations. In other words, to send different SNMP trap messages to

the same host, different combination of SNMP trap messages have to be configured.

Configuration

Examples

The following example specifies an SNMP host to receive the SNMP event trap:

Ruijie(config)# snmp-server host 192.168.12.219 public snmp

Related


snmp-server enable traps Enables to send the SNMP trap message.


Platform

Description N/A

snmp-server location

Use this command to set the SNMP system location information in global configuration mode. Use

the no form of this command to remove the specified SNMP system location information.

snmp-server location text

no snmp-server location

Parameter


text Character string describing the system information

Defaults Null

Command


Usage Guide N/A

Configuration

Examples

The following example specifies the system information:

Ruijie(config)# snmp-server location start-technology-city 4F of A Buliding

Related


snmp-sever contact Specifies the system contact information.

Platform

Description N/A

snmp-server packetsize

Use this command to specify the maximum size of the SNMP packet in global configuration mode.

Use the no form of this command to restore it to the default value.

snmp-server packetsize byte-count

no snmp-server packetsize

Parameter


byte-count Packet size in the range from 484 to 17876 bytes


Defaults 1472 bytes.

Command


Usage Guide None

Configuration

Examples

The following example specifies the maximum SNMP packet size as 1,492 bytes:

Ruijie(config)# snmp-server packetsize 1492

Related


snmp-server queue-length

Specifies the length of the SNMP trap message

queue.

Platform

Description N/A

server queue-length

Use this command to specify the length of the SNMP trap message queue in global configuration

mode.

snmp-server queue-length length

Parameter


length Queue length in the range from 1 to 1000

Defaults 10.

Command


Usage Guide The SNMP trap message queue is used to store the SNMP trap messages. This command can be

used to adjust the size of the SNMP trap message queue to control the speed to sending the SNMP

trap messages.

The maximum speed to send messages is 4 messages per second.

Configuration

Examples

The following example specifies the speed to send the trap message as 4 messages per second:

Ruijie(config)# snmp-server queue-length 4

Related


snmp-server packetsize Specifies the maximum size of the SNMP


packet.

Platform

Description N/A

snmp-server system-shutdown

Use this command to enable the SNMP system restart notification function in global configuration

mode. Use the no form of this command to disable the SNMP system notification function.

snmp-server system-shutdown

no snmp-server system-shutdown

Parameter


N/A N/A

Defaults The SNMP system restart notification function disabled by default.

Command


Usage Guide This command is used to enable the SNMP system restart notification function. The RGOS sends the

SNMP trap messages to the NMS to notify the system restart before the device is reloaded or

rebooted.

Configuration

Examples

The following example enables the SNMP system restart notification function:

Ruijie(config)# snmp-server system-shutdown

Related


N/A N/A

Platform

Description N/A

snmp-server trap-source

Use this command to specify the source address of the SNMP trap message in global configuration

mode. Use the no form of this command to restore it to the default value.

snmp-server trap-source interface

no snmp-server trap-source



Description

interface Interface used as the source of the SNMP trap message.

Defaults The IP address of the interface where the NMP message is sent from is used as the source address.

Command


Usage Guide The IP address of the interface where the NMP message is sent from is just the source address by

default. For easy management and identification, this command can be used to fix a local IP address

as the SNMP source address.

Configuration

Examples

The following example specifies the IP address of Ethernet interface 0/1 as the source of the SNMP

trap message:

Ruijie(config)# snmp-server trap-source fastethernet 0/1

Related


snmp-server enable traps

Enables the sending of the SNMP trap

message.

snmp-server enable host Specifies the NMS host.

Platform

Description N/A

snmp-server trap-timeout

Use this command to define the retransmission timout time of the SNMP trap message in the global

configuration mode. The no form of this command is used to restore it to the default value.

snmp-server trap-timeout seconds

no snmp-server trap-timeout

Parameter


seconds Timeout period (in seconds) in the range from 1 to 1000.


Command


Usage Guide N/A

Configuration The following example specifies the timeout period as 60 seconds.


Examples Ruijie(config)# snmp-server trap-timeout 60

Related


snmp-server queue-length

Specifies the length of the SNMP trap message

queue.

snmp-server enable host Specifies the NMS host

Platform

Description N/A

snmp-server user

Use this command to set the SNMP user in global configuration mode. Use the no form of this

command to delete the user.

snmp-server user username groupname { v1 | v2 | v3 [ encrypted ] [ auth { md5 | sha }

auth-password ] [ priv des56 priv-password ] } [ access { [ ipv6 ipv6_aclname ] [ aclnum |

aclname } ] ]

no snmp-server user username groupname { v1 | v2c | v3 }

Parameter


username User name

groupname Group name of the user.

v1 | v2 | v3

SNMP Version. But only SNMPv3 supports the following security

parameters.

encrypted

Input the password in cipher text mode.

In cipher text mode, input consecutive HEX alphanumeric characters.

Note that the authentication password of MD5 has a length of 16

bytes, while that of SHA has a length of 20 bytes. Two characters

make a byte. The encrypted key can only be used by the local SNMP

engine on the switch.

auth Specifies whether to use the authentication.

md5

Enables the MD5 authentication protocol. While the sha enables the

SHA authentication protocol.

auth-password

Password string (no more than 32 characters) used by the

authentication protocol. The system will change the password to the

corresponding authentication key.

priv

Specifies whether to use the encryption. des56 refers to 56-bit DES

encryption protocol.

priv-password

Password string (no more than 32 characters) used for encryption.

The system will change the password to the corresponding

encryption key.


aclnum

Serial number of the ACL, which is associated with the specified



aclname

Name of the ACL, which is associated with the specified access list,


access the MIB.

ipv6_aclname

Name of the IPv6 ACL, which is associated with the specified access


access the MIB.

Defaults No user is set by default.

Command


Usage Guide N/A

Configuration

Examples

The following example configures an SNMPv3 user with MD5 authentication and DES encryption:

Ruijie(config)# snmp-server user user-2 mib2user v3 auth md5 authpassstr priv

des56 despassstr

Related


show snmp user Shows the SNMP user configuration.

Platform

Description N/A

snmp-server view

Use this command to set an SNMP view in global configuration mode. Use the no form of this

command to delete the view.

snmp-server view view-name oid-tree { include | exclude }

no snmp-server view view-name [ oid-tree ]

Parameter


view-name View name

oid-tree The MIB object associated with the view is an MIB sub tree.

include Indicates that the sub trees of the MIB object are included in the view.

exclude

Indicates that the sub trees of the MIB object are excluded from the

view.


Defaults A default view is set to access all MIB objects by default.

Command


Usage Guide None

Configuration

Examples

The following example sets a view that includes all MIB-2 sub-trees (oid is 1.3.6.1).

Ruijie(config)# snmp-server view mib2 1.3.6.1 include

Related


show snmp view Shows the view configuration.

Platform

Description N/A


For this command, refer to the INTF-CREF.doc

Parameter


N/A N/A

Defaults Refer to the INTF-CREF.doc.

Command

mode Refer to the INTF-CREF.doc.

Usage Guide Refer to the INTF-CREF.doc.

Configuration

Examples Refer to the INTF-CREF.doc

Related


N/A N/A

Platform

Description N/A


show snmp

Use this comand to show the SNMP status information in privileged user mode.

show snmp [ mib | user | view | group | host ]

Parameter


N/A N/A

Defaults N/A

Command

mode Privileged user mode

Usage Guide show snmp: Show the SNMP statistics.

show snmp mib: Show the SNMP MIBs supported in the system.

show snmp user: Show the SNMP user information.

show snmp view: Show the SNMP view information.

show snmp group: Show the SNMP user group information.

Show snmp host: show the display information configured by users.

Configuration

Examples

The following example shows an SNMP statistics:

Ruijie# show snmp

Chassis: 60FF60

0 SNMP packets input

0 Bad SNMP Version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

0 Trap PDUs

SNMP global trap: disabled

SNMP logging: disabled

SNMP agent: enabled


Related


snmp-server chassis-id Specifies the SNMP system serial number.

Platform

Description N/A

Command Reference IPv6 Commands

IPv6 Commands

clear ipv6 neighbors

Use this command to clear the dynamically learned neighbors.

clrear ipv6 neighbors [ vrf vrf-name ]


Description vrf-name VRF name

Defaults N/A

Command

Mode


Usage Guide This command can be used to clear all the neighbors dynamically learned by the neighbor

discovering. Note that the static neighbors will not be cleared.

Configuration

Examples

Ruijie# clear ipv6 neighbors

Command Description

ipv6 neighbor Configure the neighbor.

show ipv6 neighbors Show the neighbor information.

Related

Commands

Platform

Description

N/A

ipv6 address

Use this command to configure an IPv6 address for a network interface. Use the no form of this

command to delete the configured address.

ipv6 address ipv6-address/prefix-length

ipv6 address ipv6-prefix/prefix-length eui-64

ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]

no ipv6 address

no ipv6 address ipv6-address/prefix-length

no ipv6 address ipv6-prefix/prefix-length eui-64

no ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]



iipv6-prefix IPv6 address prefix in the format defined in RFC4291. The address

shall be in hex; the fields in the address shall be separated by comma,

and each field shall contain 16 bits.

ipv6-address IPv6 address in the format defined in RFC4291. The address shall be

in hex; the fields in the address shall be separated by comma, and

each field shall contain 16 bits.

prefix-length Length of the IPv6 prefix, the network address of the IPv6 address.

Description

prefix-name The general prefix name. Use the specified general prefix to generate

the interface address.

sub-bits The value of the sub-prefix bit and the host bit generates the interface

address combining with the general prefix. The value shall be in the

format defined in the RFC4291.

eui-64 The generated IPV6 address consists of the address prefix and the 64

bit interface ID

Defaults N/A

Command

Mode


Usage Guide When an IPv6 interface is created and the link status is UP, the system will automatically generate a

local IP address for the interface.

The IPv6 address could also be generated using the general prefix. That is, the IPv6 address consists

of the general prefix and the sub-prefix and the host bit. The general prefix could be configured using

the ipv6 general-prefix command or may be learned through the DHCPv6 agent PD (Prefix

Discovery) function (please refer to the DHCPv6 Configuration). Use the sub-bits/prefix-length

parameter of this command to configure the sub-prefix and the host bit.

If no deleted address is specified when using no ipv6 address, all the manually configured

addresses will be deleted.

no ipv6 address ipv6-prefix/prefix-length eui-64 can be used to delete the addresses configured with

ipv6 address ipv6-prefix/prefix-length eui-64.

Configuration

Examples

Ruijie(config-if)# ipv6 address 2001:1::1/64

Ruijie(config-if)# no ipv6 address 2001:1::1/64

Ruijie(config-if)# ipv6 address 2002:1::1/64 eui-64

Ruijie(config-if)# no ipv6 address 2002:1::1/64 eui-64


Commands N/A N/A

Platform

Description

N/A


ipv6 address autoconfig

Use this command to automatically configure an IPv6 stateless address for a network interface. Use

the no form of this command to delete the auto-configured address.

ipv6 address autoconfig[default]

no ipv6 address autoconfig


Description default (Optional) If this keyword is configured, a default routing is generated. Note that only

one layer3 interface on the entire device is allowed to use the default keyword

Defaults N/A

Command

Mode


Usage Guide The stateless automatic address configuration is that when receiving the RA (Route Advertisement)

message, the device could use the prefix information of the RA message to automatically generate

the EUI-64 interface address.

If the RA message contains the flag of the “other configurations”, the interface will obtain these “other

configurations” through the DHCPv6. The “other configurations” usually means the IPv6 address of

the DNS server, the IPv6 address of the NTP server, etc.

Use the no ipv6 address autoconfig command to delete the IPv6 address.

Configuration

Examples

Ruijie(config-if)# ipv6 address autoconfig default

Ruijie(config-if)# no ipv6 address autoconfig


Commands ipv6 address ipv6-prefix/prefix-length [eui-64] Configure the IPv6 address for the interface

manually.

Platform

Description

N/A

ipv6 enable

Use this command to enable the IPv6 function on an interface. Use the no form of this command to

disable this function.

ipv6 enable

no ipv6 enable


Description N/A N/A


Defaults Disabled.

Command

Mode


Usage Guide The IPv6 function of an interface can be enabled by configuring ipv6 enable or by configuring IPv6

address for the interface.

If an IPv6 address is configured for the interface, the IPv6 function will be enabled

automatically on the interface and cannot be disabled with no ipv6 enable.

Configuration

Examples

Ruijie(config-if)# ipv6 enable


Commands show ipv6 interface Show the related information of an interface.

Platform

Description

N/A

ipv6 general-prefix

Use this command to configure the IPv6 general prefix in the global configuration mode.

ipv6 general-prefix prefix-name ipv6-prefix/prefix-length

no ipv6 general-prefix prefix-name ipv6-prefix/prefix-length


prefix-name The general prefix name.

pv6-prefix The network prefix value of the general-prefix following the

format defined in RFC4291.

Parameter

Description

prefix-length The length of the general prefix.

Defaults N/A

Command

Mode


Usage Guide It is convenient to number the network by using the general prefix, which defines a prefix so that many

longer specified prefixes could refer to it. These specified prefixes are updated whenever the general

prefix changes. If the network number changes, just modify the general prefix.


A general prefix could contain multiple prefixes.

These longer specified prefixes are usually used for the Ipv6 address configuration on the interface.

Configuration

Examples

The following example configures manually a general prefix as my-prefix.

Ruijie(config)# ipv6 general-prefix my-prefix 2001:1111:2222::/48


Commands ipv6 address prefix-name

sub-bits/prefix-length

Configure the interface address using the general prefix.

show ipv6 general-prefix Show the general prefix.

Platform

Description

N/A

ipv6 hop-limit

Use this command to configure the default hop count to send unicast messages in the global

configuration mode.

ipv6 hop-limit value

no ipv6 hop-limit


Description N/A N/A

Defaults The default is 64.

Command

Mode


Usage Guide This command takes effect for the unicast messages only, not for multicast messages.

Configuration

Examples

Ruijie(config)# ipv6 hop-limit 100


Commands N/A N/A

Platform

Description

N/A

ipv6 nd dad attempts

Use this command to set the number of the NS packets to be continuously sent for IPv6 address


collision check on the interface. Use the no form of this command to restore it to the default setting.

ipv6

no


Description value

Number of the NS packets. If it is set to 0, it indicates that the IPv6

address collision check is disabled on the interface. The range is 0 to 600.

Defaults 1.

Command

Mode


Usage Guide When the interface is configured with a new IPv6 address, the address collision shall be checked

before the address is assigned to the interface, and the address shall be in the ”tentative” status. After

the address collision check is completed, if no collision is detected, the address can be used

normally; if collision is detected and the interface ID of the address is an EUI-64 ID, it indicates that

the link-layer address is repeated, and the system will automatically shut down the interface (that is,

to prohibit IPv6 operations on the interface). In this case, you shall modify and configure a new

address manually, and restart address collision check for the down/up interface. Whenever the state

of an interface changes from down to up, the address collision check function of the interface will be

enabled.

Configuration

Examples

Ruijie(config-if)# ipv6 nd dad attempts 3


Commands show ipv6 interface Show the interface information.

Platform

Description

N/A

ipv6 nd managed-config-flag

Use this command to set the “managed address configuration” flag bit of the RA message. Use the

no form of this command to remove the setting.

ipv6 nd managed-config-flag

no ipv6 nd managed-config-flag


Description N/A N/A

Defaults None.


Command

Mode Interface configuration mode.

Usage Guide This flag determines whether the host that receives the RA message obtains an IP address through

stateful auto configuration. If the flag is set, the host obtains an IP address through stateful auto

configuration, otherwise it does not be used.

Configuration

Examples

Ruijie(config-if)# ipv6 nd managed-config-flag



ipv6 nd other-config-flag Set the flag for obtaining all information except IP address

through stateful auto configuration.

Platform

Description

N/A

ipv6 nd ns-interval

Use this command to set the interval for the interface to retransmitting NS (Neighbor Solicitation). Use

the no form of this command to restore it to the default setting.

ipv6 nd ns-interval milliseconds

no ipv6 nd ns-interval


Description milliseconds Interval for retransmitting NS in the range of 1000 to 429467295 milliseconds

Defaults The default value in RA is 0 (unspecified); the interval for retransmitting NS is 1000ms(1s).

Command

mode


Usage Guide The configured value will be advertised through RA and will be used by the device itself. It is not

recommended to set a too short interval.

Configuration

Examples

Ruijie(conifig-if)# ipv6 nd ns-interval 2000



Platform

Description

N/A


ipv6 nd other-config-flag

Use this command to set “other stateful configuration” flag bit of the RA message. Use the no form of

this command to delete the flag bit.

ipv6 nd other-config-flag

no ipv6 nd other-config-flag


Description N/A N/A

Defaults The flag bit is not set by default.

Command

mode


Usage Guide With this flag bit set, the flag bit of the RA message sent by the device is set. After receiving this flag

bit, the host uses the dhcpv6 to acquire the information excluding the IPv6 address for the purpose of

automatic configuration. When the managed address configuration is set, the default other

stateful configuration is also set

Configuration

Examples

Ruijie(config-if)# ipv6 nd other-config-flag



Platform

Description

N/A

ipv6 nd prefix

Use this command to configure the address prefix included in the RA. Use the no form of this

command to delete the set prefix or restore it to the default setting.

ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ valid-lifetime preferred-lifetime ] | [ at valid-date

preferred-date ] | [infinite | preferred-lifetime ] ] [no-advertise] | [[ off-link ] [ no-autoconfig ] ]

no ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ off-link ] [ no-autoconfig ] |

[ no-advertise ] ]


ipv6-prefix IPv6 network ID following the format defined in RFC4291

prefix-length Length of the IPv6 prefix. “/” shall be added in front of the prefix

valid-lifetime Valid lifetime of the RA prefix received by the host

Parameter

Description

preferred-lifetime Preferred lifetime of the RA prefix received by the host


at valid-date preferred-date Set the dead line for the valid lifetime and that of the preferred

lifetime, in day, month, year, hour, minute.

infinite Indicate that the prefix is always valid.

default Set the default prefix.

no-advertise The prefix will not be advertised by the device.

off-link

When the host sends an IPv6 packet, if the prefix of the destination

address matches the set prefix, it is considered that the destination is

on-link and is directly reachable. If this option is set, it indicates that

the prefix is not used for on-link judgment.

no-autoconfig

Indicate that the RA prefix received by the host cannot be used for

auto address configuration.

Defaults By default, the advertised prefix is the one set with ipv6 address on the interface. The default

parameters of the prefix configured in the RA are as follows:

valid-lifetime: 2592000s (30 days)

preferred-lifetime: 604800s (7 days),

The prefix is advertised and is used for on-link judgment and auto address configuration.

Command

Mode


Usage Guide This command can be used to configure the parameters of each prefix, including whether to advertise

the prefix. By default, the prefix advertised in RA is the one set with ipv6 address on the interface. To

add other prefixes, use this command.

ipv6 nd prefix default

Set the default parameters to be used by the interface. If no parameter is specified for an added

prefix, the parameters set with ipv6 nd prefix default will be used. Note that after a parameter is

specified for the prefix, the default configuration will not be used. That is to say, the configuration of

the prefix cannot be modified with ipv6 nd prefix default; only the prefix that uses all the default

configurations can be modified with this command.

at valid-date preferred-date

The valid lifetime of a prefix can be specified in two ways. One way is to specify a fixed time for each

prefix in the RA; the other way is to specify the end time (in this mode, the valid lifetime of the prefix

sent in RA will be gradually reduced until the end time is 0).


Configuration

Examples

The following example adds a prefix for SVI 1.


Ruijie(conifig-if)# ipv6 nd prefix 2001::/64 infinite 2592000

The following example sets the default prefix parameters for SVI 1 (they cannot be used for auto

address configuration):


Ruijie(config-if)# ipv6 prefix default no-autoconfig

If no parameter is specified, the default parameters will be used, and the prefix cannot be used for

auto address configuration.


Commands show ipv6 interface Show the RA information of an interface.

Platform

Description

N/A

ipv6 nd ra-hoplimit

Use this command to set the hopcount of the RA message. Use the no form of this command to

restore it to the default setting.

ipv6 nd ra-hoplimit value

no ipv6 nd ra-hoplimit


Description value Hopcount


Command

Mode


Usage Guide It is used to set the hopcount of the RA message.

Configuration

Examples

Ruijie(config -if)# ipv6 nd ra-hoplimit 110

Command Description

show ipv6 interface Show the interface information.

ipv6 nd ra-lifetime Set the lifetime of the device.

Related

Commands

ipv6 nd ra-interval Set the interval of sending the RA message.

ipv6 nd ra-mtu Set the MTU of the RA message.


Platform

Description

N/A

ipv6 nd ra-interval

Use this command to set the interval of sending the RA. Use the no form of this command to restore it

to the default setting.

ipv6 nd ra-interval { seconds | min-max min_value max_value }

no ipv6 nd ra-interva l


seconds Interval of sending the RA message in seconds, 3-1800s.

min-max Maximum and minimum interval sending the RA message in seconds

min_value Minimum interval sending the RA message in seconds

Parameter

Description

max_value Maximum interval sending the RA message in seconds

Defaults 200s. The actual interval of sending the RA message will be fluctuated 20% based on 200s.

Command

Mode


Usage Guide If the device serves as the default device, the set interval shall not be longer than the lifetime of the

device. Besides, to ensure other devices along the link occupies network bandwidth while sending the

RA message, the actual interval for sending the RA message will be fluctuated 20% based on the set

value.

If the key word min-max is specified, the actual interval for sending the packet will be chosen

between the range of minimum value and maximum value.

Configuration

Examples

Ruijie(conifig-if)# ipv6 nd ra-interval 110

Ruijie(config-if)# ipv6 nd ra-interval min-max 110 120

Command Description



ipv6 nd ra-hoplimit Set the hopfcount of the RA message.

Related

Commands

ipv6 nd ra-mtu Set the MTU of the RA message.

Platform

Description

N/A


ipv6 nd ra-lifetime

Use this command to set the device lifetime of the RA sent on the interface. Use the no form of this

command to restore it to the default setting.

ipv6 nd ra-lifetime seconds

no ipv6 nd ra-lifetime


Description seconds Default life time of the device on the interface, 0-9000.

Defaults 1800s.

Command

Mode


Usage Guide The router lifetime field is available in each RA. It specifies the time during which the hosts along the

link of the interface can select the device as the default device. If the value is set to 0, the device will

not serve as the default device any longer. If it is not set to 0, it shall be larger than or equal to the

interval of sending the RA (ra-interval

Configuration

Examples

Ruijie(conifig-if)# ipv6 nd ra-lifetime 2000

Command Description


ipv6 nd ra-interval Set the interval of sending the RA.

ipv6 nd ra-hoplimit Set the hopcount of the RA.

Related

Commands

ipv6 nd ra-mtu Set the MTU of the RA.

Platform

Description

N/A

ipv6 nd ra-mtu

Use this command to set the MTU of the RA message. Use the no form of this command to restore it

to the default setting.

ipv6 nd ra-mtu value

no ipv6 nd ra-mtu


value MTU value, 0-4294967295.

Parameter

Description

Defaults IPv6 MTU value of the network interface.


Command

Mode


Usage Guide If it is specified as 0, the RA will not have the MTU option

Configuration

Examples

Ruijie(config -if)# ipv6 nd ra-mtu 1400




ipv6 nd ra-interval Set the interval of sending the RA message.

ipv6 nd ra-hoplimit Set the hopcount of the RA message.

Platform

Description

N/A

ipv6 nd reachable-time

Use this command to set the reachable time after the interface checks the reachability of the neighbor

dynamically learned through NDP. Use the no form of this command to restore it to the default

setting.

ipv6 nd reachable-time milliseconds

no ipv6 nd reachable-time


Description milliseconds Reachable time for the neighbor in the range 0 to 3600000 milliseconds.

Defaults The default value in RA is 0 (unspecified); the reachable time for the neighbor is 30000ms(30s) when

the device discovers the neighbor.

Command

Mode


Usage Guide The device checks the unreachable neighbor through the set time. A shorter time means that the

device can check the neighbor failure more quickly, but more network bandwidth and device resource

will be occupied. Therefore, it is not recommended to set a too short reachable time.

The configured value will be advertised through RA and will be used by the device itself. If the value is

set to 0, it indicates that the time is not specified, that is, the default value is used.

According to RFC4861, the actual time to reach neighbor is not consistent with the configured value,

ranging from 0.5*configured value to 1.5*configured value.

Configuration Ruijie(config-if)# ipv6 nd reachable-time 1000000


Examples



Platform

Description

N/A

ipv6 nd suppress-ra

Use this command to disable the interface from sending the RA message. Use the no form of this

command to enable the function.

ipv6 nd suppress-ra

no ipv6 nd suppress-ra


Description N/A N/A

Defaults The RA message is not sent on the IPv6 interface by default.

Command

Mode


Usage Guide This command suppresses the sending of the RA message on an interface.

Configuration

Examples

Ruijie(config-if)# ipv6 nd suppress-ra



Platform

Description

N/A

ipv6 neighbor

Use this command to configure a static neighbor. Use the no form of this command to remove the

setting.

ipv6 neighbor ipv6-address interface-id hardware-address

no ipv6 neighbor ipv6-address interface-id


Description ipv6-address IPv6 address of the neighbor. It must follow the address format defined


in RFC4291.

interface-id Network interface of the neighbor (including routed Port, L3 AP

interface, or SVI interface).

hardware-address Hardware address of the neighbor. It shall be a 48-bit MAC address in

the format of XXXX.XXXX.XXXX, where “X” is a hexadecimal number.

Defaults No static neighbor is configured.

Command

Mode


Usage Guide Similar to the ARP command, the static neighbor can only be configured on an IPv6 protocol enabled

interface.

If the neighbor to be configured has been learned through NDP and has been stored in the neighbor

list, the dynamically generated neighbor will be automatically switched to a static one. The configured

static neighbor is always in the Reachable status.

Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP.

Use show ipv6 neighbors to view the neighbor information.

Configuration

Examples

Ruijie(config)# ipv6 neighbor 2001::1 vlan 1 00d0.f811.1111

Command Description

show ipv6 neighbors Show the neighbor information.

Related

Commands

clear ipv6 neighbors Clear the neighbors learned dynamically.

Platform

Description

N/A

ipv6 ns-linklocal-src

Use this command to set the local address of the link as the source IP address to send neighbor

requests. When no ipv6 ns-linklocal-src is executed, the global IP address will be taken as the

source address to send neighbor requests.

ipv6 ns-linklocal-src

no ipv6 ns-linklocal-src


Description N/A N/A

Defaults The local address of the link is always used as the source address to send neighbor requests.

Command

Mode



Usage Guide None.

Configuration

Examples

Ruijie(config)# no ipv6 ns-linklocal-src


Commands N/A N/A

Platform

Description

N/A

ipv6 redirects

Use this command to control whether to send ICMPv6 redirect message when the switch receives

and forwards an IPv6 packet through an interface. Use the no form of this command to disable the

function.

ipv6 redirects

no ipv6 redirects


Description N/A N/A

Defaults The ICMPv6 redirect message is permitted to be sent on the IPV6 interface.

Command

Mode


Usage Guide The transmission rate of any ICMPv6 error message is limited. By default, it is 10pps.

Configuration

Examples

Ruijie(config-if)# ipv6 redirects



Platform

Description

N/A

ipv6 route

Use this command to configure an IPv6 static route. Use the no form of this command to remove the

setting.


ipv6 route [ vrf vrf-name ] ipv6-prefix/prefix-length {ipv6-address [ nexthop-vrf { vrf-name1 |

default } ] | interface-id [ ipv6-address [ nexthop-vrf { vrf-name1 | default } ] ] } [distance ] [ weight

number ]


Description ipv6-prefix

IPV6 network number following the format specified in RFC4291.

prefix-length: Length of the IPv6 prefix. “/” must be added in front of the prefix.

vrf-name

VRF in the routes, which must be the multi-protocol VRF with the IPv6 address

family configured.

ipv6-address

Next-hop IP address to the destination address. It shall be in the format defined in

RFC4291. The next-hop IP address and the next-hop outgoing interface can be

specified at the same time. Note that if the next-hop IP address is a link-local

address, the outgoing interface must be specified.

vrf-name1

VRF in the nexthop, which must be the multi-protocol VRF with the IPv6 address

family configured.

default The nexthop belongs to the global.

interface-id

The outgoing interface toward the destination network. If the static route is

configured with the outgoing interface but no next-hop address is specified, the

destination address will be considered on the link connected with the outgoing

interface; that is to say, the static route will be treated as a directly-connected

route. Note that if the destination network or next-hop address is a link-local

address, the outgoing interface must be specified.

Defaults N/A

Command

Mode


Usage Guide

If the destination IP address or next-hop IP address is a link-local IP address, the outgoing interface

must be specified; if the destination address is a link-local IP address, the next-hop must be also a

link-local IP address. When configuring a route, the destination IP address and the next-hop IP

address shall not be a multicast address. If both the next hop IP address and the outgoing interface

are specified, the outgoing interface of the direct route that matches the next hop shall be the same

as the configured outgoing interface. 2.

Configuration

Examples

Ruijie(config)# ipv6 route 2001::/64 vlan 1 2005::1


Commands show ipv6 route Show the IPv6 route information.

Platform

Description

N/A


ipv6 source-route

Use this command to forward the IPv6 packet with route header. The no form of this command

disables the forwarding.

ipv6 source-route

no ipv6 source-route


Description N/A N/A

Defaults Disabled.

Command

Mode


Usage Guide Because of the potential security of the header of type 0 route, it’s easy for the device to suffer from

the denial service attack. Therefore, forwarding the IPv6 packet with route header is disabled by

default. However, the IPv6 packet of route header with type 0 that destined to the local machine is

processed.

Configuration

Examples

Ruijie(config)# no ipv6 source-route


Commands N/A N/A

Platform

Description

N/A

ping ipv6

Use this command to diagnose the connectivity of the IPv6 network.

ping ipv6 [ ipv6-address ]


Description ipv6-address Destination IP address to be diagnosed.

Defaults N/A

Command

Mode


Usage Guide If no destination address is entered in the command, the user interaction mode is entered, and you


can specify the parameters. The following table shows the meanings of symbols returned by the ping

command:

Signs Meaning

! The response to each request sent is received.

. The response to the request sent is not received within a regulated time.

U The device has no route to the destination host.

R Parameter error.

F No system resource is available.

A The source IP address of the packet is not selected.

D The network interface is in the Down status, or the IPv6 function is disabled on the the

interface (for example, IP address collision is detected).

? Unknown error

Configuration

Examples

Ruijie# ping ipv6 fec0::1


Commands N/A N/A

Platform

Description

N/A

show ipv6 general-prefix

Use this command to show the information of the general prefix.

show ipv6 general-prefix


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to show the information of the general prefix including the manually configured

and learned from the DHCPv6 agent.

Configuration

Examples

The following example shows the information of the general prefix

Ruijie# show ipv6 general-prefix

There is 1 general prefix.


IPv6 general prefix my-prefix, acquired via Manual configuration

2001:1111:2222::/48

2001:1111:3333::/48


Commands ipv6 general-prefix Configure the general prefix.

Platform

Description

N/A

show ipv6 interface

Use this command to show the IPv6 interface information.

show ipv6 interface [ interface-id ] [ ra-info ]


interface-id Interface (including Ethernet interface, aggregate port, or SVI)

Parameter

Description

ra-info Show the RA information of the interface.

Defaults N/A v

Command

Mode


Usage Guide Use this command to show the address configuration, ND configuration and other information of an

IPv6 interface.

Configuration

Examples

Ruijie# show ipv6 interface vlan 1

Interface vlan 1 is Up, ifindex: 2001

address(es):

Mac Address: 00:00:00:00:00:01

INET6: fe80::200:ff:fe00:1 , subnet is fe80::/64

Joined group address(es):

ff01:1::1

ff02:1::1

ff02:1::2

ff02:1::1:ff00:1

INET6: 2001::1 , subnet is 2001::/64 [TENTATIVE]

Joined group address(es):

ff01:1::1

ff02:1::1

ff02:1::2

ff02:1::1:ff00:1


MTU is 1500 bytes

ICMP error messages limited to one every 10 milliseconds

ICMP redirects are enabled

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 30000 milliseconds

ND advertised reachable time is 0 milliseconds

ND retransmit interval is 1000 milliseconds

ND advertised retransmit interval is 0 milliseconds

ND router advertisements are sent every 200 seconds<240--160>

ND device advertisements live for 1800 seconds

The following line is included in the above information: 2001::1, subnet is 2001::/64 [TENTATIVE].

The flag bit in the [ ] following the INET6 address is explained as follows:

Flag Meaning

ANYCAST Indicate that the address is an anycast address.

TENTATIVE Indicate that the DAD is underway. The address is a tentative

before the DAD is completed.

DUPLICATED Indicate that a duplicate address exists.

DEPRECATED Indicate that the preferred lifetime of the address expires.

NODAD Indicate that no DAD is implemented for the address.

AUTOIFID Indicate that the interface ID of the address is automatically

generated by the system, which is usually an EUI-64 ID.

Ruijie# show ipv6 interface vlan 1 ra-info

vlan 1: DOWN

RA timer is stopped

waits: 0, initcount: 3

statistics: RA(out/in/inconsistent): 4/0/0, RS(input): 0

Link-layer address: 00:00:00:00:00:01

Physical MTU: 1500

ND device advertisements live for 1800 seconds

ND device advertisements are sent every 200 seconds<240--160>

Flags: !M!O, Adv MTU: 1500

ND advertised reachable time is 0 milliseconds

ND advertised retransmit time is 0 milliseconds

ND advertised CurHopLimit is 64

Prefixes: (total: 1)

fec0:1:1:1::/64(Def,Auto,vltime: 2592000, pltime: 604800, flags: LA)

Description of the fields in ra-info:

Field Meaning


RA timer is stopped (on) Indicate whether the RA timer is started.

waits Indicate that the RS is received but the number of the responses is

not available.

initcount Indicate the number of the RAs when the RA timer is restarted.

RA(out/in/ inconsistent)

out: Indicate the number of the RAs that are sent.

In: Indicate the number of the RAs that are received.

inconsistent: Indicate the number of the received RAs in which the

parameters are different from those contained in the RAs advertised

by the device.

RS(input) Indicate the number of the RSs that are received.

Link-layer address Link-layer address of the interface.

Physical MTU Link MTU of the interface.

!M | M !M indicates the managed-config-flag bit in the RA is not set.

M: Conversely

!O | O !O indicates the other-config-flag bit in the RA is not set.

O: Conversely

Description of the fields of the prefix list in ra-info:

Field Meaning

total The number of the prefixes of the interface.

fec0:1:1:1::/64 A specific prefix.

Def Indicate that the interfaces use the default prefix.

Auto | CFG

Auto: Indicate the prefix is automatically generated after the

interface is configured with the corresponding IPv6 address. CFG:

Indicate that the prefix is manually configured.

!Adv Indicate that the prefix will not be advertised.

vltime Valid lifetime of the prefix, measured in seconds.

pltime Preferred lifetime of the prefix, measured in seconds.

L | !L L: Indicate that the on-link in the prefix is set.

!L: Indicate that the on-link in the prefix is not set.

A | !A A: Indicate that the auto-configure in the prefix is set. !A: It indicates

that the auto-configure in the prefix is not set.


Commands N/A N/A

Platform

Description

N/A


show ipv6 neighbors

Use this command to show the IPv6 neighbors.

show ipv6 neighbors [ vrf vrf-name ] [ verbose ] [ interface-id ] [ ipv6-address ]

show ipv6 neighbors static


verbose Show the neighbor details.

static Show the validity status of static neighbors.

vrf-name VRF name

interface-id Show the neighbors of the specified interface.

Parameter

Description

ipv6-addres Show the neighbors of the specified IPv6 address.

Defaults N/A

Command

Mode


Usage Guide Show the neighbors on the SVI 1 interface:

Ruijie# show ipv6 neighbors vlan 1

IPv6 Address Linklayer Addr Interface

fa::1 00d0.0000.0002 vlan 1

fe80::200:ff:fe00:2 00d0.0000.0002 vlan 1

Show the neighbor details:

Ruijie# show ipv6 neighbors verbose

IPv6 Address Linklayer Addr Interface

2001::1 00d0.f800.0001 vlan 1

State: Reach/H Age: - asked: 0

fe80::200:ff:fe00:1 00d0.f800.0001 vlan 1

State: Reach/H Age: - asked: 0

Field Meaning

IPv6

Address IPv6 address of the Neighbor

Linklayer

Addr Link address, namely, MAC address. If it is not available, incomplete is displayed.

Interface Interface the neighbor locates.

State

State of the neighbor: state/H(R)

The values of STATE are as below:

INCMP (Incomplete): The address resolution of the neighbor is underway, the NS is

sent, but the NA is not received.


REACH (Reachable): The switch is connected with the neighbor. In this state, the

switch takes no additional action when sending packets to the neighbor.

STALE: The reachable time of the neighbor expires. In this state, the switch takes no

additional action; it only starts NUD (Neighbor Unreachability Detection) after a

packet is sent to the neighbor.

DELAY: A packet is sent to the neighbor in STALE state. If the STALE state changes

to DELAY, DELAY will be changed to PROBE if no neighbor reachability notification

is received within DELAY_FIRST_PROBE_TIME seconds (5s), the NS will be sent to

the neighbor to start NUD.

PROBE: The NUD is started to check the reachability of the neighbor. The NS

packets are sent to the neighbor at the interval of RetransTimer milliseconds until the

response from the neighbor is received or the number of the sent NSs hits

MAX_UNICAST_SOLICIT(3).

?: Unknown state.

/R—indicate the neighbor is considered as a device

/H: The neighbor is a host.

Age

The reachable time of the neighbor. ’-‘ indicates that the neighbor is always

reachable. Note that the reachability of a static neighbor depends on the actual

situation. ’expired’ indicates that the lifetime of the neighbor expires, and the

neighbor is waits for the triggering of NUD.

Asked The number of the NSs that are sent to the neighbor for the resolution of the link

address of the neighbor.

Configuration

Examples

Ruijie# show ipv6 neighbors


Commands ipv6 neighbor Configure a neighbor.

Platform

Description

N/A

show ipv6 route

Use this command to show the IPv6 route information.

show ipv6 route [ vrf vrf-name ] [ static | local | connected ]


static Show the static routes.

vrf-name VRF name

local Show the local routes.

Parameter

Description

connected Show the directly-connected routes.


Defaults N/A

Command

Mode


Usage Guide Use this command to view the routing table.

Configuration

Examples

Ruijie# show ipv6 route

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

I1 - ISIS L1, I2 - ISIS L2, IA - IIS interarea

L ::1/128

via ::1, loopback 0

C fa::/64

via ::, vlan 1

L fa::1/128

via ::, loopback 0

C 2001::/64

via ::, vlan 2

L 2001::1/128

via ::, loopback 0

L fe80::/10

via ::1, Null0

C fe80::/64

via ::, vlan 1

L fe80::200:ff:fe00:1/128

via ::, loopback 0

C fe80::/64

via ::, vlan 2


Commands ipv6 route Configure a static route.

Platform

Description

N/A

show ipv6 router

In the IPv6 network, some neighbor routers send out the advertisement messages. Use this

command to show the neighbor routers and the advertisement.

show ipv6 routers [ interface-type interface-number ]



Description interface-type

interface-number ( Optional ) Show the routing advertisement of the specified interface.

Defaults N/A

Command

Mode


Usage Guide Use this command to show the neighbor routers and the routing advertisement. If no interface is

specified, all the routing advertisement of this device will be displayed.

