IP Address & Application Commands

1. IP Address/Service Commands

2. ARP Commands

3. IP Event Dampening Commands

4. TCP Commands

5. IPv4/IPv6 REF Commands

6. Tunnel Commands

7. FPM Commands

8. NAT Commands

9. MLLB Commands

10. User Route Commands

Command Reference IP Address/Service Commands

1 IP Address/Service Commands

1.1 ip-address

Use this command to configure the IP address of an interface. Use the no form of this command to
restore the default setting.
ip address ip-address network-mask [ secondary ]
no ip address [ ip-address network-mask [ secondary ]

Parameter
Parameter Description
Description
ip-address 32-bit IP address, with 8 bits in one group in decimal format. Groups
are separated by dots.
network-mask 32-bit network mask. 1 stands for the mask bit, 0 stands for the host
bit, with 8 bits in one group in decimal format. Groups are separated by
dots.
secondary Secondary IP address

Defaults No IP address is configured for the interface by default.

Command Interface configuration mode

Mode

Usage Guide The equipment cannot receive and send IP packets before it is configured with an IP address. After
an IP address is configured for the interface, the interface is allowed to run the Internet Protocol
(IP).

The network mask is also a 32-bit value that identifies which bits among the IP address is the
network portion. Among the network mask, the IP address bits that correspond to value “1” are the
network address. The IP address bits that correspond to value “0” are the host address. For
example, the network mask of Class A IP address is “255.0.0.0”. You can divide a network into
different subnets using the network mask. Subnet division means to use the bits in the host address
part as the network address part, so as to reduce the capacity of a host and increase the number of
networks. In this case, the network mask is called subnet mask.

The RGOS software supports multiple IP address for an interface, in which one is the primary IP
address and others are the secondary/slave IP addresses. Theoretically, there is no limit for the
number of secondary IP addresses. The primary IP address must be configured before the
secondary IP addresses. The secondary IP address and the primary IP address must belong to the
same network or different networks. Secondary IP addresses are often used in network
construction. Typically, you can try to use secondary IP addresses in the following situations:

1-1
Command Reference IP Address/Service Commands

A network hasn’t enough host addresses. At present, the LAN should be a class C network where
254 hosts can be configured. However, when there are more than 254 hosts in the LAN, another
class C network address is necessary since one class C network is not enough. Therefore, the
device should be connected to two networks and multiple IP addresses should be configured.

Many older networks are layer 2-based bridge networks that have not been divided into different
subnets. Use of secondary IP addresses will make it very easy to upgrade this network to an IP
layer-based routing network. The equipment configures an IP address for each subnet.

Two subnets of a network are separated by another network. You can create a subnet for the
separated network, and connect the separated subnet by configuring a secondary IP address. One
subnet cannot appear on two or more interfaces of a device.

Configuration The following example configures the primary IP address and the network mask as 10.10.10.1 and
Examples 255.255.255.0 respectively .
Ruijie(config-if)# ip address 10.10.10.1 255.255.255.0

The following example configures the master and secondary IP addresses as 10.10.10.1/24 and
10.10.20.1/24 respectively.
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip address 10.10.10.1 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip address 10.10.20.1 255.255.255.0
secondary

Related Command Description

Commands show interface Displays detailed information of the interface.

Notification 1. If the configured mask is formed only by the digit 1 or 0 (32-bit masks can be used for loopback
interfaces), the following prompt occurs.
Invalid IP mask.
2. If a secondary IP address is configured instaed of configuring a primary first, the following prompt
occurs.
Cannot add IP address.

Common Error 1. Configure a secondary IP address when the primary IP address is not configured.
2. Secondary IP addresses are not deleted before deleting the primary IP address.
3. The network segment of the IP address on a interface overlaps with that of another IP address
on the interface.

Platform N/A
Description

1-2
Command Reference IP Address/Service Commands

1.2 ip address negotiate

Use this command to configure an IP address for the interface through PPP negotiation. Use the no
form of this command to restore the setting.
ip address negotiate
no ip address negotiate

Parameter Parameter Description

Description N/A N/A

Defaults This function is disabled by default.

Command Interface configuration mode

Mode

Usage Guide Only the PPP interface of the router supports IP address configuration through PPP negotiation.
After the interface is configured with the ip address negotiate command, the peer end should be
configured with the peer default ip address command.

Configuration The following example obtains an IP address for the interface through PPP negotiation.
Examples Ruijie(config)# interface dialer 1
Ruijie(onfig-if-dialer 1)# ip address negotiate

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.3 ip address-pool local

Use this command to enable the IP address pool function. Use the no form of this command to
disable this function.
ip address-pool local
no ip address-pool local

Parameter Parameter Description

Description N/A N/A

Defaults This function is enabled by default.

Command Global configuration mode

Mode

1-3
Command Reference IP Address/Service Commands

Usage Guide This function is enabled by default. PPP users can allocate an IP address to the peer end from the
IP address pool configured. If you can use the no ip address-pool local command to disable this
function and clear all configured IP address pools.

Configuration The following example enables the IP address pool function.

Examples Ruijie(config)# ip address-pool local

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.4 ip broadcast-addresss

Use this command to define a broadcast address for an interface in the interface configuration
mode. Use the no form of this command to restore the default setting.
ip broadcast-addresss ip-address
no ip broadcast-addresss

Parameter Parameter Description

Description ip-address Broadcast address of IP network

Defaults The default IP broadcast address is 255.255.255.255.

Command Interface configuration mode.

Mode

Usage Guide At present, the destination address of IP broadcast packet is all “1”, represented as
255.255.255.255. The RGOS software can generate broadcast packets with other IP addresses
through definition, and can receive both all “1” and the broadcast packets defined by itself.

Configuration The following example sets the destination address of IP broadcast packets generated by this
Examples interface to 0.0.0.0.
Ruijie(config)# interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip broadcast-address 0.0.0.0

Related Command Description

Commands N/A N/A

Notification If a broadcast address is configured for the interface without a primary IP address configured, the
following prompt appears.

1-4
Command Reference IP Address/Service Commands

Cannot set broadcast address. No primary address exist.

Platform N/A
Description

1.5 ip directed-broadcast

Use this command to enable the conversion from IP directed broadcast to physical broadcast
in the interface configuration mode. Use the no form of this command to restore the default
setting.
ip directed-broadcast [ access-list-number ]
no ip directed-broadcast

Parameter Parameter Description

Description access-list-number (Optional) Access list number, in the range from 1 to 199 and from
1300 to 2699. After an access list number has been defined, only
the IP directed broadcast packets that match this access list are
converted.

Defaults This function is disabled by default.

Command Mode Interface configuration mode.

Usage Guide IP directed broadcast packet is an IP packet whose destination address is an IP subnet
broadcast address. For example, the packet with the destination address 172.16.16.255 is
called a directed broadcast packet. However, the node that generates this packet is not a
member of the destination subnet.

The device that is not directly connected to the destination subnet receives an IP directed
broadcast packet and handles this packet in the same way as forwarding a unicast packet.
After the directed broadcast packet reaches a device that is directly connected to this subnet,
the device converts the directed broadcast packet into a flooding broadcast packet (typically
the broadcast packet whose destination IP address is all “1”), and then sends the packet to all
the hosts in the destination subnet in the manner of link layer broadcast.

You can enable conversion from directed broadcast into physical broadcast on a specified
interface, so that this interface can forward a direct broadcast packet to a directly connected
network. This command affects only the final transmission of directed broadcast packets that
have reached the destination subnet instead of normal forwarding of other directed broadcast
packets.

You can also define an access list on an interface to control which directed broadcast packets
to forward. After an access list is defined, only the packets that conform to the conditions
defined in the access list undergo conversion from directed broadcast into physical broadcast.

1-5
Command Reference IP Address/Service Commands

If the no ip directed-broadcast command is configured on an interface, RGOS will discard the

directed broadcast packets received from the directly connected network.

Configuration The following example enables forwarding of directed broadcast packet on the GigabitEthernet
Examples 0/1 port of a device.
Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip directed-broadcast

Related Commands Command Description

N/A N/A

Platform N/A
Description

1.6 ip icmp error-interval

Use this command to set the rate to send the ICMP destination unreachable packets triggered by
DF in the IP header. Use the no form of this command to restore the default setting.
ip icmp error-interval DF milliseconds [ bucket-size ]
no ip icmp error-interval DF milliseconds [ bucket-size ]

Use this command to set the rate to send other ICMP error packets. Use the no form of this
command to restore the default setting.
ip icmp error-interval milliseconds [bucket-size]
no ip icmp error-interval milliseconds [ bucket-siz ]

Parameter Parameter Description

Description The refresh period of the token bucket, in the range from 0 to
2147483647 in the unit of milliseconds. 0 indicates no limit on
milliseconds
the rate to send ICMP error packets.
The default is 100.
The number of tokens in the bucket, in the range is from 1 to
bucket-size
200. The default is 10.

Defaults The default rate is 10 packets per 100 millisecond.

Command Mode Global configuration mode.

Usage Guide To prevent DoS attack, the token bucket algorithm is adopted to limit the rate to send ICMP error
packets.

If IP packets need to be fragmented while the DF is set to 1, the device sends ICMP destination
unreachable packets numbered 4 to the source IP address for path MTU discovery. Rate limits on

1-6
Command Reference IP Address/Service Commands

ICMP destination unreachable packets and other error packets are needed to prevent path MTU
discovery failure.

It is recommended to set the refresh period to an integral multiple of 10 milliseconds. If the refresh
period is not an integral multiple of 10 milliseconds, it is adjusted automatically. For example, 1
per 5 milliseconds is adjusted to 2 per 10 milliseconds; 3 per 15 milliseconds is adjusted to 2 per
10 milliseconds.

Configuration The following example sets the rate to send the ICMP destination unreachable packets triggered
Examples by DF in the IP header to 100 per second.
Ruijie(config)# ip icmp error-interval DF 1000 100

The following example sets the rate to send other ICMP error packets to 10 per second.
Ruijie(config)# ip icmp error-interval 1000 10

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.7 ip local pool

Use this command to create an IP address pool. Use the no form of this command to remove the
setting.
ip local pool pool-name low-ip-address [ high-ip-address ]
no ip local pool pool-name [ low-ip-address [ high-ip-address ] ]

Parameter Parameter Description

Description pool-name Specifies the address pool name. The default name is default.
low-ip-address The start IP address in the address pool.
high-ip-address (Optional) The end IP address in the address pool.

Defaults No IP address pool is configured by default.

Command Global configuration mode

Mode

Usage Guide This command is used to create one or multiple IP address pools for PPP to allocate addresses to
users.

Configuration The following example creates an IP address pool named quark ranging from 172.16.23.0 to
Examples 172.16.23.255.

1-7
Command Reference IP Address/Service Commands

Ruijie(config)#ip local pool quark 172.16.23.0 172.16.23.255

Related Command Description

Commands N/A N/A

Notification 1. Create an IP address pool when this function is disabled. In this case, the following prompt
occurs.
% IP local pool is disabled!
2. If the high-ip-address is smaller than the low-ip-address, or they don’t reside on the same
network segment, the following prompt occurs.
% Invalid address range!

Platform N/A
Description

1.8 ip mask-reply

Use this command to configure the RGOS software to respond the ICMP mask request and
send an ICMP response message in the interface configuration mode. Use the no form of this
command to restore the default setting.
ip mask-reply
no ip mask-reply

Parameter Parameter Description

Description N/A N/A

Defaults This function is disabled by default.

Command mode Interface configuration mode.

Usage Guide Sometimes, a network device needs the subnet mask of a subnet on the Internet. To obtain
such information, the network device can send an ICMP mask request message, and the
network device that receives this message will send a mask response message.

Configuration The following example sets the GigabitEthernet 0/1 interface of a device to respond the ICMP
Examples mask request message.
Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip mask-reply

Related Command Description

Commands N/A N/A

Platform N/A

1-8
Command Reference IP Address/Service Commands

Description

1.9 ip mtu

Use this command to set the Maximum Transmission Unit (MTU) for an IP packet in the
interface configuration mode. Use the no form of this command is restore the default setting.
ip mtu bytes
no ip mtu

Parameter Parameter Description

Description bytes Maximum transmission unit of IP packet , in the range from 68 to
1500 bytes

Defaults It is the same as the value configured in the interface command mtu by default.

Command Mode Interface configuration mode.

Usage Guide If an IP packet is larger than the IP MTU, the RGOS software will split this packet. All the
devices in the same physical network segment must have the same IP MTU for the
interconnected interface.

If the interface configuration command mtu is used to set the maximum transmission unit value
of the interface, IP MTU will automatically match with the MTU value of the interface. However, if
the IP MTU value is changed, the MTU value of the interface will remain unchanged.

Configuration The following iexample sets the IP MTU value of the GigabitEthernet 0/1 interface to 512 bytes.
Examples Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip mtu 512

Related Command Description

Commands mtu Sets the MTU value of an interface.

Platform N/A
Description

1.10 ip redirects

Use this command to allow the RGOS software to send an ICMP redirection message in the interface
configuration mode. Use the no form of this command to disable this function.
ip redirects
no ip redirects

Parameter Parameter Description

1-9
Command Reference IP Address/Service Commands

Description N/A N/A

Defaults This function is enabled by default.

Command Interface configuration mode.

Mode

Usage Guide When the route is not optimum, it may make the device to receive packets through one interface and
send it though the same interface. If the device sends the packet through the interface through which
this packet is received, the device will send an ICMP redirection message to the data source, telling
the data source that the gateway for the destination address is another device in the subnet. In this
way the data source will send subsequent packets along the optimum path.

Configuration The following example disables ICMP redirection for the GigabitEthernet 0/1 interface.
Examples Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# no ip redirects

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.11 ip source-route

Use this command to allow the RGOS software to process an IP packet with source route information
in global configuration mode. Use the no form of this command to disable this function.
ip source-route
no ip source-route

Parameter Parameter Description

Description N/A N/A

Defaults This function is enabled by default.

Command Global configuration mode.

Mode

Usage Guide RGOS supports IP source route. When the device receives an IP packet, it will check the options of
the IP packet, such as strict source route, loose source route and record route. Details about these
options can be found in RFC 791. If an option is found to be enabled in this packet, a response will be
made. If an invalid option is detected, an ICMP parameter problem message will be sent to the data
source, and then this packet is discarded.

1-10
Command Reference IP Address/Service Commands

Configuration The following example disables the IP source route.

Examples Ruijie(config)# no ip source-route

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.12 ip ttl

Use this command to set the TTL value of the unicast packet. Use the no form of this command to
restore the default setting.
ip ttl value
no ip ttl

Parameter Parameter Description

Description value Sets the TTL value of the unicast packet, in the range from
0 to 255.

Defaults The default is 64.

Command Global configuration mode

Mode

Usage Guide N/A

Configuration The following example sets the TTL value of the unicast packet to 100.
Examples Ruijie(config)# ip ttl 100

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.13 ip ttl-expires enable

Use this command to send TTL timeout message.

ip ttl-expires enable

Use the no form of this command to disable the function of sending TTL timeout message.

1-11
 Command Reference IP Address/Service Commands

no ip ttl-expires enable

Parameter Parameters Description

Description N/A N/A

Defaults This function is enabled by default.

Command Global configuration mode

Mode

Usage Guide If the TTL of the IP packet forwarded by the device expires, the device needs to send an error packet to the
source end.
In order to prevent the device from being identified by other devices using Traceroute and suffering attacks,
you can disable this function. After the function is disabled, the device doesn’t send a TTL timeout error
packet to the source end when it receives the TTL timeout packets.

Configuratio The following example disables the function of sending TTL timeout message.
n Example Ruijie(config)# no ip ttl-expires enable

Verification N/A

Platform
N/A
Description

1.14 ip unnumbered

This command is used to configure unnumbered interfaces. After an interface is set to an

unnumbered interface, IP can be run on the interface and packets can be sent or received on the
interface. Use the no form of this command to restore the default setting.
ip unnumbered interface-type interface-number
no ip unnumbered

Parameter Parameter Description

Description interface-type Type of the associated interface
interface-number No. of the associated interface

Defaults No unnumbered interface is configured by default.

Command mode Interface configuration mode

Usage Guide An unnumbered interface indicates that IP is enabled on the interface but no IP address is
allocated for the interface. An unnumbered interface must associate with an interface with an IP
address. The source IP address of the IP packets generated on an unnumbered interface is the IP

1-12
Command Reference IP Address/Service Commands

address of the associated interface. In addition, the routing protocol process determines whether
to send route update packets to the unnumbered interface according to the IP address of the
associated interface. Pay attention to the following when using an unnumbered interface:

An Ethernet interface cannot be set to an unnumbered interface.

When SLIP, HDLC, PPP, LAPB, and Frame-relay are encapsulated on a serial port, the port can
be set to an unnumbered interface. When a frame relay is encapsulated, only a point-to-point
subinterface can be set to an unnumbered interface. In the case of X.25 encapsulation,
unnumbered interface is not allowed.

The ping command cannot be used to check whether an unnumbered interface is working
properly because the interface does not have an IP address. The status of an unnumbered
interface can be remotely monitored over SNMP.
The network cannot be enabled using an unnumbered interface.