Configuration

Examples

The following example shows the IPv6 router

Ruijie# show ipv6 routers

Router FE80::2D0:F8FF:FEC1:C6E1 on VLAN 2, last update 62 sec

Hops 64, Lifetime 1800 sec, ManagedFlag=0, OtherFlag=0, MTU=1500

Preference=MEDIUM

Reachable time 0 msec, Retransmit time 0 msec

Prefix 6001:3::/64 onlink autoconfig

Valid lifetime 2592000 sec, preferred lifetime 604800 sec

Prefix 6001:2::/64 onlink autoconfig

Valid lifetime 2592000 sec, preferred lifetime 604800 sec


Commands N/A N/A

Platform

Description

N/A

tunnel destination

Use this command to specify the destination address for the tunnel. Use the no form of this command

to remove the setting.

tunnel destination { ipv4-address | ipv6-address }

no tunnel destination


ipv4-address Destination address of the tunnel, namely the IPv4 address in the

other side of the tunnel.

Parameter

Description

ipv6-address

Destination address of the tunnel. With the tunnel mode ipv6

configured, the destination address of the tunnel shall be the

IPv6 address. If the tunnel mode gre ipv6 is configured, the


destination address of the tunnel shall also be the IPv6 address.

Defaults The destination address encapsulated by the tunnel is not configured by default.

Command

Mode


Usage Guide A device shall not be configured multiple tunnels with the same encapsulation type, source address

and destination address.

Note: For auto tunnel 6to4 and isatap, the destination address shall not be configured.

Configuration

Examples

The following example configures an IPv6 manual tunnel.

Ruijie(config)# interface tunnel 1

Ruijie(config-if)# tunnel mode ipv6ip

Ruijie(config-if)# tunnel source vlan 1

Ruijie(config-if)# tunnel destination 192.168.5.1

Command Description

tunnel source Configure the source IP address of the tunnel.

tunnel mode Configure the mode of a tunnel.

Related

Commands

Tunnel ttl Configure the TTL of the tunnel.

Platform

Description

N/A

Command Reference DHCPv6 Relay Agent Commands

DHCPv6 Relay Agent Commands

show ipv6 dhcp relay destination

Use this command to display the destination addresses of the DHCPv6 Relay Agent.


Parameter


all Displays all destination addresses and interfaces.

interface interface-type

interface-number

Displays the destination addresses and interfaces configured for a


Defaults N/A

Command

Mode


Usage Guide You can use this command to check that DHCPv6 packets received by the DHCPv6 Relay interface

are forwarded to specified destination addresses.

Configuration

Examples

The following example displays the configuration of all destination addresses on the Relay Agent.

Ruijie# show ipv6 dhcp relay destination all

Interface: Vlan1 // Interface where DHCPv6 Relay is enabled

Destination address(es) Output Interface

3001::2

FF02::1:2 Vlan2

//Specify the destination address. //Specify the outbound interface.

Related


N/A N/A

Platform

Description N/A

show ipv6 dhcp relay statistics

Use this command to view the statistics on transmitted packets after DHCPv6 Relay is enabled on a

device.



Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide You can use this command to view the statistics on transmitted packets after DHCPv6 Relay is

enabled on the device.

Configuration

Examples

The following example queries DHCPv6 Relay Agent statistics.

Ruijie# show ipv6 dhcp relay statistics

Packets dropped : 2 //Discard packets that are not processed

Error : 2 //Discard error packets

Excess of rate limit : 0 //Discard excessive packets

Packets received : 28 //Count the received DHCPv6 packets

SOLICIT : 0

REQUEST : 0

CONFIRM : 0

RENEW : 0

REBIND : 0

RELEASE : 0

DECLINE : 0

INFORMATION-REQUEST : 14

RELAY-FORWARD : 0

RELAY-REPLY : 14

Packets sent : 16 //Count the sent DHCPv6 packets

ADVERTISE : 0

RECONFIGURE : 0

REPLY : 8

RELAY-FORWARD : 8

RELAY-REPLY : 0

Related


clear ipv6 dhcp relay statistics Clears the statistics.

Platform

Description N/A


clear ipv6 dhcp relay statistics

Use this command to clear the statistics on transmitted packets after DHCPv6 Relay is enabled on a

device.

clear ipv6 dhcp relay statistics

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide You can use this command to clear the statistics on transmitted packets after DHCPv6 Relay is

enabled on the device.

Configuration

Examples

The following example clears the statistics on DHCPv6 Relay Agent packets (all packets counts

become 0 after this command is executed).

Ruijie#clear ipv6 dhcp relay statistics

Related



Displays the statistics on DHCPv6 Relay

packets.

Platform

Description N/A

Command Reference DHCPv6 Commands

DHCPv6 Commands

dns-server

Use this command to set the DNS Server list information for the DHCPv6 Server. Use the no form of

this command to remove the configuration.

dns-server ipv6-address

no dns-server ipv6-address


Description ipv6-address Set the IPv6 address or the DNS server.

Defaults By default, no DNS server list is configured.

Command

Mode

DHCPv6 pool configuration mode.

Usage Guide To configure several DNS Server addresses, use the dns-server command for several times. The

newly-configured DNS Server address will not overwrite the former ones.

Configuration

Examples Ruijie(config-dhcp)# dns-server 2008:1::1


Commands domain-name Set the DHCPv6 domain name information.

ipv6 dhcp pool Set a DHCPv6 pool.

Platform

Description

N/A

domain-name

Use this command to set the domain name for the DHCPv6 server. Use the no form of this command

to remove the domain name.

domain-name domain

no domain-name domain


Description domain Set the domain name.

Defaults By default, no domain name is configured.


Command

Mode


Usage Guide To configure several domain names, use the domain-name command for several times. The

newly-configured domain name will not overwrite the former ones.

Configuration

Examples

Ruijie(config-dhcp)# domain-name example.com

Command Description

dns-server Set the DHCPv6 DNS server list.

Related

Commands

ipv6 dhcp pool Set the DHCPv6 pool.

Platform

Description

N/A

iana-address prefix

Use this command to set the IA_NA address prefix for the DHCPv6 Server. Use the no form of this

command to remove the IA_NA address prefix.

iana-address prefix ipv6-prefix/prefix-length [ lifetime { valid-lifetime | preferred-lifetime } ]

no iana-address prefix


ipv6-prefix/prefix-length Set the IPv6 prefix and prefix length.

lifetime

Set the lifetime of the address allocated to the client.

With the keyword lifetime configured, both parameters valid-lifetime

amd preferred-lifetime shall be configured.

valid-lifetime Set the valid lifetime of using the allocated address for the client.

Parameter

Description

preferred-lifetime Set the preferred lifetime of the address allocated to the client.

Defaults By default, no IA_NA address prefix is configured;

The default valid-lifetime is 3600s (1 hour).

The default preferred-lifetime is 3600s (1 hour).

Command

Mode


Usage Guide This command is used to set the IA_NA address prefix for the DHCPv6 Server, and allocate the

IA_NA address to the client.

The Server attempts to allocate a usable address within the IA_NA address prefix range to the client

upon receiving the IA_NA address request from the client. That address will be allocated to other

clients if the client no longer uses that address again.


Configuration

Examples

Ruijie(config-dhcp)# iana-address prefix 2008:50::/64 lifetime 2000

1000Ruijie(config-if)# ip verify urpf drop-rate notify

Command Description


Related

Commands

show ipv6 dhcp pool Show the DHCPv6 pool information.

Platform

Description

N/A

ipv6 dhcp client pd

Use this command to enable the DHCPv6 client and request for the prefix address information. Use

the no form of this command to disable the prefix address request

ipv6 dhcp client pd prefix-name [ rapid-commit ]

no ipv6 dhcp client pd


prefix-name Define the IPv6 prefix name.

rapid-commit Allow the simplified interaction process.

Parameter

Description

Defaults Disabled

Command

Mode


Usage Guide With the DHCPv6 client mode disabled, use this command to enable the DHCPv6 client mode on the

interface.

With the ipv6 dhcp client pd command enabled, the DHCPv6 client sends the prefix request to the

DHCPv6 server

The keyword rapid-commit allows the client and the server two-message interaction process. With

this keyword configured, the solicit message sent by the client includes the rapid-commit item.

Configuration

Examples

The following example shows how to enable the prefix information request on the interface:

Ruijie(config)# interface fastethernet 0/1

Ruijie(config-if)# ipv6 dhcp client pd pd_name


Commands clear ipv6 dhcp client

Reset the DHCPv6 client function on the

interface.

show ipv6 dhcp interface Show the DHCPv6 interface configuration.


Platform

Description

N/A

ipv6 dhcp pool

Use this command to set the DHCPv6 server pool. Use the no form of this command to remove the

information pool.

ipv6 dhcp pool poolname

no ipv6 dhcp pool poolname


Description poolname Define the DHCPv6 pool name.

Defaults By default, the DHCPv6 server information pool is not configured

Command

Mode


Usage Guide This command is used to create a DHCPv6 Server configuration pool. After configuring this

command, it enters the DHCPv6 pool configuration mode, in which the administrator can set the pool

parameters, such as the prefix and the DNS Server information, ect.

After creating the DHCPv6 Server configuration pool, use the ipv6 dhcp server command to

associate the pool and the DHCPv6 Server on one interface.

Configuration

Examples


Ruijie(config)# ipv6 dhcp pool pool1

Ruijie(config-dhcp)#


Commands ipv6 dhcp server

Enable the DHCPv6 server function on the

interface.


Platform

Description

N/A

ipv6 dhcp relay destination

Use this command to enable the DHCPv6 relay service and configure the destination address to

which the messages are forwarded. Use the no form of this command to delete the forwarding

address configuration or delete the output interface configuration of the forwarding address.

ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]

no ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]



ipv6-address Set the DHCPv6 relay destination address.

Parameter

Description

interface-type

interface-number

Specify the forwarding output interface if the forwarding address is

the local link address.

Defaults The relay and forward function is disabled, and the forwarding destination address and the output

interface are not configured.

Command

Mode


Usage Guide With the DHCPv6 relay service enabled on the interface, the DHCPv6 message received on the

interface can be forwarded to all configured destination addresses. Those received DHCPv6

messages can be from the client, or from another DHCPv6 relay service.

The forwarding output interface configuration is mandatory if the forwarding address is the local link

address or the multicast address. And the forwarding output interface configuration is optional if the

forwarding address is global or station unicast or multicast address.

Without the forwarding output interface configured, the interface is selected according to the unicast

or multicast routing protocol.

The relay reply message can be forwarded without the relay function enabled on the interface.

The DHCPv6 Relay Destination command can only be enabled on layer-3 interface.

When Destination is configured as multicast address, it must be followed by outgoing

interface ID.

Configuration

Examples

The following example shows how to set the relay destination address on the interface:


Ruijie(config-if)# ipv6 dhcp relay destination 2008:1::1

The following example specifies the destination as 3001::2 while enabling DHCPv6 Relay service on

the interface Interface VLAN1.



Ruijie(config)#interface vlan 1

Ruijie(config-if)#ipv6 dhcp relay destination 3001::2

Ruijie(config-if)#end


Commands show ipv6 dhcp interface Show the DHCPv6 interface information.

show ipv6 dhcp relay destination { all |

interface interface-type interface-number }

Show the destination address list of the current

Relay.


Platform

Description

N/A

ipv6 dhcp server

Use this command to enable the DHCPv6 server on the interface. Use the no form of this command

to disable this function.

ipv6 dhcp server poolname [ rapid-commit ] [ preference value ]

no ipv6 dhcp server


poolname Define the DHCPv6 pool name.

Parameter

Description

rapid-commit Allow to use the two-message interaction process.

preference value

Set the preference level for the advertise message. The valid range is

1-100 and the default value is 0.

Defaults Disabled

Command

Mode


Usage Guide Use the ipv6 dhcp server command to enable the DHCPv6 service.

Configuring the keyword rapid-commit allows the two-message interaction for the server and the

client when allocating the address prefix and setting other configurations. With this keyword

configured, if the client solicit message includes the rapid-commit item, the DHCPv6 Server will send

the Reply message immediately.

DHCPv6 Server carries with the preference value when sending the advertise message if the

preference level is not 0.

If the preference level is 0, the advertise message will not include this field. If the preference value is

255, the client sends the request message to the server to obtain the configurations.

DHCPv6 Client, Server and Relay functions are exclusive, and only one of the functions can be

configured on the interface.

Configuration

Examples


Ruijie(config-if)# ipv6 dhcp server pool1

Command Description


Related

Commands


Platform

Description

N/A


prefix-delegation

Use this command to set the static binding address prefix information for the DHCPv6 server. Use the

no form of this command to delete the address prefix information.

prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]

no prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]


ipv6-prefix/prefix-length Set the IPv6 address prefix and the prefix length.

client-DUID Set the client DUID.

Parameter

Description

lifetime Set the interval of using the prefix by the client.

Defaults By default, no address prefix information is configured.

Command

Mode


Usage Guide The administrator uses this command to manually set the address prefix information list for the client

IA_PD and set the valid lifetime for those prefixes.

The parameter client-DUID allocates the address prefix to the first IA_PD in the specified client.

Before receiving the request message for the address prefix from the client, DHCPv6 Server

searches for the corresponding static binding first. If it succeeds, the server returns to the static

binding; otherwise, the server will attempt to allocate the address prefix from other prefix information

sources.

Configuration

Examples

Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac

Command Description


ipv6 local pool Set a local prefix pool.

Related

Commands

prefix-delegation pool Specify the DHCPv6 local prefix pool.


Platform

Description

N/A

prefix-delegation pool

Use this command to specify the local prefix pool for the DHCPv6 server. Use the no form of this

command to remove the local prefix pool.

prefix-delegation pool poolname [ lifetime { valid-lifetime | preferred-lifetime } ]

no prefix-delegation pool poolname



Description poolname Set the local prefix pool name.

lifetime

Set the lifetime of the address prefix allocated to the client.

With the keyword lifetime configured, both parameters valid-lifetime and

preferred-lifetime shall be configured.

valid-lifetime Set the valid lifetime of using the allocated address prefix for the client.

preferred-lifetime Set the preferred lifetime of the address prefix allocated to the client.

Defaults By default, no address prefix pool is specified.

The default valid-lifetime is 3600s (1 hour).

The default preferred-lifetime is 3600s (1 hour).

Command

Mode


Usage Guide Use the prefix-delegation pool command to set the prefix pool for the DHCPv6 Server and allocate

the prefix to the client. Use the ipv6 local pool command to set the prefix pool.

The Server attempts to allocate a usable prefix from the prefix pool to the client upon receiving the

prefix request from the client. That prefix will be allocated to other clients if the client no longer uses

that prefix again.

Configuration

Examples

Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime 2000

1000

Command Description


ipv6 local pool Set a local prefix pool.

prefix-delegation Statically bind the client with the address prefix.

Related

Commands


Platform

Description

N/A

show ipv6 dhcp

Use this command to show the device DUID.

show ipv6 dhcp


Description N/A N/A

Defaults N/A


Command

Mode


Usage Guide The server, client and relay on the same device share a DUID.

Configuration

Examples

Ruijie# show ipv6 dhcp

This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0

Command Description

N/A N/A

Related

Commands

Platform

Description

N/A

show ipv6 dhcp binding

Use this command to show the address binding information for the DHCPv6 server.

show ipv6 dhcp binding [ ipv6-address ]


Description ipv6-address Set the IPv6 address or the prefix.

Defaults N/A

Command

Mode


Usage Guide If the ipv6-address is not specified, all prefixes dynamically assigned to the client and IANA address

binding information are shown. If the ipv6-address is specified, the binding information for the

specified address is shown.

Configuration

Examples

Ruijie# show ipv6 dhcp binding

Client DUID: 00:03:00:01:00:d0:f8:22:33:ac

IAPD: iaid 0, T1 1800, T2 2880

Prefix: 2001:20::/72

preferred lifetime 3600, valid lifetime 3600

expires at Jan 1 2008 2:23 (3600 seconds)


Commands N/A N/A

Platform

Description

N/A


show ipv6 dhcp conflict

Use this command to show the DHCPv6 address conflicts.

show ipv6 dhcp conflict


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show ipv6 dhcp conflict

2008:50::2 declined

2108:50::2 declined

2008:50::3 declined

2008:50::4 declined

2108:50::4 declined

2008:50::5 declined

Command Description

clear ipv6 dhcp conflict Clear address conflicts.

Related

Commands

Platform

Description

N/A

show ipv6 dhcp interface

Use this command to show the DHCPv6 interface information.

show ipv6 dhcp interface [ interface-name ]


Description interface-name Set the interface name.

Defaults N/A

Command

Mode


Usage Guide If the interface-name is not specified, all DHCPv6 interface information is shown. If the


interface-name is specified, the specified interface information is shown.

Configuration

Examples

Ruijie# show ipv6 dhcp interface

VLAN 1 is in server mode

Server pool dhcp-pool

Rapid-Commit: disable


Commands N/A N/A

Platform

Description

N/A

show ipv6 dhcp pool

Use this command to show the DHCPv6 pool information

show ipv6 dhcp pool [ poolname ]


Description poolname Define the DHCPv6 pool name.

Defaults N/A

Command

Mode


Usage Guide If the poolname is not specified, all DHCPv6 interface information is shown. If the poolname is

specified, the specified interface information is shown.

Configuration

Examples

Ruijie# show ipv6 dhcp pool

DHCPv6 pool: dhcp-pool

DNS server: 2011:1::1


Domain name: example.com


Commands N/A N/A

Platform

Description

N/A



Use this command to show the destination information about DHCPv6 Relay Agent.



description all

Show information about all configured destination addresses and

relay exits.

interface interface-type

interface-number

Show the relay destination address and relay exit configured for a


Defaults -

Command

mode

Privileged mode

Usage

guideline

Use this command to show the relay destination address to which DHCPv6 packets sent from a client

are forwarded through a specified relay exit (optional) by an interface for which the relay function has

been enabled by Relay Agent.

Examples The example below shows all the relay destination addresses.

Ruijie# show ipv6 dhcp relay destination all

Interface: Vlan1 //interface for which the relay function has been enabled

Destination address(es) Output Interface

3001::2

FF02::1:2 //specified destination address Vlan2 //specified

relay exit


commands N/A N/A

Platform

description

N/A


Use this command to show the packet sending and receiving condition with the DHCPv6 Relay

function enabled.



Description N/A. N/A.


Defaults N/A.

Command

Mode


Usage Guide N/A.

Configuration

Examples

Ruijie# show ipv6 dhcp relay statistics

Packets dropped : 2

Error : 2

Excess of rate limit : 0

Packets received : 28

SOLICIT : 0

REQUEST : 0

CONFIRM : 0

RENEW : 0

REBIND : 0

RELEASE : 0

DECLINE : 0

INFORMATION-REQUEST : 14

RELAY-FORWARD : 0

RELAY-REPLY : 14

Packets sent : 16

ADVERTISE : 0

RECONFIGURE : 0

REPLY : 8

RELAY-FORWARD : 8

RELAY-REPLY : 0


Commands clear ipv6 dhcp relay statistics Clear the statistical information.

Platform

Description

N/A

show ipv6 dhcp server statistics

Use this command to show the DHCPv6 server statistics.

show ipv6 dhcp server statistics


Description N/A N/A


Defaults N/A

Command

Mode


Usage Guide This command is used to show the DHCPv6 server statistics.

Configuration

Examples

Ruijie# show ipv6 dhcp server statistics

DHCPv6 server statistics:

Packet statistics:

DHCPv6 packets received: 7

Solicit received: 7

Request received: 0

Confirm received: 0

Renew received: 0

Rebind received: 0

Release received: 0

Decline received: 0

Relay-forward received: 0

Information-request received: 0

Unknown message type received: 0

Error message received: 0

DHCPv6 packet sent: 0

Advertise sent: 0

Reply sent: 0

Relay-reply sent: 0

Send reply error: 0

Send packet error: 0

Binding statistics:

Bindings generated: 0

IAPD assigned: 0

IANA assigned: 0

Configuration statistics:

DHCPv6 server interface: 1

DHCPv6 pool: 0

DHCPv6 iapd binding: 0


Commands ipv6 dhcp pool Set a DHCPv6 pool.


Platform

Description

N/A

Command Reference DHCPv6 Server Commands

DHCPv6 Server Commands

clear ipv6 dhcp binding

use the clear ipv6 dhcp binding command to delete a DHCPv6 binding. .

clear ipv6 dhcp binding [ipv6-address]


Description ipv6-address IPv6 address or prefix

Defaults N/A

Command


Function

Description

If you do not specify ipv6-address, all DHCPv6 bindings will be deleted. If you specify ipv6-address,

only the DHCPv6 binding for the specified IPv6 address will be deleted.

Configuration

Examples

The following example deletes a DHCPv6 binding.

Ruijie# clear ipv6 dhcp binding


Commands N/A N/A

Platform

Description N/A

dns-server

Use this command in DHCPv6 pool configuration mode to configure a DNS server list for the

DHCPv6 server.

Use the no form of this command to delete a DNS server list.

dns-server ipv6-address

no dns-server ipv6-address



Description ipv6-address IP address of a DNS server

Defaults No DNS server list is configured along with the DHCPv6 server configuration pool.

Command

Mode DHCPv6 pool configuration mode

Function

Description

You can use the dns-server command for multiple times to configure multiple DNS server

addresses. Old DNS server addresses will not be overwritten by new ones.

Configuration

Examples

The following example configures a DNS server address.

Ruijie(config-dhcp)# dns-server 2008:1::1


Commands domain-name Configures the domain name of the DHCPv6 server.

ipv6 dhcp pool Configures a DHCPv6 pool.

Platform

Description N/A

domain-name

Use this command in DHCPv6 pool configuration mode to configure the domain name of a

DHCPv6 server.

Use the no form of this command to delete a domain name.

domain-name domain

no domain-name domain


Description domain Domain name to be assigned to a user

Defaults No domain name is configured along with the DCHPv6 server configuration pool.

Command


Function

Description

You can use the domain-name command for multiple times to create multiple domain names. Old

domain names will not be overwritten by new ones.


Configuration

Examples

The following example creates a domain name.

Ruijie(config-dhcp)# domain-name example.com


Commands dns-server Configures a DNS server list for the DHCPv6 server.

ipv6 dhcp pool Configures a DHCPv6 pool.

Platform

Description N/A

iana-address prefix

Use this command to configure an IA_NA address prefix for a DHCPv6 server.

Use the no form of this command to delete an IA_NA address prefix.

iana-address prefix ipv6-prefix/prefix-length [lifetime {valid-lifetime | preferred-lifetime}]

no iana-address prefix


ipv6-prefix/prefix-length Prefix and prefix length of an IPv6 address

lifetime

Validity time of the address assigned to a client. This

keyword must be configured together with valid-lifetime

and preferred-lifetime.

valid-lifetime Remaining validity time of an address

Parameter

Description

preferred-lifetime Time, in which an address is preferentially assigned to a

client

Default

Configuration

The IA_NA address prefix is not configured by default.

The default value of valid-lifetime is 3600(s) (an hour).

The default value of preferred-lifetime is 3600(s) (an hour).

Command


Function

Description

You can use the iana-address prefix command to configure IA_NA address prefixes for a

DHCPv6 server, some of which are assigned to clients.

When receiving an IA_NA address request from a client, the DHCPv6 server selects an available

address according to the IA_NA address prefix range to the client. When the client does not use

this address, the DHCPv6 server assigns the address to another client.


Configuration

Examples

The following example configures an IA_NA address prefix for the DHCPv6 server.

Ruijie(config-dhcp)# iana-address prefix 2008:50::/64 lifetime 2000 1000


Commands ipv6 dhcp pool Configures a DHCPv6 pool.

show ipv6 dhcp pool Displays the information of the DHCPv6 pool

Platform

Description N/A

ipv6 dhcp server

Use this command to enable the DHCPv6 server service on an interface.

Use the no form of this command to disable the DHCPv6 server service on the interface.

ipv6 dhcp server poolname [rapid-commit] [preference value]

no ipv6 dhcp server


poolname Name of a DHCPv6 pool

rapid-commit Two-message interaction permitted

Parameter

Description

preference value Priority of an advertise message. The value range is 1 to

100, with 0 as the default value.

Default

Configuration The DHCPv6 server service is disabled by default.

Command

Mode Interface configuration mode

Function

Description

Use the ipv6 dhcp server command to enable the DHCPv6 service on an interface.

When the rapid-commit keyword is configured, two-message interaction with a client is permitted

when address prefixes or other configuration is being allocated. If the Solicit packet from a client

contains the rapid-commit option, the DHCPv6 server will respond with a Reply message directly.

When preference is set to a non-zero value, the advertise message sent by the DHCPv6 server

will contain the preference option. The preference option determines whether a DHCPv6 server will

be selected. If an advertise message does not contain this option, the client regards that the

preference of the DHCPv6 server is 0. If the preference of a DHCPv6 server is 255, the client

directly sends a request message to the server.

The DHCPv6 Client, Server, and Relay are mutually exclusive. An interface can work only in one


mode at the same time.

Configuration

Examples

The following example configures the DHCPv6 Server service on an interface.


Ruijie(config-if)# ipv6 dhcp server pool1



show ipv6 dhcp interface Displays the DHCPv6 interface information.

Platform

Description N/A

ipv6 dhcp pool

Use this command to configure a DHCPv6 server configuration pool.

Use the no form of this command to delete a configuration pool.

ipv6 dhcp pool poolname

no ipv6 dhcp pool poolname


Description poolname Name of a DHCPv6 pool

Default

Configuration No DHCPv6 server configuration pool is configured by default.

Command


Function

Description

You can use the ipv6 dhcp pool command to create a DHCPv6 server configuration pool. After

using this command, you may enter DHCPv6 pool configuration mode, in which you can set the

pool parameters such as the prefix and DNS server.

After creating a DHCPv6 server configuration pool, you can use the ipv6 dhcp server command to

associate the pool with the DHCPv6 Server service on an interface.

Configuration

Examples

The following example creates a DHCPv6 server configuration pool.


Ruijie(config)# ipv6 dhcp pool pool1

Ruijie(config-dhcp)#



Commands ipv6 dhcp server Enables the DHCPv6 Server service on an interface.

show ipv6 dhcp pool Displays the information of the DHCPv6 pool.

Platform

Description N/A

prefix-delegation

Use this command to configure the address prefix for a static binding on the DHCPv6 server.

Use the no form of this command to delete an address prefix.

prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]

no prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]


ipv6-prefix/prefix-length Prefix and prefix length of an IPv6 address

client-DUID DUID of a client

Parameter

Description

lifetime Time interval, at which a client is delegated to use a prefix

Default

Configuration No address prefix is configured by default.

Command


Function

Description

You can use the prefix-delegation command to manually configure a prefix list for an IA_PD of a

client and specify the validity time of these prefixes.

The client-DUID parameter specifies the client, to which an address prefix is assigned. The

address prefix will be assigned to the first IA_PD of the client.

When receiving a request for a prefix from a client, the DHCPv6 server queries whether the

corresponding static binding exists. If the static binding exists, the DHCPv6 server returns it to the

client; otherwise, the DHCPv6 server assigns an address prefix to the client.

Configuration

Examples

The following example configures an address prefix for a client.

Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac




ipv6 local pool Configures a local prefix pool.

prefix-delegation pool Assigns a local prefix pool for a DHCPv6 client.


Platform

Description N/A

prefix-delegation pool

Use this command to specify a local prefix pool for a DHCPv6 server.

Use the no form of this command to delete a local prefix pool.

prefix-delegation pool poolname [lifetime {valid-lifetime | preferred-lifetime}]

no prefix-delegation pool poolname


poolname Name of a user-defined local prefix pool

lifetime

Validity time of the prefix assigned to a client. This keyword

must be configured together with valid-lifetime and

preferred-lifetime.

valid-lifetime Remaining validity time of a prefix

Parameter

Description

preferred-lifetime Time, in which a prefix is preferentially assigned to a client

Default

Configuration

No address prefix pool is configured by default.

The default value of valid-lifetime is 3600(s) (an hour).

The default value of preferred-lifetime is 3600(s) (an hour).

Command


Function

Description

You can use prefix-delegation pool command to configure a prefix pool for a DHCPv6 server.

Then the DHCPv6 server assigns prefixes to clients. The ipv6 local pool command is used to

configure a prefix pool.

When receiving a prefix request from a client, the DHCPv6 server selects an available prefix from

the prefix pool and assigns it to the client. When the client does not use this prefix, the DHCPv6

server assigns the prefix to another client.

Configuration

Examples

The following example configures a prefix pool for a DHCPv6 server.

Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime


2000 1000



ipv6 local pool Configures a local prefix pool.

prefix-delegation Statically binds an address prefix for a client.


Platform

Description N/A

show ipv6 dhcp

Use this command to display the DUID of a device.

show ipv6 dhcp


Description N/A N/A

Defaults N/A

Command


Function

Description The DHCPv6 server, client, and relay on the same device share a DUID.

Configuration

Examples

The following example displays the DUID of a device.

Ruijie# show ipv6 dhcp

This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0


Commands N/A N/A

Platform

Description N/A


show ipv6 dhcp binding

Use this command to display the address bindings of a DHCPv6 server.

show ipv6 dhcp binding [ipv6-address]


Description ipv6-address IPv6 address or prefix

Default

Configuration N/A

Command


Function

Description

If you do not specify ipv6-address, all the prefixes dynamically assigned to clients and IANA

address bindings are displayed. If you specify ipv6-address, only the DHCPv6 binding for the

specified IPv6 address will be displayed.

Configuration

Examples

The following example displays DHCPv6 bindings.

Ruijie# show ipv6 dhcp binding

Client DUID: 00:03:00:01:00:d0:f8:22:33:ac

IAPD: iaid 0, T1 1800, T2 2880

Prefix: 2001:20::/72

preferred lifetime 3600, valid lifetime 3600

expires at Jan 1 2008 2:23 (3600 seconds)


Commands N/A N/A

Platform

Description N/A

show ipv6 dhcp interface

Use this command to display the DHCPv6 interface information.

show ipv6 dhcp interface [interface-name]



Description interface-name Interface name

Default

Configuration N/A

Command


Function

Description

If you do not specify interface-name, all DHCPv6 interfaces will be displayed. If you specify

interface-name, only information of the specified interface will be displayed.

Configuration

Examples

The following example displays DHCPv6 interfaces.

Ruijie# show ipv6 dhcp interface

VLAN 1 is in server mode

Server pool dhcp-pool

Rapid-Commit: disable


Commands N/A N/A

Platform

Description N/A

show ipv6 dhcp pool

Use this command to display the DHCPv6 pool information.

show ipv6 dhcp pool [poolname]


Description poolname Name of a DHCPv6 pool

Default

Configuration N/A

Command


Function If you do not specify poolname, all DHCPv6 pools will be displayed. If you specify poolname, only


Description information of the specified pool will be displayed.

Configuration

Examples

The following example displays DHCPv6 pools.

Ruijie# show ipv6 dhcp pool

DHCPv6 pool: dhcp-pool



Domain name: example.com



Platform

Description N/A

Command Reference Port-based Flow Control Commands

Port-based Flow Control Commands

arp-check

Use this command to enable the ARP check function to avoid arp-spoofing in the network. Use the no

form of this command to disable the ARP check function.

arp-check

no arp-check

Parameter


arp-check Enables the ARP check function.

Defaults The ARP check function on the interface is disabled by default.

Command

Mode

Interface configuration mode and WLANSEC configuration mode.

Usage Guide Firstly, the ARP check function generates the trusted user information (IP or IP+MAC). Then it checks

whether the Sender IP field or the <Sender IP, Sender MAC> field of all ARP packets on the logic

interface matches with the trusted user information, and the ARP packets that not match with the

trusted user information will be discarded.

Configuration

Examples

The following example shows how to enable the ARP check function in interface configuration mode:


Ruijie(config-if)# switchport port-security

The following example shows how to enable the ARP check function in WLANSEC configuration

mode:


Ruijie(config-wlansec)#arp-check

Related


show arp-check list Displays the ARP check entries.

Platform

Description

N/A.

show arp-check list

Use this command to show the ARP check entries.

Command Reference Port-based Flow Control Commands

show interface { interface-type interface-number } arp-check list

Parameter


interface-type

interface-number

Displays the ARP check entries of a designated interface.

Defaults N/A

Command

Mode


Usage Guide If the parameter is not specified, all ARP check entries will be displayed.

Configuration

Examples

The following example shows how to display the ARP check entries on the interface:

Ruijie#show interfaces arp-check list:

Interface Sender MAC Sender IP Policy Source

---------- -------------- --------------- --------------------

Gi 0/1 00D0.F800.0003 192.168.1.3 address-bind

The following example shows how to display the ARP check entries in the WLANSEC configuration

mode:

Ruijie#show interfaces arp list

Interface Sender MAC Sender IP Policy Source

---------- -------------- --------------- --------------------

WLAN 1 0026.c79f.6e4c 172.168.131.1 web-auth

Related


arp-check Enables the ARP check function.

Platform

Description

N/A

Command Reference 802.1X Commands

802.1X Commands

dot1x auto-req

Use this command to configure 802.1X active authentication function in the global configuration

command. The no form of this command disables the automatic authentication function.

dot1x auto-req

no dot1x auto-req

Parameter


N/A N/A

Defaults Enabled

Command

Mode


Usage Guide This command is used to actively initiate 802.1x authentication on the device. Use the show dot1x

auto-req command to view the setting of this function.

Configuration

Examples

The following example sets the device to automatically initiate 802.1x authentication:


Ruijie(config)# dot1x auto-req

Ruijie(config)# end

Ruijie(config)# show dot1x auto-req

Auto-Req: Enabled

User-Detect : Enabled

Packet-Num : 0

Req-Interval: 30 Second

Related


show dot1x auto-req

Shows the automatic authentication request

information.

Platform

Description

N/A


dot1x auto-req packet-num

Use this command to set the number of authentication request messages that the device

automatically sends. The no form is used to specify the default value.

dot1x auto-req packet-num num

no dot1x auto-req packet-num

Parameter


num

Number of authentication request messages that the device sends

automatically.

Defaults num = 0; namely the packets are sent continuously

Command

Mode


Usage Guide Use the show dot1x auto-req command to view the setting of this function.

Configuration

Examples

The following example sets the device to automatically initiate 802.1x authentication continuously:


Ruijie(config)# dot1x auto-req packet-num 0

Ruijie(config)# end

Ruijie# show dot1x auto-req

Auto-Req: Enabled


Packet-Num : 0


Related


show dot1x auto-req

Shows the automatic authentication request

information.

Platform

Description

N/A


dot1x auto-req req-interval

Use this command to set the interval of sending authentication request messages. The no form is

used to specify the default value

dot1x auto-req req-interval interval

no dot1x auto-req req-interval

Parameter


interval

The time interval of actively sending authentication request

messages by the device, in second.

Defaults 30 seconds

Command

Mode



Configuration

Examples

The following example sets the time interval of sending authentication request message to 60s:


Ruijie(config)# dot1x auto-req req-interval 60

Ruijie(config)# end


Auto-Req: Enabled


Packet-Num : 0


Related


show dot1x auto-req Shows the authentication request information.

Platform

Description

N/A

dot1x auto-req user-detect

Use this command to disable the device to send authentication request message after receiving the

response. The no form is used to specify the default value.


dot1x auto-req user-detect

no dot1x auto-req user-detect

Parameter


N/A N/A

Defaults Enabled

Command

Mode



Configuration

Examples

The following example sets the device to stop sending authentication request messages after the

user gets on line:


Ruijie(config)# dot1x auto-req user-detect

Ruijie(config)# end


Auto-Req: Enabled


Packet-Num : 0


Related


show dot1x auto-req Shows the authentication request information.

Platform

Description

N/A

dot1x timeout quiet-period

Use this command to set the time (in seconds) for the device to wait before reauthentication after the

authentication failure (for example, incorrect authentication password). Use the no form of the

command to restore it tothe default setting.

dot1x timeout quiet-period seconds

no dot1x timeout quiet-period

Parameter


seconds Time (in seconds) for the device to wait before reauthentication after


the authentication failure The range is from 0 to 65535, in seconds.


Command

Mode


Usage Guide When authentication fails, the solicitator must wait for a period of time before reauthentication.

Configuration

Examples

The following example sets the time for waiting re-authentication to 1000s:


Ruijie(config)# dot1x timeout quiet-period 1000

Ruijie(config)# end

Ruijie# show dot1x

802.1X Status: Enabled

Authentication mode: EAP-MD5

Authed User Number: 0

Re-authen Enabled: Disabled

Re-authen Period: 3600 sec

Quiet Timer Period: 1000 sec

Tx Timer Period: 3 sec

Supplicant Timeout: 3 sec

Server Timeout: 5 sec

Re-authen Max: 3 times

Maximum Request: 3 times

Filter Non-RG Supp: Disabled

Client Oline Probe: Disabled

Eapol Tag Enable: Disabled

Authorization Mode: Group Server

Related


show dot1x Shows the information about 802.1x.

Platform

Description

N/A

dot1x timeout re-authperiod

Use this command to set re-authentication interval when re-authentication is enabled. Use the no

form of the command to restore it to the default value.

dot1x timeout re-authperiod seconds


no dot1x timeout re-authperiod

Parameter


seconds Period of authentication. The range is from 0 to 65535 seconds.

Defaults 3600 seconds

Command

Mode


Usage Guide Use show dot1x command to show the 802.1X configuration.

Configuration

Examples

The following example sets the period of re-authentication to 1000s:


Ruijie(config)# dot1x timeout re-authperiod 1000

Ruijie(config)# end

Ruijie# show dot1x


Authentication mode EAP-MD5














Related



Platform

Description

N/A


dot1x timeout server-timeout

Use this command to set the authentication timeout between the device and the authentication

server. Use the no form of the command to restore it to the default setting.

dot1x timeout server-timeout seconds

no dot1x timeout server-timeout

Parameter


seconds

Authentication timeout between the device and the authentication

server. The range is 0 to 65535 seconds.

Defaults 5 seconds.

Command

Mode


Usage Guide Use the show dot1x command to show 802.1X configuration.

Configuration

Examples

The following example sets the authentication timeout of the authentication server to 10s:


Ruijie(config)# dot1x timeout server-timeout 10

Ruijie(config)# end

Ruijie# show dot1x
















Related




Platform

Description

N/A

dot1x timeout supp-timeout

Use this command to set the authentication timeout between the device and the supplicant. Use the

no form of the command to restore it to the default setting.

dot1x timeout supp-timeout seconds

no dot1x timeout supp-timeout

Parameter


seconds

Authentication timeout between the device and the supplicant The

range is from 0 to 65535 seconds.

Defaults 3 seconds.

Command

Mode



Configuration

Examples

The following example sets the authentication timeout between the device and

the supplicant to 10s:


Ruijie(config)# dot1x timeout supp-timeout 10

Ruijie(config)# end

Ruijie# show dot1x


Authentication Mode: EAP-MD5















Related



Platform

Description

N/A

dot1x timeout tx-period

Use this command to set the interval of transmitting packets after the maximum number of

retransmission times is configured. Use the no form of the command to restore it to the default

setting.

dot1x timeout tx-period seconds

no dot1x timeout tx-period

Parameter


seconds

Authentication timeout between the device and the supplicant The

range is from 0 to 65535 seconds.

Defaults 3 seconds.

Command

Mode



Configuration

Examples

The following example sets the interval of retransmission to 10s:


Ruijie(config)# dot1x timeout tx-period 10

Ruijie(config)# end

Ruijie# show dot1x

















Related



Platform

Description

N/A

dot1x re-authentication

Use this command to enable periodic re-authentication. Use the no form of the command to restore it

to the the default setting.

dot1x re-authentication

no dot1x re-authentication

Parameter


N/A N/A

Defaults By default, it is not required to re-authenticate the supplicant periodically.