Configuration The following example configures the local interface as an unnumbered interface and sets the
Examples associated interfacet to GigabitEthernet 0/1 (an IP address is configured for the interface).
Ruijie(config-if)# ip unnumbered gigabitethernet 0/1

Related Command Description

Commands show interface Displays the detailed information about the interface.

Platform N/A
Description

1.15 ip unreachables

Use this command to allow the RGOS software to generate ICMP destination unreachable
messages. Use the no form of this command to disable this function.
ip unreachables
no ip unreachables

Parameter Parameter Description

Description N/A N/A

Defaults This function is enabled by default.

Command Interface configuration mode.

Mode

Usage Guide RGOS software will send a ICMP destination unreachable message if it receives unicast message
with self-destination-address and can not process the upper protocol of this message.

1-13
Command Reference IP Address/Service Commands

RGOS software will send ICMP host unreachable message to source data if it can not forward a
message due to no routing.

This command influences all ICMP destination unreachable messages.

Configuration The following example disables sending ICMP destination unreachable message on
Examples GigabitEthernet 0/1.
Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# no ip unreachables

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.16 peer default ip address

Use this command to allocate an IP address to the peer end through PPP negotiation. Use the no
form of this command to restore the default setting.
peer default ip address { ip-address | pool [pool-name] }
no peer default ip address

Parameter Parameter Description

Description ip-address Allocates an IP address to the peer end.
(Optional) Specifies the address pool name. If not specified, the
pool-name
default address pool is used.

Defaults No IP address is allocated to the peer end through PPP negotiaon by default.

Command Interface configuration mode.

Mode

Usage Guide If the local end is configured with an IP address while the peer end not, you can enable the local end
to allocate an IP address to the peer end by configuring the ip address negotiate command on the
peer end and the peer default ip address on the local end.
This command is configured on PPP interface supporting encapsulation PPP or SLIP.
The peer default ip address pool command is used to allocate an IP address to the peer end from
the address pool, configured by using the ip local pool command.
The peer default ip address ip-address command is used to specify an IP address for the peer
end. This command cannot be configured on virtual template interfaces and asyn interfaces.

Configuration The following example enables interface dialer 1 to allocate IP address 10.0.0.1 to the peer end.
Examples Ruijie(config)# interface dialer 1

1-14
Command Reference IP Address/Service Commands

Ruijie(config-if-dialer 1)# peer default ip address 10.0.0.1

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.17 show ip interface

Use this command to display the IP status information of an interface.

show ip interface [ interface-type interface-number | brief ]

Parameter Parameter Description

Description interface-type Specifies interface type.
interface-number Specifies interface number.
brief Displays the brief configurations about the IP of the layer-3 interface
(including the interface primary ip, secondary ip and interface status)

Defaults N/A.

Command Privileged EXEC mode.

Mode

Usage Guide When an interface is available, RGOS will create a direct route in the routing table. The interface is
available in that the RGOS software can receive and send packets through this interface. If the
interface changes from available status to unavailable status, the RGOS software removes the
appropriate direct route from the routing table.

If the interface is unavailable, for example, two-way communication is allowed, the line protocol
status will be shown as “UP”. If only the physical line is available, the interface status will be shown as
“UP”.

The results shown may vary with the interface type, because some contents are the interface-specific
options

Configuration The following exmaple displays the output of the show ip interface brirf command.
Examples Ruijie#show ip interface brief
Interface IP-Address(Pri) IP-Address(Sec)
Status Protocol
GigabitEthernet 0/0 no address no address
down down
GigabitEthernet 0/1 no address no address

1-15
Command Reference IP Address/Service Commands

down down
GigabitEthernet 0/2 no address no address
down down
GigabitEthernet 0/3 10.51.209.203/24 no address
up up
Description of fields:
Field Description
Status Link status of an interface. The value can be up, down, or administratively down.
Protocol IPv4 protocol status of an interface.

The following example displays the output of the show ip interface interface-type interface-number
command.
Ruijie# show ip interface gigabitethernet 0/1
GigabitEthernet 0/1
IP interface state is: DOWN
IP interface type is: BROADCAST
IP interface MTU is: 1500
IP address is:
No address configured
IP address negotiate is: OFF
Forward direct-broadcast is: OFF
ICMP mask reply is: OFF
Send ICMP redirect is: OFF
Send ICMP unreachable is: OFF
DHCP relay is: OFF
Fast switch is: ON
Help address is: 0.0.0.0
Proxy ARP is: ON
ARP packet input number: 0
Request packet : 0
Reply packet : 0
Unknown packet : 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo request : 0
Echo reply : 0
Unreachable : 0
Source quench : 0
Routing redirect : 0

Description of fields in the results:

Field Description

The network interface is available, and both its interface

IP interface state is:
hardware status and line protocol status are “UP”.

1-16
Command Reference IP Address/Service Commands

Show the interface type, such as broadcast, point-to-point,

IP interface type is:
etc.

IP interface MTU is: Show the MTU value of the interface.

IP address is: Show the IP address and mask of the interface.

Show whether the IP address is obtained through

IP address negotiate is:
negotiation.

Forward direct-broadcast is: Show whether the directed broadcast is forwarded.

ICMP mask reply is: Show whether an ICMP mask response message is sent.

Send ICMP redirect is: Show whether an ICMP redirection message is sent.

Send ICMP unreachabled is: Show whether an ICMP unreachable message is sent.

DHCP relay is: Show whether the DHCP relay is enabled.

Fast switch is: Show whether the IP fash switching function is enabled.

Help address is: Show the helper IP address.

Proxy ARP is: Show whether the agent ARP is enabled.

Show the total number of ARP packets received on the

ARP packet input number:
interface, including:
Request packet:
ARP request packet
Reply packet:
ARP reply packet
Unknown packet:
Unknown packet

TTL invalid packet number: Show the TTL invalid packet number

Show the total number of ICMP packets received on the

ICMP packet input number:
interface, including:
Echo request:
Echo request packet
Echo reply:
Echo reply packet
Unreachable:
Unreachable packet
Source quench:
Source quench packet
Routing redirect:
Routing redirection packet

Related Command Description

Commands N/A. N/A.

Platform N/A.
Description

1.18 show ip packet queue

Use this command to display the statistics of IP packet queues.

show ip packet queue

Parameter Parameter Description

1-17
Command Reference IP Address/Service Commands

Description N/A N/A

Defaults N/A

Command Mode Privileged EXEC mode.

Usage Guide N/A.

Configuration The following example displays the statistics of IP packet queues.

Examples Ruijie# show ip packet queue
R Receive 1115011 packets(fragment=0):
IP packet receive queue: length 0, max 3084, overflow 0.
ICMP echo request 3, ICMP echo reply 21.
Discards:
Failed to alloc skb: 0.
Receive queue overflow: 0.
Unknown protocol drops: 828388.
Checksum fails in ICMP : 0.
Receive broadcast packet in ICMP : 0.
Sent packets:
Success: 297154
Echo reply packets by ICMP Layer: 3, by IP Layer: 3.
Echo request packets by IP Layer: 21.
Max response time for ICMP echo request packet:38 us
Failed to alloc efbuf: 0
Dropped by EFMP: 0
NoRoutes: 13
Get vrf fails: 0
Cannot assigned address drops: 0
Failed to encapsulate ethernet head: 0
ICMP error queue: length 0, max 3084, overflow 0.

Field Description

IP packet receive queue Statistics of received packets

Discards Statistics of discarded packets

Sent packets Statistics of sent packets

ICMP error queue Statistics of ICMP error packets

Related Command Description

Commands N/A N/A

Platform N/A
Description

1-18
Command Reference IP Address/Service Commands

1.19 show ip packet statistics

Use this command to display the statistics of IP packets.

show ip packet statistics [ total | interface-name ]

Parameter Parameter Description

Description interface-name Interface name
total Displays the total statistics of all interfaces.

Defaults N/A.

Command Mode Privileged EXEC mode.

Usage Guide N/A.

Configuration The following example displays the output of this command.

Examples R1# show ip packet statistics
Total
Received 113962 packets, 11948991 bytes
Unicast:90962,Multicast:5232,Broadcast:17768
Discards:0
HdrErrors:0(BadChecksum:0,TTLExceeded:0,Others:0)
NoRoutes:0
Others:0
Sent 34917 packets, 1863146 bytes
Unicast:30678,Multicast:4239,Broadcast:0
GigabitEthernet 0/1
Received 6715 packets, 416587 bytes
Unicast:2482,Multicast:4233,Broadcast:0
Discards:0
HdrErrors:0(BadChecksum:0,TTLExceeded:0,Others:0)
NoRoutes:0
Others:0
Sent 6720 packets, 417096 bytes
Unicast:2481,Multicast:4239,Broadcast:0
Loopback 0
Received 0 packets, 0 bytes
Unicast:0,Multicast:0,Broadcast:0
Discards:0
HdrErrors:0(BadChecksum:0,TTLExceeded:0,Others:0)
NoRoutes:0
Others:0
Sent 0 packets, 0 bytes
Unicast:0,Multicast:0,Broadcast:0

1-19
Command Reference IP Address/Service Commands

Tunnel 1
Received 0 packets, 0 bytes
Unicast:0,Multicast:0,Broadcast:0
Discards:0
HdrErrors:0(BadChecksum:0,TTLExceeded:0,Others:0)
NoRoutes:0
Others:0
Sent 21584 packets, 1122848 bytes
Unicast:21584,Multicast:0,Broadcast:0
Field Description
Field Description
Total Indicates displaying the statistics of all interfaces.
GigabitEthernet 0/1 Indicates displaying the statistic of the GigabitEthernet 0/1
Indicates the number and size of received packets (including
Received unicast/multicast/broadcast packets). Also, the number of packet
loss and the cause are displayed.
Indicates the number and size of packets sent (including
Sent
unicast/multicast/broadcast packets).

Platform N/A
Description

1.20 show ip pool

Use this command to display the IP address pool.

show ip pool [ pool-name ]

Parameter Parameter Description

Description pool-name Specifies the IP address pool.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays all IP address ranges.

Examples Ruijie# show ip pool
Pool Begin End Free In use
default 1.1.1.1 1.1.1.1 1 0
pool1 2.2.2.2 2.2.2.254 253 0
pool2 3.1.1.1 3.2.1.1 65537 0

1-20
Command Reference IP Address/Service Commands

pool3 192.168.1.1 192.168.1.254

Field Description

Pool Address pool name

Begin The start IP address of the address pool

Free The number of free IP addresses in the address pool

In use The number of IP addresses in use in the address pool

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.21 show ip raw-socket

Use this command to display IPv4 raw sockets.

show ip raw-socket [ num ]

Parameter Parameter Description

Description num Protocol.

Defaults N/A.

Command Mode Priviledged EXEC mode.

Usage Guide N/A.

Configuration The following example displays all IPv4 raw sockets.

Examples Ruijie# show ip raw-socket
Number Protocol Process name
1 ICMP dhcp.elf
2 ICMP vrrp.elf
3 IGMP igmp.elf
4 VRRP vrrp.elf
Total: 4
Field Description

Field Description

Number Number

Protocol Protocol

Process name Process name

1-21
Command Reference IP Address/Service Commands

Total Total number

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.22 show ip sockets

Use this command to display all IPv4 sockets.

show ip sockets

Parameter Parameter Description

Description N/A. N/A.

Defaults N/A.

Command Mode Privileged EXEC mode.

Usage Guide N/A.

Configuration The following displays all IPv4 sockets.

Examples Ruijie# show ip sockets
Number Process name Type Protocol LocalIP:Port ForeignIP:Port
State
1 dhcp.elf RAW ICMP 0.0.0.0:1 0.0.0.0:0
*
2 vrrp.elf RAW ICMP 0.0.0.0:1 0.0.0.0:0
*
3 igmp.elf RAW IGMP 0.0.0.0:2 0.0.0.0:0
*
4 vrrp.elf RAW VRRP 0.0.0.0:112 0.0.0.0:0
*
5 dhcpc.elf DGRAM UDP 0.0.0.0:68 0.0.0.0:0
*
6 rg-snmpd DGRAM UDP 0.0.0.0:161 0.0.0.0:0
*
7 wbav2 DGRAM UDP 0.0.0.0:2000 0.0.0.0:0
*
8 vrrp_plus.elf DGRAM UDP 0.0.0.0:3333 0.0.0.0:0
*
9 mpls.elf DGRAM UDP 0.0.0.0:3503 0.0.0.0:0

1-22
Command Reference IP Address/Service Commands

*
10 rds_other_th DGRAM UDP 0.0.0.0:3799 0.0.0.0:0
*
11 rg-snmpd DGRAM UDP 0.0.0.0:14800 0.0.0.0:0
*
12 rg-sshd STREAM TCP 0.0.0.0:22 0.0.0.0:0
LISTEN
13 rg-telnetd STREAM TCP 0.0.0.0:23 0.0.0.0:0
LISTEN
14 wbard STREAM TCP 0.0.0.0:4389 0.0.0.0:0
LISTEN
15 wbard STREAM TCP 0.0.0.0:7165 0.0.0.0:0
LISTEN
Total: 15
Field Description

Field Description

Number Serial number.

Process name Process name.

Socket type, including the following types:

RAW: raw sockets
Type
DGRAM: datagram type
STREAM: stream type.

Protocol Protocol.

LocalIP:Port Local IP address and port.

ForeignIP:Port Peer IP address and port.

State State. This field is for only TCP sockets.

Total The total number of sockets.

Related Command Description

Commands N/A N/A

Platform N/A
Description

1.23 show ip udp

Use this command to display IPv4 UDP sockets.

show ip udp [ local-port num | peer-port port-number ]

Use this command to display IPv4 UDP socket statistics.

show ip udp statistics

1-23
Command Reference IP Address/Service Commands

Parameter Parameter Description

Description local-port num Local port number
peer-port port-number Peer port number

Defaults N/A.

Command Mode Privileged EXEC mode.

Usage Guide N/A.

Configuration The following example displays all IPv4 UDP sockets.

Examples Ruijie# show ip udp
Number Local Address Peer Address Process name
1 0.0.0.0:68 0.0.0.0:0 dhcpc.elf
2 0.0.0.0:161 0.0.0.0:0 rg-snmpd
3 0.0.0.0:2000 0.0.0.0:0 wbav2
4 0.0.0.0:3333 0.0.0.0:0 vrrp_plus.elf
5 0.0.0.0:3503 0.0.0.0:0 mpls.elf
6 0.0.0.0:3799 0.0.0.0:0 rds_other_th
7 0.0.0.0:14800 0.0.0.0:0 rg-snmpd
Field Description

Field Description

Number Number.

Local Address Local IP address and port.

Peer Address Peer IP address and port.

Process name Process name.

The following example displays the statistics of IPv4 UDP sockets.

Ruijie# show ip udp statistics
Number of IPv4 UDP sockets is 4.
Field Description

Field Description

Number of IPv4 UDP sockets is x Displays the total number of IPv4 UDP sockets.

Related Command Description

Commands N/A N/A

Platform N/A
Description

1-24
Command Reference ARP Commands

2 ARP Commands

2.1 arp

Use this command to add a permanent IP address and MAC address mapping to the ARP cache
table. Use the no form of this command to restore the default setting.
arp ip-address mac-address type [ description string ]
no arp ip-address

Parameter Parameter Description

Description ip-address The IP address that corresponds to the MAC address. It includes four parts
of numeric values in decimal format separated by dots.
mac-address 48-bit data link layer address
type ARP encapsulation type. The keyword is arpa for the Ethernet interface.
string Description information of a static ARP, containing a maximum of 32
characters.

Defaults There is no static mapping record in the ARP cache table by default.

Command Global configuration mode.

Mode

Usage Guide RGOS finds the 48-bit MAC address according to the 32-bit IP address using the ARP cache table.
Since most hosts support dynamic ARP resolution, usually static ARP mapping is not necessary.
The clear arp-cache command can be used to delete the ARP mapping that is learned
dynamically.

Configuration The following example sets an ARP static mapping record for a host in the Ethernet.
Examples Ruijie(config)# arp 1.1.1.1 4e54.3800.0002 arpa

The following example adds description information, ABC.

Ruijie(config)# arp 1.1.1.1 4e54.3800.0002 arpa description ABC

Related Command Description

Commands clear arp-cache Clears the ARP cache table

Notification 1. Failed to delete the ARP entry because it does not exist.
Cannot remove ARP. ARP entry does not exist or reserved.

2. A static ARP entry cannot be added because the ARP cache is full or the corresponding IP
address is consistent with the local IP address.

2-1
Command Reference ARP Commands

Cannot add static ARP.

Platform N/A
Description

2.2 arp any-ip

Use this command to enable any IP ARP function.

Use the no form of this command to restore the default setting.
arp any-ip
no arp any-ip

Parameter Parameter Description

Description N/A N/A

Defaults This function is disabled by default.