Command

Mode


Usage Guide This command will reauthenticate the supplicant periodically after he passes the authentication. Use

show dot1x command to show 802.1X configuration.

Configuration

Examples

The following example enables the re-authentication function:


Ruijie(config)# dot1x re-authentication

Ruijie(config)# end

Ruijie# show dot1x





Re-authen Enabled: Enabled












Related



Platform

Description

N/A

dot1x reauth-max

Use this command to set the maximum number of supplicant reauthentication. Use the no form of

the command to restore it to the default value.

dot1x reauth-max count

no dot1x reauth-max

Parameter


count Maximum number of re-authentications


Command

Mode


Usage Guide Use this command to specify the maximum number of supplicant reauthentications. Use show dot1x

command to show 802.1X configuration.

Configuration

Examples

The following example sets the maximum number of re-authentications:



Ruijie(config)# dot1x reauth-max 5

Ruijie(config)# end

Ruijie# show dot1x




Re-authen Enabled: Enable












Related



Platform

Description

N/A

dot1x authentication

In case the AAA is enabled, the authentication with the AAA server must be performed for logon.

Use this command to associate logon authentication method list. The no form of this command is

used to delete the logon authentication method list.

dot1x authentication {default | list-name}

no dot1x authentication {default | list-name}

Parameter


default Name of the default authentication method list

list-name Name of the method list available

Defaults If AAA is enabled, the AAA service is used for login authentication by default.

Command

Mode



Usage Guide If the AAA security server is enabled, this command is used for the login authentication with the

specified method list.

Configuration

Examples

The following command demonstrates how to associate a method list on the interface and use group

radius for authentication.



Ruijie(config)# aaa authentication dot1x default group radius

Ruijie(config)# interface fastEthernet0/1

Ruijie(config-if)# dot1x authentication default

Ruijie(config-if)# end

Ruijie#

Related


aaa new-model Enables the AAA security service.

aaa authentication dot1x

Configures the logon authentication method

list.

Platform

Description

N/A

dot1x auth-mode

Use this command to specify the 802.1x authentication mode.

dot1x auth-mode {eap-md5 | chap | pap}

no dot1x auth-mode

Parameter


eap-md5 Uses EAP-MD5 for authentication.

chap Uses CHAP for authentication.

pap Uses PAP for authentication.

Defaults EAP-MD5 mode.

Command

Mode


Usage Guide Use the show dot1x command to show the 802.1X configurations.


Configuration

Examples

This example shows how to configure the 802.1X authentication mode:


Ruijie(config)# dot1x auth-mode chap

Ruijie(config)# end

Ruijie#

Related



Platform

Description

N/A

dot1x default

Use this command to restore part of 802.1x parameters to the default value.

dot1x default }

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use the show dot1x command to show the 802.1X configurations.

Configuration

Examples

The following example sets the default parameters of 802.1x:


Ruijie(config)# dot1x default

Ruijie(config)# end

Ruijie# end

Related



Platform N/A


Description

dot1x dhcp-before-acct enable

Use this command to enable the accounting function after the IP address is obtained in global

configuration mode. Use the no form of this command to restore the default settings.

dot1x dhcp-before-acct enable

no dot1x dhcp-before-acct enable

Parameter


N/A N/A


Command

Mode


Usage Guide Use the show running-config command to view the setting.

Configuration

Examples

The following example only uses a private client :

Ruijie# configure t

Ruijie(config)# dot1x dhcp-before-acct enable

Ruijie(config)# end

Ruijie#

Related



Platform

Description

N/A

dot1x dhcp-before-acct timeout time

Use this command in global configuration mode to configure the timeout period of the accounting

function which is enabled after the IP address is obtained. Use the no form of this command to

restore the default settings.

dot1x dhcp-before-acct timeout time

no dot1x dhcp-before-acct timeout


Parameter


time Timeout time, 5 minutes by default.

Defaults The timeout time is 5 minutes by default. This function takes effect when the accounting function is

enabled after the IP address is obtained.

Command

Mode


Usage Guide Use the show running-config command to view the setting.

Configuration

Examples

The following settings use a private client only:

Ruijie# configure t

Ruijie(config)# dot1x dhcp-before-acct timeout 1

Ruijie(config)# end

Ruijie#

Related


show running-config Views the settings.

Platform

Description

N/A

dot1x max-req

During interaction between the dot1x and the server, the dot1x will send a request to the server

again if it does not receive a response from the server within a certain period of time. Use this

command to set the maximum number of authentication requests sent to the server. Use the no form

of the command to restore it to the default value.

dot1x max-req count

no dot1x max-req

Parameter


count Maximum number of authentication requests sent to the server.


Command

Mode


Usage Guide Use the show dot1x command to show the 802.1X configuration.


Configuration

Examples

The following example demonstrates how to set the maximum number of authentication requests to

7:


Ruijie(config)# dot1x max-req 7

Ruijie(config)# end

Ruijie#

Related



Platform

Description

N/A

dot1x offline-detect

The low flow detect is used to detect whether the flow of the terminal is lower than the designated

threshold value. If it is, the terminal is logged out. By default, this function is enabled. The default

detect time is 15 minutes and the detect flow is 0 byte. Use the no option of this command to restore

the setting as the default value.

dot1x offline-detect flow interval val flow num

no dot1x offline-detect

Parameter


val This parameter detects the period.

num This parameter detects the threshold value.

Defaults The default values are 15 minutes and 0 byte.

Command

Mode

Global configuration mode and WLANSEC configuration mode.

Usage Guide By default, this function is enabled. It is helpful to solve wrong fee-deduction problems due to

abnormal terminal offline.

Configuration

Examples

The following example demonstrates how to set the 802.1x flow detect:


Ruijie(config)# wlansec 1

Ruijie(config-wlansec)dot1x offline-detect interval 10 flow 10

Ruijie(config-wlansec)# end



Commands


Platform

Description

N/A

dot1x redirect url

Use this command to set the redirect url. Before the 802.1x authentication success/failure for the

terminal user, if the browser is used to access the network, the switch will redirect the URL accessed

by the user to the configured URL, which is began with http://, take http://ruijie.net/web for example.

It is worth mentioning that only http:// is supported and only one redirection address can be

configured. The latter url address will cover the former one. Use the no form of this command to

delete the redirect url address.

dot1x redirect url [url-string]

no dot1x redirect url

Parameter


url-string The URL address.

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example redirects the network address: ruijie.net/web:


Ruijie(config)# dot1x redirect url http://ruijie.net/web

Related


dot1x redirect for special tcp-destination port

Sets the specific destination port and redirect

the web request for the destination IP.

dot1x redirect time-out

Sets the timeout time maintaining the redirect

connection.

dot1x redirect num for special source-ip

Sets the allowed number of redirect connection

of the same source.

show dot1x Shows the dot1x redirection information.

Platform N/A


Description


Use this command to set the specific destination port and redirect the web request for the destiantion

IP. Except for the port number 80 and 8080, up to 16 TCP destination ports are supported. Use the

no form of this command to delete the configured redirect port numbers.

dot1x redirect for special tcp-destination port port num

no dot1x redirect for special tcp-destination port port num

Parameter


port-num TCP destination port number.

Defaults The default TCP destination port number is 80 and 8080.

Command

Mode


Usage Guide The valid TCP port number range is 1-65535.

Configuration

Examples

The following example sets the redirect tcp destination port as 8443:


Ruijie(config)# dot1x redirect for special tcp-destination port 8443

Related


dot1x redirect url Sets the redirect url address.



connection.



of the same source.


Platform

Description

N/A


Use this command to set the timeout time maintaining the redirect connection. Use the no form of

this command to restore to the default value.


dot1x redirect time-out port time-out-interval

no dot1x redirect time-out port

Parameter


time-out-interval The timeout time, in seconds. The valid range is 1-10s.


Command

Mode


Usage Guide N/A

Configuration

Examples

The following example set the redirect timeout time as 5s:

Ruijie(config)# dot1x redirect time-out 5

Related








of the same source.


Platform

Description

N/A


Use this command to set the allowed number of redirect connection of the same source. Use the no

form of this command to restore to the default value.

dot1x redirect num for special source-ip num

no dot1x redirect num for special source-ip

Parameter


num The redirect connection number. The valid range is 1-10.



Command

Mode


Usage Guide N/A

Configuration

Examples

The following example set the redirect connection number as 3:

Ruijie(config)# dot1x redirect num for special source-ip 3

Related








connection.


Platform

Description

N/A

show dot1x

Use this command to display the information about 802.1x setting.

show dot1x

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about 802.1x: Ruijie# show dot1x


Authentication Mode: EAP-MD5















Ruijie#

Related


dot1x auth-mode Sets the 802.1x authentication mode.

dot1x max-req

Sets the maximum number of authentication

request retransmissions.

dot1x port-control auto Sets the port to participate in authentication.

dot1x reauth-max

Sets the maximum number of the supplicant

re-authentications.

dot1x re-authentication Sets the re-authentication attribute.


Sets the time the device waits before

reauthentication.


Sets the re-authentication period for the

supplicant.


Sets the authentication timeout between the

device and authentication server.



device and the supplicant.

dot1x timeout tx-period Sets the retransmission period.

Platform

Description

N/A

show dot1x auto-req

Use this command to show the configuration information of automatic 802.1x authentication.

show dot1x auto-req


Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about automatic 802.1x authentication:


Auto-Req: Disabled


Packet-Num : 0

Req-Interval: 30 Seconds

Ruijie#

Related


dot1x auth-mode Setsthe 802.1x authentication mode.

dot1x max-req




dot1x reauth-max


re-authentications.




reauthentication.



supplicant.








Platform

Description

N/A


show dot1x max-req

Use this command to show the maximum number of authentication request retransmissions to the

client.

show dot1x max-req

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about the private supplicant:

Ruijie# show dot1x private-supplicant-only

private-supplicant-only:: disabled

Ruijie#

Related


dot1x auth-mode Set the 802.1x authentication mode.

dot1x max-req

Set the maximum number of authentication


dot1x port-control auto Set the port to participate in authentication.

dot1x reauth-max

Set the maximum number of the supplicant

re-authentications.

dot1x re-authentication Set the re-authentication attribute.


Set the time the device waits before

reauthentication.


Set the re-authentication period for the

supplicant.


Set the authentication timeout between the





dot1x timeout tx-period Set the retransmission period.

Platform N/A


Description

show dot1x probe-timer

Use this command to show the online probing configurations.

show dot1x probe-timer

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the online probing configuration:

Ruijie# show dot1x probe-timer

Hello Interval: 20 Seconds

Hello Alive: 250 Seconds

Ruijie#

Related



dot1x max-req




dot1x reauth-max


re-authentications.




reauthentication.



supplicant.









Platform

Description

N/A

show dot1x re-authentication

Use this command to show re-authentication configuration.

show dot1x re-authentication

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about reauthentication:

Ruijie# show dot1x re-authentication

eauth-enabled: disabled

Ruijie#

Related



dot1x max-req




dot1x reauth-max


re-authentications.




reauthentication.



supplicant.









Platform

Description

N/A

show dot1x reauth-max

Use this command to show the maximum number of re-authentications.

show dot1x reauth-max

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about the maximum number of re-authentications:

Ruijie# show dot1x reauth-max

reauth-max: 2 times

Ruijie#

Related



dot1x max-req




dot1x reauth-max


re-authentications.




reauthentication.



supplicant.









Platform

Description

N/A

show dot1x summary

Use this command to display the 802.1X authentication summary.

show dot1x summary

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the summary of 802.1x authentication:

Ruijie# show dot1x summary

ID User MAC Interface VLAN Auth-State

Backend-State Port-Status User-Type Time

-------- ---------- -------------- --------- ---- ---------------

------------- ----------- --------- ------------------

2 ts-user 0023.aeaa.4286 Fa0/5 1 Authenticated

Idle Authed static 0days 0h 8m 8s

Ruijie#

Related



dot1x max-req





dot1x reauth-max


re-authentications.




reauthentication.



supplicant.








Platform

Description

N/A

show dot1x timeout

The commands show the information about the 802.1X timeout.

show dot1x timeout quiet-period

show dot1x timeout re-authperiod

show dot1x timeout server-timeout

show dot1x timeout supp-timeout

show dot1x timeout tx-period

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the information about the time for the device to wait before

reauthentication:

Ruijie# show dot1x timeout quiet-period

quiet-period: 60 sec

Ruijie#


Related



dot1x max-req




dot1x reauth-max


re-authentications.




reauthentication.



supplicant.








Platform

Description

N/A

Command Reference Web Authentication Commands

Web Authentication Commands

http redirect

In global configuration mode, use this command to configure the IP address of the HTTP redirection,

which is the IP address of the first generation Portal server deployed on the network. Use the no form

of this command to remove the IP address of the HTTP redirection.

http redirects ip-address

no http redirect

Parameter


ip-address The IPv4 address of the HTTP redirection.

Defaults By default, the IP address of the HTTP redirection is not configured.

Command

mode


Usage Guide This command configuration is for the first generation Web authentication Portal server address, not

for the second generation Web authentication.

Configuration

Examples

#Designate the IPv4 address of the HTTP redirection as 172.16.0.1.

Ruijie(config)# http redirect 172.16.0.1

Related


show http redirect Shows the configurations of HTTP redirection.

http redirect homepage

Sets the homepage IP address of the

authentication page.

Platform

Description

N/A

http redirect direct-site

Use this command to set the scope of authentication-free network resources. Use the no form of this

command to delete the scope of authentication-free network resources.

http redirects direct-site ipv6-address | { ip-address [ ip-mask ] [ arp ] }

no http redirects direct-site ipv6-address | { ip-address [ ip-mask ] }


Parameter


ip-address

The parameter indicates the IP address of an authentication-free

network resource.

ipv6-address IPv6 address of an authentication-free network resource.

ip-mask

(Optional) The parameter indicates the IP address mask of an

authentication-free network resource.

arp

(Optional) If the ARP CHECK function is enabled on the access

device, the IP address, including the VRRP address of the gateway

uplinked with terminal users must be configured as

authentication-free resource with the keyword arp. Other

authentication-free resources do not need to carry the keyword arp.

Defaults By default, no authentication-free network resource is configured.

Command

mode


Usage Guide After Web authentication is enabled, all users need to pass Web authentication for accessing the

network resources. To open certain network resources to the unauthenticated users, run this

command. When a Website is an authentication-free network resource, all users can access the

Website.

You can configure a maximum of 100 authentication-free network resources.

Configuration

Examples

#Set the Website with the IP address of 172.16.0.0 as an authentication-free network resource.

Ruijie(config)# http redirect direct-site 172.16.0.1

Related


show http redirect Shows the configuration of HTTP redirection.

Platform

Description

N/A

http redirect direct-arp

Use this command to configure the address range of direct ARP. Use the no form of this command to


http redirects direct-arp { ip-address [ ip-mask ] | local-address }

no http redirects direct-arp { ip-address [ ip-mask ] | local-address }

Parameter



ip-address This parameter indicates the IP address range of direct ARP.

ip-mask (Optional) This parameter indicates the IP address mask of direct

ARP.

local-address This parameter indicates the configuration of the local direct ARP.

Defaults By default, no direct arp resource is configured.

Command

mode


Usage Guide After web authentication and ARP check are enabled, ARP messages of unauthenticated terminals

will be intercepted. The terminal cannot learn the gateway arp or initiate HTTP requests. This

command discharges the ARP messages with the specified IP address to help the terminal learn the

gateway ARP.

In general, while using the external web authentication, configure the released gateway arp; while

using the built-in web authentication, configure the released host arp.

Configuration

Examples

#Configure the direct gateway ARP with the IP address 172.16.0.1.

Ruijie(config)# http redirect direct-arp 172.16.0.1

Related



Platform

Description

N/A


Use this command to set the authentication homepage address of the Portal server. Use the no form

of this command to delete the address of the authentication homepage.

http redirects homepage url-string

no http redirect homepage

Parameter


url-string

The homepage address must begin with http:// or https://. Otherwise,

the system prompts configuration failure. The maximum length of the

homepage address is 255 characters.

Defaults By default, the homepage address of the authentication page is not specified.

Command

mode



Usage Guide To apply Ruijie first generation Web authentication function successfully, you need to configure the

homepage address of the authentication page.

Configuration

Examples

#Set the homepage address of the authentication page to http://www.ruijie-eportal.net:8080/login

Ruijie(config)#

http redirect homepage http://www.ruijie-eportal.net:8080/login

Related



http redirect

Sets the IP address for the authentication

server.

Platform

Description

N/A

http redirect port

Use this command is used to redirect the Web request of the HTTP that a terminal sends to a specific

destination port. Use the no form of this command to remove the redirection of the Web request of the

HTTP to a specific destination port.

http redirects port port-num

no http redirects port port-num

Parameter


port-num

The parameter indicates the destination port number of the Web

request of the HTTP.

Defaults By default, the HTTP requests sent to the destination port 80 and port 8081 are intercepted.

Command


Usage Guide N/A

Configuration

Examples

#Redirect the Web request of the HTTP that the user initiates to the port 8080.

Ruijie(config)# http redirect port 8080

#Remove the redirection the Web request of the HTTP that the user initiates to the port 80.

Ruijie(config)# no http redirect port 80

Related




Platform

Description N/A

http redirect session-limit

Use this command to set the maximum number of HTTP sessions for each unauthenticated user or

the total number of HTTP sessions for all users under each port. Use the no form of the command to

restore the default value.

http redirect session-limit session-num [ port port-session-num ]

no http redirects session-limit

Parameter


session-num

The parameter indicates the maximum number of HTTP sessions for

the same global unauthenticated user, which ranges from 1 to 255.

port-session-num

(Optional) The parameter indicates the total number of HTTP

sessions for unauthenticated users under each port, which ranges

from 1 to 65535.

Defaults By default, the maximum number of HTTP sessions for each global unauthenticated user is 255 and

the total number of HTTP sessions for unauthenticated users under each port is 1000.

The description of the port on the wireless device is as follows:

In the fit AP mode, the CTI port on AC (CAPWAP TUNNEL INTERFACE, the CAPWAP

tunnel port between the AP and the AC).

In the fat AP, the radio port.

Command


Usage Guide You need to limit the maximum number of HTTP sessions for unauthenticated users on the access

device. Otherwise, unauthenticated users may initiate an HTTP attack, thus exhausting the TCP

connections of the access device.

When a user is authenticated, one HTTP session is occupied and other applications of the user may

also occupy HTTP sessions. Therefore, it is not recommended to set the maximum number of HTTP

sessions for unauthenticated users to 1.

Configuration

Examples

#Set the maximum number of HTTP sessions for an unauthenticated user to 4.

Ruijie(config)# http redirect session-limit 4


Related


show http redirect Shows the configurations of HTTP redirection.

Platform

Description

N/A

http redirect timeout

Use this command to set the timeout period that maintains the redirection connection. Use the no

form of this command to restore the timeout period for maintaining the redirection connection to 3

seconds.

http redirect timeout seconds

no http redirect timeout

Parameter


seconds

The parameter indicates the timeout period that maintains the

redirection connection, which ranges from 1 to 10 (seconds).

Defaults 3 seconds by default

Command

mode


Usage Guide The command is used to set the timeout period that maintains the redirection connection. After three

handshakes succeeded, the system needs to wait for the HTTP GET/HEAD message sent by the

user and then return the HTTP redirection message before the connection is disabled. If the timeout

period is not set, the user may occupy the TCP connection for a long time but not send the

GET/HEAD message.

Configuration

Examples

#Set the timeout period that maintains the redirection connection to 4 seconds.

Ruijie(config)# http redirect timeout 4

Related



Platform

Description

N/A


iportal service

Use this command to set the names of the intranet and extranet service types of the built-in Portal

server.

iportal service { internet service-name | local service-name }

no iportal service { internet | local }

Parameter


service-name The parameter indicates the name of the service, which is a string of

characters.

Defaults By default, the name of the Internet service is “internet”, and the name of local service is “local”.

Command

mode


Usage Guide The field must be identical with the intranet and extranet service names configured on SAM. By

default, they can be used mutually. You need to configure the same name as the SAM when the

device is self-defined.

Configuration

Examples

#Set the service name of the extranet as intranet.

Ruijie(config)# iportal service internet intranet

Related


show running-config Shows the system configuration.

Platform

Description

N/A

iportal user-agent

Use this command to configure the terminal identification policy and identify a specific terminal as a

mobile terminal based on the feature string.

iportal user-agent name type mobile strin

no iportal user-agent name

Parameter


name This parameter indicates the name specified for the UA configured.

string This parameter indicates the UA feature string for identification.


Defaults N/A

Command

mode


Usage Guide Use this command to specify a terminal type as a mobile terminal.

The feature string of the terminal type in UA requests is configured in string. The field name is used to

identify a self-defined terminal. Different self-defined terminals cannot share the same name.

Configuration

Examples

#Add an ipod terminal with “ipod” as its feature string.

Ruijie(config)# iportal user-agent ipod type mobile ipod

Related



Platform

Description

N/A

iportal retransmit

Use this command to set the message retransmission count for the built-in Portal server.

iportal retransmit times

no iportal retransmit

Parameter


times Sets the page retransmission count for the built-in Portal server,

which ranges from 1 to 13.

Defaults By default, the count is 3.

Command

mode


Usage Guide The configuration of this command depends on network environment. It is not recommended to

modify this parameter except that it is in special environment.

Excessive messages retransmissions may cause low message processing efficiency, while few

messages retransmissions may cause message transmission failure in bad network environment.

Configuration

Examples

#Set the count of time-out retransmission to 4.

Ruijie(config)# iportal retransmit 4



Commands


Platform

Description

N/A

portal-server

Use this command to configure the Portal Server used in the second-generation web authentication,

including the name, IP address, URL of authentication page, and UDP monitoring port of the server.

Use the no form of this command to clear configurations of Portal Server.

portal-server { eportalv2 | portal-name } [ type v2 ] ip { ip-address | ipv6-address } [ port port-num ]

[ url url-string ]

portal-server { iportal | portal-name } type intra [ page-suite pagename ] [ authentication mlist1 ]

[ accounting mlist2 ]

portal-server { iportal | portal-name } announcement-page { url-string }

portal-server { iportal | portal-name } homepage { url-string }

{ no | default } portal-server { eportalv2 | iportal | portal-name }

Parameter


portal-name

The server name serves as the index and unique identifier of a Ruijie

second-generation Portal Server. Naming restrictions are as follows:

The name cannot be the same as the keyword.

The name can be a combination of uppercase/lowercase English

letters, digits and special symbols. The following special symbols are

supported (partitioned by comma): _, @, $, -, # and *.

The length of the name ranges from 1 to 63 bytes.

ip-address IPv4 address of the server.

ipv6-address IPv6 address of the server.

url-string (Optional) Page URL, which ranges from 10 to 255 bytes.

port-num

(Optional) UDP listening port of the server, which ranges from 1 to

65535.

pagename Name of the customized page package.

mlist1

Authentication method list specified by the server, which ranges from

1 to 63

mlist2

Accounting method list specified by the server, which ranges from 1

to 63

Defaults In the second-generation authentication, the URL of authentication page uses the root page of the

server's HTTP service based on its IP address by default. For example, if the server IP is 172.20.1.1,

the default authentication page URL will be: http://172.20.1.1/.

In the second-generation authentication, the default UDP listening port of the server is 50100.

http://172.20.1.1/�


In the built-in authentication, the system uses the default page and default method list, and the default

HTTP port is 8081.

By default, there are different default names for different portal servers:

The name of V1 server: eportalv1

The name of V2 server: eportalv2

The name of built-in server: iportal

Although the parameters of the default server can be altered or reset, the parameters cannot be

deleted.

Command

mode


Usage Guide To successfully deploy Ruijie second-generation or built-in portal web authentication, you must

properly configure Ruijie second-generation or built-in portal server.

The no form of a single command is not supported currently.

Configuration

Examples

#Enable the second-generation web authentication and configure the second-generation portal

server named edu_portal, with 172.20.1.1 as the IPv4 address and http://172.20.1.1:7080/login.php

as the authentication page URL.



Ruijie(config)#portal-server edu_portal ip 172.20.1.1 url

http://172.20.1.1:7080/login.php

Related


show web-auth portal

Shows the information about Ruijie

second-generation portal server.

Platform

Description

This command is only supported by wireless products.

web-auth accounting v2

Use this command to specify the accounting method list used for Ruijie second-generation web

authentication. This command is supported in both global mode and WLAN security mode. Use the

no form of this command to restore the default settings.

web-auth accounting v2 list-name

no web-auth accounting v2


http://172.20.1.1:7080/login.php�


Description

list-name

This parameter indicates the network-related AAA accounting method

list. Please refer to the section of AAA for specific description.

Defaults By default, the global accounting method list is named "default" and it is used by the WLAN.

Command

mode

Global configuration mode and WLAN security configuration mode.

Usage Guide

You can specify different accounting methods for different WLANs.

While configuring and using the specified accounting method list, make sure the

corresponding AAA accounting method list has been configured, or else the global

accounting method list for the corresponding type will be used.

Configuration

Examples

#Configure a network-related AAA accounting method list named "comm_acct", use the default

RADIUS server group named "radius" and apply it to the accounting method list for Ruijie

second-generation web authentication based on WLAN 100.



Ruijie(config)# aaa accounting network comm_acct start-stop group radius


Ruijie(wlansec)# web-auth accounting v2 comm_acct

Ruijie(wlansec)# exit

Related


aaa accounting network

Configures the network-related AAA accounting

method list.

Platform

Description

This command is supported only on wireless products.

web-auth acct-update-interval

Use this command to configure the default accounting update interval for web authentication. Use the

no form of this command to restore the default settings.

web-auth acct-update-interval minutes

no web-auth acct-update-interval


Parameter


minutes

This parameter indicates the accounting update interval in minutes,

which ranges from 0 to 60 minutes. The default value is 0, indicating

no accounting update.

Defaults 0 minutes by default.

Command

mode


Usage Guide

If the Access-Accept message replied by the server carries the attribute of accounting

update interval and the attribute value is not 0, this value will be used as the accounting

update interval, or else the accounting update interval configured on the device will be

used.

This command can only be displayed and supported after the second-generation web

authentication has been enabled.

Configuration

Examples

#Configure the accounting update interval for Ruijie second-generation web authentication as 3

minutes.



Ruijie(config)# web-auth acct-update-interval 3

Related


show web-auth portal parameters

Shows parameters of the second-generation

web authentication.

Platform

Description


web-auth accounting jitter-off

The web authentication accounting jitter-off function is disabled by default. When this function is

enabled, the checking time will not be counted in the users’ on-line time if users drop due to signal

problems or traffic problems. Use the no form of this command to include the checking time in the


users’ on-line time.

web-auth accounting jitter-off

no web-auth accounting jitter-off

Parameter


N/A N/A

Defaults By default, the checking time will not be counted in the users’ on-line time.

Command

mode


Usage Guide 1. This function is only for counting time.

2. The default configuration is recommended.

3. Please refer to Wireless Security Configuration for the details of this function.

Configuration

Examples

# Include the checking time in the on-line time.



Ruijie(config)# web-auth accounting jitter-off

Related


webauth prevent-jitter Configures WEB authentication jitter-off time.

web-auth offline-detect flow Enables the traffic detection.

Platform

Description


web-auth authen-mode

Use this command to configure controlled mode for web authentication. IPv4 controlled is configured

by default, which means the device only intercept IPv4 packets and deliver IPv6 packets by default.

Use the no or default form of this command to restore the default configuration.

web-auth authen-mode { ipv4 | ipv6 | both }

no web-auth authen-mode

Parameter


ipv4 Configures the web authentication as IPv4 controlled.

ipv6 Configures the web authentication as IPv6 controlled.

both Configures the web authentication as both IPv4 and IPv6 controlled.


Defaults The web authentication is IPv4 controlled by default.

Command

mode

WLAN security configuration mode

Usage Guide This command can be configured only after the web authentication is disabled in WLAN security

mode.

Configuration

Examples

#Configure only IPv6 authentication mode in WLAN 100.




Ruijie(wlansec)# web-auth authen-mode ipv6


Related


N/A N/A

Platform

Description


web-auth dhcp-check

Use this command to enable the dhcp resource check function. Use the no form of this command to


web-auth dhcp-check

no web-auth dhcp-check

Parameter


N/A N/A

Defaults The dhcp resource check function is disabled by default.

Command

mode


Usage Guide This command supports only the IPv4.

This command takes effect only after the DHCP Snooping is enabled.

Configuration

Examples

# Enable the dhcp resource check function.




Ruijie(config)#web-auth dhcp-check

%Warning: web-auth dhcp-check will not take effect until dhcp-snooping

is enabled.

Ruijie(config)#ip dhcp snooping

Ruijie(config)#

Related


ip dhcp snooping Enables the DHCP Snooping function.

Platform

Description


web-auth authentication v2

Use this command to specify the authentication method list used for Ruijie second-generation web

authentication. This command is supported in both the global mode and WLAN security mode. Use

the no form of this command to restore the default settings.

web-auth authentication v2 list-name

no web-auth authentication v2

Parameter


list-name

AAA method list for web authentication. Please refer to the section of

AAA for specific description.

Defaults By default, the global authentication method list for the corresponding type is used.

Command

mode


Usage Guide

Relevant options can only be displayed and supported after the second-generation web

authentication has been enabled.

While configuring to use the specified authentication method list, make sure the

corresponding authentication method list has been configured in AAA, or the global

authentication method list for the corresponding type will be used.

Configuration

Examples

# Configure an AAA authentication method list named "edu_authen", use the default RADIUS server

group named "radius" and apply it to the authentication method list for WLAN 100.




Ruijie(config)# aaa authentication web-auth edu_authen group radius


Ruijie(wlansec)# web-auth authentication v2 edu_authen


Related


aaa authentication web-auth

Configures AAA authentication method list for

web authentication.

Platform

Description


web-auth direct-host

Use this command to the set the scope of the IP addresses free from authentication. Use the no form

of this command to delete authentication-free IP addresses.

web-auth direct-host ipv6-address | { ip-address [ ip-mask ] [ port interface-name ] [ arp ] }

no web-auth direct-host ipv6-address | ip-address

Parameter


ip-address

The parameter indicates the address of an authentication-free IP

address.

ipv6-address IPv6 address free from authentication.

ip-mask

(Optional) The parameter indicates the IP address mask of an

authentication-free user.

arp

(Optional) If the ARP CHECK functionality is enabled on the access

device, the IP address, including the VRRP address of the gateway

uplinked with terminal users must be configured as

authentication-free resource with the keyword arp. Other

authentication-free resources do not need to carry the keyword arp.

Defaults By default, the authentication-free users are not set, that is, all IPs must pass the Web authentication

before accessing the restricted network resources.

Command

mode


Usage Guide If you set an IP as authentication-free, the IP can access all reachable network resources without

undergoing the Web authentication.

Up to 100 authentication-free IPs are allowed.


Configuration

Examples

#Set the user with the IP address of 172.16.0.1 as an authentication-free user.

Ruijie(config)# web-auth direct-host 172.16.0.1

Related


show web-auth direct-host

Shows the IP address scope free of web

authentication.

Platform

Description

N/A

web-auth httprd-guard

Use this command to the configure the Web authentication redirection guard. Use the no form of this

command to disable the Web authentication redirection guard.

web-auth httprd-guard {enable | {redirect-count count silence-period period interval interval}

no web-auth httprd-guard [enable]

Parameter


count

The parameter indicates the redirection count. The default count is

10.

period The parameter indicates the time to forbid redirection after the

redirection times exceed the configured value. The default period is 3

seconds.

interval

The parameter indicates the interval for redirection attack detection.

The default interval is 5 seconds.

Defaults By default, redirection guard is disabled.

Command

mode


Usage Guide Use the web-auth httprd-guard enable command to enable the Web authenticaiton redirection

guard. Then you can configure the detection parameters using the web-auth httprd-guard

redirect-count count silence-period period interval interval command.

Configuration

Examples

#Configure the Web authentication redirection guard.

Ruijie(config)# web-auth httprd-guard enable

Ruijie(config)# web-auth httprd-guard redirect-count 20 silence-period 5

interval 10

Related



show web-auth httprd-guard user

Shows the redirection attack user and

configuration.

Platform

Description

N/A

web-auth offline-detect flow

Use this command to configure the traffic detection functionality. After the setting, if a user’s traffic in

the specified time is lower than a specified threshold value, the user will be assumed as not online

and forced to be offline. Use the no form of this command to restore the default value of the traffic

detection functionality.

web-auth offline-detect flow [ idle-timeout minutes ] [ threshold bytes ]

no web-auth offline-detect flow [ idle-timeout ] [ threshold ]

Parameter


bytes

This parameter specifies the detection threshold, which ranges from 0

to 4294967294 bytes. 0 byte is the default value.

bytes

This parameter specifies the detection threshold, which ranges from 0

to 4294967294 bytes. 0 byte is the default value.

Defaults By default, when the traffic detection is enabled, the default parameters are 15 minutes and 0 byte.

Command


Usage Guide N/A

Configuration

Examples

#Enable the traffic detection function, and set the detection interval as 3 minutes, and the detection

threshold as 1024 bytes.

Ruijie(config)# web-auth offline-detect flow idle-timeout 3 threshold 1024

Related


show web-auth user

Shows online information about all users or

specified users.

Platform

Description

N/A


web-auth portal key

Use this command to set communication key used between the device and portal server. Use the no

form of this command to delete the key for communication between new Web requests and the

authentication server after the HTTP Web request is redirected.

web-auth portal key key-string

no web-auth portal key

Parameter


key-string This parameter indicates the communication key used between the

device and the authentication server, the maximum length is 255

bytes.

Defaults By default, no key is set.

Command

mode


Usage Guide Configuration of this parameter is required for the first generation Web authentication

Configuration

Examples

#Set the communication key used between device and authentication server as ruijie.

Ruijie(config)# web-auth portal key ruijie

Related


http redirect

Sets IP address of Ruijie first generation portal

server.


Sets authentication homepage address of

Ruijie first generation portal server.

webauth Initiates Web authentication on WLAN.

Platform

Description

N/A

web-auth portal

Use this command to configure the web authentication version. In the case of the second-generation

web authentication, specify the name of Portal Server as well. Use the no form of this command to

restore the default settings. This command supports both the global mode and the WLAN security

mode. If no version is specified in the WLAN security mode, the system will by default use the version

configured in the global mode.

web-auth portal { eportalv1 | eportalv2 | iportal | portal-name }


no web-auth portal

To be compatible with the old command, the device also supports the following hidden command:

web-auth portal-type { v1 | v2 portal-name }

Parameter


eportalv1 Ruijie first-generation web authentication

eportalv2 Ruijie second-generation web authentication

iportal Ruijie built-in portal auth

portal-name

Name of Portal Server. The portal-name must have been created

using the portal-server command.

Defaults First-generation web authentication

Command

mode Global configuration mode and WLAN security configuration mode.

Usage Guide Both the portal and portal-type keywords can be applied to the portal server, but portal-type

keyword is not recommended and will be abandoned gradually.

At most, five commands can be configured in the WLAN security configuration mode. Portal-name

must be created using the portal-server command, and it is required that every portal-name is

different. The system will choose the first configured portal-name as the master authentication server

and followings as back-ups by priority. The priority level decreases based on the configuration

sequence.

If this command is configured in the WLAN safe configuration mode, the global commands will not

take effect in the WLAN security configuration.

Configuration

Examples

#Enable Ruijie second-generation web authentication, configure the name of Portal Server as

"edu-portal" and specify this server as the Portal Server for WLAN 100.



Ruijie(config)#portal-server edu-portal ip 172.20.1.1 url

http://172.20.1.1:7080/index.php


Ruijie(wlansec)# web-auth portal edu-portal

Related


portal-server

Creates the information about the Portal Server

for the second-generation web authentication.

Platform

Description



web-auth portal-check

Use this command to configure the function which detects whether the portal created by the portal

server command is available or not. Use the no form of this command to disable this function.

web-auth portal-check [ interval intsec ] [ timeout tosec ] [ retransmit retries ]

no web-auth portal [ interval ] [ timeout ] [ retransmit ]

Parameter


interval

This parameter indicates the interval for the Portal server to send the

detection information, which ranges from 1 to 1000 seconds. 10

seconds is the default value.

timeout

This parameter indicates the maximum timeout period for waiting the

detection reply; which ranges from 1 to 1000 seconds. 5 seconds is

the default value.

retransmit

This parameter indicates the times for a portal to retransmit from

normal state to dead state, and the times for the portal receives

replied messages to recover from the dead state to the normal state,

which ranges from 1 to 100; the default is 3 times.

Defaults By default, the portal-based detection is disabled. If it is enabled, the interval is 10 seconds, the

timeout is 5 seconds and the retransmission time is 3 times.

Command

mode


Usage Guide N/A

Configuration

Examples

#Enable portal detection, and configure the detection interval as 5 seconds, information reply-waiting

timeout as 2 seconds and retransmission time as 4 times.



Ruijie(config)#web-auth portal-check interval 5 timeout 2 retransmit 4

Related


portal-server

Configures the Portal Server information for the

second-generation web authentication.

Platform

Description



web-auth portal-escape

Use this command to enable portal escape. Use the no form of this command to disable portal

escape.

web-auth portal-escape

no web-auth portal-escape

Parameter


N/A N/A

Defaults By default, portal escape is disabled.

Command

mode


Usage Guide N/A

Configuration

Examples

#Enable portal escape.



Ruijie(config)#web-auth portal-escape

Related


portal-server

Configures the Portal Server information for the


Platform

Description


web-auth sta-leave detection

Use this command to configure the link detection functionality. Use the no form of this command to


web-auth sta-leave detection

no web-auth sta-leave detection

Parameter


N/A N/A

Defaults By default, the wireless link failure detection is enabled on the device.


Command

mode


Usage Guide When the wireless network environment is good (good signal and minor interference), it is suggested

to enable the wireless link failure detection so that the device can instantly detect the link failure of

users.

When the wireless network environment is poor (excessive interference), the user's wireless terminal

may log out and log in frequently. In such a case, it is suggested to disable this function and enable

the traffic detection function to detect whether the user has logged out, thus enhancing the user's

surfing experience.

Configuration

Examples

#Disable link detection and enable traffic detection.



Ruijie(config)# no web-auth sta-leave detection

Ruijie(config)# web-auth offline-detect flow

Related


web-auth offline-detect flow Low-traffic and connection failure detection.

Platform

Description


web-auth update-interval

Use this command to set the interval of updating the online user information. Use the no form of this

command to restore the interval of updating the online user’s information to the default value.

web-auth update-interval seconds

no web-auth update-interval

Parameter


seconds The parameter indicates the update interval, which ranges from 30 to

3,600 seconds.

Defaults 180 seconds by default

Command

mode


Usage Guide N/A


Configuration

Examples

#Set the interval of updating the online user’s information to 120 seconds.

Ruijie(config)# web-auth update-interval 120

Related


N/A N/A

Platform

Description

N/A

webauth-proxy enable

Use this command to enable proxy detection. Use the no form of this command to disable proxy

detection.

Webauth-proxy enable

no webauth-proxy enable

Parameter


N/A N/A

Defaults Proxy detection is disabled by default.

Command

mode


Usage Guide If the proxy option has been configured on the browser of a terminal on network, this function must be

enabled so that the web authentication of the terminals can be performed.

Configuration

Examples

#Enable proxy detection.



Ruijie(config)# webauth-proxy enable

Related


N/A N/A

Platform

Description



webauth

Use this command to enable Web authentication on WLAN. Use the no form of this command to

disable the Web authentication.

webauth

no webauth

Parameter


N/A N/A

Defaults By default, Web authentication on WLAN is disabled.

Command

mode


Usage Guide By default, the first generation Web authentication is used after being enabled.

Configuration

Examples

# Enable the Web authentication function on port WLAN 1, and use Ruijie first generation portal

server to perform authentication. The IP address of the portal server is 172.20.1.1, the authentication

page URL is http://172.20.1.1/eportal.htm, the key is ruijie. The device communicates with ePortal

through SNMP. The device and the ePortal both belong to the community named public.



Ruijie(config)# snmp-server community public rw

Ruijie(config)# snmp-server enable traps web-auth

Ruijie(config)# snmp-server host 172.20.1.1 inform version 2c public web-auth

Ruijie(config)# http redirect 172.20.1.1

Ruijie(config)# http redirect homepage http://172.20.1.1/eportal.htm

Ruijie(config)# web-auth portal key ruijie


Ruijie(wlansec)# webauth


Related


show web-auth control

Shows the Web authentication information

corresponding to WLAN.

http redirect

Sets IP address for Ruijie first generation portal

server.


Sets homepage address of Ruijie first

generation portal server.

web-auth portal key

Sets communication key used between the

device and Ruijie first generation portal server.

http://172.20.1.1/eportal.htm�

http://172.20.1.1/eportal.htm�


aaa new-model Switches on or off the AAA functionality.


Configures the AAA network-related accounting

method list.

Platform

Description


clear web-auth portal statistics

Use this command to clear the statistics of Ruijie second-generation and built-in portal web

authentication.


Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide The user can use this command to clear the statistics of Ruijie second-generation web authentication

and restart statistics.

Configuration

Examples

#Clear statistics of Ruijie second-generation web authentication on the device.

Ruijie# clear web-auth portal statistics Ruijie(config-interface-vfc)#bind

mac-address 001d.0928.b62f

Related



Shows relevant configuration and statistics

about the second-generation web

authentication.

Platform

Description


clear web-auth user

Use this command to log out the user according to IP address, MAC address, username or AAA

index.


clear web-auth user by { ip { ip-address | ipv6-address } | mac mac-address | name name-string | id

id }

Parameter


ip Logs out the user through IP address.

ip-address Specifies the IPv4 address.

ipv6-address Specifies the IPv6 address.

mac Logs out the user through MAC address.

mac-address Specifies user's MAC address.

name Logs out the user through username.

name-string Specifies the username.

aaa-id Logs out the online user through AAA session identifier.

id AAA session ID.

Defaults N/A

Command

mode


Usage Guide The administrator can log out the online user through the above commands.

If the server allows users with different IP addresses to get authenticated with the same

username, then using the username to log out the user may cause multiple online users

with the specified username to be forced to log out.

Configuration

Examples

#Log out the web authenticated user with the IP address 172.250.22.14.

Ruijie# clear web-auth user by ip 172.250.22.14

Related


show web-auth user

Shows the information about a Web

authenticated user.

Platform

Description

N/A

show http redirect

Use this command to show the configuration of HTTP redirection.

display http redirect


Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide You can show the configurations such as HTTP redirection server, interception port, direct user and

direct destination IP address by this command.

Configuration

Examples

#Show the configuration of HTTP redirection.

Ruijie# display http redirect

HTTP redirection settings:

server: 192.168.32.123

port: 80 8000

homepage: http://192.168.32.123:8888/ePortal/index.jsp

session-limit: 10

timeout: 5

Direct sites:

Address MASK ARP Binding

---------------- ---------------- -----------

61.233.3.215 255.255.255.255 On

61.233.3.220 255.255.255.255 Off

192.168.5.140 255.255.255.255 Off

218.30.66.101 255.255.0.0 Off

218.30.66.101 255.255.255.255 Off

Direct hosts:

Address Mask Port ARP Binding

---------------- ---------------- ---------- ------------

192.168.1.1 255.255.255.255 Fa0/1 On

Field Description

HTTP redirection settings The field indicates the global redirection

configuration.

server The field indicates the IP address of the redirection

server.

port The field indicates the list of redirection HTTP ports.

homepage The field indicates the homepage address of the

redirection page.

session-limit The field indicates the maximum number of HTTP

sessions for the same unauthenticated user.


timeout The filed indicates the timeout period that maintains

the redirection connection.

Direct sites The field indicates the direct destination IP of an


Direct arp addresses The field indicates the direct ARP address.

Address The field indicates the IP address of an


Mask The field indicates the IP address mask of an


ARP Binding (Optional) The field indicates whether ARP binding is

enabled.

Direct hosts The field indicates the direct authentication-free user.

Address The field indicates the IP address of an


Mask The field indicates the IP address mask of an


Port (Optional) The field indicates the port of the access

device bound to the IP address of the user.

ARP Binding (Optional) The field indicates whether ARP binding is

enabled.

Related


http redirect Sets the IP address of an authentication server.

http redirect direct-site

Sets the scope of authentication-free network

resources.


Sets the homepage address of the

authentication page.

http redirect port

Redirects the Web request of the HTTP that the

user initiates to a specific port number.

http redirect session-limit

Indicates the maximum number of HTTP

sessions for the same unauthenticated user.

http redirect timeout

Sets the timeout period that maintains the

redirection connection.


Sets the information of direct

authentication-free users.

Platform

Description

N/A


show httprd-guard user

Use this command to show the redirection attack user and configuration.

show httprd-guard user

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show the redirection attack user and conifguration.

Ruijie#show httprd-guard user

Redirect count: 10

Silence period: 3

Interval : 5

Timer pending : NO

Current time : 2014-7-11 11:02:07

Http redirect guard user number 1:

Wlan IP MAC guard-time

--------- ------------------- -------------- -------------------

10 192.168.1.1 FFFF:FFFF:FFFF 2014-7-11 11:02:07

--------- ------------------- -------------- -------------------

Related


web-auth httprd-guard

Configures the Web authentication redirection

guard.

Platform

Description

N/A


Use this command to show relevant configuration and statistics of Ruijie second-generation portal


web authentication.

show web-auth portal [ v2 [ parameters | aaa | statistics | by-name { eportalv2 | portal-name } ] |

intra [ parameters | statistics | by-name portal-name ] ]

Parameter


parameters

(Optional) Shows relevant parameters of Ruijie second-generation

web authentication.

aaa

(Optional) Shows the configuration of the global AAA method list for

Ruijie second-generation web authentication.

statistics

(Optional) Shows statistics of Ruijie second-generation web

authentication.

by-name

(Optional) Shows the information of a specified Ruijie

second-generation Portal Server.

portal-name

(Optional) Shows the information of the specified Portal Server for

Ruijie second-generation web authentication.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show statistics about Ruijie second-generation web authentication.

Ruijie# display web-auth portal v2 statistics

V2 Portal User Statistics

Current Online User Count: 20

Max. Online User Count: 23000

Online User Limit: 24576

V2 Portal Communication Statistics

Challenge Req Count: 67000

Challenge Rsp Count: 67000

Challenge Passed Count: 66950

Challenge Failure Count: 50

Challenge Rsp Send Succ Count: 67000

Auth Req Count: 66950

Auth Rsp Count: 66950

Auth Passed Count: 57000

Auth Failure Count: 9950

Auth Rsp Send Succ Count: 66950

Field Description


V2 Portal User Statistics Statistics of Ruijie second-generation web

authentication users.

Current Online User Count Total amount of current online users.

Max. Online User Count Maximum number of online users.

Online User Limit Upper limit of online users.

V2 Portal Communication Statistics

Statistics of the communication between the

device and Ruijie second-generation Portal

Server.

Challenge Req Count Total amount of Challenge requests received by

the device.

Challenge Rsp Count Total amount of Challenge responses sent by the

device.

Challenge Passed Count Total amount of passed challenge requests.

Challenge Failure Count Total amount of failed challenge requests.

Challenge Rsp Send Succ Count Total challenge responses successfully sent by

the device.

Auth Req Count Total amount of authentication requests received

by the device.

Auth Rsp Count Total amount of authentication responses sent by

the device.

Auth Passed Count Total amount of passed authentication requests.

Auth Failure Count Total amount of failed authentication requests

Auth Rsp Send Succ Count Total amount of authentication responses

successfully sent by the device.

Ruijie(config)#interface vfc 2

Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f

Related



Clears the statistics about Ruijie


Platform

Description



Use this command to show the configuration of Web-authentication-free users (direct users).



Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Display the authentication-free users.

Ruijie# display web-auth direct-host

Direct hosts:

Address Mask Port ARP Binding

---------------- ---------------- ---------- ------------

192.168.0.1 255.255.255.255 Fa0/2 On

192.168.4.11 255.255.255.255 Fa0/10 On

192.168.5.0 255.255.255.0 Fa0/16 Off

Field Description

Address The field indicates the IP address of an authentication-free user.

Mask The field indicates the IP address mask of an authentication-free

user.

Port The field indicates the port of the access device bound to the IP

address of the user.

ARP Binding The field indicates whether ARP binding is enabled.

Related



Sets the IP addresses of the authentication-free

users.

Platform

Description

N/A

show web-auth control

Use this command to show the authentication configuration and statistics of a basic controlled unit

(the controlled unit is WLAN on a wireless device)

show web-auth port-control


Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide Use this command to show the status of web authentication.

Configuration

Examples

#Show the authentication configuration and statistics on an interface.

Ruijie#show web-auth control

Port Control Server Name Authentication mode

Online User Count

------------------------- -------- --------------------- -----------------

Wlan 1 On gateway 0

......

Field Description

Port The parameter indicates a basic controlled unit.

Control The parameter indicates whether Web authentication of the

controlled unit is enabled.

Authentication Mode Controlled type of Web authentication of the controlled unit.

Online User Count The parameter indicates the number of current online users of the

controlled unit.

Related


webauth Enables Web authentication on WLAN.

Platform

Description

N/A

show web-auth user

Use this command to show the online information (including the IP address, interface, and online

hours) of all users or specified users

show web-auth user { { { all | intra | v1 | v2 } [ online-only ] [ start-from index ] [ display-amount ] } |

statistics | ip-address { ip-address | ipv6-address } }

Parameter



all Shows all types of Web authentication users.

v1 Shows all Ruijie first generation Web authentication users.

Online-only (Optional) Shows only online users.

v2

Shows all Ruijie second generation portal Web authentication

users.

intra Shows all Ruijie built-in portal Web authentication users.

start-from (Optional) Shows users starting from the index user.

index (Optional) Specifies from which user to display

display-amount (Optional) Specifies the maximum number of users displayed

statistics Shows statistics of Web authentication users.

ip-address Shows information about users with a specified IP.

ipv6-address Shows information about users with a specified IP.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

#Show all Web authentication users.

Ruijie# display web-auth user all

Statistics:

Type Online Total Accumulation

-------------- ------- ------- ------------

V1 Portal 2 4 10

V2 Portal 0 1 39

-------------- ------- ------- ------------

Total 2 5 49

V1 Portal Authentication Users

---------------------------------------------------

Index Address Online Time Limit Time Used Status

----- ------------- ------ ------------- ------------- 1 192.168.0.11 On

0d 01:00:00 0d 00:15:10 Active

2 192.168.0.13 On 0d 00:00:00 0d 00:00:59 Active

3 192.168.0.25 Off 0d 00:00:00 0d 00:00:00 Create

4 192.168.0.46 Off 0d 01:00:00 0d 01:00:00 Destroy

---------------------------------------------------

V2 Portal Authentication Users

---------------------------------------------------

Index Address Online Time Limit Time Used Status

----- ------------- ------ ----------- ----------

1 172.16.20.2 Off 0d 00:00:00 0d 00:00:00 Authenticating


---------------------------------------------------

Users get online and offline during the check, therefore, the statistics of current user

number might be different from the following list of detailed user status.

#Show users with the IP addresses 172.250.22.14 and 172.16.20.2

Ruijie# display web-auth user 172.16.20.2

Type : V2 Portal

Address : 172.16.20.2

Mac : 00d0.f800.2234

Wlan : 200

Online : Off

Time Limit : 0d 00:00:00

Time Used : 0d 00:00:00

Time Start : N/A

Flow used : xxxx Bytes

FLOW limit : xxxx Bytes

Status : Authenticating

AAA Id : 0

Username : N/A

Field Description

Statistics: Statistics of Web authentication users

Type Web authentication type

Online Number of currently online users

Total Total number of current users (offline included)

Accumulation Accumulated number of online users

V1 Portal

Authentication Users

Information about Ruijie first generation Web authentication users.

V2 Portal

Authentication Users

Information about Ruijie second generation Web authentication users.

Index Index number of current display

Address IP addresses of users

Online The status of users, which can be displayed as “on” or “off”.

Time Limit Online hours available to users, only applicable for online users. For

online users, "0d 00:00:00” means unlimited online hours.

Time Used Used online hours, only applicable for online users.

Status

The specific status of users

The specific status of Ruijie first authentication users is as follows:

Active: meaning users are normally online

Create: meaning users have been just created and configuration has not

been finished

Destroy: meaning users have been just deleted and configuration has not

been deleted


The specific status of Ruijie second authentication users is as follows:

Initialized: the device has been initialized and is waiting for user

authentication.

Chap: Central moving portal is performing the user CHAP authentication

with device.

Authenticating: Authentication is in progress.

WaitAffAckAuth: Authentication succeeds; the result has been reported

to Ruijie second generation Portal and the device is waiting for Portal

confirmation.

Authenticated: Users’ authentication succeeds, and users are online.

WaitAckLogout: The device logs out the user, and has reported to Portal.

The device is waiting for confirmation from the Portal .

StopAcct: The accounting is suspended.

WaitDelete: Users are in the status of waiting to be deleted, during which,

if HTTP redirection happens or users send authentication requests, users

can be reactivated.

Time start The time that a user pass the authentication and be online

AAA id Internal AAA identification index of Ruijie second generation Web

authentication users’ device.

Username Username of a Ruijie second generation Web authentication online user.

Related


N/A N/A

Platform

Description


Command Reference AAA Commands

AAA Commands

aaa authentication dot1x

Use this command to enable AAA authentication 802.1x and configure an 802.1x user authentication

method list in global configuration mode.

Use the no form of this command to delete the 802.1x user authentication method list.

aaa authentication dot1x { default | list-name } method1 [ method2...]

no aaa authentication dot1x { default | list-name }


Description default

When this parameter is used, the following defined 802.1x user authentication

method list is used as the default method of user authentication.

list-name

Specifies the name of an 802.1x user authentication method list, which can be

any character string.

method

It must be one of the keywords: local, none, and group. One method list can

contain up to four methods.

local Uses the local user name database for authentication.

none Authentication is not performed.

group

Uses a server group for authentication. Currently, the RADIUS server group is

supported.

Defaults N/A

Command

Mode


Usage Guide If the AAA 802.1x security service is enabled on equipment, AAA is required for 802.1x user

authentication negotiation. Use the aaa authentication dot1x command to configure a default or

an optional method list of 802.1x user authentication.

The next method can be used for authentication only when the current method does not respond.

Configuration

Examples

The following example defines an AAA 802.1x user authentication method list named rds_d1x. In

the authentication method list, the RADIUS security server is used for authentication first. If the

RADIUS security server does not respond within the specified period of time, the local user database

is used for authentication..

Ruijie(config)# aaa authentication dot1x rds_d1x group radius local

Command Description


Related

Commands

dot1x authentication Associates a specific method list with the 802.1x user.


username Defines a local user database.

Platform

Description

N/A

aaa authentication enable

Use this command to enable AAA Enable authentication and configure an Enable authentication


Use the no form of this command to delete the user authentication method list.

aaa authentication enable default method1 [method2...]

no aaa authentication enable default


default

When this parameter is used, the following defined

authentication method list is used as the default method of

Enable authentication. Enable authentication is global

authentication. Currently, only configuration of a default

authentication method list is supported.

method It must be one of the keywords: local, none, and group.

One method list can contain up to four methods.

Parameter

Description


none Authentication is not performed.

group

Uses a server group for authentication. Currently, the

RADIUS and TACACS+ server groups are supported.

Defaults N/A

Command

Mode


Usage Guide If the AAA Enable authentication service is enabled on equipment, AAA is required for Enable

authentication negotiation. Use the aaa authentication enable command to configure a default

method list of Enable authentication.


The Enable authentication function automatically takes effect after the Enable authentication method

list is configured.

Configuration

Examples

The following example defines an AAA Enable authentication method list. In the authentication

method list, the RADIUS security server is used for authentication first. If the RADIUS security server

does not respond with the specified period of time, the local user database is used for authentication.

Ruijie(config)# aaa authentication enable default group radius local




enable Switches the user level.


Commands

Platform

Description

N/A

aaa authentication login

Use this command to enable AAA login authentication and configure a login authentication method

list in global configuration mode.

Use the no form of this command to delete the authentication method list.

aaa authentication login { default | list-name } method1 [ method2..]

no aaa authentication login { default | list-name }


default When this parameter is used, the following defined authentication

method list is used as the default method of login authentication.

list-name Specifies the name of a login authentication method list, which can be

any character strings.

Parameter

Description

method It must be one of the keywords: local, none, and group. One

method list can contain up to four methods.


none Identify authentication is not performed.

group

Uses a server group for authentication. Currently, the RADIUS and

TACACS+ server groups are supported.

Defaults N/A

Command

Mode


Usage Guide If the AAA login authentication security service is enabled on equipment, AAA is required for login

authentication negotiation. Use the aaa authentication login command to configure a default or

an optional method list of login authentication.


You must apply the configured login authentication method to the terminal line that requires login

authentication; otherwise, the configured login authentication method is ineffective.

Configuration

Examples

The following example defines an AAA login authentication method list named list-1. In the

authentication method list, the RADIUS security server is used for authentication first. If the RADIUS

security server does not respond within the specified period of time, the local user database is used

for authentication.


Ruijie(config)# aaa authentication login list-1 group radius local

Command Description



Related

Commands

login authentication Applies the login authentication method to a terminal line.

Platform

Description

N/A

aaa authentication ppp

Use this command to enable AAA PPP user authentication and configure a PPP user authentication


Use the no form of this command to delete the authentication method list.

aaa authentication ppp { default | list-name } method1 [ method2...]

no aaa authentication ppp { default | list-name }


default

When this parameter is used, the following defined authentication

method list is used as the default method of PPP user

authentication.

Parameter

Description

list-name Specifies the name of a PPP user authentication method list, which

can be any character strings.

method

It must be one of the keywords: local, none, and group. One

method list can contain up to four methods.


none Identity authentication is not performed.

group

Uses a server group for authentication. Currently, the RADIUS and


Defaults N/A

Command

Mode


Usage Guide If the AAA PPP security service is enabled on equipment, AAA is required for PPP authentication

negotiation. Use the aaa authentication ppp command to configure a default or an optional

method list of PPP user authentication.


Configuration

Examples

The following example defines an AAA PPP authentication method list named rds_ppp. In the

authentication method list, the RADIUS security server is used for authentication first. If the RADIUS


security server does not respond within the specified period of time, the local user database is used

for authentication.

Ruijie(config)# aaa authentication ppp rds_ppp group radius local

Command Description


Related

Commands

ppp authentication Associates a specific method list with a PPP user.


Platform

Description

N/A

login authentication

Use this command to apply a login authentication method list to the specified terminal line.

Use the no form of this command to remove the application of the login authentication method list.

login authentication {default | list-name}

no login authentication


default Applies the default login authentication method list.

Parameter

Description

list-name Applies a defined login authentication method list.

Defaults N/A

Command

Mode

Line configuration mode

Usage Guide Once the default login authentication method list has been configured, it will be applied to all terminals

automatically. If a non-default login authentication method list has been applied to a terminal, it will

replace the default one. If you attempt to apply an undefined method list, you will be notified that the

login authentication on this line is ineffective until the method list is defined.

Configuration

Examples

The following example defines an AAA login authentication method list named list-1. In the

authentication method list, the local user database is used for authentication first. Then, apply this

method to VTY 0-4.

Ruijie(config)# aaa authentication login list-1 local


Ruijie(config-line)# login authentication list-1

Command Description


Related

Commands



login authentication Configures a login authentication method list.

Platform

Description

N/A

aaa authorization commands

Use this command to authorize the commands executed by users that have logged in to the network

access server (NAS) command-line interface (CLI).

Use the no form of this command to disable the AAA command authorization function.

aaa authorization commands level { default | list-name} method1 [method2...]

no aaa authorization commands level { default | list-name}


level Specifies the command level to be authorized, in the range from 0 to 15. You can

run this command after the authorization of a specific command level is passed.

default When this parameter is used, the following defined method list is used as the

default method of command authorization.

Parameter

Description

list-name Specifies the name of a command authorization method list, which can be any

character strings.

method It must be one of the keywords: local, none, and group. One method list can


none Authorization is not performed.

group Uses a server group for authorization. Currently, the TACACS+ server group is

supported

Defaults AAA command authorization is disabled by default.

Command

Mode


Usage Guide RGOS supports authorization of the commands executed by users. When a user inputs and attempts

to run a command, AAA sends this command to the security server. This command will be executed if

the security server allows command execution; otherwise, it will prompt command execution denial.

You are required to specify the command level when configuring command authorization. This

specified command level is the default command level (for example, the default level of a command is

14 when the command is visible for users above level 14).

You must apply the configured command authorization method to the terminal line that requires

command authorization; otherwise, the configured command authorization method is ineffective.

Configuration

Examples

The following example uses the TACACS+ server to authorize level 15 commands.

Ruijie(config)# aaa authorization commands 15 default group tacacs+


Command Description


Related

Commands

aaa authorization commands Applies command authorization to a terminal line.

Platform

Description

N/A

aaa authorization config-commands

Use this command to authorize configuration commands (including in global configuration mode and

its sub-mode) through AAA.

Use the no form of this command to disable the AAA authorization function for configuration

commands.

aaa authorization config-commands

no aaa authorization config-commands


Description N/A N/A

Defaults Configruation command authorization is disabled by default.

Command

Mode


Usage Guide If you only need to authorize commands in non-configuration mode (for example, in privileged EXEC

mode), use the no form of this command to disable the authorization function in configuration mode.

This action allows you to run commands in configuration mode and its sub-mode without command

authorization.

Configuration

Examples

The following example enables the configuration command authorization function.

Ruijie(config)# aaa authorization config-commands

Command Description


Related

Commands

aaa authorization commands Defines AAA command authorization.

Platform

Description

N/A

aaa authorization console

Use this command to authorize the commands executed by users that log in from the console in



Use the no form of this command to disable the AAA command authorization function.

aaa authorization console

no aaa authorization console


N/A N/A

Parameter

Description

Defaults Command authorization for users on the console is disabled by default.

Command

Mode


Usage Guide RGOS supports identifying users that log in from the console and from other terminals. You can

configure whether to authorize the commands executed by users that log in from the console. If the

command authorization function is disabled on the console, the command authorization method list

applied to the console line is ineffective.

Configuration

Examples

The following example enables the command authorization function for users that log in from the

console.

Ruijie(config)# aaa authorization console

Command Description


Related

Commands

aaa authorization commands Defines AAA command authorization.

authorization commands Applies command authorization to a terminal line.

Platform

Description

N/A

aaa authorization exec

Use this command to perform AAA EXEC authorization on users that have logged in to the NAS CLI

and assign authority levels.

Use the no form of this command to disable the AAA EXEC authorization function.

aaa authorization exec { default | list-name } method1 [ method2...]

no aaa authorization exec { default | list-name }


Description default

When this parameter is used, the following defined method list is used as the default

method of EXEC authorization.

list-name

Specifies the name of an EXEC authorization method list, which can be any

character strings.

method It must be one of the keywords: local, none, and group.. One method list can



local Uses the local user name database for authorization.

none Authorization is not performed.

group

Uses a server group for authorization. Currently, the RADIUS and TACACS+ server

groups are supported.

Defaults AAA EXEC authorization is disabled by default.

Command

Mode


Usage Guide RGOS supports authorization of users that have logged in to the NAS CLI and assignment of CLI

authority levels (in the range from 0 to 15). The EXEC authorization function is effective only for users

that pass login authentication. Users cannot enter the CLI if EXEC authorization fails.

You must apply the configured EXEC authorization method to the terminal line that requires EXEC

authorization; otherwise the configured method is ineffective.

Configuration

Examples

The following example uses the RADIUS server to implement EXEC authorization.

Ruijie(config)# aaa authorization exec default group radius


Commands aaa

new-model Enables the AAA security service.

authorization

exec Applies authorization to a terminal line.


Platform

Description

N/A

aaa authorization network

Use this command to perform AAA authorization on the service requests (including such protocols as

PPP and SLIP) from users that access networks in global configuration mode.

Use the no form of this command to disable the AAA authorization function.

aaa authorization network { default | list-name } method1 [ method2...]

no aaa authorization network { default | list-name }


Description default

When this parameter is used, the following defined method list is used

as the default method of network authorization.

method

It must be one of the keywords: none and group. One method list can



none Network authorization is not performed.

group

Uses a server group for authorization. Currently, the RADIUS and


Defaults AAA network authorization is disabled by default.

Command

Mode


Usage Guide RGOS supports authorization of all network-related service requests, such as PPP and SLIP. If

authorization is configured, all authenticated users or interfaces will be authorized automatically.

Three different authorization methods can be specified. Like identity authentication, the next method

can be used for authorization only when the current authorization method does not respond. If the

current authorization method fails, the subsequent authorization method is not used.

The RADIUS or TACACS+ server authorizes authenticated users by returning a series of attributes.

Therefore, network authorization is based on autheitcation. Network authorization is performed only

on authenticated users.

Configuration

Examples

The following example uses the RADIUS server to authorize network services.

Ruijie(config)# aaa authorization network default group radius

Command Description


aaa accounting Defines AAA accounting.

Related

Commands

aaa authentication Defines AAA identity authentication.


Platform

Description

N/A

authorization commands

Use this command to apply a command authorization method list to the specified terminal line in line

configuration mode.

Use the no form of this command to remove the application of the command authentication method

list.

authorization commands level { default | list-name}

no authorization commands level


Description

level

Specifies the command level to be authorized, in the range from 0 to 15. You

can run this command after the authorization of a specific command level is

passed



default method of command authorization.

list-name Applies a defined command authorization method list.

Defaults AAA command authorization is disabled by default.

Command

Mode


Usage Guide Once the default command authorization method list has been configured, it will be applied to all

terminals automatically. If a non-default command authorization method list is applied to a terminal, it

will replace the default one. If you attempt to apply an undefined method list, you will be notified that

the command authorization on this line is ineffective until the method list is defined.

Configuration

Examples

The following example defines a command authorization method list named cmd to authorize level 15

commands, and uses TACACS+ as the security server. The none method will be used if the server

does not respond. The configured method list is applied to the VTY 0 – 4 line.

Ruijie(config)# aaa authorization commands 15 cmd group tacacs+ none


Ruijie(config-line)# authorization commands 15 cmd

Command Description


Related

Commands

authorization commands Applies the AAA command authorization method list.

Platform

Description

N/A

authorization exec

Use this command to apply an EXEC authorization method list to the specified terminal line.

Use the no form of this command to remove the application of the EXEC authentication method list.

authorization exec { default | list-name }

no authorization exec


default Applies the default EXEC authorization method.

Parameter

Description

list-name Applies a defined EXEC authorization method list.

Defaults No default AAA EXEC authentication method list is configured.

Command

Mode



Usage Guide Once the default EXEC authorization method list has been configured, it will be applied to all

terminals automatically. If a non-default EXEC authorization method list is applied to a line, it will

replace the default one. If you attempt to apply an undefined method list, you will be notified that the

EXEC authorization on this line is ineffective until the method list is defined.

Configuration

Examples

The following example defines an EXEC authorization method list named exec-1, and uses RADIUS

as the security server. The none method will be used if the server does not respond. The configured

method list is applied to the VTY 0 – 4 line.

Ruijie(config)# aaa authorization exec exec-1 group radius none


Ruijie(config-line)# authorization exec exec-1



aaa authorization commands Defines an AAA EXEC authorization method list.

Platform

Description

N/A

aaa accounting commands

Use this command to perform accounting on the command activities of users that have logged in to

the NAS in global configuration mode in order to manage user activities.

Use the no form of this command to disable the command accounting function.

aaa accounting commands level { default | list-name} start-stop method1 [method2...]

no aaa accounting commands level { default | list-name}


level Specifies the command level for accounting, in the range from 0 to 15. Related

messages are recorded when you determine which command level is executed.

default When this parameter is used, the following defined method list is used as the default

method of command accounting.

list-name Speficies the name of a command accounting method list, which can be any

character strings.

method It must be one of the keywords none and group. One method list can contain up to

four methods:

Parameter

Description

none Accounting is not performed.

group

Uses a server group for accounting. Currently, the TACACS+ server group is

supported.

Defaults Accounting is disabled by default.

Command Global configuration mode


Mode

Usage Guide RGOS enables the command accounting function only after users pass login authentication.

Command accounting is not performed when users are not anthenticated upon login or the none

authentication method is used. After the accounting function is enabled, command information is sent

to the security service each time when users run the specified level of commands.

You must apply the configured command accounting method to the terminal line that requires

command accounting; otherwise, the configured command accounting method is ineffective.

Configuration

Examples

The following example performs accounting on the command requests from usersby using

TACACS+, and configures the accounting command level to 15.

Ruijie(config)# aaa accounting commands 15 default start-stop group tacacs+

Command Description


Related

Commands


accounting commands Applies command accounting to a terminal line.

Platform

Description

N/A

aaa accounting exec

Use this command to perform accounting on the access activities of users that log in to the NAS in

global configuration mode in order to manage user activities.

Use the no form of this command to disable the EXEC accounting function.

aaa accounting exec { default | list-name } start-stop method1 [ method2... ]

no aaa accounting exec { default | list-name }


default When this parameter is used, the following defined method list is used as

the default method of EXEC accounting.

list-name Specifies the name of an EXEC accounting method list, which can be any

character strings.

method It must be one of the keywords: none and group. One method list can


Parameter

Description


group

Uses a server group for accounting. Currently, the RADIUS and





Mode

Usage Guide RGOS enables the EXEC accounting function only after users pass login authentication. EXEC

accounting is not performed when users are not anthenticated upon login or the none authentication

method is used.

After the accounting function is enabled, an accounting start message is sent to the security server

when a user logs in to the NAS CLI, and an accounting stop message is sent to the security server

when the user logs out. If an accounting start message is not sent to the security server when a user

logs in, an accounting stop message is not sent to the security server when the user logs out.

You must apply the configured EXEC accounting method to the terminal line that requires command

accounting; otherwise, the configured EXEC accounting method is ineffective..

Configuration

Examples

The following example performs accounting on users' NAS login activities by using RADIUS, and

sends accounting messages at the start time and end time of access.

Ruijie(config)# aaa accounting exec default start-stop group radius




accounting commands Applies EXEC accounting to a terminal line.

Platform

Description

N/A


Use this command to perform accounting on users' access activities in global configuration mode in

order to count network access fees or manage user activities.

Use the no form of this command to disable the network accounting function.

aaa accounting network { default | list-name } start-stop method1 [ method2... ]

no aaa accounting network { default | list-name }



default method of network accounting.

list-name Specifies the name of an accounting method list.

start-stop

Sends accounting messages at both the start time and end time of users'

network access. Users are allowed to access networks regardless of

whether the accounting start message enables accounting successfully.

method It must be one of the keywords: none and group. One method list can



Parameter

Description

group Uses a server group for accounting. Currently, the RADIUS and TACACS+


server groups are supported.


Command

Mode


Usage Guide RGOS performs accounting on user activities by sending record attributes to the security server. Use

the start-stop keyword to set the user accounting option.

Configuration

Examples

The following example performs accounting on the network service requests from users by using

RADIUS, and sends accounting messages at the start time and end time of network access:

Ruijie(config)# aaa accounting network default start-stop group radius

Command Description


aaa authorization

network Defines AAA network authorization.


Related

Commands


Platform

Description

N/A

aaa accounting update

Use this command to enable the accounting update function in global configuration mode.

Use the no form of this command to disable the accounting update function.

aaa accounting update

no aaa accounting update


Description N/A N/A

Defaults Accounting update is disabled by default.

Command

Mode


Usage Guide If the AAA security service is not enabled, the accounting update function cannot be used. This

command is used to set the accounting update function after the AAA security service is enabled.

Configuration

Examples

The following example enables the accounting update function.



Ruijie(config)# aaa accounting updatee

Command Description


Related

Commands

aaa accounting network Defines a network accounting method list.

Platform

Description

N/A

aaa accounting update periodic

Use this command to set the accounting update interval in global confguration mode after the

accounting update function is enabled.

Use the no form of this command to restore the accounting update interval to the default value.

aaa accounting update periodic interval

no aaa accounting update periodic


Description interval

Specifies the accounting update interval, in minutes.

The shortest interval is one minute.

Defaults The default accounting update interval is five minutes.

Command

Mode


Usage Guide If the AAA security service is not enabled, the accounting update function cannot be used. This

command is used to set the accounting update interval after the AAA security service is enabled.

Configuration

Examples

The following example sets the accounting update interval to one minute.


Ruijie(config)# aaa accounting update

Ruijie(config)# aaa accounting update periodic 1

Command Description


Related

Commands

aaa accounting network Defines a network accounting method list.

Platform

Description

N/A


accounting commands

Use this command to apply a command accounting list to the specified terminal line in line

configruation mode.

Use the no form of this command to disable the command accounting function on the terminal line.

accounting commands level { default | list-name }

no accounting commands level


level Specifies the command level for accounting, in the range from 0 to 15.

default Applies the default command accounting method.

Parameter

Description

list-name Uses a defined command accounting method list.


Command

Mode


Usage Guide Once the default command accounting method list has been configured, it will be applied to all

terminals automatically. If a non-default command accounting method list has been applied to a line,

it will replace the default one. If you attempt to apply an undefined method list, you will be notified that

the command accounting on this line is ineffective until the method list is defined.

Configuration

Examples

The following example defines a command accounting method list named cmd to authorize level 15

commands, and uses TACACS+ as the security server. The none method will be used if the server

does not respond. The configured method list is applied to the VTY 0 – 4 line.

Ruijie(config)# aaa accounting commands 15 cmd group tacacs+ none


Ruijie(config-line)# accounting commands 15 cmd

Command Description


Related

Commands

aaa accouting commands Defines an AAA command accounting method list.

Platform

Description

N/A

accounting exec

Use this command to apply an EXEC accouting method list to the specified terminal line in line

configuration mode.

Use the no form of this command to disable the EXEC accounting function on the terminal line.

accounting exec { default | list-name }


no accounting exec


default Applies the default EXEC accounting method.

Parameter

Description

list-name Uses a defined EXEC accounting method list.

Default Accounting is disabled by defaults.

Command

Mode


Usage Guide Once the default EXEC accounting method list has been configured, it will be applied to all terminals

automatically. If a non-default EXEC accounting method list has been applied to a line, it will replace

the default one. If you attempt to apply an undefined method list, you will be notified that the EXEC

accounting on this line is ineffective until the method list is defined.

Configuration

Examples

The following example defines an EXEC accounting method list named exec-1, and uses RADIUS as

the security server. The none method will be used if the server does not respond. The configured

method list is applied to the VTY 0 – 4 line.

Ruijie(config)# aaa accounting exec exec-1 group radius none


Ruijie(config-line)# accounting exec exec-1

Command Description

aaa new-model Enables the AAA security service. Related

Commands aaa accouting commands Defines an AAA EXEC accouting method list.

Platform

Description

N/A

aaa domain

Use this command to enter domain configuation mode and configure domain attributes.

Use the no form of this command to remove the setting.

aaa domain { default | domain-name }

no aaa domain { default | domain-name }


default Configures the default domain.

Parameter

Description

domain-name Specifies the name of a domain.

Defaults No domain is configured by default.


Command

Mode


Usage Guide Use this command to configure the domain name-based AAA service. The default parameter is used

to configure the default domain. That is the method list used by network equipment if users do not

carry domain information. The domain-name parameter is used to configure the specified domain

name. If users carry this domain name, the method lists associated with this domain are used.

Currently, the system can configure up to 32 domains.

Configuration

Examples

The following example configures a domain name.

Ruijie(config)# aaa domain ruijie.com

Ruijie(config-aaa-domain)#

Command Description


aaa domain enable Enables the domain name-based AAA service.

Related

Commands

show aaa domain Displays domain configuration.

Platform

Description

N/A

aaa doman enable

Use this command to enable the domain name-based AAA service, which is disabled by default.

When the domain name-based AAA service is enabled, the domain name-based AAA service

configuration is preferred.

Use the no form of this command to disable the domain name-based AAA service.

aaa domain enable

no aaa domain enable


N/A N/A

Parameter

Description

Defaults The domain name-based AAA service is disabled by default.

Command

Mode


Usage Guide Use this command to enable the domain name-based AAA service when you perform domain

name-based AAA service configuration.

Configuration

Examples

The following example enables the domain name-based AAA service.

Ruijie(config)# aaa domain enable


Command Description


show aaa doamain Displays domain configuration.

Related

Commands

Platform

Description

N/A

access-limit

Use this command to configure the maximum number of users for domains, which is valid only for

IEEE802.1x users.


access-limit num

no access-limit


Description num Maximum number of users for domains, which is valid only for IEEE802.1x users

Defaults The number of users is not limited by default.

Command

Mode

Domain configuration mode

Usage Guide Use this command to configure the maximum number of users for domains.

Configuration

Examples

The following example sets the maximum number of users to 20 for the domain named ruijie.com.


Ruijie(config-aaa-domain)# access-limit 20

Command Description



Related

Commands


Platform

Description

N/A

accounting network

Use this command to configure a network accounting method list in domain conifguration mode.


accounting network { default | list-name }


no accounting network


default Specifies the default method list.

Parameter

Description

list-name Specifies the name of a method list.

Defaults With no method list specified, if a user sends a request, network equipment will attempt to specify the

default method list for the user.

Command

Mode Domain configuration mode

Usage Guide Use this command to configure a network accounting method list for a domain.

Configuration

Examples

The following example configures a network accounting method list for a domain.


Ruijie(config-aaa-domain)# accounting network default

Command Description



Related

Commands


Platform

Description

N/A

authentication dot1x

Use this command to configure an IEEE802.1x authentication method list in domain configuration

mode.


authentication dot1x { default | list-name }

no authentication dot1x



Parameter

Description




Command

Mode Domain configuration mode


Usage Guide Use this command to configure an IEEE802.1x authentication method list for a domain.

Configuration

Examples

The following example configures an IEEE802.1x authentication method list for a domain.


Ruijie(config-aaa-domain)# authentication dot1x default

Command Description



Related

Commands


Platform

Description

N/A

authorization network

Use this command to configure a network authorization list in domain configuration mode.


authorization network { default | list-name }

no authorization network



Parameter

Description




Command

Mode


Usage Guide Use this command to configure a network authorization list for a domain.

Configuration

Examples

The following example configures a network authorization list for a domain.


Ruijie(config-aaa-domain)# authorization network default

Command Description



Related

Commands



Platform

Description

N/A

state

Use this command to set whether the configured domain is valid.

Use the no form of this command to restore to the default setting.

state { block | active }

no state


block The configured domain is invalid.

Parameter

Description

active The configured domain is valid.

Defaults The configured domain is valid by default.

Command

Mode


Usage Guide Use this command to set whether the specified configured domain is valid.

Configuration

Examples

The following example sets the configured domain to be invalid.


Ruijie(config-aaa-domain)# state block

Command Description



Related

Commands

show aaa domain enable Displays domain configuration .

Platform

Description

N/A

show aaa domain

Use this command to query all current domain information

show aaa domain [ default | domain-name ]


default Displays the default domain information. Parameter

Description domain-name Displays information about the specified domain.