Command Interface configuration mode

Mode

Usage Guide You should modify the configuration to access the network in the following two cases:
The client IP address is in the network segment configured on an interface connected directly with
the device, but the gateway IP address is not the IP address configured for the directly connected
interface.
The client IP address is not in the network segment configured on the interface connected directly
with the device. Instead, it is in another network segment, causing an IP address conflict.
If the client IP address is not in the connected network segment, the dynamic ARP table entries and
directly connected routes are generated following ARP requests initiated by clients. In the following
two cases (but not limited to the following two cases), clients cannot access the network and your
client should re-learn the gateway IP address after clearing ARP table entries.
The device proxy responses the ARP request. After learning the device MAC address, dynamic ARP
table entries and directly connected routes are cleared, the response packet cannot reach the client.
The device proxy responses the ARP request. The client disables any IP ARPand then enables it on
the interface after the learning the devices MAC address.
Disabling any IP ARP will clear dynamic ARP table entries and directly connected routes, causing
the response packet unable to reach the client.
If there are corresponding static ARP tables entries or ARP table entries of the VRRP IP address,
dynamic ARP table entries generated by any IP ARP may be overwritten or not be added, causing
any IP ARP failure.

Configuration The following example enables any IP ARP function.

Examples Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp any-ip
The following example disables any IP ARP function.

2-2
Command Reference ARP Commands

Ruijie(config)# interface gi 0/0

Ruijie(config-if-GigabitEthernet 0/0)# no arp any-ip

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.3 arp cache interface-limit

Use this command to set the maximum number of ARP learned on the interface.
Use the no form of this command to restore the default setting.
arp cache interface-limit limit
no arp cache interface-limit

Parameter Parameter Description

Description limit Sets the maximum number of ARP learned on the interface,
including static and dynamic ARPs, in the range from 0 to the
number supported on the interface. 0 indicates that the number is
not limited.

Defaults The default is 0.

Command Interface configuration mode

Mode

Usage Guide This function can prevent ARP attacks from generating ARP entries to consume memory. limit must
be no smaller than the number of ARPs learned on the interface. Otherwise, the configuration does
not take effect.

Configuration The following example sets the maximum number of ARP learned on the interface to 300.
Examples Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp cache interface-limit 300

The following example restores the default setting.

Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# no arp any-ip

Related Command Description

Commands N/A N/A

Platform N/A

2-3
Command Reference ARP Commands

Description

2.4 arp gratuitous-send interval

Use this command to set the interval of sending the free ARP request message on the
interface. Use theno form of this command to restore the default setting.
arp gratuitous-send interval seconds [ number ]
no arp gratuitous-send

Parameter Parameter Description

Description seconds The time interval to send the free ARP request message in
the range from 1 to 3600 in the unit of seconds.
number The number of sending the free ARP request message. By
default, the value is 1.

Defaults This function is disabled by default.

Command Mode Interface configuration mode.

Usage Guide If an interface of the switch is used as the gateway of its downlink devices and counterfeit
gateway behavior occurs in the downlink devices, you can configure to send the free ARP
request message regularly on this interface to notify that the switch is the real gateway.

Configuration The following example sets to send one free ARP request to GigabitEthernet 0/1 per second.
Examples Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# arp gratuitous-send interval 1

The following example stops sending the free ARP request to GigabitEthernet 0/1.
Ruijie(config)# interface gigabitethernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# no arp gratuitous-send

Related Commands Command Description

N/A N/A

Platform N/A
Description

2.5 arp oob

Use this command to configure the static ARP on the management interface. Use the no form of this
command to restore the default setting.
arp oob ip-address mac-address type
no arp oob ip-address

2-4
Command Reference ARP Commands

Parameter Parameter Description

Description The IP address corresponding to the MAC address, written as four
ip-address
groups of dotted decimal values.
mac-address The data link layer address, composed of 48 bits.
The ARP encapsulation type. The key word for the Ethernet
type
interface is arpa.

Defaults No static ARP is configured by default.

Command Global configuration mode

Mode

Usage Guide RGOS uses the ARP cache table to search for the 48-bit MAC address according to the 32-bit IP
address.
Most hosts support dynamic ARP analysis, so static ARP mapping does not need to be configured.
The clear arp-cache oob command is used to clear the ARP mapping learned by the management
port dynamically.
If no management interface is specified, the static ARP is configured on the first management
interface by default. If you specify the first management interface, the mgmt-name parameter is not
displayed by running the show run command.

Configuration The following example configures a static ARP mapping record for the Ethernet host
Examples Ruijie(config)# arp oob 1.1.1.1 4e54.3800.0002 arpa

Related Command Description

Commands N/A N/A

Platform MGMT ports are supported on NBR6205-E, NBR6205-E V2, NBR6210-E, NBR6210-E V2 and
Description NBR6215-E but not on NBR6120-E.

2.6 arp retry interval

Use this command to set the frequency for sending the arp request message locally, namely, the
time interval between two continuous ARP requests sent for resolving one IP address. Use the no
form of this command to restore the default setting.
arp retry interval seconds
no arp retry interval

Parameter Parameter Description

Description seconds Time for retransmitting the ARP request message in the range from
1 to 3600 in the unit of seconds.

2-5
Command Reference ARP Commands

Defaults The default is 1.

Command Global configuration mode.

Mode

Usage Guide The switch sends the ARP request message frequently, and thus causing problems like network
busy. In this case, you can set the retry interval of the ARP request message longer. In general, it
should not exceed the aging time of the dynamic ARP entry.

Configuration The following example sets the retry interval of the ARP request as 30 seconds.
Examples Ruijie(config)# arp retry interval 30

Related Command Description

Commands arp retry times Number of times for retransmitting an ARP request message.

Platform N/A
Description

2.7 arp retry times

Use this command to set the local retry times of the ARP request message, namely, the times of
sending the ARP request message to resolve one IP address. Use the no form of this command to
restore the default setting.
arp retry times number
no arp retry times

Parameter Parameter Description

Description number The times of sending the same ARP request in the range from 1
to100.When it is set as 1, it indicates that the ARP request is not
retransmitted, only 1 ARP request message is sent.

Defaults The default is 5.

Command Global configuration mode.

Mode

Usage Guide The switch sends the ARP request message frequently, and thus causing problems like network
busy. In this case, you can set the retry times of the ARP request smaller. In general, the retry times
should not be set too large.

Configuration The following example sets the local ARP request not to be retried.
Examples Ruijie(config)# arp retry times 1

The following example sets the local ARP request to be retried for one time.

2-6
Command Reference ARP Commands

Ruijie(config)# arp retry times 2

Related Command Description

Commands arp retry interval Interval for retransmitting an ARP request message

Platform N/A
Description

2.8 arp scan

Use this command to enable ARP scanning. Use the no form of this command to restore the
default setting.
arp scan [ start-ip-address end-ip-address ]
no arp scan [ start-ip-address end-ip-address ]

Parameter Parameter Description

Description Specifies the start IP address of the ARP scan range. The start IP address
start-ip-address
cannot be greater than the end IP address.
Specifies the end IP address of the ARP scan range. The end IP address
end-ip-address
cannot be smaller than the start IP address.

Defaults This function is disabled by default.

Command Interface configuration mode

Mode

Usage Guide This function is used together with the ARP turning function (from dynamic to static).
The IP address with neighboring ARP entries existing is not scanned.
If you know the allocated IP range with LAN, you can specify the ARP scan range. The number of
the specified IP addresses cannot be greater than 1024.
The start/end IP address of the ARP scan range must be in the same subnet as the interface IP
address.
If you do not specify the IP address range, only the primary IP subnet on the interface is scanned.
The subnet mask cannot be smaller than 22 bits.
ARP scanning takes effect once configured. It cannot be saved for the next time use.
ARP scanning takes effect on only an UP L3 interface (The link is UP and the port is configured
with an IP address).

Configuration The following example enables ARP scanning with the IP address range unspecified.
Examples Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp scan
The following example enables ARP scanning with the IP address range specified.
Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp scan 1.1.1.1 1.1.1.10

2-7
Command Reference ARP Commands

Related Command Description

Commands N/A N/A

Notification 1. If the start-ip-address or end-ip-address is invalid, the start-ip-address is greater than

end-ip-address, or the network segment where they reside differs from that of the interface, the
following prompt is displayed.
%notice: Invalid ip address range.
2. If the number of hosts in the specified IP address range is more than 1024, the following prompt
is displayed.
%notice: Failed to scan because ip address range is larger than 1024.
3. If the interface is not up, the following prompt is displayed.
%notice: Failed to scan because this interface is not up.

Common Error 1. The start-ip-address is greater than end-ip-address.

2. The network segment where start-ip-address and end-ip-address reside differs from that of the
interface.

Platform N/A
Description

2.9 arp timeout

Use this command to configure the timeout for the ARP static mapping record in the ARP cache.
Use the no form of this command to restore the default setting.
arp timeout seconds
no arp timeout

Parameter Parameter Description

Description secondsv The timeout is in the range from 0 to 2147483 in the unit of seconds.