Defaults N/A


Command

Mode


Usage Guide If no domain name is specified, all domain information will be displayed.

Configuration

Examples

The following example displays the domain named domain.com.

Ruijie# show aaa domain domain.com

=============Domain domain.com=============

State: Active

Username format: Without-domain

Access limit: No limit

802.1X Access statistic: 0

Selected method list:

authentication dot1x default

Command Description

aaa new-model Enables the AAA security service. Related

Commands aaa domain enable Enables the domain name-based AAA service.

Platform

Description

N/A

username-format

Use this command to configure whether user names carry domain information when the NAS

interacts with servers.

Use the no form of this command restores to the default setting.

username-format { without-domain | with-domain }

no username-format


without-domain Domain information is removed from user names. Parameter

Description with-domain Domain information is retained in user names.

Defaults Domain information is retained in user names by default.

Command

Mode


Usage Guide Use this command to configure whether user names carry domain information when the NAS

interacts with servers.


Configuration

Examples

The following example configures a user name to remove domain information.


Ruijie(config-aaa-domain)# username-domain without-domain

Command Description



Related

Commands


Platform

Description

N/A

aaa group server

Use this command to enter AAA server group comfiguration mode.

Use the no form of this command to delete server groups.

aaa group server { radius | tacacs+ } name

no aaa group server { radius | tacacs+ } name


Description name

Name of a server group. It cannot be the keywords radius or tacacs+

because RADIUS and TACACS+ are the default server group names.

Defaults N/A

Command

Mode


Usage Guide Use this command to confgure AAA server groups. Currently, the RADIUS and TACACS+ server

groups are supported.

Configuration

Examples

The following example configures an AAA server group.

Ruijie(config)# aaa group server radius ss

Ruijie(config-gs-radius)# end

Ruijie# show aaa group

Group Name: ss

Group Type: radius

Referred: 1

Server List:


Commands show aaa group Displays AAA server group information.

Platform N/A


Description

ip vrf forwarding

Use this command to select VPN routing and forwarding (VRF) for an AAA server group.


ip vrf forwarding vrf_name

no ip vrf forwarding


Description vrf_name VRF name

Defaults N/A

Command

Mode Server group configuration mode

Usage Guide Use this command to select VRF for the specified server group.

Configuration

Examples

The following example selects VRF for a server group.


Ruijie(config-gs-radius)# server 192.168.4.12

Ruijie(config-gs-radius)# server 192.168.4.13

Ruijie(config-gs-radius)# ip vrf forwarding vrf_name


Command Description

aaa group server Configures an AAA server group. Related


Platform

Description

N/A

server

Use this command to add a server to an AAA server group.

Use the no form to delete a server.

server ip-addr [ auth-port port1 ] [ acct-port port2 ]

no server ip-addr [ auth-port port1 ] [ acct-port port2 ]


ip-addr IP address of a server

Parameter

Description

port1 Authentication port of a server (which is supported only by the


RADIUS server group)

port2 Accounting port of a server (which is supported only by the RADIUS

server group)

Defaults No server is configured by default.

Command

Mode Server group configuration mode

Usage Guide Use this command to add a server to the specified server group. The default value is used if no port is

specified.

Configuration

Examples

The following example adds a server to a server group.


Ruijie(config-gs-radius)# server 192.168.4.12 acct-port 5 auth-port 6




Type Reference Name

---------- ---------- ----------

radius 1 radius

tacacs+ 1 tacacs+

radius 1 ss

Command Description

aaa group server Configures an AAA server group. Related


Platform

Description

N/A

show aaa group

Use this command to query all the server groups configured for AAA.

show aaa group


Description N/A N/A

Defaults N/A

Command

Mode



Usage Guide Use this command to query all the server groups configured for AAA.

Configuration

Examples

The following example displays all the server groups configured for AAA.


Type Reference Name

---------- ---------- ----------

radius 1 radius

tacacs+ 1 tacacs+

radius 1 dot1x_group

radius 1 login_group

radius 1 enable_group


Commands aaa group server Configures an AAA server group.

Platform

Description

N/A

aaa local authentication attempts

Use this command to configure the maximum number of login attempt times.

aaa local authentication attempts max-attempts


Description max-attempts Maximum number of login attempt times, in the range from 1 to 2147483647


Command

Mode


Usage Guide Use this command to configure the maximum login attempt times.

The following example sets the maximum login attempt times to 6.

Configuration

Examples


Ruijie(config)# aaa local authentication attempts 6

Command Description

show running-config Displays the current equipment configuration.

Related

Commands

show aaa lockout Displays the lockout configuration parameter of the current login.

Platform

Description

N/A


aaa local authentication lockout-time

Use this command to configure the length of lockout-time when the maximum login attempt times are

exceeded.

aaa local authentication lockout-time lockout-time


Description lockout-time Length of lockout-time, in the range from 1 to 2147483647.

Defaults 15 hours.

Command

Mode


Usage Guide Use this command to configure the length of lockout-time when the maximum login attempt times are

exceeded.

The following example sets the length of lockout-time to 5 hours.

Configuration

Examples


Ruijie(config)# aaa local authentication lockout-time 5


Commands show running-config Displays the current equipment configuration.

show aaa lockout Displays the lockout configuration parameter of the current login.

Platform

Description

N/A

aaa new-model

Use this command to enable the RGOS AAA security service in global configuration mode.

Use the no form of this command to disable the AAA security service.

aaa new-model

no aaa new-model


Description N/A N/A

Defaults The AAA security service is disabled by default.

Command

Mode



Usage Guide Use this command to enable AAA. If AAA is not enabled, none of the AAA commands can be

configured.

Configuratio

n Examples

The following example enables the AAA security service.


Command Description

aaa authentication Defines a user authentication method list.

aaa authorization Defines a user authorization method list.

Related

Commands

aaa accounting Defines a user accounting method list.

Platform

Description

N/A

clear aaa local user lockout

Use this command to clear a lockout user list.

clear aaa local user lockout {all | user-name <word>}


Description <word> User ID

Defaults N/A.

Command

Mode


Usage Guide Use this command to clear all lockout user lists or the specified lockout user list.

Configuration

Examples

The following example clears all lockout user lists

Ruijie# clear aaa local user lockout all

Command Description

show running-config Displays the current equipment configuration. Related

Commands show aaa lockout Displays the lockout configuration parameter of the current login.

Platform

Description

N/A

debug aaa

Use this command to enable the AAA service debugging switch.

Use the no form of this command to disable the debugging switch.


debug aaa event

no debug aaa event


Description N/A N/A

Defaults N/A.

Command


Usage Guide N/A

Configuration

Examples

N/A


Commands N/A N/A

Platform

Description

N/A

show aaa method-list

Use this command to query all AAA method lists.

show aaa method-list


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to query all AAA method lists.

Configuratin

Examples

The following example displays AAA method lists.

Ruijie# show aaa method-list

Authentication method-list

aaa authentication login default group radius

aaa authentication ppp default group radius

aaa authentication dot1x default group radius


aaa authentication dot1x san-f local group angel group rain none

aaa authentication enable default group radius

Accounting method-list

aaa accounting network default start-stop group radius

Authorization method-list

aaa authorizating network default group radius

Command Description

aaa authentication Defines a user authentication method list.

aaa authorization Defines a user authorization method list.

Related

Commands

aaa accounting Defines a user accounting method list.

Platform

Description

N/A

show aaa user lockout

Use this command to query the current lockout user list.

show aaa user lockout


Description N/A N/A

Defaults N/A

Command


Usage Guide Use this command to query the current lockout user list and the length of lockout-time.

Configuration

Examples

The following example displays the current lockout user list.

Ruijie# show aaa user lockout

Command Description

show running-config Displays the current equipment configuration. Related

Commands show aaa lockout Displays the lockout configuration parameter of the current login.

Platform

Description

N/A

Command Reference RADIUS Commands

RADIUS Commands

ip radius source-interface

Use this command to specify the source IP address of the RADIUS packet in global configuration

mode.

Use the no form of this command to delete the source IP address of the RADIUS packet.

ip radius source-interface interface

no radius source-interface


Description Interface Interface that the source IP address of the RADIUS packet belongs to

Defaults The source IP address of the RADIUS packet is set by the network layer by default.

Command

Mode


Usage Guide In order to reduce the NAS information to be maintained on the RADIUS server, use this

command to set the source IP address of the RADIUS packet. This command uses the first IP

address of the specified interface as the source IP address of the RADIUS packet. This command

is used on Layer 3 devices.

Configuration

Examples

The following example specifies that the RADIUS packet obtains an IP address from the

fastEthernet 0/0 interface and uses it as the source IP address of the RADIUS packet.

Ruijie(config)# ip radius source-interface

fastEthernet 0/0

Command Description

radius-server host Defines the RADIUS server.

Related

Commands

ip address Configures the IP address of an interface.

Platform

Description

N/A


radius attribute

radius attribute {id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type type

no radius attribute { id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type


id Function ID in the range from 1 to 255

Parameter

Description

type Private attribute type

Defaults Only the default configuration of private attributes in Ruijie is recognized.

id Function Type

1 max down-rate 1

2 qos 2

3 user ip 3

4 vlan-id 4

5 version to client 5

6 net ip 6

7 user name 7

8 password 8

9 file-directory 9

10 file-count 10

11 file-name-0 11

12 file-name-1 12

13 file-name-2 13

14 file-name-3 14

15 file-name-4 15

16 max up-rate 16

17 version to server 17

18 flux-max-high32 18

19 flux-max-low32 19

20 proxy-avoid 20

21 dialup-avoid 21

22 ip privilege 22

23 login privilege 42

Extended attributes:

id Function Type

1 max down-rate 76

2 qos 77

3 user ip 3

4 vlan-id. 4

5 version to client 5

6 net ip 6

7 user name 7


8 password 8

9 file-directory 9

10 file-count 10

11 file-name-0 11

12 file-name-1 12

13 file-name-2 13

14 file-name-3 14

15 file-name-4 15

16 max up-rate 75

17 version to server 17



20 proxy-avoid 20

21 dialup-avoid 21

22 ip privilege 22

23 login privilege 42

24 limit to user number 50

Command

Mode


Usage Guide Use this command to configure the type value of a private attribute.

Configuration

Examples

The following example sets the type of max up-rate to 211.

Ruijie(config)# radius attribute 16 vendor-type 211


Commands radius set qos cos Sets the qos value sent by the RADIUS server as the cos

value of the interface.

Platform

Description

N/A

radius-server attribute 31

Use this command to specify the MAC-based format of the RADIUS Calling-Station-ID attribute in


Use the no form of this command to restore to the default value.

radius-server attribute 31 mac format {ietf | normal | unformatted}

no radius-server attribute 31 mac format


Description ietf Standard format specified by the IETF (RFC3580). The


hyphen (-) is used as the separator, for example:

00-D0-F8-33-22-AC.

normal Normal format representing the MAC address. The hyphen

(-) is used as the separator. For example: 00d0.f833.22ac.

unformatted No format and separator, which is used by default, for

example: 00d0f83322ac

Defaults The default format is unformatted.

Command

Mode


Usage Guide Some RADIUS security servers (mainly used in 802.1x authentication) may identify only the IETF

format. In this case, the RADIUS Calling-Station-ID attribute must be set to the IETF format type.

Configuration

Examples

The following example defines the RADIUS Calling-Station-ID attribute as the IETF format.

Ruijie(config)# radius-server attribute 31 mac format ietf


Commands N/A N/A

Platform

Description N/A

radius-server dead-ctriteria

Use this command to configure criteria on a device to determine that the RADIUS security server

is unreachable in global configuration mode.

Use the no form of this command to restore to the default value.

radius-server dead-criteria {time seconds [tries number] | tries number}

no radius-server dead-criteria {time seconds [tries number] | tries number}


time seconds Configures the timeout period. If a device does not receive a correct

response packet from the RADIUS security server within the

specified time, the RADIUS security server is considered to be

unreachable. The value ranges from 1s to 120s.

Parameter

Description

tries number Configures the successive timeout times. When sending a request

from a device to the same RADIUS security server times out for the

specified times successively, the device considers the RADIUS

security server to be unreachable. The value ranges from 1 to 100.

Defaults time seconds: 60s

tries number: 10


Command

Mode


Usage Guide If a RADIUS security server meets the timeout period and successive timeout times at the same

time, the device considers the RADIUS security server to be unreachable. You can use this

command to adjust the parameters of the timeout period and successive timeout times.

Configuration

Examples

The following example sets the timeout period to 120s and the successive timeout times to 20.

Ruijie(config)# radius-server dead-criteria time 120 tries 20

Command Description

radius-server host Defines the host of the RADIUS security server.

radius-server deadtime Defines the duration when a device stops sending any

requests to an unreachable RADIUS security server.

Related

commands

radius-server timeout Defines the timeout period of RADIUS packet

retransmission.

Platform

Description

N/A

radius-server deadtime

Use this command to configure the duration when a device stops sending any requests to an

unreachable RADIUS security server in global configuration mode.

Use the no form of this command to return to the default value.

radius-server deadtime minnutes

no radius-server deadtime


Description minutes Defines the duration (in minutes) when a device stops sending any

requests to the unreachable RADIUS security server. The value

ranges from 1 minute to 1440 minute (24 hours).

Defaults The default value of the minutes parameter is 0 minutes. That is, a device keeps sending requests

to the unreachable RADIUS security server.

Command

Mode


Usage Guide If active RADIUS server detection is enabled on a device, the minutes parameter of this command

does not take effect on the RADIUS server. Otherwise, the RADIUS server becomes reachable

when the duration set by this command is shorter than the unreachable time.


Configuration

Examples

The following example sets the duration when a device stops sending requests to a RADIUS

server to 1 minute.

Ruijie(config)# radius-server deadtime 1


Commands radius-server dead-criteria Defines the criteria of determining that a RADIUS

server is unreachable.

radius-server host Defines host information of the RADIUS security server.

Platform

Description

N/A

radius-server host

Use this command to specify a RADIUS security server host in global configuration mode.

Use the no form of this command to delete the RADIUS security server host.

radius-server host { ipv4-address | ipv6-address} [auth-port port-number] [acct-port

port-number] [test username name [idle-time time] [ignore-auth-port] [ignore-acct-port]]

no radius-server host { ipv4-address | ipv6-address}


ipv4-address IPv4 address of the RADIUS security server host

ipv6-address IPv6 address of the RADIUS security server host

auth-port UDP port for RADIUS authentication

port-number Number of the UDP port used for RADIUS authentication. If it is set to 0,

the host does not perform authentication.

acct-port UDP port for RADIUS accounting

port-number Number of the UDP port for RADIUS accounting. If it is set to 0, the host

does not perform accounting.

test username

name

(Optional) Enables active detection of the RADIUS security server and

specifies the user name used by active detection.

idle-time time (Optional) Sets the interval of sending test packets to the reachable

RADIUS security server, which is 60 minutes by default and in minute the

range from 1 to 1440 minutes (namely 24 hours).

ignore-auth-port (Optional) Disables detection of the authentication port on the RADIUS

security server. It is enabled by default.

Parameter

Description

ignore-acct-port (Optional) Disables detection of the accounting port on the RADIUS

security server. It is enabled by default.

Defaults No RADIUS host is specified by default.

Command

Mode



Usage Guide In order to implement the AAA security service using RADIUS, you must define a RADIUS

security server. You can define one or more RADIUS security servers by using this command.

Configuration

Examples

The following example defines an IPv4 RADIUS security server host.

Ruijie(config)# radius-server host 192.168.12.1

The following example defines an IPv4 RADIUS security server host, enables active detection

with the detection interval 60 minutes, and disables accounting UDP port detection.

Ruijie(config)# radius-server host 192.168.100.1 test username viven

idle-time 60 ignore-acct-port

The following example defines an IPv6 RADIUS security server host.

Ruijie(config)# radius-server host 3000::100

Command Description

aaa authentication Defines the AAA identity authentication method list.

radius-server key Defines a shared password for the RADIUS security

server.

radius-server retransmit Define the RADIUS packet retransmission times.

Related

Commands

radius-server timeout Defines the timeout period of RADIUS packet

retransmission.

radius-server dead-criteria Defines the criteria of determining that a RADIUS

server is unreachable.

radius-server deadtime Defines the duration when a device stops sending any

requests to an unreachable RADIUS security server.

Platform

Description

N/A

radius-server key

Use this command to define a shared password for the network access server (a router) to

communicate with the RADIUS security server.

Use the no form of this command to remove the shared password.

radius-server key [0 | 7] text-string

no radius-server key


text-string Text of the shared password

Parameter

Description

0 | 7 Password encryption type

0: no encryption

7: simple encryption


Defaults No shared password is specified by default.

Command

Mode


Usage Guide A shared password is the basis for communication between a device and the RADIUS security

server. In order to allow the device to communicate with the RADIUS security server, define the

same shared password on the device and the RADIUS security server.

Configuration

Examples

The following example defines the shared password aaa for the RADIUS security server.

Ruijie(config)# radius-server key aaa

Command Description

radius-server host Defines the RADIUS security server host.

radius-server retransmit Defines the RADIUS packet retransmission times.

Related

Commands

radius-server timeout Defines the timeout period of RADIUS packet retransmission.

Platform

Description

N/A

radius-server retransmit

Use this command to configure the packet retransmission times before a device determines that

the RADIUS security server fails to respond.


radius-server retransmit retries

no radius-server retransmit


Description retries Retransmission times

Defaults The default retransmission times are 3.

Command

Mode


Usage Guide AAA uses the next method to authenticate users only when the current security server for

authentication does not respond. When a device retransmits the RADIUS packet for the specified

times and the interval between every two retries times out, the device considers that the security

sever fails to respond.

Configuration

Examples

The following example sets the retransmission times to 4.

Ruijie(config)# radius-server retransmit 4


Command Description


radius-server key Define a shared password for the RADIUS server.

Related

Commands


Platform

Description

N/A

radius-server timeout

Use this command to set the time for a device to wait for a response from the security server

before retransmitting the RADIUS packet.


radius-server timeout seconds

no radius-server timeout


Description seconds Timeout period in the range from 1 second to1000 seconds

Defaults The default timeout period is five seconds.

Command

Mode


Usage Guide Use this command to change the timeout period of packet retransmission.

Configuration

Examples

The following example sets the timeout period to 10 seconds.

Ruijie(config)# radius-server timeout 10

Command Description



Related

Commands

radius-server key Defines a shared password for the RADIUS server.

Platform

Description

N/A

radius set qos cos

Use this command to set the qos value sent by the RADIUS server as the cos value of an

interface.


radius set qos cos

no radius set qos cos


Description N/A N/A

Defaults The qos value sent by the RADIUS server is set to the dscp value by default.

Command

Mode


Usage Guide Use this command to set the qos value sent by the RADIUS server to the cos value. The qos

value sent by the RADIUS server is set to the dscp value by default.

Configuration

Examples

The following example sets the qos value sent by the RADIUS server to the cos value of an

interface.

Ruijie(config)# radius set qos cos


Commands radius vendor-specific extend RADIUS is extended not to differentiate the IDs of

private vendors.

Platform

Description

N/A

radius vendor-specific extend

Use this command to extend RADIUS not to differentiate the IDs of private vendors.radius

vendor-specific extend

no radius vendor-specific extend


Description N/A N/A

Defaults Only the private vendor IDs of Ruijie are recognized by default.

Command

Mode


Usage Guide Use this command to identify the attributes of all vendor IDs by type.

Configuration The following example extends RADIUS not to differentiate the IDs of private vendors.


Examples Ruijie(config)# radius vendor-specific extend

Command Description

radius attribute Configures the private vendor type.

Related

Commands

radius set qos cos Configures whether the qos value sent by the

RADIUS server to the cos value of an interface.

Platform

Description

N/A

debug radius

Use this command to turn on the RADIUS debugging switch.

Use the no form of this command to turn off the RADIUS debugging switch.

debug radius {event | detail}

no debug radius {event | detail}


Description N/A N/A

Defaults N/A

Command

Mode

Privileged EXEC configuration mode

Usage

Guide

N/A

Configurati

on

Examples

N/A


Commands N/A N/A

Platform

Description

N/A

show radius parameter

Use this command to query the global parameters of the RADIUS server.

show radius parameter



Description N/A N/A

Defaults N/A.

Command

Mode


Usage Guide Use this command to query the global parameters of the RADIUS server.

Configuration

Examples

Ruijie# show radius parameter

Server Timout: 5 Seconds

Server Deadtime: 0 Minutes

Server Retries: 3

Server Dead Critera:

Time: 10 Seconds

Tries: 10

Command Description




Related

Commands

radius-server timeout Defines the timeout period of RADIUS packet retransmission

radius-server dead-criteria Defines the criteria of determining that a RADIUS server is

unreachable.

radius-server deadtime Defines the duration when a device stops sending any requests

to an unreachable RADIUS security server.

Platform

Description

N/A

show radius server

Use this command to query the configuration of the RADIUS server.

show radius server


Description N/A N/A

Defaults N/A.


Command

Mode


Usage Guide Use this command to query the configuration of the RADIUS server.

Configuration

Examples

Ruijie# show radius server

Server IP: 192.168.4.12

Accounting Port: 23

Authen Port: 77

Test Username: viven

Test Idle Time: 10 Minutes

Test Ports: Authen

Server State: Active

Current duration 765s, previous duration 0s

Dead: total time 0s, count 0

Statistics:

Authen: request 15, timeouts 1

Author: request 0, timeouts 0

Account: request 0, timeouts 0

Server IP: 192.168.4.13

Accounting Port: 45

Authen Port: 74

Test Username: <Not Configured>

Test Idle Time: 60 Minutes

Test Ports: Authen and Accounting

Server State: Active

Current duration 765s, previous duration 0s

Dead: total time 0s, count 0

Statistics:

Authen: request 0, timeouts 0

Author: request 0, timeouts 0

Account: request 20, timeouts 0

Command Description




Related

Commands


Platform

Description

N/A


show radius vendor-specific

Use this command to query the configuration of the private attribute types of RADIUS.

show radius vendor-specific


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to query the configuration of the private attribute types of RADIUS.

Configuration

Examples

Ruijie# show radius vendor-specific

Ruijie#show radius vendor-specific

id vendor-specific type-value

----- -------------------- ----------

1 max-down-rate 1

2 port-priority 2

3 user-ip 3

4 vlan-id 4

5 last-supplicant-vers 5

ion

6 net-ip 6

7 user-name 7

8 password 8

9 file-directory 9

10 file-count 10

11 file-name-0 11

12 file-name-1 12

13 file-name-2 13

14 file-name-3 14

15 file-name-4 15

16 max-up-rate 16

17 current-supplicant-v 17

ersion



20 proxy-avoid 20

21 dialup-avoid 21

22 ip-privilege 22


23 login-privilege 42

26 ipv6-multicast-addre 79

ss

27 ipv4-multicast-addre 87

ss

Command Description




Related

Commands


Platform

Description

N/A

Command Reference TACACS+ Commands

TACACS+ Commands

aaa group server tacacs+

Use this command to configure TACACS+ group server, dividing different TACACS+ servers to

different groups.

aaa group server tacacs+ group-name

no aaa group server tacacs+ group-name

Parameter


group-name The TACACS+ server group name.

Defaults No TACACS+ server group is configured.

Command

Mode


Usage Guide By dividing TACACS+ servers into several groups, the tasks of anthentication, authorization and

accounting can be implemented by different server groups.

Configuration

Examples

The following example configures a TACACS+ server group named tac1 and a TACACS+ server

address 1.1.1.1 in this group:

Ruijie(config)#aaa group server tacacs+ tac1

Ruijie(config-gs-tacacs+)# server 1.1.1.1

Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1

Related


server

Configures the server list of a TACACS+ server

group.

ip vrf forwarding

Configures a VRF name supported by

TACACS+ server group.

Platform

Description

N/A

debug tacacs+

Use this command to turn on the TACACS+ debugging switch. The no form of this command turns off

the TACACS+ debugging switch.


debug tacacs+

no debug tacacs+

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

N/A

Related


N/A N/A

Platform

Description

N/A

ip tacacs source-interface

Use this command to configure the source IP address of TACACS+ packet.

ip tacacs source-interface interface

no ip tacacs source-interface

Parameter


interface Source IP address interface of the TACACS+ packets

Defaults Source IP address of TACACS+ packets is set on the network layer.

Command

Mode


Usage Guide To decrease the work of maintaining massive NAS messages in the TACACS+ server, use this

command to set the source IP address of TACACS+ packets. This command specifies the first ip

address of the specified interface as the source IP address of TACACS+ packets and is used on L3

devices.


Configuration

Examples

The following example specifies TACACS+ packet to obtain ip address from fastEthernet 0/0 as the

source IP address of TACACS+ packets:

Ruijie(config)# ip tacacs source-interface fastEthernet 0/0

Related


tacacs-server host Defines a TACACS+ server.

ip address Configures the ip address of the interface.

Platform

Description

This command is not supported on AP110-W.

ip vrf forwarding(TACACS+)

Use this command to configure vrf name used by the TACACS+ group server (this command is

supported by the device supporting VRF).

ip vrf forwarding vrf-name

no ip vrf forwarding

Parameter


vrf-name VRF name.

Defaults N/A

Command

Mode

TACACS+ group server configuration mode.

Usage Guide Specify vrf name to the specified TACACS+ server.

Configuration

Examples

The following example specifies VRF name as vpn1 to TACACS+ server group:

Ruijie(config)# aaa group server tacacs+ tac1

Ruijie(config-gs-tacacs+)# server 1.1.1.1

Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1

Related


aaa group server tacacs+ Configures a TACACS+ server group.

server

Configures the server list of aTACACS+ server

group.

Platform

Description

N/A


server(TACACS+)

Use this command to configure server address in TACACS+ group server.

server { ip-address | ipv6-address }

no server { ip-address | ipv6-address }

Parameter


ip-address The IP address of the server in the TACACS+ server group

ipv6-address The IPv6 address of the server in the TACACS+ server group

Defaults N/A

Command

Mode

TACACS+ group server configuration mode.

Usage Guide You must enter the TACACS+ server group configuration mode to configure this command.

To configure server addresses in a TACACS+ group server, you must execute the tacacs-server

host command in global configuration mode.

For the IP address of the servers in TACACS+ group servers, when one server does not reply, it will

send the request to the next server.

Configuration

Examples

The following example configures a TACACS+ server group named tac1 and a TACACS+ server

address 1.1.1.1 in this group:

Ruijie(config)#aaa group server tacacs+ tac1

Ruijie(config-gs-tacacs+)#server 1.1.1.1

Related


aaa group server tacacs+ Configures a TACACS+ server group.

ip vrf forwarding

Configures a VRF name supported by

TACACS+ server group.

Platform

Description

N/A

show tacacs

Use this command to show the interoperation of each TACACS+ server.

show tacacs+

Parameter



N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to show the interoperation of each TACACS+ server.

Configuration

Examples

Ruijie# show tacacs

Tacacs+ Server : 172.19.192.80/49

Socket Opens: 0

Socket Closes: 0

Total Packets Sent: 0

Total Packets Recv: 0

Reference Count: 0

Related


tacacs-server host Defines a TACACS+ secure server host.

Platform

Description

N/A

tacacs-server host

Use this command to configure IP address of aTACACS+ server host

tacacs-server host { ip-address | ipv6-address } [ port integer ] [ timout integer ] [ key string ]

no tacacs-server host { ip-address | ipv6-address }

Parameter


ip-address The IP address of a TACACS+ server host.

ipv6-address The IPv6 address of a TACACS+ server host.

port integer The TCP port used in TACACS+ communication.

timeout integer The Timeout time of TACACS+ host.

key string The shared keyword of the TACACS+ client and server.

Defaults No specified TACACS+ host

Command

Mode



Usage Guide To use TACACS+ to implement AAA security service, you must define the TACACS+ secure server.

You can define one or multiple TACACS+ secure servers by using the tacacs-server host

command.

Configuration

Examples

The following example defines a TACACS+ secure server host:

Ruijie(config)# tacacs-server host 192.168.12.1

Ruijie(config)# tacacs-server host 2001::1

Related


aaa authentication

Defines a AAA identity authentication method

list.

tacacs-server key

Defines the shared password of TACACS+

secure server globally.

tacacs-server timeout

Defines a timeout timer of reply packet of

TACACS+ server globally.

Platform

Description


tacacs-server key

Use this command to configure global password of TACACS+

tacacs-server key [ 0 | 7 ] string

no tacacs-server key

Parameter


string Text of shared password.

0 | 7 Encryption type of password, 0 indicates no encryption ; 7 indicates

being simply encrypted.

Defaults No specified shared password.

Command

Mode


Usage Guide The device and TACACS+ secure server communicates with each other successfully on the basis of

the shared password. Therefore, to make the device and TACACS+ secure server communicate with

each other, the same shared password must be defined on both of the device and the server. When

we need to specify different passwords for every server, use key option in tacacs-server host

command. We can set a key to all the servers that have not set key option in global configuration

mode.


Configuration

Examples

The following example defines the shared password of TACACS+ secure server as

aaa: Ruijie(config)# tacacs-server key aaa

Related



tacacs-server timeout Defines the timeout timer of TACACS+ packet.

Platform

Description


tacacs-server timeout

Use this command to configure the global timeout time waiting for the server when the device is

communicating with TACACS+ server.

tacacs-server timeout seconds

no tacacs-server timeout

Parameter


seconds Timeout time (s) in the range 1 to 1000s.

Defaults 5 seconds

Command

Mode


Usage Guide Use this command to adjust the timeout time of reply packets. When we specify different timeout

times for every server, use timeout option in tacacs-server host command. We can set a timeout to

all the servers that have not set timeout option in global configuration mode.

Configuration

Examples

The following example shows how to define the timeout time as 10 seconds:

Ruijie(config)# tacacs-server timeout 10

Related



tacacs-server key Defines the shared password of TACACS+.

Platform

Description


Command Reference SSH Commands

SSH Commands

crypto key generate

Use this command to generate a public key on the SSH server in global configuration mode.

crypto key generate {rsa | dsa}


Description rsa Generates an RSA key.

dsa Generates a DSA key.

Defaults The SSH server does not generate a public key by default.

Command

Mode


Usage Guide When you need to enable the SSH server service, use this command to generate a public key on the

SSH server and enable the SSH server service by running the enable service ssh-server command

at the same time. SSH 1 uses the RSA key; SSH 2 uses the RSA or DSA key. Therefore, if an RSA

key has been generated, both SSH1 and SSH2 can use it. If only a DSA key is generated, only SSH2

can use it.

A key can be deleted by using the crypto key zeroize command. The no crypto key

generate command is not available.

Configuration

Examples


Ruijie(config)# crypto key generate rsa


Commands show ip ssh Displays the current status of the SSH server.

crypto key zeroize {rsa | dsa}

Deletes the DSA and RSA keys and disables the SSH server

function.

Platform

Description

N/A

crypto key zeroize

Use this command to delete the public key on the SSH server in global configuration mode.

crypto key zeroize {rsa | dsa}



Description rsa Deletes the RSA key.

dsa Deletes the DSA key.

Defaults N/A.

Command

Mode


Usage Guide Use this command to delete the public key on the SSH server. After the key is deleted, the SSH

server state becomes DISABLE. If you want to disable the SSH server, run the no enable service

ssh-server command.

Configuration

Examples


Ruijie(config)# crypto key zeroize rsa



crypto key generate { rsa|dsa } Generates the DSA and RSA keys.

Platform

Description

N/A

ip ssh authentication-retries

Use this command to set the user authentication retry times of the SSH server.


ip ssh authentication-retries retry times

no ip ssh authentication-retries


Description retry times User authentication retry times, in the range from 0 to 5

Defaults The default authentication retry times are 3. You can use the no ip ssh authentication-retries

command to restore to the default value.

Command

Mode


Usage Guide User authentication is considered failed if authentication is not successful when the configured

authentication retry times on the SSH server are exceeded. Use the show ip ssh command to view

the configuration of the SSH server.

Configuration The following example sets the user authentication retry times to 2.


Examples Ruijie# configure terminal

Ruijie(config)# ip ssh authentication-retries 2



Platform

Description

N/A

ip ssh time-out

Use this command to set the user authentication timeout period on the SSH server.


ip ssh time-out time

no ip ssh time-out


Description time User authentication timeout period

Defaults The default user authentication timeout period is 120 seconds. You can use the no ip ssh time-out

command to restore to the default value.

Command

Mode


Usage Guide The authentication is considered timeout and failed if the authentication is not successful within 120

seconds starting from reception of a connection request. Use the show ip ssh command to view the

configuration of the SSH server.

Configuration

Examples

The following example sets the timeout period to 100 seconds.


Ruijie(config)# ip ssh time-out 100



Platform

Description

N/A

ip ssh version

Use this command to set the version of the SSH server.



ip ssh version {1 | 2}

no ip ssh version


1 Supports the SSH1 client connection request.

Parameter

Description

2 Supports the SSH2 client connection request.

Defaults SSH1 and SSH2 are compatible by default. When a version is set, only the connection sent by the

SSH client of this version is accepted. You can use the no ip ssh version command to restore to the

default setting.

Command

Mode


Usage Guide Use this command to configure the SSH connection protocol version supported by the SSH server.

By default, the SSH server supports SSH1 and SSH2, and the clients of these versions can connect

to the SSH server. If Version 1 or 2 is set, only the SSH client of this version can connect to the SSH

server. Use the show ip ssh command to display the current status of SSH server.

Configuration

Examples

The following example sets the version of the SSH server to Version 2.


Ruijie(config)# ip ssh version 2



Platform

Description

N/A

disconnect ssh

Use this command to disconnect the established SSH connection.

disconnect ssh [vty] session-id


Description session-id ID of the established SSH connection session

Defaults N/A

Command

Mode


Usage Guide You can disconnect an SSH connection by entering the ID of the SSH connection or the specified

VTY connection ID. Only connections of the SSH type can be disconnected.


Configuration

Examples

Ruijie# disconnect ssh 1 Or

Ruijie# disconnect ssh vty 1


Commands show ssh Displays information about the established SSH connection.

clear line vty line_number Disconnects the current VTY connection.

Platform

Description

N/A

show crypto key mypubkey

Use this command to query the public key part of the public key on the SSH server.

show crypto key mypubkey {rsa/dsa}


rsa Displays the public key part of the RSA key.

Parameter

Description

dsa Displays the public key part of the DSA key.

Defaults N/A.

Command

Mode


Usage Guide Use this command to query the public key part of the generated public key on the SSH server,

including the key generation time, key name, and contents of the public key part.

Configuration

Examples

Ruijie# show crypto key mypubkey rsa


Commands crypto key generate {rsa | dsa} Generates the DSA and RSA keys.

Platform

Description

N/A

show ip ssh

Use this command to query the effective configuration of the SSH server.

show ip ssh



Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to query the effective configuration of the SSH server, including the version,

whether the SSH server is enabled, authentication timeout period, and authentication retry times.

Note: If no key is generated for the SSH server, the SSH version is still unavailable even if this SSH

version has been configured.

Configuration

Examples

Ruijie# show ip ssh


Commands ip ssh version {1 | 2} Configures the version of the SSH server.

ip ssh time-out time

Sets the user authentication timeout period on the SSH

server.

ip ssh authentication-retries Sets the user authentication retry times on the SSH server.

Platform

Description

N/A

show ssh

Use this command to query each SSH connection.

show ssh


Description N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to query the established SSH connections, including the VTY number of

connection, SSH version, encryption algorithm, message authentication algorithm, connection status,

and user name.

Configuration

Examples

Ruijie# show ssh



Commands N/A N/A

Platform

Description

N/A

Command Reference FTP Client Commands

FTP Client Commands

copy ftp

This section introduces how to use the copy ftp command to transfer files at the CLI in the main

program. To use the FTP client to download files to the device, execute the copy ftp:url flash:url

command in the privileged mode. Use the copy flash:url ftp:url command to upload files of the local

client to the server.

copy ftp://username:password@dest-address [/remote-directory]/remote-file

flash:[local-directory/]local-file [vrf vrfname]

copy flash:[local-directory/]local-file ftp://username:password@dest-address [/remote-directory]/

remote-file [vrf vrfname]

Parameter


username

Username for logging in to the FTP server, with a length no more than

40 bytes. The username does not contain dot (.), at sign (@), slash (/),

and space. This parameter is mandatory.

password

Password for logging in to the FTP server, with a length no more than

32 bytes. The password does not contain dot (.), at sign (@), slash (/),

and space. This parameter is mandatory.

dest-address IP address of the FTP server

remote-directory

Name of the optional directory on the FTP server for uploading files,

with a length no more than 255 bytes. The directory name does not

contain space and Chinese characters. If this parameter is empty, the

current directory of the FTP server is used.

remote-file

Name of the file on the remote server, with a length no more than 255

bytes. The name does not contain space and Chinese characters.

local-directory

Optional directory of the folder on the local device. Create the folder on

the local device before specifying the directory of the folder because

this command cannot automatically create a folder. If this parameter is

empty, the current directory is used, with a length no more than 255

bytes, and does not contain space and Chinese characters.

local-file

Name of the file on the local server, with a length no more than 255

bytes. The name does not contain space and Chinese characters.

vrfname Name of the specified VRF

Defaults N/A

Command

Modes Privileged EXEC mode


Usage

Guidelines

Use the copy ftp:url flash:url command to download files.

Use the copy flash:url ftp: url command to upload files.

Examples The username is user; password is pass, IP address is 192.168.23.69. Download the file named

remote-file under the root directory of the FTP server to the home directory of the device, and save it

as local-file.

Ruijie# copy ftp://user:[email protected]/root/remote-file flash:home/local-file

Upload the file local-file under the home directory of the device to the root directory of the FTP server,

and save it as remote-file.

Ruijie# copy flash:home/local-file ftp://user:[email protected]/root/remote-file

Related


N/A N/A

Platform

Description

-

default ftp-client

Use the default ftp-client command to restore the default setting of the FTP client in the global

configuration mode, namely, passive (PASV) mode for data connection, binary mode for file transfer,

and client source IP address not bound.

default ftp-client [vrf vrfname]

Parameter


vrfname Restores the default setting for the specified VRF.

Defaults The data connection mode is passive (PASV), file transfer mode is binary, and no local source IP

address is specified.

Command

Modes Global configuration mode

Usage

Guidelines

Use this command to restore the default setting of the FTP client.

Examples Restore the default setting of the FTP client.

Ruijie (config)# default ftp-client



Commands

default ftp-client Restors ftp client default configuration.

Platform

Description

N/A

ftp-client ascii

Use the ftp-client ascii command to set the FTP transfer mode to text (ASCII). Use the no form of this

command to restore the default setting.

ftp-client [vrf vrfname] ascii

no ftp-client [vrf vrfname] ascii

Parameter


vrfname Sets the file transfer mode for the specified VRF.

Defaults The default FTP transfer mode is binary.

Command


Usage

Guidelines

This command sets the file transfer mode to the text (ASCII) mode.

Examples Set the file transfer mode to ASCII.

Ruijie (config)# ftp-client ascii

Related


N/A N/A

Platform

Description

N/A

ftp-client port

Use the ftp-client port command to set the FTP data connection mode to active (PORT). Use the no

form of this command to restore the passive mode, in which the client initiates a connection to the

server for data transmission.

ftp-client [vrf vrfname] port


no ftp-client [vrf vrfname] port

Parameter


vrfname Sets the data connection mode for the specified VRF.

Defaults The default FTP connection mode is passive (PASV).

Command


Usage

Guidelines

You can use this command to set the active mode for data connection, in which the server initiates a

connection to the client.

Examples Set the active mode for FTP connection.