Defaults The default is 3600.

Command Interface configuration mode/Global configuration mode

Mode

Usage Guide The ARP timeout setting is only applicable to the IP address and the MAC address mapping that
are learned dynamically. The shorter the timeout, the truer the mapping table saved in the ARP
cache, but the more network bandwidth occupied by the ARP. Hence the advantages and
disadvantages should be weighted. Generally it is not necessary to configure the ARP timeout
unless there is a special requirement.
The ARP aging time can be configured on global configuration mode and interface configuration

2-8
Command Reference ARP Commands

mode. But the ARP aging time configured on the interface has the higher prioprity than the aging
time configured globally. Therefore, if the ARP aging time on the interface 1 is set to 1,000 seconds,
the ARP aging time on the interface 1 is 1,800 seconds even when the ARP aging time is globally
set to 3,000 seconds, and the ARP aging time on other interfaces is 3,000 seconds.

Configuration The following example sets the timeout for the dynamic ARP mapping record that is learned
Examples dynamically from FastEthernet port 0/1 to 120 seconds.
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# arp timeout 120
The following example globally configures the ARP aging time as 3,000 seconds. If another aging
time is not set on the interface, the ARP aging time of all L3 interfaces is 3,000 seconds.
Ruijie(config)# arp timeout 3000

Related Command Description

Commands clear arp-cache Clears the ARP cache list.
show interface Displays the interface information.
show arp timout Displays the timeout of the interface.

Platform N/A
Description

2.10 arp trusted

Use this command to set the maximum number of trusted ARP entries. Use the no form of this
command to restore the default setting.
arp trusted number
no arp trusted

Parameter Parameter Description

Description number Maximum number of trusted ARP entries.

Defaults N/A

Command Global configuration mode.

Mode

Usage Guide To make this command valid, enable the trusted ARP function firstly. The trusted ARP entries and
other entries share the memory. Too much trusted ARP entries may lead to insufficient ARP entry
space. In general, you should set the maximum number of trusted ARP entries according to your
real requirements.

Configuration The following example sets 1000 trusted ARPs.

Examples Ruijie(config)# arp trusted 1000

2-9
Command Reference ARP Commands

Related Command Description

Commands service trustedarp Enables the trusted ARP function.

Platform N/A
Description

2.11 arp trusted aging

Use this command to set trusted ARP aging. Use the no form of this command to restore the
default setting.
arp trusted aging
no arp trusted aging

Parameter Parameter Description

Description N/A N/A

Defaults This function is disabled by default.

Command Global configuration mode.

Mode

Usage Guide Use this command to set trusted ARP aging. Aging time is the same as dynamic ARP aging time.
Use the arp timeout command to set aging time in interface mode.

Configuration The following example sets trusted ARP aging.

Examples Ruijie(config)# arp trusted aging

Related Command Description

Commands service trustedarp Enables trusted ARP function.

Platform N/A
Description

2.12 arp trust-monitor enable

Use this command to enable egress gateway trusted ARP. Use the no form of this command to
restore the default setting.
arp trust-monitor enable
no arp trust-monitor enable

Parameter Parameter Description

Description N/A N/A

2-10
Command Reference ARP Commands

Defaults This function is disabled by default.

Command Interface configuration mode

Mode

Usage Guide This command is used to prevent source consuming caused by ARP spoofing. When the trusted
ARP monitoring is enabled on a L3 interface, the ARP request packet is received by this interface:
If the corresponding entry does not exist, the system creates a dynamic ARP entry and performs the
NUD (neighbor unreachability detection) within 1 to 5 seconds. That is, the newly learned ARP entry
is set to aging state and the unicast ARP request is sent. If the peer ARP is updated within the aging
time, the entry is saved. Otherwise, the entry is deleted.
If the ARP entry already exists and the MAC address doesn’t be updated, the NUD is not performed.
If the MAC address of existing ARP entry has been updated, the NUD is also performed.
Enabling this function may affect the learning ability of ARP due to the strict confirmation added to
the ARP learning process.
When this function is disabled, the NUD is not required in ARP entry learning and ARP update.

Configuration The following example enables egress gateway trusted ARP.

Examples Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp trust-monitor enable
The following example disables engress gateway trusted ARP.
Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# no arp trust-monitor enable

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.13 arp unresolve

Use this command to set the maximum number of the unresolved ARP entries. Use no form of this
command to restore the default setting.
arp unresolve number
no arp unresolve

Parameter Parameter Description

Description number The maximum number of the unresolved ARP entries in the range
from 1 to the ARP table size supported by the device.

Defaults The default is the ARP table size supported by the device.

2-11
Command Reference ARP Commands

Command Global configuration mode.

Mode

Usage Guide If there are a large number of unresolved entries in the ARP cache table and they do not disappear
after a period of time, this command can be used to limit the quantity of the unresolved entries.

Configuration The following example sets the maximum number of the unresolved items to 500.
Examples Ruijie(config)# arp unresolve 500

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.14 arp-learning

Use this command to enable ARP learning. Use the no form of this command to disable this
function.
arp-learning enable
no arp-learning enable

Parameter Parameter Description

Description N/A N/A

Defaults This function is enabled by default

Command Interface configuration mode

Mode

Usage Guide After the device learns the dynamic ARP and turns it to the static ARP through Web, it is
recommended to enable ARP learning. Otherwise, it is not recommended to enable this function. If
this function is disabled with dynamic ARP existing, you can turn dynamic ARP to static ARP
through Web. You can also clear the dynamic ARP using the clear arp command to deny the
specified user’s access to Internet. Otherwise, the dynamic ARP will be aged and then cleared.
After this function is disabled, the AnyIP function and trust ARP detection are disabled.

Configuration The following example enables ARP learning.

Examples Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# arp-learning enable
The following example disbales ARP learning.
Ruijie(config)# interface gi 0/0
Ruijie(config-if-GigabitEthernet 0/0)# no arp-learning enable

2-12
Command Reference ARP Commands

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.15 clear arp-cache

Use this command to remove a dynamic ARP mapping record from the ARP cache table and clear
an IP route cache table.
clear arp-cache [trusted ] [ ip [mask ] ] | interface interface-name]

Parameter Parameter Description

Description trusted Deletes trusted ARP entries. Dynamic ARP entries are deleted by
default.
ip Deletes ARP entries of the specified IP address. If trusted value is
specified, trusted ARP entries are deleted; otherwise, all dynamic
ARP entries are deleted which is the default.
mask Deletes ARP entries in a subnet mask. If trusted value is specified,
trusted ARP entries in the subnet mask are deleted; otherwise, all
dynamic ARP entries are deleted. The dynamic ARP entry
specified by the IP address is deleted by default.
interface interface-name Deletes dynamic ARP entries on the specified interface. Dynamic
ARP entries are deleted on all interfaces by default.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide This command can be used to refresh an ARP cache table.

On a NFPP-based (Network Foundation Protection Policy) device, it receives one ARP packet for
every mac/ip address per second by default. If the interval of two clear arp times is within 1s, the
second response packet will be filtered and the ARP packet will not be resolved for a short time.

Configuration The following example deletes all dynamic ARP mapping records.
Examples Ruijie# clear arp-cache
The following deletes the dynamic ARP entry 1.1.1.1.
Ruijie# clear arp-cache 1.1.1.1
The following example deletes the dynamic ARP entry on interface GigabitEthernet 0/1.

2-13
Command Reference ARP Commands

Ruijie# clear arp-cache interface GigabitEthernet 0/1

Related Command Description

Commands arp Adds a static mapping record to the ARP cache table.

Platform N/A
Description

2.16 clear arp-cache oob

Use this command to clear dynamic ARP mapping records.

clear arp-cache oob [ ip [ mask ] ]

Parameter Parameter Description

Description Clears the ARP table entriy of the specified IP address. All dynamic
ip
ARP table entries are cleared by default.
Clears the ARP table entry within the specified subnet. The dynamic
mask ARP table entry of the specified IP address (the previous
parameter) is cleared by default.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide On a device supporting Network Foundation Protection Policy (NFPP), every MAC / IP address
receives an ARP packet per second by default. If the clear arp oob command is run twice within one
second, the second response packet may be filtered, causing ARP uanalysis for a short time.