Ruijie (config)# ftp-client port

Related


N/A N/A

Platform

Description

N/A

ftp-client source-address

Use the ftp-client source-address command to configure the source address of the FTP client for

transmitted FTP packets.

Use the no form of this command to remove the binding.

ftp-client [vrf vrfname] source-address {ip-address | ipv6-address}

no ftp-client [vrf vrfname] source-address

Parameter


ip-address IP address of the FTP client

ipv6-address IPv6 address of the FTP client

vrfname Binds the source IP address with the specified VRF.

Defaults By default, no source IP address is specified for the client. The device uses the IP address of the

interface determined by the matched route as the source IP address to communicate with an FTP

server.



Modes

Usage

Guidelines

This command configures a source IP address for a client to connect to the server.

Examples Set the active mode for FTP connection.

Ruijie (config)# ftp-client source-address 192.168.23.236

Related


N/A N/A

Platform

Description

N/A

Command Reference CPU Protection Commands

CPU Protection Commands

cpu-protect type packet-type pps pps_value

Use this command to set the bandwidth for receiving packets of a specified type for the CPU port.

cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |

unknown-ipmc | dvmrp | …} pps pps_value


Description pps_value Number of packets per second

Defaults The CPU's default bandwidth for receiving packets of each type is 1000 pps.

Command


Usage Guide N/A

Configuration

Examples

The following example sets the CPU's bandwidth for receiving BPDU packets.

Ruijie(config)# cpu-pr type bpdu pps 100

Set packet type bpdu pps 100 .


Commands cpu-protect type packet-type pri pri_num Sets the priority of the packets of a

specified type received by the CPU port.

Platform

Description N/A

cpu-protect type packet-type pri pri_num

Use this command to set the priority of the packets of a specified type received by the CPU port.

cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |

unknown-ipmc | dvmrp | …} pri pri_num


Description pri_num ID, value range: 0 to 7

Defaults The default value of the queue corresponding to the packets of each type is 0.


Command


Usage Guide N/A

Configuration

Examples

The following example maps BPDU packets to queue 7.

Ruijie(config)# cpu-protect type bpdu pri 7

Set packet type bpdu pri 7.


Commands cpu-protect type packet-type pps pps_value Sets the bandwidth for transmitting

packets of a specified type.

Platform

Description N/A

show cpu-protect type

Use this command to display statistics about the packets of a specified type.

show cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |

unknown-ipmc | dvmrp | …} dvmrp


Description slot_num Value range: 1 to 16

Defaults N/A

Command

Mode


Usage Guide Use this command to display statistics about the packets of a specified type.

Configuration

Examples

The following example uses the show cpu-protect type bpdu command to display statistics of

receiving BPDU packets.

Ruijie(config)# show cpu-protect type arp

Slot Type Pps Total Drop

--------- ------------ --------- --------- ---------

MainBoard bpdu 100 30 0

Slot-2 bpdu 100 30 0


Command show cpu-protect type packet-type Displays statistics of packets of a specified

type protected by the CPU.


Platform

Description

N/A

In the configuration command of the CPP, the ellipsis (…) refers to the CPP types not

listed.

Command Reference Threshold Commands

Threshold Commands

threshold set

Use this command to set the threshold value for the device. Use the no form of this command to

restore the default value.

threshold set {cpu | memory | temperature} warning_value [critical_value]

no threshold set {cpu | memory | temperature}

Parameter


cpu | memory |

temperature

Specifies the threshold type.

cpu indicates the CPU utilization threshold.

memory indicates the memory utilization threshold.

temperature indicates the temperature threshold.

warning_value Configures the warning threshold.

The range of CPU and memory utilization threshold is from 1 to 100.

The range of temperature threshold is 0 to 200.

critical_value Configures the critical threshold, which must be greater than the

warning threshold.

The range of CPU and memory utilization threshold is from 1 to 100.

The range of temperature threshold is 0 to 200.

Defaults CPU threshold: warning threshold: 90; critical threshold: 100.

Memory threshold: warning threshold: 90; critical threshold: 100.

Temperature threshold: warning threshold: 90; critical threshold: 100.

Command

mode


Usage Guide You can use this command to configure the thresholds of CPU utilization, memory utilization and

temperature. These thresholds can be read through MIB to learn the CPU and memory usage. There

is no related syslog for the threshold.

Configuration

Examples

The following example sets the memory utilization threshold.

Ruijie(config)# threshold set memory 70 90

The following example sets the CPU utilization threshold.

Ruijie(config)# threshold set cpu 70 90

The following example sets the temperature threshold.

Ruijie(config)# threshold set temperature 60 80

Command Reference Threshold Commands

Related


show threshold Displays the system threshold values.

Platform

Description

N/A

show threshold

Use this command to display the system threshold values.

show threshold {cpu | memory | temperature}

Parameter


cpu | memory |

temperature

Specifies the threshold type.

Defaults N/A

Command

mode


Usage Guide N/A

Configuration

Examples

The following example displays the CPU utilization threshold.

Ruijie# show threshold cpu

The following example displays the memory utilization threshold.

Ruijie# show threshold memory

Related


threshold set Sets the threshold value.

Platform

Description

N/A

Command Reference NFPP Commands

NFPP Commands

arp-guard attack-threshold

Use this command to set the global attack threshold. When the packet rate exceeds the attack

threshold, the attack occurs.

arp-guard attack-threshold { per-src-ip | per-src-mac | per-port } pps

Parameter


per-src-ip Set the attack threshold for each source IP address.

per-src-mac Set the attack threshold for each source MAC address.

per-port Set the attack threshold for each port.

pps Set the attack threshold, in pps. The valid range is 1 to 9999.

Defaults By default, the attack threshold for each source IP address and source MAC address is 8pps; and the

attack threshold for each port is 200pps.

Command

Mode

NFPP configuration mode.

Usage Guide The attack threshold shall be equal to or greater than the rate-limit threshold.

Configuration

Examples

Ruijie(config)# nfpp

Ruijie(config-nfpp)# arp-guard attack-threshold per-src-ip 2

Ruijie(config-nfpp)# arp-guard attack-threshold per-src-mac 3

Ruijie(config-nfpp)# arp-guard attack-threshold per-port 50

Related


nfpp arp-guard policy

Show the rate-limit threshold and attack

threshold.

show nfpp arp-guard summary Show the configurations.

show nfpp arp-guard hosts Show the monitored host.

clear nfpp arp-guard hosts Clear the isolated host.

Platform

Description

N/A


arp-guard enable

Use this command to enable the anti-ARP guard function globally.

arp-guard enable

Parameter


N/A N/A

Defaults Enabled.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# arp-guard enable

Related


nfpp arp-guard enable Enable the anti-ARP attack on the interface.


Platform

Description

N/A

arp-guard isolate-period

Use this command to set the arp-guard isolate time globally.

arp-guard isolate-period { seconds | permanent }

Parameter


seconds Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.

permanent Permanent isolation.

Defaults The default isolate time is 0, which means no isolation.

Command

Mode


Usage Guide N/A


Configuration

Examples


Ruijie(config-nfpp)# arp-guard isolate-period 180

Related


nfpp arp-guard isolate-period Set the isolate time on the interface.


Platform

Description

N/A

arp-guard monitored-host-limit

Use this command to set the maximum monitored host number.

arp-guard monitored-host-limit number

Parameter


number The maximum monitored host number. The valid range is 1 to

4294967295.

Defaults 1000

Command

Mode

NFPP configuration mode

Usage Guide If the monitored host number has reached the default 1000, the administrator shall set the

max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you

configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to

remind the administrator of the invalid configuration and removing the monitored hosts.

When the maximum monitored host number has been exceeded, it prompts the message that %

NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind

the administrator.

Configuration

Examples


Ruijie(config-nfpp)# arp-guard monitored-host-limit 200

Related



Platform

Description

N/A


arp-guard monitor-period

Use this command to configure the arp guard monitor time.

arp guard monitor-period seconds

Parameter


seconds Set the monitor time, in seconds. The valid range is 180 to 86400.

Defaults 600s

Command

Mode


Usage Guide When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software

and the timeout time will be the monitor period. During the software monitoring, if the isolate period is

not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will

be the isolate period. The monitor period is valid with the isolate period 0.

If the isolate period has changed to be 0, the attackers on the interface will be removed rather than

being monitored by the software.

Configuration

Examples


Ruijie(config-nfpp)# arp-guard monitor-period 180

Related



show nfpp arp-guard hosts Show the monitored host list.


Platform

Description

N/A

arp-guard rate-limit

Use this command to set the arp guard rate limit.

arp-guard rate-limit { per-src-ip | per-src-mac | per-port } pps

Parameter


per-src-ip Set the rate limit for each source IP address.

per-src-mac Set the rate limit for each source MAC address.

per-port Set the rate limit for each port.


pps Set the rate limit, in the range of 1 to 9999

Defaults The default rate limit for each source IP address and MAC address is 4pps; the default rate limit for

each port is 100pps.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# arp-guard rate-limit per-src-ip 2

Ruijie(config-nfpp)# arp-guard rate-limit per-src-mac 3

Ruijie(config-nfpp)# arp-guard rate-limit per-port 50

Related


nfpp arp-guard policy Set the rate limit and the attack threshold.


Platform

Description

N/A

arp-guard scan-threshold

Use this command to set the global scan threshold.

arp-guard scan-threshold pkt-cnt

Parameter


pkt-cnt Set the scan threshold, in the range of 1 to 9999.

Defaults The default scan threshold is 15, in 10 seconds.

Command

Mode


Usage Guide The scanning may occur on the condition that:

more than 15 packets are received within 10 seconds;

the source MAC address for the link layer is constant while the source IP address is uncertain;

the source MAC and IP address for the link layer is constant while the destination IP address is

uncertain.

Configuration Ruijie(config)# nfpp


Examples Ruijie(config-nfpp)# arp-guard scan-threshold 20

Related


nfpp arp-guard scan-threshold Set the scan threshold on the port.


show nfpp arp-guard scan Show the ARP guard scan table.

clear nfpp arp-guard scan Clear the ARP guard scan table.

Platform

Description

N/A

clear nfpp arp-guard hosts

Use this command to clear the monitored host isolation.

clear nfpp arp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address | mac-address ]

Parameter


vid Set the VLAN ID.

interface-id Set the interface name and number.

ip-address Set the IP address.

mac-address Set the MAC address.

Defaults N/A.

Command

Mode


Usage Guide Use this command without the parameter to clear all monitored hosts

Configuration

Examples

Ruijie# clear nfpp arp-guard hosts vlan 1 interface g0/1

Related


arp-guard attack-threshold Set the global attack threshold.

nfpp arp-guard policy Set the limit threshold and attack threshold.


Platform

Description

N/A


clear nfpp arp-guard scan

Use this command to clear ARP scanning table.

clear nfpp arp-guard scan

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# clear nfpp arp-guard scan

Related



nfpp arp-guard policy Set the attack threshold.

show nfpp arp-guard scan Show the ARP scanning table.

Platform

Description

N/A

clear nfpp dhcp-guard hosts


clear nfpp dhcp-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]

Parameter





Defaults N/A.

Command

Mode



Usage Guide Use this command without the parameter to clear all monitored hosts.

Configuration

Examples

Ruijie# clear nfpp dhcp-guard hosts vlan 1 interface g0/1

Related


dhcp-guard attack-threshold Set the global attack threshold.

nfpp dhcp-guard policy Set the limit threshold and attack threshold.

show nfpp dhcp-guard hosts Show the monitored host.

Platform

Description

N/A

clear nfpp dhcpv6-guard hosts


clear nfpp dhcpv6-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]

Parameter





Defaults N/A.

Command

Mode


Usage Guide Use this command without the parameter to clear all monitored hosts

Configuration

Examples

Ruijie# clear nfpp dhcpv6-guard hosts vlan 1 interface g0/1

Related


dhcpv6-guard attack-threshold Set the global attack threshold.

nfpp dhcpv6-guard policy Set the limit threshold and attack threshold.

show nfpp dhcpv6-guard hosts Show the monitored host.

Platform N/A


Description

clear nfpp icmp-guard hosts


clear nfpp icmp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]

Parameter





Defaults N/A

Command

Mode



Configuration

Examples

Ruijie# clear nfpp icmp-guard hosts vlan 1 interface g0/1

Related


icmp-guard attack-threshold Set the global attack threshold.

nfpp icmp-guard policy Set the limit threshold and attack threshold.

show nfpp icmp-guard hosts Show the monitored host.

Platform

Description

N/A

clear nfpp ip-guard hosts


clear nfpp ip-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]

Parameter






Defaults N/A.

Command

Mode



Configuration

Examples

Ruijie# clear nfpp ip-guard hosts vlan 1 interface g0/1

Related


ip-guard attack-threshold Set the global attack threshold.

nfpp ip-guard policy Set the limit threshold and attack threshold.

show nfpp ip-guard hosts Show the monitored host.

Platform

Description

N/A

clear nfpp log

Use this command to clear the NFPP log buffer area.

clear nfpp log

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# clear nfpp log

32 log-buffer entries were cleared.

Related


show nfpp log

Show the NFPP log configurations or the log

buffer area.

Platform N/A


Description

dhcp-guard attack-threshold



dhcp-guard attack-threshold { per-src-mac | per-port } pps

Parameter





Defaults By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for

each port is 300pps.

Command

Mode


Usage Guide N/A.

Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard attack-threshold per-src-mac 15

Ruijie(config-nfpp)# dhcp-guard attack-threshold per-port 200

Related


nfpp dhcp-guard policy


threshold.

show nfpp dhcp-guard summary Show the configurations.

show nfpp dhcp-guard hosts Show the monitored host list.

clear nfpp dhcp-guard hosts Clear the monitored host.

Platform

Description

N/A

dhcp-guard enable

Use this command to enable the DHCP anti-attack function.

dhcp-guard enable



Description

N/A N/A

Defaults Disabled

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard enable

Related


N/A N/A

Platform

Description

N/A

dhcp-guard isolate-period

Use this command to set the isolate time globally.

dhcp-guard isolate-period { seconds | permanent }

Parameter





Command

Mode


Usage Guide The isolate period can be configured globally or based on the interface. For one interface, if the

isolate period is not set based on the interface, the global value shall be adopted; or the

interface-based isolate period shall be adopted.

Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard isolate-period 180



Commands

nfpp dhcp-guard isolate-period Set the isolate time on the interface.


Platform

Description

N/A

dhcp-guard monitored-host-limit

Use this command to set the maximum monitored host number.

dhcp-guard monitored-host-limit number

Parameter



4294967295.

Defaults 1000

Command

Mode



max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you





the administrator.

Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard monitored-host-limit 200

Related



Platform

Description

N/A

dhcp-guard monitor-period

Use this command to configure the monitor time


dhcp-guard monitor-period seconds

Parameter



Defaults 600s

Command

Mode








Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard monitor-period 180

Related



show nfpp dhcp-guard hosts Show the monitored host list.

clear nfpp dhcp-guard hosts Clear the isolated host.

Platform

Description

N/A

dhcp-guard rate-limit

Use this command to set the rate-limit threshold globally.

dhcp-guard rate-limit { per-src-mac | per-port } pps

Parameter





Defaults The default rate limit for each source MAC address is 5pps; the default rate limit for each port is

150pps.


Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# dhcp-guard rate-limit per-src-mac 8

Ruijie(config-nfpp)# dhcp-guard rate-limit per-port 100

Related


nfpp dhcp-guard policy Set the rate limit and the attack threshold.


Platform

Description

N/A

dhcpv6-guard attack-threshold



dhcpv6-guard attack-threshold { per-src-mac | per-port } pps

Parameter





Defaults By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for

each port is 300pps

Command

Mode


Usage Guide N/A.

Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-src-mac 15

Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-port 200

Related



nfpp dhcpv6-guard policy


threshold.

show nfpp dhcpv6-guard summary Show the configurations.

show nfpp dhcpv6-guard hosts Show the monitored host list.

clear nfpp dhcpv6-guard hosts Clear the monitored host.

Platform

Description

N/A

dhcpv6-guard enable

Use this command to enable the DHCPv6 anti-attack function.

dhcpv6-guard enable

Parameter


N/A N/A

Defaults Disabled

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard enable

Related


N/A N/A

Platform

Description

N/A

dhcpv6-guard isolate-period


dhcpv6-guard isolate-period { seconds | permanent }

Parameter






Command

Mode





Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard isolate-period 180

Related


nfpp dhcpv6-guard isolate-period Set the isolate time on the interface.


Platform

Description

N/A

dhcpv6-guard monitored-host-limit

Use this command to set the maxmum monitored host number.

dhcpv6-guard monitored-host-limit number

Parameter



4294967295.

Defaults 1000

Command

Mode








the administrator.


Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard monitored-host-limit 200

Related



Platform

Description

N/A

dhcpv6-guard monitor-period

Use this command to configure the monitor time.

dhcpv6-guard monitor-period seconds

Parameter



Defaults 600s

Command

Mode








Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard monitor-period 180

Related



show nfpp dhcpv6-guard hosts Show the monitored host list.

clear nfpp dhcpv6-guard hosts Clear the isolated host.

Platform

Description

N/A


dhcpv6-guard rate-limit


dhcpv6-guard rate-limit { per-src-mac | per-port } pps

Parameter




pps Set the rate limit, in the range of [1,9999]

Defaults The default rate limit for each source MAC address is 5pps; the default rate limit for each port is

150pps.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-src-mac 8

Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-port 100

Related


nfpp dhcpv6-guard policy Set the rate limit and the attack threshold.


Platform

Description

N/A

icmp-guard attack-threshold



icmp-guard attack-threshold { per-src-ip | per-port } pps

Parameter






Defaults By default, the attack threshold and the rate-limit threshold for each source IP address and each port

are the same. For the default rate-limit threshold value, see the icmp-guard rate-limit command.

Command

Mode


Usage Guide N/A.

Configuration

Examples


Ruijie(config-nfpp)# icmp-guard attack-threshold per-src-ip 600

Ruijie(config-nfpp)# icmp-guard attack-threshold per-port 1200

Related


nfpp icmp-guard policy


threshold.

show nfpp icmp-guard summary Show the configurations.

show nfpp icmp-guard hosts Show the monitored host list.

clear nfpp icmp-guard hosts Clear the monitored host.

Platform

Description

N/A

icmp-guard isolate-period


icmp-guard isolate-period { seconds | permanent }

Parameter





Command

Mode





Configuration

Examples


Ruijie(config-nfpp)# icmp-guard isolate-period 180


Related


nfpp icmp-guard isolate-period Set the isolate time on the interface.


Platform

Description

N/A

icmp-guard enable

Use this command to enable the ICMP anti-attack function.

icmp-guard enable

Parameter


N/A N/A

Defaults Enabled

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# icmp-guard enable

Related


nffp icmp-guard enable

Enable the ICMP anti-attack function on the

interface.


Platform

Description

N/A

icmp-guard monitored-host-limit


icmp-guard monitored-host-limit number



Description


4294967295.

Defaults 1000

Command

Mode








the administrator.

Configuration

Examples


Ruijie(config-nfpp)# icmp-guard monitored-host-limit 200

Related



Platform

Description

N/A

icmp-guard monitor-period


icmp-guard monitor-period seconds

Parameter


seconds Set the monitor time, in seconds. The valid range is [180, 86400].

Defaults 600s

Command

Mode









Configuration

Examples


Ruijie(config-nfpp)# icmp-guard monitor-period 180

Related



show nfpp icmp-guard hosts Show the monitored host list.

clear nfpp icmp-guard hosts Clear the isolated host.

Platform

Description

N/A

icmp-guard rate-limit


icmp-guard rate-limit { per-src-ip | per-port } pps

Parameter




pps Set the rate limit, in the range of [1,9999]

Defaults The default rate-limit threshold for each source IP address is half of the value for each port. And the

default rate-limit threshold value for each port varies with the products.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# icmp-guard rate-limit per-src-ip 500

Ruijie(config-nfpp)# icmp-guard rate-limit per-port 800

Related


nfpp icmp-guard policy Set the rate limit and the attack threshold.



Platform

Description

N/A

icmp-guard trusted-host

Use this command to set the trusted hosts free form monitoring.

icmp-guard trusted-host ip mask

no icmp-guard trusted-host { all | ip mask }

Parameter


ip Set the IP address.

mask Set the IP mask.

all Delete the configurations of all trusted hosts.

Defaults N/A.

Command

Mode


Usage Guide The administrator can use this command to set the trusted host free from monitoring. The ICMP

packets are allowed to send to the trusted host CPU without any rate-limit and warning configuration.

Configure the mask to set all hosts in one network segment free from monitoring.

UP to 500 trusted hosts are supported.

Configuration

Examples


Ruijie(config-nfpp)# icmp-guard trusted-host 1.1.1.0 255.255.255.0

Related


show nfpp icmp-guard trusted-host Show the configurations.

Platform

Description

N/A

ip-guard attack-threshold



ip-guard attack-threshold { per-src-ip | per-port } pps



Description




Defaults By default, the attack threshold for each source IP address and each port are 20pps and 2000pps

respectively.

Command

Mode


Usage Guide The attack threshold shall be equal to or larger than the rate-limit threshold.

Configuration

Examples


Ruijie(config-nfpp)# ip-guard attack-threshold per-src-ip 2

Ruijie(config-nfpp)# ip-guard attack-threshold per-port 50

Related


nfpp ip-guard policy


threshold.

show nfpp ip-guard summary Show the configurations.

show nfpp ip-guard hosts Show the monitored host list.

clear nfpp ip-guard hosts Clear the monitored host.

Platform

Description

N/A

ip-guard enable

Use this command to enable the IP anti-scanfunction.

ip-guard enable

Parameter


N/A N/A

Defaults Enabled

Command

Mode


Usage Guide N/A


Configuration

Examples


Ruijie(config-nfpp)# ip-guard enable

Related


nffp ip-guard enable

Enable the IP anti-scan function on the

interface.

Platform

Description

N/A

ip-guard isolate-period


ip-guard isolate-period { seconds | permanent }

Parameter





Command

Mode


Usage Guide N/A.

Configuration

Examples


Ruijie(config-nfpp)# ip-guard isolate-period 180

Related


nfpp ip-guard isolate-period Set the isolate time on the interface.


Platform

Description

N/A

ip-guard monitor-period



ip-guard monitor-period seconds

Parameter



Defaults 600s

Command

Mode







being monitored by the software

Configuration

Examples


Ruijie(config-nfpp)# ip-guard monitor-period 180

Related



show nfpp ip-guard hosts Show the monitored host list.

clear nfpp ip-guard hosts Clear the isolated host.

Platform

Description

N/A

ip-guard monitored-host-limit


ip-guard monitored-host-limit number

Parameter



4294967295.

Defaults 1000

Command

Mode




max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you





the administrator.

Configuration

Examples


Ruijie(config-nfpp)# ip-guard monitored-host-limit 200

Related



Platform

Description

N/A

ip-guard rate-limit


ip-guard rate-limit { per-src-ip | per-port } pps

Parameter





Defaults By default, the the rate-limit threshold for each source IP address and each port is 20pps and 100pps

respectively.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# ip-guard rate-limit per-src-ip 2

Ruijie(config-nfpp)# ip-guard rate-limit per-port 50


Related


nfpp ip-guard policy Set the rate limit and the attack threshold.


Platform

Description

N/A

ip-guard scan-threshold

Use this command to set the global scan threshold.

ip-guard scan-threshold pkt-cnt

Parameter


pkt-cnt Set the scan threshold, in the range of 1 to 9999.

Defaults The default scan threshold is 100, in 10 seconds.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# ip-guard scan-threshold 2

Related


nfpp ip-guard scan-threshold Set the scan threshold on the port.


Platform

Description

N/A

ip-guard trusted-host

Use this command to set the trusted hosts free form monitoring.

ip-guard trusted-host ip mask

no ip-guard trusted-host { all | ip mask }



Description

ip Set the IP address.

mask Set the IP mask.

all Delete the configurations of all trusted hosts.

Defaults N/A.

Command

Mode


Usage Guide The administrator can use this command to set the trusted host free from monitoring. The ICMP

packets are allowed to sent to the trusted host CPU without any rate-limit and warning configuration.

Configure the mask to set all hosts in one network segment free from monitoring.

UP to 500 trusted hosts are supported.

Configuration

Examples


Ruijie(config-nfpp)# ip-guard trusted-host 1.1.1.0 255.255.255.0

Related


show nfpp ip-guard trusted-host Show the configurations.

Platform

Description

N/A

log-buffer entries

Use this command to set the NFPP log buffer area size.

log-buffer entries number

Parameter


number The buffer area size. The valid range is 0 to 1024.

Defaults 256.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# log-buffer entries 50


Related


log-buffer logs number_of_message interval

length_in_seconds

Show the rate of the syslog generated from the

NFPP buffer area.

show nfpp log

Show the NFPP log configuration or the log

buffer area.

Platform

Description

N/A

log-buffer logs

Use this command to set the rate of syslog generated from the NFPP log buffer area.

log-buffer logs number_of_message interval length_in_seconds

Parameter


number_of_message

The valid range is 0-1024.

0 indicates that all logs are recorded in the specific buffer area and no

syslogs are generated.

length_in_seconds

The valid range is 0-86400(one day).

0 indicates not to write the log to the buffer area but generate the

syslog immediately.

With both the number_of_message and length_in_seconds values

are 0, it indicates not to write the log to the buffer area but generate

the syslog immediately.

The parameter number_of_message /length_in_second indicates the

rate of syslog generated from the NFPP log buffer area.

Defaults By default, the number_of_message is 1 and the length_in_seconds is 30.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# log-buffer logs 2 interval 12

Related


log-buffer entries number Set the NFPP log buffer area size.


show nfpp log summary


buffer area.

Platform

Description

N/A

logging

Use this command to set the VLAN or the interface log for NFPP

logging vlan vlan-range

logging interface interface-id

Parameter


vlan-range Set the specified VLAN range, in the format such as “1-3, 5”.

interface-id Set the interface ID.

Defaults All logs are recorded..

Command

Mode


Usage Guide Use this command to filter the logs and records the logs within the specified VLAN range or the

specified port

Configuration

Examples

The following example shows the administrator how to record the logs in VLAN 1,VLAN 2,VLAN 3

and VLAN 5 only:


Ruijie(config-nfpp)# logging vlan 1-3,5

The following example shows the administrator how to record the logs on the interface

GigabitEthernet 0/1 only:


Ruijie(config-nfpp)# logging interface G 0/1

Related




buffer area.

Platform

Description

N/A


nd-guard attack-threshold



nd-guard attack-threshold per-port { ns-na | rs | ra-redirect } pps

Parameter


ns-na Set the neighbor request and neighbor advertisement.

rs Set the router request.

ra-redirect Set the router advertisement and the redirect packets.

pps Set the attack threshold, in pps. The valid range is [1,9999].

Defaults By default, the default attack threshold for the ns-na, rs and ra-redirect on each port is 30.

Command

Mode


Usage Guide The attack threshold shall be equal to or larger than the rate-limit threshold.

Configuration

Examples


Ruijie(config-nfpp)# nd-guard attack-threshold per-port ns-na 20

Ruijie(config-nfpp)# nd-guard attack-threshold per-port rs 10

Ruijie(config-nfpp)# nd-guard attack-threshold per-port ra-redirect 10

Related




threshold.


Platform

Description

N/A

nd-guard enable

Use this command to enable the ND anti-attack function.

nd-guard enable

Parameter


N/A N/A


Defaults Enabled

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# nd-guard enable

Related


nffp nd-guard enable

Enable the ND anti-attack function on the

interface.

show nfpp nd-guard summary Show the configurations.

Platform

Description

N/A

nd-guard rate-limit


nd-guard rate-limit per-port { ns-na | rs | ra-redirect } pps

Parameter





pps Set the attack threshold, in pps. The valid range is [1,9999].

Defaults By default, the default rate-limit threshold for the ns-na, rs and ra-redirect on each port is 15.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-nfpp)# nd-guard rate-limit per-port ns-na 10

Ruijie(config-nfpp)# nd-guard rate-limit per-port rs 5

Ruijie(config-nfpp)# nd-guard rate-limit per-port ra-redirect 5


Related


nfpp nd-guard policy Set the rate limit and the attack threshold.


Platform

Description

N/A

nfpp arp-guard enable

Use this command to enable the anti-ARP attack function on the interface.


Parameter


N/A N/A

Defaults The anti-ARP attack function is not enabled on the interface.

Command

Mode


Usage Guide The interface anti-ARP attack configuration is prior to the global configuration.

Configuration

Examples

Ruijie(config)# interface G0/1

Ruijie(config-if)# nfpp arp-guard enable

Related


arp-guard enable Enable the anti-ARP attack function.


Platform

Description

N/A

nfpp arp-guard isolate-period

Use this command to set the isolate period in the interface configuration mode

nfpp arp-guard isolate-period { seconds | permanent }

Parameter


seconds Set the isolate period, in second. The valid range is 0, or [30, 86400].


0 indicates no isolation.


Defaults By default, the isolate period is not configured.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp arp-guard isolate-period 180

Related


arp-guard isolate-period Set the global isolate period.


Platform

Description

N/A

nfpp arp-guard policy

Use this command to set the rate-limit threshold and the attack threshold.

nfpp arp-guard policy { per-src-ip | per-src-mac | per-port } rate-limit-pps attack-threshold-pps

Parameter


per-src-ip

Set the rate-limit threshold and the attack threshold for each source

IP address.

per-src-mac


MAC address.

per-port Set the rate-limit threshold and the attack threshold for each port.

rate-limit-pps Set the rate-limit threshold with the valid range of [1, 9999].

attack-threshold-pps Set the attack threshold with the valid range of [1, 9999].

Defaults By default, the rate-limit threshold and the attack threshold are not configured.

Command

Mode


Usage Guide The attack threshold value shall be equal to or greater than the rate-limit threshold.


Configuration

Examples

Ruijie(config)# interface G 0/1

Ruijie(config-if)# nfpp arp-guard policy per-src-ip 2 10

Ruijie(config-if)# nfpp arp-guard policy per-src-mac 3 10

Ruijie(config-if)# nfpp arp-guard policy per-port 50 100

Related



arp-guard rate-limit Set the global rate-limit threshold.




Platform

Description

N/A

nfpp arp-guard scan-threshold

Use this command to set the scan threshold.

nfpp arp-guard scan-threshold pkt-cnt

Parameter


pkt-cnt Set the scan threshold with the valid range of [1, 9999].

Defaults By default, the sport-based scan threshold is not configured.

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp arp-guard scan-threshold 20

Related




show nfpp arp-guard scan Show the ARP scan table.

clear nfpp arp-guard scan Clear the ARP scan table.

Platform N/A


Description

nfpp dhcp-guard enable

Use this command to enable the DHCP anti-attack function on the interface.


Parameter


N/A N/A

Defaults The DHCP anti-attack function is not enabled on the interface.

Command

Mode


Usage Guide The interface DHCP anti- attack configuration is prior to the global configuratio

Configuration

Examples


Ruijie(config-if)# nfpp dhcp-guard enable

Related


dhcp-guard enable Enable the anti-ARP attack function.


Platform

Description

N/A

nfpp dhcp-guard isolate-period

Use this command to set the isolate period in the interface configuration mode.

nfpp dhcp-guard isolate-period { seconds | permanent }

Parameter


seconds

Set the isolate period, in second. The valid range is 0, or [30, 86400].



Defaults By default, the isolate period is not configured

Command Interface configuration mode.


Mode

Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp dhcp-guard isolate-period 180

Related


dhcp-guard isolate-period Set the global isolate period.


Platform

Description

N/A

nfpp dhcpv6-guard enable

Use this command to enable the DHCPv6 anti-attack function on the interface.


Parameter


N/A N/A

Defaults The DHCPv6 anti-attack function is not enabled on the interface.

Command

Mode


Usage Guide The interface DHCPv6 anti- attack configuration is prior to the global configuration.

Configuration

Examples


Ruijie(config-if)# nfpp dhcpv6-guard enable

Related


dhcpv6-guard enable Enable the anti-ARP attack function.


Platform

Description

N/A


nfpp dhcpv6-guard isolate-period


nfpp dhcpv6-guard isolate-period { seconds | permanent }

Parameter


seconds





Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp dhcpv6-guard isolate-period 180

Related


dhcpv6-guard isolate-period Set the global isolate period.


Platform

Description

N/A

nfpp icmp-guard enable

Use this command to enable the ICMP anti-attack function on the interface.


Parameter


N/A N/A

Defaults The ICMP anti-attack function is not enabled on the interface.

Command

Mode



Usage Guide The interface ICMP anti- attack configuration is prior to the global configuration.

Configuration

Examples


Ruijie(config-if)# nfpp icmp-guard enable

Related


icmp-guard enable Enable the anti-ARP attack function.


Platform

Description

N/A

nfpp icmp-guard isolate-period


nfpp icmp-guard isolate-period { seconds | permanent }

Parameter


seconds





Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp icmp-guard isolate-period 180

Related


icmp-guard isolate-period Set the global isolate period.


Platform

Description

N/A


nfpp icmp-guard policy


nfpp icmp-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps

Parameter


per-src-ip


IP address.





Command

Mode



Configuration

Examples


Ruijie(config-if)# nfpp icmp-guard policy per-src-ip 5 10

Ruijie(config-if)# nfpp icmp-guard policy per-port 100 200

Related



icmp-guard rate-limit Set the global rate-limit threshold.


show nfpp icmp-guard hosts Show the monitored host.

clear nfpp icmp-guard hosts Clear the isolated host.

Platform

Description

N/A

nfpp ip-guard enable

Use this command to enable the ICMP anti-attack function on the interface.

nfpp ip-guard enable

Parameter


N/A N/A


Defaults The IP anti-scan function is not enabled on the interface.

Command

Mode


Usage Guide The interface IP anti-scan configuration is prior to the global configuration.

Configuration

Examples


Ruijie(config-if)# nfpp ip-guard enable

Related


ip-guard enable Enable the anti-ARP attack function.


Platform

Description

N/A

nfpp ip-guard isolate-period


nfpp ip-guard isolate-period { seconds | permanent }

Parameter


seconds





Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp ip-guard isolate-period 180

Related


ip-guard isolate-period Set the global isolate period.



Platform

Description

N/A



nfpp ip-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps

Parameter


per-src-ip


IP address.





Command

Mode



Configuration

Examples


Ruijie(config-if)# nfpp ip-guard policy per-src-ip 2 10

Ruijie(config-if)# nfpp ip-guard policy per-port 50 100

Related



ip-guard rate-limit Set the global rate-limit threshold.


show nfpp ip-guard hosts Show the monitored host.

clear nfpp ip-guard hosts Clear the isolated host.

Platform

Description

N/A

nfpp dhcp-guard policy

Use this command to set the rate-limit threshold and the attack threshold


nfpp dhcp-guard policy { per-src-mac | per-port } rate-limit-pps attack-threshold-pps

Parameter


per-src-mac


MAC address.





Command

Mode



Configuration

Examples


Ruijie(config-if)# nfpp dhcp-guard policy per-src-mac 3 10

Ruijie(config-if)# nfpp dhcp-guard policy per-port 50 100

Related



dhcp-guard rate-limit Set the global rate-limit threshold.


show nfpp dhcp-guard hosts Show the monitored host.

clear nfpp dhcp-guard hosts Clear the isolated host.

Platform

Description

N/A

nfpp ip-guard scan-threshold

Use this command to set the scan threshold.

nfpp ip-guard scan-threshold pkt-cnt

Parameter


pkt-cnt Set the scan threshold with the valid range of [1, 9999].

Defaults By default, the sport-based scan threshold is not configured.


Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie(config-if)# nfpp ip-guard scan-threshold 20

Related




Platform

Description

N/A

nfpp nd-guard enable

Use this command to enable the ND anti-attack function on the interface.


Parameter


N/A N/A

Defaults The ND anti-attack function is not enabled on the interface.

Command

Mode


Usage Guide The interface ND anti-attack configuration is prior to the global configuration.

Configuration

Examples


Ruijie(config-if)# nfpp nd-guard enable

Related


nd-guard enable Enable the ND anti- attack function.


Platform

Description

N/A


nfpp nd-guard policy


nfpp nd-guard policy per-port { ns-na | rs | ra-redirect } rate-limit-pps attack-threshold-pps

Parameter







Command

Mode



For ND snooping, the port is classified into untrusted port and trusted port. The untrusted port

connects to the host and the trusted port connects to the gateway. The rate-limt threshold for the

trusted port shall higher than the one for the untrusted port because the traffic of the trusted port

generally is higher than the traffic of the untrusted port. For the trusted port with ND snooping

enabled, ND snooping advertises ND guard to set the rate-limit threshold and attack threshold for the

three categories of packets as 800pps and 900pps respectively.

Configuration

Examples


Ruijie(config-if)# nfpp nd-guard policy per-port ns-na 50 100

Ruijie(config-if)# nfpp nd-guard policy per-port rs 10 20

Ruijie(config-if)# nfpp nd-guard policy per-port ra-redirect 10 20

Related


nd-guard attack-threshold Set the global attack threshold.

nd-guard rate-limit Set the global rate-limit threshold.


Platform

Description

N/A

show nfpp arp-guard hosts

Use this command to show the monitored host.

show nfpp arp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |


mac-address ] ] ]

Parameter


statistics Show the statistical information of the monitored host.

vid The VLAN ID.

interface-id The interface name.

ip-address The IP address.

mac-address The MAC address.

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

The following example shows the statistical information of the monitored host:

Ruijie# show nfpp arp-guard hosts statistics

success fail total

------- ---- -----

100 20 120

The following example shows the monitored host:

Ruijie# show nfpp arp-guard hosts

If column 1 shows '*', it means "hardware do not isolate user" .

VLAN interface IP address MAC address remain-time(s)

---- -------- --------- ----------- -------------

1 Gi0/1 1.1.1.1 - 110

2 Gi0/2 1.1.2.1 - 61

*3 Gi0/3 - 0000.0000.1111 110

4 Gi0/4 - 0000.0000.2222 61

Total:4 hosts

Related


clear nfpp arp-guard hosts Clear the monitored host.

Platform

Description

N/A

show nfpp arp-guard scan

Use this command to show the ARP scan list.


show nfpp arp-guard scan [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address ]

[ mac-address ] ] ]

Parameter


statistics Show the statistical information of the ARP scan list.

vid The VLAN ID.




Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp arp-guard scan statistics

ARP scan table has 4 record(s).

Ruijie# show nfpp arp-guard scan

VLAN interface IP address MAC address timestamp

---- -------- ---------- ----------- ---------

1 Gi0/1 N/A 0000.0000.0001 2008-01-23 16:23:10

2 Gi0/2 1.1.1.1 0000.0000.0002 2008-01-23 16:24:10

3 Gi0/3 N/A 0000.0000.0003 2008-01-23 16:25:10

4 Gi0/4 N/A 0000.0000.0004 2008-01-23 16:26:10

Total:4 record(s)

Ruijie# show nfpp arp-guard scan vlan 1 interface G 0/1 0000.0000.0001

VLAN interface IP address MAC address timestamp

---- -------- ---------- ----------- -------

1 Gi0/1 N/A 0000.0000.0001 2008-01-23 16:23:10

Total:1 record(s)

Related


arp-guard scan-threshold Set the global scan threshold.

nfpp arp-guard scan-threshold Set the scan threshold.

clear nfpp arp-guard scan Clear the ARP scan list.

Platform

Description

N/A


show nfpp arp-guard summary

Use this command to show the configurations.

show nfpp arp-guard summary

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp arp-guard summary

(Format of column Rate-limit and Attack-threshold is

per-src-ip/per-src-mac/per-port.)

Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold

Global Enable 300 4/5/60 8/10/100 15

Gi 0/1 Enable 180 5/-/- 8/-/- -

Gi 0/2 Disable 200 4/5/60 8/10/100 20

Maximum count of monitored hosts: 1000

Monitor period:300s

Field Description

Interface(Global) Global configuration

Status Enable/Disable the anti-attack function.

Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit

threshold for the source MAC address/ the rate-limit threshold for the port

Attack-threshold In the same format as the rate-limit.

- No configuration.

Related



arp-guard enable Enable the anti-ARP attack function.

arp-guard isolate-period Set the global isolate time.

arp-guard monitor-period Set the monitor period.

arp-guard monitored-host-limit Set the maximum number of the monitored hosts.

arp-guard rate-limit Set the global rate-limit threshold.


arp-guard scan-threshold Set the global scan threshold.


Enable the anti-ARP attack function on the

interface.

nfpp arp-guard isolate-period Set the isolate time.

nfpp arp-guard policy Set the rate-limit threshold and attack threshold.

nfpp arp-guard scan-threshold Set the scan threshold.

Platform

Description

N/A

show nfpp dhcp-guard hosts


show nfpp dhcp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |

mac-address ] ] ]

Parameter



vid The VLAN ID.




Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie# show nfpp dhcp-guard hosts statistics

success fail total

------- ---- -----

100 20 120


Ruijie# show nfpp dhcp-guard hosts

If column 1 shows '*', it means "hardware failed to isolate host".

VLAN interface MAC address remain-time(seconds)

---- --------- ----------- -------------------

1 gi0/2 0000.0000.0001 10


*2 gi0/1 0000.0000.0002 20

Total:2 host(s)

Related


clear nfpp dhcp-guard hosts Clear the monitored host.

Platform

Description

N/A

show nfpp dhcp-guard summary


show nfpp dhcp-guard summary

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp dhcp-guard summary



Interface Status Isolate-period Rate-limit Attack-threshold

Global Enable 300 -/5/150 -/10/300

Gi 0/1 Enable 180 -/6/- -/8/-

Gi 0/2 Disable 200 -/5/30 -/10/50


Monitor period:300s

Field Description






- No configuration.

Related



dhcp-guard enable Enable the DHCP anti-attack function.

dhcp-guard isolate-period Set the global isolate time.

dhcp-guard monitor-period Set the monitor period.

dhcp-guard monitored-host-limit Set the maximum number of the monitored hosts.

dhcp-guard rate-limit Set the global rate-limit threshold.


Enable the DHCP anti-attack function on the

interface.

nfpp dhcp-guard isolate-period Set the isolate time.

nfpp dhcp-guard policy Set the rate-limit threshold and attack threshold.

Platform

Description

N/A

show nfpp dhcpv6-guard hosts


show nfpp dhcpv6-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |

mac-address ] ] ]

Parameter



vid The VLAN ID.




Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie# show nfpp dhcpv6-guard hosts statistics

success fail total

------- ---- -----


100 20 120


Ruijie# show nfpp dhcpv6-guard hosts


VLAN interface MAC address remain-time(seconds)

---- --------- ----------- -------------------

1 gi0/2 0000.0000.0001 10

*2 gi0/1 0000.0000.0002 20

Total:2 host(s)

Related


clear nfpp dhcpv6-guard hosts Clear the monitored host.

Platform

Description

N/A

show nfpp dhcpv6-guard summary


show nfpp dhcpv6-guard summary

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp dhcpv6-guard summary




Global Enable 300 -/5/150 -/10/300

Gi 0/1 Enable 180 -/6/- -/8/-

Gi 0/2 Disable 200 -/5/30 -/10/50


Monitor period:300s


Field Description






- No configuration.

Related


dhcpv6-guard attack-threshold Set the global attack threshold.

dhcpv6-guard enable Enable the DHCPv6 anti-attack function.

dhcpv6-guard isolate-period Set the global isolate time.

dhcpv6-guard monitor-period Set the monitor period.

dhcpv6-guard monitored-host-limit Set the maximum number of the monitored hosts.

dhcpv6-guard rate-limit Set the global rate-limit threshold.


Enable the DHCPv6 anti-attack function on the

interface.

nfpp dhcpv6-guard isolate-period Set the isolate time.

nfpp dhcpv6-guard policy Set the rate-limit threshold and attack threshold.

Platform

Description

N/A

show nfpp icmp-guard hosts


show nfpp icmp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-Id ] [ ip-address |

mac-address ] ] ]

Parameter



vid The VLAN ID.




Defaults N/A

Command

Mode



Usage Guide N/A

Configuration

Examples


Ruijie# show nfpp icmp-guard hosts statistics

success fail total

------- ---- -----

100 20 120


Ruijie# show nfpp icmp-guard hosts


VLAN interface IP address remain-time(s)

---- -------- --------- -------------

1 Gi0/1 1.1.1.1 110

2 Gi0/2 1.1.2.1 61

Total:2 host(s)

Related


clear nfpp icmp-guard hosts Clear the monitored host.

Platform

Description

N/A

show nfpp icmp-guard summary



Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp icmp-guard summary





Global Enable 300 4/-/60 8/-/100

Gi 0/1 Enable 180 5/-/- 8/-/-

Gi 0/2 Disable 200 4/-/60 8/-/100


Monitor period:300s

Field Description






- No configuration.

Related



icmp-guard enable Enable the ICMP anti-attack function.

icmp-guard isolate-period Set the global isolate time.

icmp-guard monitor-period Set the monitor period.

icmp-guard monitored-host-limit Set the maximum number of the monitored hosts.

icmp-guard rate-limit Set the global rate-limit threshold.


Enable the ICMP anti-attack function on the

interface.

nfpp icmp-guard isolate-period Set the isolate time.

nfpp icmp-guard policy Set the rate-limit threshold and attack threshold.

Platform

Description

N/A

show nfpp icmp-guard trusted-host

Use this command to show the trusted host free from being monitored.


Parameter


N/A N/A

Defaults N/A


Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp icmp-guard trusted-host

IP address mask

--------- ------

1.1.1.0 255.255.255.0

1.1.2.0 255.255.255.0

Total:2 record(s)

Related


icmp-guard trusted-host Set the trusted host.

Platform

Description

N/A

show nfpp ip-guard hosts


show nfpp ip-guard hosts [ statistics | [ [ vlan vid ] [ Interface interface-id ] [ ip-address |

mac-address ] ] ]

Parameter



vid The VLAN ID.




Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples


Ruijie# show nfpp ip-guard hosts statistics

success fail total

------- ---- -----


100 20 120

Ruijie#show nfpp ip-guard hosts

If column 1 shows '*', it means "hardware do not isolate host" .

VLAN interface IP address Reason remain-time(s)

---- -------- --------- ------- -------------

1 Gi0/1 1.1.1.1 ATTACK 110

2 Gi0/2 1.1.2.1 SCAN 61

Total:2 host(s)

Related


clear nfpp ip-guard hosts Clear the monitored host.

Platform

Description

N/A

show nfpp ip-guard summary



Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp ip-guard summary



Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold

Global Enable 300 4/-/60 8/-/100 15

Gi 0/1 Enable 180 5/-/- 8/-/- -

Gi 0/2 Disable 200 4/-/60 8/-/100 20


Monitor period..300s


Field Description






- No configuration.

Related



ip-guard enable Enable the IP anti-scan function.

ip-guard isolate-period Set the global isolate time.

ip-guard monitor-period Set the monitor period.

ip-guard monitored-host-limit Set the maximum number of the monitored hosts.

ip-guard rate-limit Set the global rate-limit threshold.

nfpp ip-guard enable Enable the IP anti-scan function on the interface.

nfpp ip-guard isolate-period Set the isolate time.

nfpp ip-guard policy Set the rate-limit threshold and attack threshold.

Platform

Description

N/A

show nfpp ip-guard trusted-host

Use this command to show the trusted host free from being monitored.


Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp ip-guard trusted-host

IP address mask

--------- ------

1.1.1.0 255.255.255.0


1.1.2.0 255.255.255.0

Total:2 record(s)

Related


ip-guard trusted-host Set the trusted host.

Platform

Description

N/A

show nfpp log

Use this command to show the NFPP log configuration.


Use this command to show the NFPP log buffer area content.

show nfpp log buffer [ statistics ]

Parameter


statistics Show the statistical information of the NFPP log buffer area.

Defaults N/A

Command

Mode


Usage Guide When the log buffer area is full, the subsequent logs are to be dropped, and an entry with all

attributes ”-” is displayed in the log buffer area. The administrator shall increase the capacity of the log

buffer area or improve the rate of generating the syslog.

The generated syslog in the log buffer area carries with the timestamp, for example:

%NFPP_ARP_GUARD-4-DOS_DETECTED:

Host<IP=N/A,MAC=0000.0000.0004,port=Gi4/1,VLAN=1> was detected.(2009-07-01 13:00:00)

Configuration

Examples

The following example shows the NFPP log configurations:

Ruijie#show nfpp log summary

Total log buffer size : 10

Syslog rate : 1 entry per 2 seconds

Logging:

VLAN 1-3, 5

interface Gi 0/1

interface Gi 0/2

The following example shows the log number in the buffer area:

Ruijie#show nfpp log buffer statistics


There are 6 logs in buffer.

The following example shows the NFPP log buffer area:

Ruijie#show nfpp log buffer

Protocol VLAN Interface IP address MAC address Reason Timestamp

------- ---- -------- --------- ----------- ------ ---------

ARP 1 Gi0/1 1.1.1.1 - DoS 2009-05-30

16:23:10

ARP 1 Gi0/1 1.1.1.1 - ISOLATED 2009-05-30

16:23:10

ARP 1 Gi0/1 1.1.1.2 - DoS 2009-05-30

16:23:15

ARP 1 Gi0/1 1.1.1.2 - ISOLATE_FAILED 2009-05-30

16:23:15

ARP 1 Gi0/1 - 0000.0000.0001 SCAN 2009-05-30

16:30:10

ARP - Gi0/2 - - PORT_ATTACKED 2009-05-30

16:30:10

Field Description

Protocol ARP, IP, ICMP, DHCP,DHCPv6, NS-NA, RS, RA-REDIRECT

Reason 1. DoS

2. ISOLATED

3. ISOLATE_FAILE

4. SCAN

5. PORT_ATTACKED

Related


clear nfpp log Clear the NFPP log buffer area.

Platform

Description

N/A

show nfpp nd-guard summary


show nfpp nd-guard summary

Parameter


N/A N/A

Defaults N/A


Command

Mode


Usage Guide N/A

Configuration

Examples

Ruijie# show nfpp nd-guard summary

(Format of column Rate-limit and Attack-threshold is NS-NA/RS/RA-REDIRECT.)

Interface Status Rate-limit Attack-threshold

Global Enable 20/5/10 40/10/20

Gi 0/1 Enable 15/15/15 30/30/30

Gi 0/2 Disable -/5/30 -/10/50

Field Description



Rate-limit In the format of the rate-limit threshold for the NS-NA/RS/RA-REDIRECT.


- No configuration.

Related


nd-guard attack-threshold Set the global attack threshold.

nd-guard enable Enable the ND anti-attack function.

nd-guard rate-limit Set the global rate-limit threshold.


Enable the ND anti-attack function on the

interface.

nfpp nd-guard policy Set the rate-limit threshold and attack threshold.

Platform

Description

N/A

Command Reference ACL Commands

ACL Commands

access-list

Use this command to create an access list rule to filter data packets. The no form of this command

deletes the specified access list entries.

1) Standard IP access list (1 to 99, 1300 to 1999)

access-list id { deny | permit } { source source-wildcard | host source | any | interface idx }

[time-range tm-range-name ] [ log ]

2) Extended IP access list (100 to 199, 2000 to 2699 )

access-list id { deny | permit } protocol {source source-wildcard | host source | any | interface idx }

{ destination destination-wildcard | host destination | any } [ precedence precedence] [ tos tos ]

[ fragment ] [ range lower upper ] [ time-range time-range-name] [ log ]

3) Extended MAC access list (700 to 799)

access-list id { deny | permit} {any | host source-mac-address } { any | host

destination-mac-address } [ ethernet-type ] [ cos [ out ] [ inner in ] ]

4) Extended expert access list (2700 to 2899)

access-list id { deny | permit } [ protocol | [ ethernet-type ] [ cos [ out ] [ inner in ] ] ] [ VID [ out ]

[ inner in ] ] { source source-wildcard | host source | any } { host source-mac-address | any }

{ destination destination-wildcard | host destination | any} { host destination-mac-address | any } ]

[ precedence precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]

When you select the Ethernet-type field or cos field:

access-list id { deny | permit } { ethernet-type | cos [ out ] [ inner in ] } [ VID [ out ] [ inner in ] ]

{ source source-wildcard | host source | any } { host source-mac-address | any } { destination

destination-wildcard | host destination | any } { host destination-mac-address | any } [ time-range

time-range-name ]

When you select the protocol field:

access-list id { deny | permit } protocol [ VID [out][inner in ] ] {source source-wildcard | host source |

any } { host source-mac-address | any } {destination destination-wildcard | host destination | any }

{ host destination-mac-address | any } [ precedence precedence ] [ tos tos ] [ fragment] [range

lower upper ] [ time-range time-range-name ]

Extended expert ACLs of some important protocols:

Internet Control Message Protocol (ICMP)

access-list id { deny | permit } icmp [ VID [ out ] [ inner in ] ] { source source-wildcard | host source

| any } { host source-mac-address | any } { destination destination-wildcard | host destination | any}

{host destination-mac-address | any} [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ]

[precedence precedence] [tos tos] [fragment] [time-range time-range-name]

Transmission Control Protocol (TCP)

access-list id {deny | permit} tcp [VID [out][inner in]]{source source-wildcard | host Source | any}

{host source-mac-address | any } [operator port [port] ] {destination destination-wildcard | host

destination | any} {host destination-mac-address | any} [operator port [port] ] [precedence

precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ match-all


tcp-flag | established ]

User Datagram Protocol (UDP)

access-list id {deny | permit} udp[VID [out][inner in]] {source source –wildcard | host source | any}

{host source-mac-address | any } [ operator port [port] ] {destination destination-wildcard | host

destination | any}{host destination-mac-address | any} [operator port [port] ] [precedence

precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name]

5) List remark

access-list id list-remark text

Parameter


id

Access list ID. The ranges available are 1 to 99, 100 to 199, 1300 to

1999, 2000 to 2699, 2700 to 2899, and 700 to 799.

deny If not matched, access is denied.

permit If matched, access is permitted.

source Specify the source IP address (host address or network address).

source-wildcard It can be discontinuous, for example, 0.255.0.32.

protocol

IP protocol number. It can be one of EIGRP, GRE, IPINIP, IGMP,

NOS, OSPF, ICMP, UDP, TCP, and IP. It can also be a number

representing the IP protocol between 0 and 255. The important

protocols such as ICMP, TCP, and UDP are described separately.

destination

Specify the destination IP address (host address or network

address).

destination-wildcard

Wildcard of the destination IP address. It can be discontinuous, for

example, 0.255.0.32.

fragment Packet fragment filtering

precedence Specify the packet priority.

precedence Packet precedence value (0 to 7)

range Layer4 port number range of the packet.

lower Lower limit of the layer4 port number.

upper Upper limit of the layer4 port number.

time-range Time range of packet filtering

time-range-name Time range name of packet filtering

tos Specify type of service.

tos ToS value (0 to 15)

icmp-type ICMP message type (0 to 255)

icmp-code ICMP message type code (0 to 255)

icmp-message ICMP message type name

operator Operator (lt-smaller, eq-equal, gt-greater, neq-unequal, range-range)

port [ port ]

Port number; range needs two port numbers, while other operators

only need one port number.

host source-mac-address Source physical address

host

destination-mac-address

Destination physical address


VID vid Match the specified VID.

ethernet-type Ethernet type

match-all Match all the bits of the TCP flag.

tcp-flag Match the TCP flag.

established Match the RST or ACK bits, not other bits of the TCP flag.

text Remark information

Defaults None

Command

Mode


Usage Guide To filter the data by using the access control list, you must first define a series of rule statements by

using the access list. You can use ACLs of the appropriate types according to the security needs:

The standard IP ACL (1 to 99, 1300 to 1999) only controls the source IP addresses.

The extended IP ACL (100 to 199, 2000 to 2699) can enforce strict control over the source and

destination IP addresses.

The extended MAC ACL (700 to 799) can match against the source/destination MAC addresses and

Ethernet type.

The extended expert access list (2700 to 2899) is a combination of the above and can match and filter

the VLAN ID.

For the layer-3 routing protocols including the unicast routing protocol and multicast routing protocol,

the following parameters are not supported by the ACL: precedence precedence/tos

tos/fragments/range lower upper/time-range time-range-name

The TCP Flag includes part or all of the following:

urg

ack

psh

rst

syn

fin

The packet precedence is as below:

critical

flash

flash-override

immediate

internet

network

priority

routine

The service types are as below:

max-reliability


max-throughput

min-delay

min-monetary-cost

normal

The ICMP message types are as below:

administratively-prohibited

dod-host-prohibited

dod-net-prohibited

echo

echo-reply

fragment-time-exceeded

general-parameter-problem

host-isolated

host-precedence-unreachable

host-redirect

host-tos-redirect

host-tos-unreachable

host-unknown

host-unreachable

information-reply

information-request

mask-reply

mask-request

mobile-redirect

net-redirect

net-tos-redirect

net-tos-unreachable

net-unreachable

network-unknown

no-room-for-option

option-missing

packet-too-big

parameter-problem

port-unreachable

precedence-unreachable

protocol-unreachable

redirect

device-advertisement

device-solicitation

source-quench

source-route-failed

time-exceeded

timestamp-reply


timestamp-request

ttl-exceeded

unreachable

The TCP ports are as follows. A port can be specified by port name and port number:

bgp

chargen

cmd

daytime

discard

domain

echo

exec

finger

ftp

ftp-data

gopher

hostname

ident

irc

klogin

kshell

ldp

login

nntp

pim-auto-rp

pop2

pop3

smtp

sunrpc

syslog

tacacs

talk

telnet

time

uucp

whois

www

The UDP ports are as follows. A UDP port can be specified by port name and port number.

biff

bootpc

bootps

discard


dnsix

domain

echo

isakmp

mobile-ip

nameserver

netbios-dgm

netbios-ns

netbios-ss

ntp

pim-auto-rp

rip

snmp

snmptrap

sunrpc

syslog

tacacs

talk

tftp

time

who

xdmcp

The Ethernet types are as below:

aarp

appletalk

decnet-iv

diagnostic

etype-6000

etype-8042

lat

lavc-sca

mop-console

mop-dump

mumps

netbios

vines-echo

xns-idp

Configuration

Examples

1. Example of the standard IP ACL

The following basic IP ACL allows the packets whose source IP addresses are 192.168.1.64 -

192.168.1.127 to pass:

Ruijie (config)#access-list 1 permit 192.168.1.64 0.0.0.63

2. Example of the extended IP ACL


The following extended IP ACL allows the DNS messages and ICMP messages to pass:

Ruijie(config)#access-list 102 permit tcp any any eq domain log

Ruijie(config)#access-list 102 permit udp any any eq domain log

Ruijie(config)#access-list 102 permit icmp any any echo log

Ruijie(config)#access-list 102 permit icmp any any echo-reply

3. Example of the extended MAC ACL

This example shows how to deny the host with the MAC address 00d0f8000c0c to provide service

with the protocol type 100 on gigabit Ethernet port 1/1. The configuration procedure is as below:

Ruijie(config)#access-list 702 deny host 00d0f8000c0c any aarp


Ruijie(config-if)# mac access-group 702 in

4. Example of the extended expert ACL

The following example shows how to create and display an extended expert ACL. This expert ACL

denies all the TCP packets with the source IP address 192.168.12.3 and the source MAC address

00d0.f800.0044.

Ruijie(config)#access-list 2702 deny tcp host 192.168.12.3 mac 00d0.f800.0044

any any

Ruijie(config)# access-list 2702 permit any any any any

Ruijie(config)# show access-lists

expert access-list extended 2702

10 deny tcp host 192.168.12.3 mac 00d0.f800.0044 any any

10 permit any any any any

Related


show access-lists Show all the ACLs.

mac access-group Apply the extended MAC ACL on the interface.

Platform

Description

N/A

deny

One or multiple deny conditions are used to determine whether to forward or discard the packet. In

ACL configuration mode, you can modify the existent ACL or configure according to the protocol

details.

Standard IP ACL

[sn] deny {source source-wildcard | host source | any| interface idx } [ time-range tm-range-name ]

[ log ]

Extended IP ACL

[sn] deny protocol source source-wildcard destination destination-wildcard [precedence

precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ log ]

Extended IP ACLs of some important protocols:

Internet Control Message Prot (ICMP)


[sn] deny icmp {source source-wildcard | host source | any} {destination destination-wildcard |

host destination | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [precedence

precedence] [tos tos] [fragment] [time-range time-range-name]


[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination

destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos

tos] [fragment] [range lower upper] [time-range time-range-name]


[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination

destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos


Extended MAC ACL

[sn] deny {any | host source-mac-address}{any | host destination-mac-address} [ethernet-type][cos

[out] [inner in]]

Extended expert ACL

[sn] deny[protocol | [ethernet-type][ cos [out] [inner in]]] [[VID [out][inner in]]] {source

source-wildcard | host source | any}{host source-mac-address | any } {destination

destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence

precedence] [tos tos][fragment] [range lower upper] [ time-range time-range-name ]

When you select the ethernet-type field or cos field:

[sn] deny {[ethernet-type}[cos [out] [inner in]]} [[VID [out][inner in]]] {source source-wildcard | host

source | any} {host source-mac-address | any } {destination destination-wildcard | host destination |

any} {host destination-mac-address | any} [time-range time-range-name]


[sn] deny protocol [[VID [out][inner in]]] {source source-wildcard | host source | any} {host

source-mac-address | any } {destinationdestination-wildcard | host destination | any} {host

destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]

[time-range time-range-name]

Extended expert ACLs of some important protocols


[sn] deny icmp [[VID [out][inner in]]] {source source-wildcard | host source | any} {host

source-mac-address | any} {destination destination-wildcard | host destination | any} {host

destination-mac-address | any} [icmp-type] [[icmp-type [icmp-code ]] | [icmp-message]] [precedence

precedence] [tos tos] [fragment] [time-range time-range-name]


[sn] deny tcp [[VID [out][inner in]]]{source source-wildcard | host Source | any} {host

source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |

any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]

[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]


[sn] deny udp [[VID [out][inner in]]]{source source –wildcard | host source | any} {host

source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination

| any}{host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]

[fragment] [range lower upper] [time-range time-range-name]


Address Resolution Protocol (ARP)

[sn] deny arp {vid vlan-id}[ source-mac-address source-wildcard |host source-mac-address | any]

[host destination –mac-address | any] {sender-ip sender-ip–wildcard | host sender-ip | any}

{sender-mac sender-mac-wildcard | host sender-mac | any} {target-ip target-ip–wildcard | host

target-ip | any}

5. Extended IPv6 ACL

[sn] deny protocol{source-ipv6-prefix/prefix-length | any | host source-ipv6-address }

{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label

flow-label] [fragment] [range lower upper] [time-range time-range-name]

Extended ipv6 ACLs of some important protocols:


[sn]deny icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}

{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type

[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range

time-range-name]


[sn] deny tcp {source-ipv6-prefix / prefix-length | hostsource-ipv6-address | any}[operator port[port]]

{destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any} [operator port [port]]

[dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range time-range-name]

[match-all tcp-flag | established]


[sn] deny udp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port

[port]] {destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any}[operator port

[port]] [dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range

time-range-name]

Parameter


sn ACL entry sequence number

source-ipv6-prefix Source IPv6 network address or network type

destination-ipv6-prefix Destination IPv6 network address or network type

prefix-length Prefix mask length

source-ipv6-address Source IPv6 address

destination-ipv6-address Destination IPv6 address

dscp Differential Service Code Point

dscp Code value, within the range of 0 to 63

flow-label Flow label

flow-label Flow label value, within the range of 0 to 1048575.

protocol

For the IPv6, the field can be ipv6 | icmp | tcp | udp and number in the

range 0 to 255

time-range Time range of the packet filtering

time-range-name Time range name of the packet filtering

Defaults No entry


Command

mode

ACL configuration mode.

Usage Guide Use this command to configure the filtering entry of ACLs in ACL configuration mode.

Configuration

Examples

The following example shows how to create and display an extended expert ACL. This expert ACL

denies all the TCP packets with the source IP address 192.168.4.12 and the source MAC address

001300498272.

Ruijie(config)#expert access-list extended 2702

Ruijie(config-exp-nacl)#deny tcp host

192.168.4.12 host 0013.0049.8272 any any

Ruijie(config-exp-nacl)#permit any any any any

Ruijie(config-exp-nacl)#show access-lists

expert access-list extended 2702

10 deny tcp host 192.168.4.12 host 0013.0049.8272 any any

20 permit any any any any

Ruijie(config-exp-nacl)#

This example shows how to use the extended IP ACL. The purpose is to deny the host with the IP

address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to Interface

gigabitethernet 1/1. The configuration procedure is as below:

Ruijie(config)# ip access-list extended ip-ext-acl

Ruijie(config-ext-nacl)# deny tcp host 192.168.4.12 eq 100 any

Ruijie(config-ext-nacl)# show access-lists

ip access-list extended ip-ext-acl

10 deny tcp host 192.168.4.12 eq 100 any

Ruijie(config-ext-nacl)#exit

Ruijie(config)#interface gigabitethernet 1/1

Ruijie(config-if)#ip access-group ip-ext-acl in

Ruijie(config-if)#

This example shows how to use the extended MAC ACL. The purpose is to deny the host with the

MAC address 0013.0049.8272 to send Ethernet frames of the type 100 and apply the rule to Interface


Ruijie(config)#mac access-list extended mac1

Ruijie(config-mac-nacl)#deny host 0013.0049.8272 any aarp

Ruijie(config-mac-nacl)# show access-lists

mac access-list extended mac1

10 deny host 0013.0049.8272 any aarp

Ruijie(config-mac-nacl)#exit


Ruijie(config-if)# mac access-group mac1 in

This example shows how to use the standard IP ACL. The purpose is to deny the host with the IP

address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure

is as below:


Ruijie(config)#ip access-list standard 34

Ruijie(config-ext-nacl)# deny host 192.168.4.12

Ruijie(config-ext-nacl)#show access-lists

ip access-list standard 34

10 deny host 192.168.4.12



Ruijie(config-if)# ip access-group 34 in

This example shows how to use the extended IPV6 ACL. The purpose is to deny the host with the IP

address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure

is as below:

Ruijie(config)#ipv6 access-list extended v6-acl

Ruijie(config-ipv6-nacl)#11 deny ipv6 host 192.168.4.12 any

Ruijie(config-ipv6-nacl)#show access-lists

ipv6 access-list extended v6-acl

11 deny ipv6 host 192.168.4.12 any

Ruijie(config-ipv6-nacl)# exit


Ruijie(config-if)# ipv6 traffic-filter v6-acl in

Related



ipv6 traffic-filter Apply the extended ipv6 ACL on the interface.

ip access-group Apply the IP ACL on the interface.


ip access-list Define the IP ACL.

mac access-list Define the extended MAC ACL.

expert access-list Define the extended expert ACL.

ipv6 access-list Define the extended IPv6 ACL.

permit Permit the access.

Platform

Description

N/A

expert access-group

Use this command to apply the specified expert ACL on the specified interface. Use the no form of

the command to remove the application.

expert access-group {id| name } { in | out }

no expert access-group {id|name} {in|out}



Description

id ID of the expert ACL (2700 to 2899)

name Name of the expert ACL

in Filter the inputting packets of the interface

out Filter the outputting packets of the interface

Defaults No Expert ACL is applied on the interface.

Command

mode


Usage Guide This command is used to apply the specified ACL on the interface to control the input and output data

streams on the interface. Use the show access-group command to view the setting.

Configuration

Examples

The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit

interface 0/1:

Ruijie(config)# interface GigaEthernet 0/1

Ruijie(config-if)# expert access-group

accept_00d0f8xxxxxx_only in

Related


show access-group Show the ACL configuration.

Platform

Description

The expert ACL is not supported by routers.

expert access-list

Use this command to create an extended expert ACL. Use the no form of the command to remove

the ACL.

expert access-list extended {id | name}

no expert access-list extended {id | name}

Parameter


id ID of the extended expert ACL (2700 to 2899)

name Name of the extended expert ACL

Defaults No Expert ACL

Command

mode



Usage Guide Use show access-lists to display the ACL configurations.

Configuration

Examples

Create an extended expert ACL:

Ruijie(config)# expert access-list extended exp-acl

Ruijie(config-exp-nacl)# show access-lists expert access-list extended

exp-acl


Create an extended expert ACL:

Ruijie(config)# expert access-list extended 2704

Ruijie(config-exp-nacl)# show access-lists access-list extended 2704


Related


show access-lists Show the extended expert ACLs

Platform

Description

The expert ACL is not supported by routers.

ip access-group

Use this command to apply a specific ACL to an interface. The no form of this command cancels the

application.

ip access-group {id | name} {in | out} [unreflect | reflect]

no ip access-group { id | name} {in | out}

Parameter


id ID of the IP ACL (1 to 199, 1300 to 2699)

name Name of the IP ACL

in Filter the incoming packets of the interface.

out Filter the outgoing packets of the interface.

unreflect

Disable the Reflexive-ACL. (Working principle of the reflexive ACL: a.

A router generates a temporary access list automatically based on

layer-3 and layer-4 information of original traffic of the intranet. The

temporary access list is created based on the following rules:

Protocol unchanged, source-IP and destination-IP are strictly

exchanged with each other, and source-port and destination-port are

strictly exchanged with each other. b. Only when the layer-3 and

layer-4 information of the returned flow strictly matches with the

previous layer-3 and layer-4 information of the temporary access list

created based on outbound traffic, the router will permit the flow to

enter the intranet.)


reflect Enable the Reflexive-ACL.

Defaults No ACL is applied on the interface.

Command

mode


Usage Guide Use the ip access-group command to apply the specified ACL to the interface, when the firewall is

enabled.

Configuration

Examples

The following example applies the ACL 120 on the fastEthernet0/0 to filter the incoming packets:


Ruijie(config-if)# ip access-group 120 in

Related


access-list Define the ACL.


Platform

Description

N/A

ip access-list

Use this command to create a standard IP ACL or extended IP ACL. Use the no form of the

command to remove the ACL.

ip access-list {extended | standard} {id | name}

no ip access-list {extended | standard} {id | name}

Parameter


id

ID of the ACL 1 to 99 and 1300 to 1999 for standard ACL) or 100 to

199 and 2000 to 2699 for extended ACL

name Name of the ACL

Defaults None

Command

mode


Usage Guide There are differences between a standard ACL and an extended ACL. The extended ACL is more

precise. Refer to deny or permit in the two modes. Use show access-lists to display the ACL

configurations.


Configuration

Examples

Create a standard ACL:

Ruijie(config)# ip access-list extended 123


ip access-list extended 123

Ruijie(config-ext-nacl)#

Create an extended ACL:

Ruijie(config)# ip access-list standard std-acl

Ruijie(config-std-nacl)# show access-lists

ip access-list standard std-acl

Ruijieconfig-std-nacl)#

Related


show access-lists Show the ACLs.

Platform

Description

N/A

ip access-list resequence

Use this command to rearrange entries of an IP ACL and enter the configuration mode. Use the no

form of this command to restore the default setting.

ip access-list resequence {id | name} start-sn inc-sn

no ip access-list resequence {id | name}

Parameter


id It indicates the number of the ACL.

name It indicates the name of the ACL.

start-sn

It indicates the start value of the sequence number, from 1 to

2147483647.

inc-sn

It indicates the increment of the sequence number, from 1 to

2147483647.

Defaults start-sn: 10

inc-sn: 10

Command

mode


Usage Guide Use the show access-lists command to view the configuration of this command.

Configuration

Examples

The following example rearranges the ACL entries:

Ruijie# show access-lists



10 permit host 192.168.4.12

20 deny any any

Ruijie# config

Ruijie(config)# ip access-list resequence 1 21 43

Ruijie(config)# exit



21 permit host 192.168.4.12

64 deny any any

Related


show access-lists It is used to view the ACL.

Platform

Description

N/A

list-remark text

Use this command to add remarks for the specified ACL. The no form deletes the remarks.

list-remark text

Parameter


text Remark information

Defaults N/A

Command

mode

ACL configuration mode

Usage Guide Add remarks for the specified ACL.

Note: The remarks include 100 characters at most and two same remarks are not allowed in one

ACL.

When an ACE is deleted, the remarks between this ACE and the preceding one are deleted.

Configuration

Examples

Ruijie# ip access-list extended 102

Ruijie(config-ext-nacl)# list-remark this acl is to filter the host

192.168.4.12



deny ip host 192.168.4.12 any

1000 hits


this acl is to filter the host 192.168.4.12

Ruijie(config-ext-nacl)#

Related


show access-lists Show the ACLs.


Platform

Description

N/A

mac access-group

Use this command to apply the specified MAC ACL on the specified interface. Use the no form of the

command to remove the application.

mac access-group {id | name}{in | out}

no mac access-group {id | name} {in | out}

Parameter


id ID of the MAC ACL (700 to 799)

name Name of the MAC ACL

in Filter the incoming packets of the interface

out Filter the outgoing packets of the interface

Defaults No ACL is applied on the interface.

Command

mode


Usage Guide You can use the show running-config command to show the configuration result.

Configuration

Examples

The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit

interface 1:

Ruijie(config)#interface GigaEthernet 1/1

Ruijie(config-if)#mac access-group

accept__00d0f8xxxxxx_only in

Related


show access-group Show the ACL configuration.

Platform The mac ACL is not supported by routers.


Description

mac access-list

Use this command to create an extended MAC ACL. Use the no form of the command to remove the

ACL.

mac access-list extended {id | name}

no mac access-list extended {id | name}

Parameter


id ID of the extended MAC ACL (700 to 799)

name Name of the extended MAC ACL

Defaults N/A

Command

mode


Usage Guide Use the show access-lists command to display the ACL configurations.

Configuration

Examples

Create an extended MAC ACL:

Ruijie(config)# mac access-list extended mac-acl

Ruijie(config-mac-nacl)# show access-lists mac access-list extended mac-acl

Create an extended ACL:

Ruijie(config)# mac access-list extended 704

Ruijie(config-mac-nacl)# show access-lists mac access-list extended 704

Related


show access-lists Show the ACLs

Platform

Description

The mac ACL is not supported by routers.

no sn

Use this command to delete an entry of the ACL.

no sn

Parameter



sn Sequence number of the ACL entry

Defaults N/A

Command

mode


Usage Guide Use this command to delete an ACL entry in ACL configuration mode.

Configuration

Examples

Ruijie(config)# ipv6 access-list extended v6-acl

Ruijie(config-ipv6-nacl)# permit ipv6 host ::192.168.4.12 any

Ruijie(config-ipv6-nacl)#12 deny ipv6 host any any

Ruijie(config-ipv6-nacl)# show access-lists


10 permit ipv6 host ::192.168.4.12 any

12 deny ipv6 any any

Ruijie(config-ipv6-nacl)# no 12




Ruijie(config-ipv6-nacl)#

Related




ipv6 access-list Define the extended IPV6 ACL.

deny Define the deny rule.

permit Define the permit rule.

Platform

Description

N/A

permit

One or multiple permit conditions are used to determine whether to forward or discard the packet. In

ACL configuration mode, you can modify the existent ACL or configure according to the protocol

details.

Standard IP ACL

[ sn ] permit {source source-wildcard | host source | any | interface idx } [ time-range

tm-range-name] [ log ]

Extended IP ACL

[ sn ] permit protocol source source-wildcard destination destination-wildcard [ precedence

precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ log ]


Extended IP ACLs of some important protocols:


[ sn ] permit icmp {source source-wildcard | host source | any } { destination destination-wildcard |

host destination | any } [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [ precedence

precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]


[ sn ] permit tcp { source source-wildcard | host source | any } [ operator port [ port ] ] { destination

destination-wildcard | host destination | any } [ operator port [ port ] ] [ precedence precedence ]

[ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ match-all tcp-flag |

established ]


[sn] permit udp {source source -wildcard|host source |any} [ operator port [port]] {destination

destination-wildcard |host destination | any} [operator port [port]] [precedence precedence] [tos


Extended MAC ACL

[sn] permit {any | host source-mac-address} {any | host destination-mac-address}

[ethernet-type][ cos [out] [inner in]]

Extended expert ACL

[sn] permit [protocol | [ethernet-type][ cos [out] [inner in]]] [VID [out][inner in]] {source

source-wildcard | host source | any} {host source-mac-address | any } {destination

destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence

precedence] [tos tos][fragment] [range lower upper] [time-range time-range-name]

When you select the Ethernet-type field or cos field:

[sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host

source | any} {host source-mac-address | any } {destination destination-wildcard | host destination

| any} {host destination-mac-address | any} [time-range time-range-name]


[sn] permit protocol [VID [out][inner in]] {source source-wildcard | host Source | any} {host

source-mac-address | any } {destination destination-wildcard | host destination | any} {host

destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]

[time-range time-range-name]

Extended expert ACLs of some important protocols:


[sn] permit icmp [VID [out][inner in]] {source source-wildcard | host source | any} {host

source-mac-address | any } {destination destination-wildcard | host destination | any} {host

destination-mac-address | any}[ icmp-type ] [[icmp-type [icmp-code ]] | [ icmp-message ]]

[precedence precedence] [tos tos] [fragment] [time-range time-range-name]


[sn] permit tcp [VID [out][inner in]]{source source-wildcard | host Source | any} {host

source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |

any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]

[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]


[sn] permit udp [VID [out][inner in]]{source source –wildcard | host source | any} {host


source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination

| any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]

[fragment] [range lower upper] [time-range time-range-name]

Address Resolution Protocol (ARP)

[sn] permit arp {vid vlan-id} [host source-mac-address | any] [host destination –mac-address | any]

{sender-ip sender-ip–wildcard | host sender-ip | any} {sender-mac sender-mac-wildcard | host

sender-mac | any} {target-ip target-ip–wildcard | host target-ip | any}

6) Extended IPv6 ACL

[sn] permit protocol {source-ipv6-prefix / prefix-length | any | host source-ipv6-address}

{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label

flow-label] [fragment] [range lower upper] [time-range time-range-name]

Extended IPv6 ACLs of some important protocols:


[sn] permit icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}

{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type

[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label][fragment] [time-range

time-range-name]


[sn] permit tcp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port

[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port


time-range-name] [match-all tcp-flag | established]


[sn] permit udp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port

[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port


time-range-name]

Parameter


N/A N/A

Defaults None

Command

mode


Usage Guide Use this command to configure the permit conditions for the ACL in ACL configuration mode.

Configuration

Examples

The following example shows how to create and display an Expert Extended ACL. This expert ACL

permits all the TCP packets with the source IP address 192.168.4.12 and the source MAC address

001300498272.