Configuration The following example clears the cache table of dynamic ARP mapping records.
Examples Ruijie# clear arp-cache oob
The following example clears dynamic ARP table entry 1.1.1.1.
Ruijie# clear arp-cache oob 1.1.1.1
The following example clears the dynamic ARP table entry within the specified subnet.
Ruijie# clear arp-cache oob 1.0.0.0 255.0.0.0

Related Command Description

Commands N/A N/A

Platform MGMT ports are supported on NBR6205-E, NBR6205-E V2, NBR6210-E, NBR6210-E V2 and
Description NBR6215-E but not on NBR6120-E.

2-14
Command Reference ARP Commands

2.17 ip proxy-arp

Use this command to enable ARP proxy function on the interface. Use the no form of this
command to restore the default setting.
ip proxy-arp
no ip proxy-arp

Parameter Parameter Description

Description N/A N/A

Defaults This function is enabled by default.

Command Mode Interface configuration mode.

Usage Guide Proxy ARP helps those hosts without routing message obtain MAC address of other networks or
subnet IP address. For example, a device receives an ARP request. The IP addresses of request
sender and receiver are in different networks. However, the device that knows the routing of IP
address of request receiver sends ARP response, which is Ethernet MAC address of the device
itself.

Configuration The following example enables ARP on FastEthernet port 0/1.

Examples Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if)# ip proxy-arp

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.18 show arp

Use this command to display the Address Resolution Protocol (ARP) cache table
show arp [ interface-type interface-number | trusted [ ip [ mask ] ] | [ ip [ mask ] | mac-address |
static | complete | incomplete ] ]

Parameter Parameter Description

Description
interface-type Displays the ARP entry of a specified Layer-2 or Layer-3 port.
interface-number
trusted Displays the trusted ARP entries.
Displays the ARP entry of the specified IP address. If trusted is
ip configured, only trusted ARP entries are displayed. Otherwise, untrusted
ARP entries are displayed.

2-15
Command Reference ARP Commands

Displays the ARP entries of the network segment included within the
mask mask. If trusted is configured, only trusted ARP entries are displayed.
Otherwise, untrusted ARP entries are displayed.
static Displays all the static ARP entries.
complete Displays all the resolved dynamic ARP entries.
incomplete Displays all the unresolved dynamic ARP entries.
mac-address Displays the ARP entry with the specified mac address.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays all ARP entries:

Examples Ruijie# show arp
Protocol Address Age(min) Hardware Type Interface
Internet 10.51.209.1 18 00d0.f822.3617 arpa GigabitEthernet 0/7
Internet 10.51.209.4 48 00d0.f801.2323 arpa GigabitEthernet 0/7
Internet 10.51.209.203 -- 00d0.f722.3427 arpa GigabitEthernet 0/7
Internet 10.51.209.206 48 00d0.f822.3418 arpa GigabitEthernet 0/7
Internet 10.51.209.239 56 7cd3.0a64.9a60 arpa GigabitEthernet 0/7
Internet 10.51.209.241 48 7cd3.0a64.9a60 arpa GigabitEthernet 0/7
Total number of ARP entries: 6

The meaning of each field in the ARP cache table is described as below:
Table 1 Fields in the ARP cache table
Field Description

Protocol Protocol of the network address, always to be Internet

Address IP address corresponding to the hardware address

Age (min) Age of the ARP cache record, in minutes; If it is not locally or statically
configured, the value of the field is represented with “-”.

Hardware Hardware address corresponding to the IP address

Type Hardware address type, ARPA for all Ethernet addresses

Interface Interface associated with the IP addresses

The following example displays the ARP entries of the address 192.168.195.68
Ruijie# show arp 192.168.195.68
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.68 1 0013.20a5.7a5f arpa GigabitEthernet 0/7

The following example displays the ARP entries of the subnet 192.168.195.0/24

2-16
Command Reference ARP Commands

Ruijie# show arp 192.168.195.0 255.255.255.0

Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.64 0 0018.8b7b.9106 arpa GigabitEthernet 0/7
Internet 192.168.195.2 1 00d0.f8ff.f00e arpa GigabitEthernet 0/7
Internet 192.168.195.5 -- 00d0.f822.33b1 arpa GigabitEthernet 0/7
Internet 192.168.195.1 0 00d0.f8a6.5af7 arpa GigabitEthernet 0/7
Internet 192.168.195.51 1 0018.8b82.8691 arpa GigabitEthernet 0/7

The following example displays the ARP entries of the MAC address 001a.a0b5.378d
Ruijie# show arp 001a.a0b5.378d
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.67 4 001a.a0b5.378d arpa GigabitEthernet 0/7

The following example displays the static ARP entries.

Ruijie# show arp static
Protocol Address Age(min) Hardware Type Interface Origin
Internet 192.168.23.55 <static> 0000.0000.0010 arpa GigabitEthernet
0/7 Configure
Internet 192.168.23.56 <static> 0000.0000.0020 arpa GigabitEthernet
0/7 Authentication
2 static arp entries exist.
The meaning of each field in the ARP cache table is described as below:
Field Description

Protocol Protocol of the network address, always to be Internet

Address IP address corresponding to the hardware address

Age (min) Age of the ARP cache record, in minutes; If it is not locally or statically
configured, the value of the field is represented with “-”.

Hardware Hardware address corresponding to the IP address

Type Hardware address type, ARPA for all Ethernet addresses

Interface Interface associated with the IP addresses

origin Origin of the static ARP enteries. “Configure” means configuring maually;
“Authentication” means generating via authentication.

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.19 show arp counter

Use this command to display the number of ARP entries in the ARP cache table.

2-17
Command Reference ARP Commands

show arp counter

Parameter Parameter Description

Description N/A N/A

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays the output result of the show arp counter command:
Examples Ruijie# show arp counter
ARP Limit: 75000
Count of static entries: 0
Count of dynamic entries: 1 (complete: 1 incomplete: 0)
Total: 1
The meaning of each field in the ARP cache table is described in the following Table.
Parameter Description
overlay Indicates the number of VxLAN-related ARP
entries.
underlayer Indicates the number of VxLAN-irrelated ARP
entries.

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.20 show arp detail

Use this command to display the details of the Address Resolution Protocol (ARP) cache table.
show arp detail [ interface-type interface-number | trusted [ ip [ mask ] ] | [ ip [ mask ] | mac-address
| static | complete | incomplete ]

Parameter
Parameter Description
Description
interface-type interface-number Displays the ARP of the layer 2 port or the layer 3 interface.
trusted Displays the trusted ARP entries.
ip Displays the ARP entry of the specified IP address.
ip mask Displays the ARP entries of the network segment included

2-18
Command Reference ARP Commands

within the mask.

mac-address Displays the ARP entry of the specified MAC address.
static Displays all the static ARP entries.
completev Displays all the resolved dynamic ARP entries.
incomplete Displays all the unresolved dynamic ARP entries.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide Use this command to display the ARP details, such as the ARP type (Dynamic, Static, Local, Trust),
the information on the layer2 port.
If you enter a min_value greater than max_value, no error message is prompted. Instead, ARP
entries corresponding to the subvlan are displayed.

Configuration The following example displays arp details including InnerVLAN on products supporting QinQ
Examples termination:
Ruijie# show arp detail
IP Address MAC Address Type Age(min) Interface Port
SubVlan InnerVlan
20.1.1.2 0020.0101.0002 Static -- Te2/5 -- --
20.1.1.1 00d0.f822.33bb Local -- Te2/5 -- --
1.1.1.2 00d0.1111.1112 Dynamic 1 Vl2 Te2/1 4
300
1.1.1.1 00d0.f822.33bb Local -- Vl2 -- --

The following example displays description information on a device supporting configuration of

description.
Ruijie# show arp detail
IP Address MAC Address Type Age(min) Interface Port description
1.1.1.1 00d0.f822.33eb Static -- Gi0/0 -- To-lib

The meaning of each field in the ARP cache table is described as below:
Table 1 Fields in the ARP cache table
Field Description

IP Address IP address corresponding to the hardware address

MAC Address hardware address corresponding to the IP address

Type ARP type, includes the Static, Dynamic, Trust,Local

Age (min) Age of the ARP learning, in minutes

Interface Layer 3 interface associated with the IP addresses

Port Layer2 port associated with the ARP

2-19
Command Reference ARP Commands

SubVLAN SubVLAN corresponding to the ARP entries

Location Local: ARP entries are generated or learned on the local

device.
Remore: ARP entries are synced from a remote gateway.

Description Description of a static ARP.

Related Command Description

Commands N/A N/A

Platform N/A
Description

2.21 show arp oob

Use this command to display the ARP cache table.

show arp oob [ ip [ mask ] | static | complete | incomplete | mac-address ]

Parameter Parameter Description

Description ip Displays ARP table entries of the specified IP address.
mask Displays ARP table entries within the IP subnet.
static Displays all static ARP table entries.
complete Displays all analyzed ARP table entries.
incomplete Displays all unanalyzed ARP table entries.
mac-address Displays ARP table entries of the specified MAC address.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide This command is used to display the ARP cache table. The complete / incomplete key word
represents analyzed / unanalyzed ARP table entries.