Ruijie(config)#expert access-list extended exp-acl

Ruijie(config-exp-nacl)#permit tcp host 192.168.4.12 host 0013.0049.8272


any any

Ruijie(config-exp-nacl)#deny any any any any

Ruijie(config-exp-nacl)#show access-lists

expert access-list extended exp-acl

10 permit tcp host 192.168.4.12 host 0013.0049.8272 any any

20 deny any any any any


This example shows how to use the extended IP ACL. The purpose is to permit the host with the IP

address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to interface


Ruijie(config)# ip access-list extended 102

Ruijie(config-ext-nacl)# permit tcp host 192.168.4.12 eq 100 any



10 permit tcp host 192.168.4.12 eq 100 any



Ruijie(config-if)#ip access-group 102 in

Ruijie(config-if)#

This example shows how to use the extended MAC ACL. The purpose is to permit the host with the

MAC address 0013.0049.8272 to send Ethernet frames through the type 100 and apply the ACL to

interface gigabitethernet 1/1. The configuration procedure is as below:

Ruijie(config)#mac access-list extended 702

Ruijie(config-mac-nacl)#permit host 0013.0049.8272 any aarp

Ruijie(config-mac-nacl)#show access-lists

mac access-list extended 702

10 permit host 0013.0049.8272 any aarp 702

Ruijie(config-mac-nacl)#exit


Ruijie(config-if)#mac access-group 702 in

This example shows how to use the standard IP ACL. The purpose is to permit the host with the IP

address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration

procedure is as below:

Ruijie(config)#ip access-list standard std-acl

Ruijie(config-std-nacl)#permit host 192.168.4.12

Ruijie(config-std-nacl)#show access-lists

ip access-list standard std-acl

10 permit host 192.168.4.12

Ruijie(config-std-nacl)#exit


Ruijie(config-if)# ip access-group std-acl in

This example shows how to use the extended IPV6 ACL. The purpose is to permit the host with the IP

address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration

procedure is as below:


Ruijie(config)#ipv6 access-list extended v6-acl

Ruijie(config-ipv6-nacl)#11 permit ipv6 host ::192.168.4.12 any




Ruijie(config-ipv6-nacl)# exit


Ruijie(config-if)#ipv6 traffic-filter v6-acl in

Related



ipv6 traffic-filter Apply the extended ipv6 ACL on the interface.

ip access-group Apply the IP ACL on the interface.






deny Deny the access.

Platform

Description

N/A

security access-group

Use this command to configure the secure interface channel.

security access-group {id|name}

no security access-group

Parameter


id It indicates the ID of the ACL.

name It indicates the name of the ACL.

Defaults N/A

Command

mode


Usage Guide This command is used to configure the secure interface channel.

Configuration Ruijie(config-if)#security access-group 1


Examples

Related


show running It shows the current configuration information.

Platform

Description

This command is not supported by routers.

security global access-group

Use this command to configure the global security channel.

security global access-group { id | name }

no security global access-group

Parameter


id ACL ID

name ACL name

Defaults N/A

Command

mode


Usage Guide Use this command to configure the global security channel.

Configuration

Examples Ruijie# security global access-group 1

Related


show running Show configuration of current system.

Platform

Description


security uplink enable

Use this command to configure the uplink port of the security channel on the interface.

security uplink enable

no security uplink enable


Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide Use this command to configure the uplink port of the security channel on the interface.

Configuration

Examples Ruijie(config-if)#security uplink enable

Related


show running Show configuration of current system.

Platform

Description


show access-group

Use this command to show the ACL configured on the interface.

show access-group [ interface interface ]

Parameter


interface Interface ID

Defaults N/A

Command

mode


Usage Guide Show the ACL configured of the interface. If no interface is specified, the associated ACLs of all the

interfaces will be shown.

Configuration

Examples

Ruijie# show access-group

ip access-list standard ipstd3

Applied On interface GigabitEthernet 0/1.

ip access-list standard ipstd4







Related


ip access-group Apply the IP ACL to the interface.

mac access-group Apply the mac ACL to the interface.

expert access-group Apply the expert ACL to the interface.

ipv6 traffic-filter Apply the IPv6 ACL to the interface.

Platform

Description

N/A

show access-lists

Use this command to show all ACLs or the specified ACL.

show access-lists [ id | name ]

Parameter


id ID of the IP ACL

name Name of the IP ACL

Defaults N/A

Command

mode


Usage Guide Use this command to show the specified ACL. If no ID or name is specified, all the ACLs will be shown.

Configuration

Examples

Ruijie# show access-lists n_acl

ip access-list standard n_acl

Ruijie# show access-lists 102



ip access-list standard n_acl


permit icmp host 192.168.1.1 any log (1080 matches)

permit tcp host 1.1.1.1 any established

deny ip any any (80021 matches)

mac access-list extended mac-acl

expert access-list extended exp-acl



petmit ipv6 ::192.168.4.12 any (100 matches)

deny any any (9 matches)

Related






Platform

Description

N/A

show expert access-group

Use this command to show the configured expert ACL of the interface.

show expert access-group [ interface interface ]

Parameter



Defaults N/A

Command

mode


Usage Guide Show the expert ACL configured on the interface. If no interface is specified, the associated expert

ACLs of all the interfaces will be shown.

Configuration

Examples

Ruijie# show expert access-group interface gigabitethernet 0/2

expert access-group ee in


Related



Platform

Description

N/A


show ip access-group

Use this command to show the configured expert ACL of the interface.

show ip access-group[ interface interface ]

Parameter



Defaults N/A

Command

mode


Usage Guide Show the IP ACL configured of the interface. If no interface is specified, the associated IP ACLs of all

the interfaces will be shown.

Configuration

Examples

Ruijie# show ip access-group interface gigabitethernet 0/1

ip access-group aaa in


Related



Platform

Description

N/A

show mac access-group

Use this command to show the configured MAC ACL of the interface.

show mac access-group[ interface interface ]

Parameter



Defaults N/A

Command

mode


Usage Guide Show the MAC ACL associated with the interface. If no interface is specified, the associated MAC


ACLs of all associated interfaces will be shown.

Configuration

Examples

Ruijie# show mac access-group interface gigabitethernet 0/3

mac access-group mm in


Related



Platform

Description

N/A

Command Reference File System Commands

File System Commands

cd

Use this command to set the present directory for the file system.

cd [ filesystem: ] [ directory ]


filesystem: Specified file system. This parameter must be carried with “:”.

Parameter

Description

directory Specified directory

Defaults The default directory is the flash root directory.

Command

Mode


Usage Guide Change the above parameter to the directory you want to enter. Use the pwd command to view the

present directory.

Configuration

Examples

Example 1: The following example sets usb0 root directory as the present directory:

Ruijie# cd usb0:/Example 1: The following example sets sd root directory as the present directory:

Ruijie# cd sd0:/


Commands pwd Show the present word directory.

Platform

Description

N/A.

copy

Use this command to copy a file from the specified source directory to the specified destination

directory.

copy source-url destination-url


source-url Source file URL, which can be local or remote.

Parameter

Description

destination-url Destination file URL, which can be local or remote.

Defaults N/A.


Command

Mode


Usage Guide This command is used to copy the files among various storage media in the local and to transmit the

files between the network servers:

The following table lists the URL prefix for the specified file system:

Prefix Description

flash:

Flash storage media. This prefix can be used in all devices. The default is

flash if the prefix is not used for the URL. In general, the bootstrap main

program is stored in the flash.

tftp: TFTP network server

xmodem: Use the xmodem protocol to transmit the file to the network device.

slave: Flash on the slave board from the chassis device.

usb0: The first USB device.

usb1: The second USB device.

sd0: The first SD card.

sw1-m1-disk0: Flash memory of the management board in the M1 slot of the chassis with

switch id 1, in VSU mode.







This command does not support the wildcard.

Without the specified URL prefix configured, the current file system is used by default.

Configuration

Examples

Example 1: Download the file from the TFTP server:

Ruijie# copy tftp://192.168.201.54/rgos.bin flash:/

Example 2: Upload the file to the TFTP server:

Ruijie# copy flash:/rgos.bin tftp://192.168.201.54/rgos.bin

Example 3: Use the xmodem to download the file:

Ruijie# copy xmodem: flash:/config.text

Example 4: Copy the file to the U disk:

Ruijie#copy flash:/config.text usb0:/config.text

Example 5: Copy the file to the slave management board:

Ruijie#copy flash:/config.text slave:/config.text


Example 6: Copy the file from the flash to the SD card:

Ruijie#copy flash:/rgos.bin sd0:/rgos.bin

Example 7: Copy the file from the U disk to the SD card:

Ruijie#copy usb0:/config.text sd0:/config.text

Example 8: Copy the file from the SD card to the U disk:

Ruijie#copy sd0:/config.text usb0:/config.text

Command Description

delete Delete the file.

rename Rename the file.

Related

Commands

dir Show the file list of the specified directory.

Platform

Description

N/A.

mkdir

Use this command to create a directory.

mkdir directory


Description directory Name of the directory to be created.

Defaults N/A.

Command

Mode


Usage Guide Simply enter the name of the directory you want to create (including the path).

If the created file has been existed, the creation will fail. If the upper-level for the

directory to be created is inexistent, it fails to create the specified directory. For example,

if the directory of flash:/backup is inexistent, the creation of the directory of

flash:/backup/temp will fail. The solution is that the directory of flash:/backup shall be

created before the creation of the directory of flash:/backup/temp.

Configuration

Examples

Example 1: Create the test directory at the root directory:

Ruijie# mkdir test

Example 2: Create the test2 directory at the root directory of the SD card:

Ruijie# mkdir sd0:/test2


Command Description

rmdir Delete the directory.

pwd Show the present directory.

Related

Commands

Platform

Description

N/A.

pwd

Use this command to show the working path.

pwd


Description N/A. N/A.

Defaults N/A.

Usage Guide This command shows the present working path

Configuration

Examples

The following example shows the present working path.

Ruijie# pwd

Flash:/


Commands cd Change the file system in the present directory.

Platform

Description

N/A.

rmdir

Use this command to delete an empty directory.

rmdir directory


Description directory Name of the directory to be deleted, which must be empty

Defaults N/A.

Command

Mode


Usage Guide This command does not support the wildcards, and the directory to be deleted must be empty.


Configuration

Examples

If there is tmp directory in the current directory and the directory does not contain any files:

Ruijie# rmdir tmp

Ruijie# ls


Commands mkdir Create a directory

Platform

Description

N/A

Command Reference CPU-LOG Commands

CPU-LOG Commands

cpu-log

Use this command to manually configure the low and high threshold of triggering the cpu utilization

log.

cpu-log log-limit low_num high_num

Parameter


log-limit The command descriptor prompting the limit range.

low_num Sets the low threshold of triggering the cpu utilization log.

high_num Sets the high threshold of triggering the cpu utilization log.

Defaults By default, the high and low threshold of triggering the cpu utilization log are 100% and 90%.

Command

Mode


Usage Guide Use this command to manually configure the low and high threshold of triggering the cpu utilization

log. When the CPU utilization exceeds the high threshold, the system prompts the log message for

one time. When the CPU utilization is less than the low threshold, the system prompts the log

message and advertises that the current CPU utilization has been decreased. This message is sent

only when the CPU high and low threshold switches over.

Configuration

Examples

#Show how to set the low and high threshold of triggering the cpu utilization log to 70% and 80%

respectively.

Ruijie(config)# cpu-log log-limit 70 80

#The console prompts the following message when the CPU utilization is higher 80%:

Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU utilization in one minute: 95%,

Using most cpu's task is ktimer : 94%

#The console prompts the following message when the CPU utilization is less than 70%:

Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU

utilization in one minute :68%,Using most cpu's task

is ktimer : 60%

Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: The CPU

using rate has down!

Related


N/A N/A


Platform

Description

N/A

show cpu

Use this command to show the CPU utilization information.

show cpu

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide Use this command to show the system CPU utilization information in five seconds, one minute and

five minutes, and the CPU utilization of every task in five seconds, one minute and five minutes.

Configuration

Examples

Ruijie# show cpu

=======================================

CPU Using Rate Information

CPU utilization in five seconds: 25%

CPU utilization in one minute : 20%

CPU utilization in five minutes: 10%

NO 5Sec 1Min 5Min Process

0 0% 0% 0% LISR INT

1 7% 2% 1% HISR INT

2 0% 0% 0% ktimer

3 0% 0% 0% atimer

4 0% 0% 0% printk_task

5 0% 0% 0% waitqueue_process

6 0% 0% 0% tasklet_task

7 0% 0% 0% kevents

8 0% 0% 0% snmpd

9 0% 0% 0% snmp_trapd

10 0% 0% 0% mtdblock

11 0% 0% 0% gc_task

12 0% 0% 0% Context

13 0% 0% 0% kswapd

14 0% 0% 0% bdflush

15 0% 0% 0% kupdate


16 0% 3% 1% ll_mt

17 0% 0% 0% ll main process

18 0% 0% 0% bridge_relay

19 0% 0% 0% d1x_task

20 0% 0% 0% secu_policy_task

21 0% 0% 0% dhcpa_task

22 0% 0% 0% dhcpsnp_task

23 0% 0% 0% igmp_snp

24 0% 0% 0% mstp_event

25 0% 0% 0% GVRP_EVENT

26 0% 0% 0% rldp_task

27 0% 2% 1% rerp_task

28 0% 0% 0% reup_event_handler

29 0% 0% 0% tpp_task

30 0% 0% 0% ip6timer

31 0% 0% 0% rtadvd

32 0% 0% 0% tnet6

33 2% 0% 0% tnet

34 0% 0% 0% Tarptime

35 0% 0% 0% gra_arp

36 0% 0% 0% Ttcptimer

37 8% 1% 0% ef_res

38 0% 0% 0% ef_rcv_msg

39 0% 0% 0% ef_inconsistent_daemon

40 0% 0% 0% ip6_tunnel_rcv_pkt

41 0% 0% 0% res6t

42 0% 0% 0% tunrt6

43 0% 0% 0% ef6_rcv_msg

44 0% 0% 0% ef6_inconsistent_daemon

45 0% 0% 0% imid

46 0% 0% 0% nsmd

47 0% 0% 0% ripd

48 0% 0% 0% ripngd

49 0% 0% 0% ospfd

50 0% 0% 0% ospf6d

51 0% 0% 0% bgpd

52 0% 0% 0% pimd

53 0% 0% 0% pim6d

54 0% 0% 0% pdmd

55 0% 0% 0% dvmrpd

56 0% 0% 0% vty_connect

57 0% 0% 0% aaa_task

58 0% 0% 0% Tlogtrap

59 0% 0% 0% dhcp6c


60 0% 0% 0% sntp_recv_task

61 0% 0% 0% ntp_task

62 0% 0% 0% sla_deamon

63 0% 3% 1% track_daemon

64 0% 0% 0% pbr_guard

65 0% 0% 0% vrrpd

66 0% 0% 0% psnpd

67 0% 0% 0% igsnpd

68 0% 0% 0% coa_recv

69 0% 0% 0% co_oper

70 0% 0% 0% co_mac

71 0% 0% 0% radius_task

72 0% 0% 0% tac+_acct_task

73 0% 0% 0% tac+_task

74 0% 0% 0% dhcpd_task

75 0% 0% 0% dhcps_task

76 0% 0% 0% dhcpping_task

77 0% 0% 0% dhcpc_task

78 0% 0% 0% uart_debug_file_task

79 0% 0% 0% ssp_init_task

80 0% 0% 0% rl_listen

81 0% 0% 0% ikl_msg_operate_thread

82 0% 0% 0% bcmDPC

83 0% 0% 0% bcmL2X.0

84 3% 3% 3% bcmL2X.0

85 0% 0% 0% bcmCNTR.0

86 0% 0% 0% bcmTX

87 0% 0% 0% bcmXGS3AsyncTX

88 0% 2% 1% bcmLINK.0

89 0% 0% 0% bcmRX

90 0% 0% 0% mngpkt_rcv_thread

91 0% 0% 0% mngpkt_recycle_thread

92 0% 0% 0% stack_task

93 0% 0% 0% stack_disc_task

94 0% 0% 0% redun_sync_task

95 0% 0% 0% conf_dispatch_task

96 0% 0% 0% devprob_task

97 0% 0% 0% rdp_snd_thread

98 0% 0% 0% rdp_rcv_thread

99 0% 0% 0% rdp_slot_change_thread

100 4% 2% 1% datapkt_rcv_thread

101 0% 0% 0% keepalive_link_notify

102 0% 0% 0% rerp_msg_recv_thread

103 0% 0% 0% ip_scan_guard_task


104 0% 0% 0% ssp_ipmc_hit_task

105 0% 0% 0% ssp_ipmc_trap_task

106 0% 0% 0% hw_err_snd_task

107 0% 0% 0% rerp_packet_send_task

108 0% 0% 0% idle_vlan_proc_thread

109 0% 0% 0% cmic_pause_detect

110 1% 1% 1% stat_get_and_send

111 0% 1% 0% rl_con

112 75% 80% 90% idle

In the list above, the first three lines indicate the system CPU utilization in five seconds, one minute

and five minutes, including LISR, HISR and tasks. Then, it describes the detailed CPU utilization

distribution:

No: Serial number

5Sec: CPU utilization of the tasks in five seconds.

1Min: CPU utilization of the tasks in one minute.

5Min: CPU utilization of the tasks in five minutes.

The first two lines in the list above indicate the CPU utilization of all LISRs and HISRs. From the third

line, it begins to indicate the CPU utilization of the tasks. The last line indicates the CPU utilization of

the idle task, which is the same as the “System Idle Process” in the Windows. In the example above,

CPU utilization of idle task within five seconds is 75%, indicating that 75% CPU is idle.

Related


N/A N/A

Platform

Description

N/A

Command Reference Memory Commands

Memory Commands

show memory

Use this command to show the current memory usage information.

show memory

Parameter


N/A N/A

Defaults N/A

Command

mode


Usage Guide Use this command to view the current system memory state and usage information, including the

system physical memory amount, the number of free pages in the current system, the free memory

statistics.

Configuration

Examples

This example shows the running result of the command show memory.

Ruijie#show memory

System Memory Statistic:

Free pages: 1079

watermarks : min 379, lower 758, low 1137, high 1516

System Total Memory : 128MB, Current Free Memory : 5283KB

Used Rate : 96%

The above information includes the following parts:

Free pages: the memory size of one free page is about 4k;

Watermarks(see the following table)

Watermarks Description

min

The memory resources are extremely insufficient. It can only

keep the kernel running. All application modules fails to run if

the minimum watermark has been reached.

lower

The memory resources are severely insufficient. One routing

protocol will auto-exit and release the memory if the lower

watermark has been reached. For the details, see the

memory-lack exit-policy command.

Command Reference Memory Commands

low

The memory resources are insufficient. The routing protocol

will be in OVERFLOW state if the low watermark has been

reached. In the overflow state, the routers do not learn new

routes any more. The commands are not allowed to be

executed when the memory lacks.

high The memory resources are sufficient. Each routing protocol

attempts to restore the state from OVERFLOW to normal.

The overall system memory, the current available memory and memory used rate.

Related


N/A N/A

Platform

Description

N/A

Command Reference Syslog Commands

Syslog Commands

clear logging

Use this command to clear the logs from the buffer in privileged user mode.

clear logging

Parameter


N/A N/A

Defaults N/A

Command

Mode Privileged user mode

Usage Guide This command clears the log packets from the memory buffer. You cannot clear the statistics of the

log packets.

Configuration

Examples

The following example clears the log packets from the memory buffer.

Ruijie# clear logging

Related


logging on Turns on the log switch.

show logging Shows the logs in the buffer.

logging buffered Records the logs in the memory buffer.

Platform

Description

N/A

more flash

Use this command to show the contents of the logs stored in the extended FLASH in privileged user

mode.

more flash: filename

Parameter


filename Log file name.


Defaults N/A

Command


Usage Guide In the extended FLASH, the log file indicates the files with the prefix “//f2/”, “//f3/’. This command only

allows you to view the log files. You cannot use this command to view other non-log files.

Configuration

Examples

The following example shows the results of the log files in the extended FLASH:

Ruijie# more flash://f2/log.txt

look up file in the extended flash://f2/log.txt

00004 2004-11-17 4:1:32 Ruijie: %5:Reload requested by Administrator. Reload

Reason :Reload command

Related


logging file flash Records the logs to the extended FLASH.

Platform

Description

N/A

logging buffered

Use this command to set the memory buffer parameters (log severity, buffer size) for logs at global

configuration layer. Use the no form of the command to disable recording logs in the memory buffer.

Use the default form of this command to restore the memory buffer size to the default value.

logging buffered [buffer-size | level]

no logging buffered

default logging buffered

Parameter


bufferN/Asize

Size of the buffer is related to the specific device type:

1. For the kernel / aggregation switches, 4 K to 10 M bytes.

2. For the access switches, 4 K to 1 M.

3. For other devices, 4 K to 128 K Bytes.

level

Severity of logs, from 0 to 7. The name of the severity or the numeral

can be used.

Defaults The buffer size is related to the specific device type.

1. kernel switches: 1 M Bytes;

2. aggregation switches: 256 K Bytes;


3. access switches: 128 K Bytes;

4. other devices: 4 K Bytes

The log severity is 7.

Command


Usage Guide The memory buffer for log is used in recycled manner. That is, when the memory buffer with the

specified size is full, the oldest information will be overwritten. To show the log information in the

memory buffer, run the show logging command in privileged user mode.

The logs in the memory buffer are temporary, and will be cleared in case of device restart or the

execution of the clear logging command in privileged user mode. To trace a problem, it is required to

record logs in flash or send them to Syslog Server.

The log information is classified into the following 8 levels (Table 1):

Table-1

Keyword Level Description

Emergencies 0 Emergency case, system cannot run normally

Alerts 1 Problems that need immediate remedy

Critical 2 Critical conditions

Errors 3 Error message

warnings 4 Alarm information

Notifications 5 Information that is normal but needs attention

informational 6 Descriptive information

Debugging 7 Debugging messages

Lower value indicates higher level. That is, level 0 indicates the information of the highest level.

When the level of log information to be displayed on devices is specified, the log information at or

below the set level will be allowed to be displayed.

After running the system for a long time, modifying the log buffer size especially in

condition of large buffer may fails due to the insufficent availble continuous memory.

The failure message will be shown. It is recommended to modify the log buffer size as

soon as the system starts.

Configuration

Examples

The following example allows logs at and below severity 6 to be recorded in the memory buffer sized

10,000 bytes.

Ruijie(config)# logging buffered 10000 6

Related




show logging Shows the logs in the buffer.

clear logging Clears the logs in the log buffer.

Platform

Description

N/A

logging console

Use this command to set the severity of logs that are allowed to be displayed on the console in global

configuration mode. Use the no form of this command to prohibit printing log messages on the

console.

logging console [ level ]

no logging console

Parameter


level

Severity of log messages, 0 to 7. The name of the severity or the

numeral can be used. For the details of log severity, see table 1.

Defaults Debugging (7).

Command


Usage Guide When a log severity is set, the log messages at or below that severity will be displayed on the

console.

The show logging command displays the related setting parameters and statistics of the log.

Configuration

Examples

The following example sets the severity of log that is allowed to be displayed on the console as 6:

Ruijie(config)# logging console informational

Related



show logging

Shows the logs and related log configuration

parameters in the buffer.

Platform

Description

N/A


logging count

Use this command to enable the log statistics function in global configuration mode. Use the no form

of the command to delete the log statistics and disable the statistics function.

logging count

no logging count

Parameter


N/A N/A

Defaults The log statistics function is disabled by default.

Command

Mode


Usage Guide This command enables the log statistics function. The statistics begins when the function is enabled.

If you run the no logging count command, the statistics function is disabled and the statistics data is

deleted.

Configuration

Examples

The following example enables the log statistics function:

Ruijie(config)# logging count

Related


show logging count

Views log information about modules of the

system.

show logging

Views basic configuration of log modules and

log information in the buffer.

Platform

Description

N/A

logging facility

Use this command to configure the device value of the log information in global configuration mode.

Use the no form of the command to restore it to the default device value (23).

logging facility facility-type

no logging facility

Parameter


facility-type Syslog device value. For specific settings, refer to the usage guide.


Defaults Local7(23)

Command


Usage Guide The following table (Table-2) is the possible device values of Syslog:

Numerical Code Facility

0 (kern) Kernel messages

1 (user) User-level messages

2 (mail) Mail system

3 (daemon) System daemons

4 (auth1) security/authorization messages

5 (syslog) Messages generated internally by syslogd

6 (lpr) Line printer subsystem

7 (news) USENET news

8 (uucp) Unix-to-Unix copy system

9 (clock1) Clock daemon

10 (auth2) security/authorization messages

11 (ftp) FTP daemon

12 (ntp) NTP subsystem

13 (logaudit) log audit

14 (logalert) log alert

15 (clock2) clock daemon

16 (local0) Local use








The default device value of RGOS is 23 (local 7).

Configuration

Examples

The following example sets the device value of Syslog as kernel:

Ruijie(config)# logging facility kern



Commands

logging console

Sets the severity of logs that are allowed to be

displayed on the console.

Platform

Description

N/A

logging file flash

Use this command to record logs in the extended flash in global configuration mode. Use the no form

of the command to disable the function.

logging file flash: filename [ max-file-size ] [ level ] xx

no logging file

Parameter


filename Name of the log file of txt type

max-file-size

Maximal size of the log file in the range from 128 K to 6 M bytes, the

default value is 128K bytes.

level

The severity of logs recorded in the log files. The name of the severity

or the numeral can be used. By default, the severity of logs recorded

in the FLASH is 6. For the details of log severity, see Table-1.

Defaults Logs cannot be recorded in the extended FLASH.

Command


Usage Guide If no Syslog Server is specified or it is not desired to transfer logs on the network due to the

consideration of security purpose, it is possible to save the logs directly in extended flash.

The extension of the log file is fixed as txt. Any configuration of extension for the filename will be

refused.

You must purchase an additional extended FLASH to record logs on it. If there is no

extended FLASH, the logging file flash command will automatically be hidden, not

allowing you to configure it.

Configuration

Examples

The following example records the logs in the extended flash, with the name trace.txt, file size 128 K

and log severity 6.

Ruijie(config)# logging file flash:trace


Related



show logging

Shows the log messages and related log

configuration parameters in the buffer.

more flash Views the logs in the extended flash.

Platform

Description

N/A

logging monitor

Use this command to set the severity of logs that are allowed to be displayed on the VTY window

(telnet window, SSH window, etc.) in global configuration mode. Use the no form of this command to

prohibit printing log messages on the VTY window.

logging monitor [ level ]

no logging monitor

Parameter


level

Severity of the log message. The name of the severity or the numeral

can be used. For the details of log severity, see Table-1.

Defaults Debugging (7).

Command


Usage Guide To print log information on the VTY window, run the terminal monitor command in privileged user

mode. The level of logs to be displayed is defined by logging monitor.

The log level defined with "Logging monitor" is for all VTY windows.

Configuration

Examples

The following example sets the severity of log that is allowed to be printed on the VTY window as 6:

Ruijie(config)# logging monitor informational

Related



Platform

Description

N/A


logging on

Use this command globally to allow logs to be displayed on different devices. Use the no form of this

command to disable the fucntion.

logging on

no logging on

Parameter


N/A N/A

Defaults Logs are allowed to be displayed on different devices.

Command


Usage Guide Log information can not only be shown in the Console window and VTY window, but also be recorded

in different equipments such as the memory buffer, the extended FLASH and Syslog Server. This

command is the total log switch. If this switch is turned off, no log will be displayed or recorded unless

the severity level is greater than 1.

Configuration

Examples

The following example disables the log switch on the device.

Ruijie(config)# no logging on

Related


logging buffered Records the logs to a memory buffer.

logging Sends logs to the Syslog server.

logging file flash: Records logs on the extended FLASH.

logging console

Allows the log level to be displayed on the

console.

logging monitor

Allows the log level to be displayed on the VTY

window (such as telnet window) .

logging trap

Sets the log level to be sent to the Syslog

server.

Platform

Description

N/A

logging rate-limit

Use this command to enable log rate limit function to limit the output logs in a second in the global


configuration mode. The no form of this command disables log rate limit function.

logging rate-limit { number | all number | console {number | all number } } [ except severity ]

no logging rate-limit

Parameter


number

The number of logs that can be processed in a second in the range

from 1 to 10000.

all Sets rate limit to all the logs with severity level 0 to 7.

console

Sets the amount of logs that can be shown in the console in a

second.

except

By default, the severity level is error (3). The rate of the log whose

severity level is less than or equal to error (3) is not controlled.

severity

Log severity level in the range from 0 to 7. The lower the level is, the

higher the severity is.

Defaults The log rate limit function is disabled by default.

Command


Usage Guide Use this command to control the syslog outpt to prevent the massive log output.

Configuration

Examples

The following example sets the number of the logs (including debug) that can be processed in a

second as 10. However, the logs with warning or higher severity level are not controlled:

Ruijie(config)#logging rate-limit all 10 except warnings

Related


show logging count

Views log information about modules of the

system.

show logging

Views basic configuration of log modules and


Platform

Description

N/A

logging server

Use this command to record the logs in the specified Syslog Sever in global configuration mode. Use

the no form of the command to disable the function.

logging server { ip-address [ vrf vrf-name ] | ipv6 ipv6-address }


no logging server { ip-address [ vrf vrf-name] | ipv6 ipv6-address }

Parameter


ip-address IP address of the host that receives log information.

vrf-name

Specifies the VRF instance (VPN device forwarding table) connecting

to the log host.

ipv6-address Specifies IPV6 address for the host receiving the logs.

Defaults No log is sent to any syslog server by default.

Command


Usage Guide This command specifies a Syslog server to receive the logs of the device. Users are allowed to

configure up to 5 Syslog Servers. The log information will be sent to all the configured Syslog Servers

at the same time.

Configuration

Examples

The following example specifies a syslog server of the address 202.101.11.1:

Ruijie(config)# logging server 202.101.11.1

The following example specifies an ipv6 address as AAAA:BBBB:FFFF:

Ruijie(config)# logging server ipv6 AAAA:BBBB:FFFF

Related



show logging

Views log messages and related log


logging trap

Sets the level of logs allowed to be sent to

Syslog server.

Platform

Description

N/A

logging source ip| ipv6

Use this command to configure the source IP address of logs in global configuration mode. Use the

no form of this command to remove the settings.

logging source { ip ip-address | ipv6 ipv6-address }

no logging source { ip | ipv6 }

Parameter



ip-address

Specifies the source IPV4 address sending the logs to IPV4 log

server.

ipv6-address

Specifies the source IPV6 address sending the logs to IPV6 log

server.

Defaults N/A

Command


Usage Guide By default, the source address of the log messages sent to the syslog server is the address of the

sending interface. For easy tracing and management, this command can be used to fix the source

address of all log messages as an address, so that the administrator can identify which device is

sending the message through the unique addresses. If this IP address is not configured on the

device, the source address of the log messages is the address of the sending interface.

Configuration

Examples

The following example specifies 192.168.1.1 as the source address of the syslog messages:

Ruijie(config)# logging source ip 192.168.1.1

Related


logging Sends the logs to the Syslog server.

Platform

Description

N/A

logging source interface

Use this command to configure the source interface of logs in global configuration mode. Use the no

form of this command to remove the settings.

logging source interface interface-type interface-number

no logging source interface

Parameter


interface-type Interface type.

interface-number Interface number.

Defaults N/A

Command



Usage Guide By default, the source address of the log messages sent to the syslog server is the address of the

sending interface. For easy tracing and management, this command can be used to fix the source

address of all log messages as an interface address, so that the administrator can identify which

device is sending the message through the unique addresses. If the source interface is not configured

on the device, or no IP address is configured for the source interface, the source address of the log

messages is the address of the sending interface.

Configuration

Examples

The following example specifies loopback 0 as the source address of the syslog messages:

Ruijie(config)# logging source interface loopback 0

Related



Platform

Description

N/A

logging synchronous

Use this command to enable synchronization function between user input and log output in line

configuration mode to prevent interruption when the user is keying in characters. Use the no form of

this command to disable this function.

logging synchronous

no logging synchronous

Parameter


N/A N/A

Defaults The synchronization function between user input and log output is disabled by default.

Command


Usage Guide This command enables synchronization function between user input and log output, preventing the

user from interrupting when keying in the characters.

Configuration

Examples

Ruijie(config)#line console 0

Ruijie(config-line)#logging synchronous

Print UP-DOWN logs on the port when keying in the command, the input command will be output

again:


Oct 9 23:40:55 %LINK-5-CHANGED: Interface GigabitEthernet 0/1, changed state


to down

Oct 9 23:40:55 %LINEPROTO-5-UPDOWN: Line protocol on Interface

GigabitEthernet 0/1, changed state to DOWN

Ruijie# configure terminal//----the input command by the user is output

again rather than being intererupted.

Related


show running-config Views the configuration.

Platform

Description

N/A

logging trap

Use this command to set the severity of logs that are allowed to be sent to the syslog server in global

configuration mode. Use the no form of this command to prohibit sending log messages to the Syslog

server.

logging trap [ level ]

no logging trap

Parameter


level

Severity of the log message. The name of the severity or the numeral

can be used. For the details of log severity, see Table 1.

Defaults Informational(6)

Command


Usage Guide To send logs to the Syslog Server, run the logging command in global configuration mode to

configure the Syslog Server. Then, run the logging trap command to specify the severity level of

logs to be sent.

The show logging command displays the configured related parameters and statistics of the log.

Configuration

Examples

The following example enables logs at severity 6 to be sent to the Syslog Server with the address of

202.101.11.22:

Ruijie(config)# logging 202.101.11.22

Ruijie(config)# logging trap informational

Related





show logging

Shows the log messages and related log


Platform

Description

N/A

service sequence-numbers

Use this command to attach serial numbers into the logs in global configuration mode. Use the no

form of the command to remove the serial numbers in the logs.

service sequence-numbers

no service sequence-numbers

Parameter


N/A N/A

Defaults No serial number is carried in the logs by default.

Command


Usage Guide In addition to the timestamp, you can add serial numbers to the logs, numbering from 1. Then, it is

clearly known whether the logs are lost or not and their sequence.

Configuration

Examples

The following example adds serial numbers to the logs.

Ruijie(config)# service sequence-numbers

Related



service timestamps Attaches timestamps to the logs.

Platform

Description

N/A

service sysname

Use this command to attach system name to logs in global configuration mode. Use the no form of

the command to remove the system name from the logs.


service sysname

no service sysname

Parameter


N/A N/A

Defaults No system name is attached to logs by default.

Command


Usage Guide This command allows you to decide whether to add system name in the log information.

Configuration

Examples

The following example adds a system name in the log information:

Mar 22 15:28:02 %SYS-5-CONFIG: Configured from console by console

Ruijie #config terminal


Ruijie (config)#service sysname

Ruijie (config)#end

Ruijie #

Mar 22 15:35:57 S3250 %SYS-5-CONFIG: Configured from console by console

Related


show logging

Shows basic configuration of log modules and


Platform

Description

N/A

service timestamps

Use this command to attach timestamp into logs in global configuration mode. Use the no form of this

command to remove the timestamp from the logs. Use the default form of this command to restore

the timestamps of logs to the default values.

service timestamps [ message-type [ uptime | datetime [ msec | year ] ] ]

no service timestamps [ message-type ]

default service timestamps [ message-type ]

Parameter


message-type The log type, including Log and Debug. The log type indicates the


log information with severity levels of 0 to 6. The debug type

indicates that with severity level 7.

uptime

Device start time in the format of *Day*Hour*Minute*Second, for

example, 07:00:10:41.

datetime

Current time of the device in the format of

Month*Date*Hour*Minute*Second, for example, Jul 27 16:53:07.

msec


Month*Date*Hour*Minute*Second*milisecond, for example, Jul 27

16:53:07.299

year


Year*Month*Date*Hour*Minute*Second, for example, 2007 Jul 27

16:53:07

Defaults The time stamp in the log information is the current time of the device. If the device has no RTC, the

time stamp is automatically set to the device start time.

Command


Usage Guide When the uptime option is used, the time format is the running period from the last start of the device

to the present time, in seconds. When the datetime option is used, the time format is the date of the

current device, in the format of YY-MM-DD, HH:MM:SS.

Configuration

Examples

The following example enables the timestamp for log and debug information, in format of Datetime,

supporting milisecond display.

Ruijie(config)# service timestamps debug datetime msec

Ruijie(config)# service timestamps log datetime msec

Ruijie(config)# end

Ruijie(config)# Oct 8 23:04:58.301 %SYS-5-CONFIG I: configured from console

by console

Related



service sequence-numbers Enables serial numbers of logs.

Platform

Description

N/A

terminal monitor

Use this command to show logs on the current VTY window. Use the no form of this command to

disable the function.


terminal monitor

terminal no monitor

Parameter


N/A N/A

Defaults Log information is not allowed to be displayed on the VTY window by default.

Command


Usage Guide This command only sets the temporary attributes of the current VTY. As the temporary attribute, it is

not stored permanently. At the end of the VTY terminal session, the system will use the default

setting, and the temporary setting is invalid. This command can be also executed on the console, but

it does not take effect.

Configuration

Examples

The following example allows log information to be printed on the current VTY window:

Ruijie# terminal monitor

Related


N/A N/A

Platform

Description

N/A

show logging

Use this command to show configured parameters and statistics of logs and log messages in the

memory buffer at privileged user layer.

show logging

Parameter


N/A N/A

Defaults N/A

Command

Mode


Usage Guide N/A


Configuration

Examples

The following command shows the result of the show logging command:

Ruijie# show logging

Syslog logging: enabled

Console logging: level debugging, 15495 messages logged

Monitor logging: level debugging, 0 messages logged

Buffer logging: level debugging, 15496 messages logged

Standard format: false

Timestamp debug messages: datetime

Timestamp log messages: datetime

Sequence-number log messages: enable

Sysname log messages: enable

Count log messages: enable

Trap logging: level informational, 15242 message lines logged,0 fail

logging to 202.101.11.22

logging to 192.168.200.112

Log Buffer (Total 131072 Bytes): have written 1336,

015487: *Sep 19 02:46:13: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,

changed state to up.

015488: *Sep 19 02:46:13: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on

Interface FastEthernet 0/24, changed state to up.

015489: *Sep 19 02:46:26: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,

changed state to down.

015490: *Sep 19 02:46:26: Ruijie %LINEPROTON/A5N/AUPDOWN: Line protocol on

Interface FastEthernet 0/24, changed state to down.

015491: *Sep 19 02:46:28: Ruijie %LINKN/A3N/AUPDOWN: Interface FastEthernet

0/24, changed state to up.

015492: *Sep 19 02:46:28: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on

Interface FastEthernet 0/24, changed state to up.

Log information description:

Field Description

Syslog logging Logging flag: enabled or disabled

Console logging Level of the logs printed on the console, and statistics

Monitor logging Level of the logs printed on the VTY window, and

statistics

Buffer logging Level of the logs recorded in the memory buffer, and

statistics.

Standard format Standard log format.

Timestamp debug messages Timestamp format of the Debug messages

Timestamp log messages Timestamp format of the Log messages

Sequence-number log messages Serial number switch


Sequence log messages Attaches system names to the logs.

Count log messages Log statistics function

Trap logging Level of the logs sent to the syslog server, and

statistics

Log Buffer Log files recorded in the memory buffer

Related



clear logging Clears the log messages in the buffer.

Platform

Description

N/A

show logging count

Use this command to show the statistics about occurrence times, and the last occurrence time of

each module log in the system in privileged mode.

show logging count

Parameter


N/A N/A

Defaults N/A

Command


Usage Guide To use the log packet statistics function, run the logging count command in global configuration

mode. The show logging count command can show the information of a specific log, occurrence

times, and the last occurrence time.

You can use the show logging command to check whether the log statistics function is enabled.

Configuration

Examples

The following is the execution result of the show logging count command:

Ruijie# show logging count

Module Name Message Name Sev Occur Last Time

SYS CONFIG_I 5 1 Jul 6 10:29:57

SYS TOTAL 1



Commands

logging count Enables the log statistics function.

show logging

Shows basic configuration of log modules and


clear logging Clears the logs in the buffer.

Platform

Description

N/A

Date post:	22-Nov-2021
Category:	Documents
Upload:	others
View:	7 times
Download:	0 times