Configuration The following example displays the outcome of the running the show arp oob command.
Examples Ruijie# show arp oob
Total Numbers of Arp: 7
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.68 0 0013.20a5.7a5f arpa mgmt 0
Internet 192.168.195.67 0 001a.a0b5.378d arpa mgmt 0
Internet 192.168.195.65 0 0018.8b7b.713e arpa mgmt 0
Internet 192.168.195.64 0 0018.8b7b.9106 arpa mgmt 0
Internet 192.168.195.63 0 001a.a0b5.3990 arpa mgmt 0
Internet 192.168.195.62 0 001a.a0b5.0b25 arpa mgmt 0

2-20
Command Reference ARP Commands

Internet 192.168.195.5 -- 00d0.f822.33b1 arpa mgmt 0

The following example displays the outcome of running the show arp oob 192.168.195.68
command.
Ruijie# show arp oob 192.168.195.68
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.68 1 0013.20a5.7a5f arpa mgmt 0
The following example displays the outcome of running the show arp oob 192.168.195.0
255.255.255.0.
Ruijie# show arp 192.168.195.0 255.255.255.0
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.64 0 0018.8b7b.9106 arpa mgmt 0
Internet 192.168.195.2 1 00d0.f8ff.f00e arpa mgmt 0
Internet 192.168.195.5 -- 00d0.f822.33b1 arpa mgmt 0
Internet 192.168.195.1 0 00d0.f8a6.5af7 arpa mgmt 0
Internet 192.168.195.51 1 0018.8b82.8691 arpa mgmt 0
The following example displays the outcome of running the show arp oob 001a.a0b5.378d
command.
Ruijie# show arp 001a.a0b5.378d
Protocol Address Age(min) Hardware Type Interface
Internet 192.168.195.67 4 001a.a0b5.378d arpa mgmt 0

Field Description

Only “Internet“ is available at present, which indicates the

Protocol
IP protocol.

Address The IPv4 address.

The age of the table entry. For the local IP address, the
field is displayed as ’-’. For the static table entry, the field
Age(min) is displayed as <static>. For the dynamic table entry, the
field indicates the time for which the table entry has been
learned, in the unit of minutes.
48-bit MAC address, written as a dotted triple of four-digit
Hardware
hexadecimal numbers.

Type Only “arpa” is available at present.

The L3 interface corresponding to the ARP table entry.

The field is NULL for static ARP table entries for the IP
Interface
address of the static ARP is not within any network
segment directly connected with the device.

Related Command Description

Commands N/A N/A

Platform MGMT ports are supported on NBR6205-E, NBR6205-E V2, NBR6210-E, NBR6210-E V2 and
Description NBR6215-E but not on NBR6120-E.

2-21
Command Reference ARP Commands

2.22 show arp packet statistics

Use this command to display the statistics of ARP packets.

show arp packet statistics [ interface-name ]

Parameter Parameter Description

Description interface-name Displays the statistics of ARP packets on the specified interface.

Defaults N/A.

Command Privileged EXEC mode.

Mode

Usage Guide N/A.

Configuration The following example displays the output information of the command.
Examples Ruijie# show arp packet statistics
Interface Received Received Received Sent Sent
Name Requests Replies Others Requests Replies
-------------------- -------- -------- -------- -------- -------
GigabitEthernet 0/0 0 0 0 0 0
GigabitEthernet 0/1 0 0 0 0 0
GigabitEthernet 0/2 0 0 0 0 0
GigabitEthernet 0/3 0 0 0 0 0
GigabitEthernet 0/4 0 0 0 0 0
GigabitEthernet 0/5 0 0 0 0 0
GigabitEthernet 0/6 0 0 0 0 0
GigabitEthernet 0/7 59068 100 0 103 84
GigabitEthernet 0/9 0 0 0 0 0
Description of fields:
Field description
Received Requests Number of received ARP requests
Received Replies Number of received ARP response messages
Received Others Number of other received ARP packets
Sent Requests Number of sent ARP requests
Sent Replies Number of sent ARP requests

Related Command Description

Commands N/A. N/A.

Platform N/A
Description

2-22
Command Reference ARP Commands

2.23 show arp timeout

Use this command to display the aging time of a dynamic ARP entry on the interface.
show arp timeout

Parameter Parameter Description

Description N/A. N/A.

Defaults N/A.

Command Privileged EXEC mode

Mode

Usage Guide N/A.

Configuration The following example displays the output of the show arp timeout command:
Examples Ruijie# show arp timeout
Interface arp timeout(sec)
---------------------- ----------------
GigabitEthernet 0/0 3600
GigabitEthernet 0/1 3600
GigabitEthernet 0/2 3600
GigabitEthernet 0/3 3600
GigabitEthernet 0/4 3600
GigabitEthernet 0/5 3600
GigabitEthernet 0/6 3600

Description of fields:

Field description

Interface Interface name

arp timeout(sec) Aging time of ARP entries in seconds.

Related Command Description

Commands N/A. N/A.

Platform N/A
Description

2.24 show ip arp

Use this command to display the Address Resolution Protocol (ARP) cache table.
show ip arp

2-23
Command Reference ARP Commands

Parameter Parameter Description

Description N/A. N/A.

Defaults N/A.

Command Privileged EXEC mode.

Mode

Usage Guide N/A.

Configuration The following example displays the output of show ip arp:

Examples Ruijie# show ip arp
Protocol Address Age(min)Hardware Type Interface
Internet 192.168.7.233 23 0007.e9d9.0488 ARPA FastEthernet 0/0
Internet 192.168.7.112 10 0050.eb08.6617 ARPA FastEthernet 0/0
Internet 192.168.7.79 12 00d0.f808.3d5c ARPA FastEthernet 0/0
Internet 192.168.7.1 50 00d0.f84e.1c7f ARPA FastEthernet 0/0
Internet 192.168.7.215 36 00d0.f80d.1090 ARPA FastEthernet 0/0
Internet 192.168.7.127 0 0060.97bd.ebee ARPA FastEthernet 0/0
Internet 192.168.7.195 57 0060.97bd.ef2d ARPA FastEthernet 0/0
Internet 192.168.7.183 -- 00d0.f8fb.108b ARPA FastEthernet 0/0

Each field in the ARP cache table has the following meanings:

Field Description

Protocol Network address protocol, always Internet.

Address The IP address corresponding to the hardware address.

Age of the ARP cache record, in minutes; If it is not locally or statically

Age (min)
configured, the value of the field is represented with “-”.

Hardware Hardware address corresponding to the IP address

The type of hardware address. The value is ARPA for all Ethernet
Type
addresses.

Interface Interface associated with the IP address.

Related Command Description

Commands N/A. N/A.

Platform N/A
Description

2-24
Command Reference IP Event Dampening Commands

3 IP Event Dampening Commands

3.1 dampening

Use this command to enable the IP event dampening function on the interface. Use the no or default
form of this command to disable this function.
dampening [ half-life-period [ reuse-threshold suppress-threshold max-suppress [ restart
[ restart-penalty ] ] ] ]
no dampening
default dampening

Parameter
Parameter Description
Description
half-life-period Configures the half-life period of suppression penalty. The range is
from 1 to 30. The unit is seconds. The default value is 5 seconds.
reuse-threshold Configures the penalty threshold to unsuppress the interface. The
range is from 1 to 20,000. The default value is 1,000.
suppress-threshold Configures the penalty threshold to suppress the interface. The range
is from 1 to 20,000. The default value is 2,000.
max-suppress Configures the maximum suppress time. The range is from 1 to 255.
The default value is 4 times of the half-life-period.
restart Activates the restart penalty.
restart-penalty Configures the initial penalty value on the interface. The range is from
1 to 20,000. The default value is 2,000.

Defaults IP event dampening is disabled by default.

Command Interface configuration mode.

mode

Usage Guide This function will influence the modules of the directly-connected/host route, static route, dynamic
route and VRRP. If one interface meets the configuration condition of this command, which is in the
suppression status, the above influenced modules consider the status of this interface as DOWN, so
as to delete the corresponding route and not transcieve the data packets on this interface.
Re-configuring the dampening command on the interface that has been configured this command
makes all dampening information on this interface cleared. However, the interface flapping times will
be remained unless use the clear counters command to clear the statistical information of the
interface.
Too small max-suppress configured may cause the maximum penalty value obtained from the
calculation smaller than the suppression threshold to make this interface will not be suppressed
forever. Therefore, it belongs to the erroneous configuration. In this case, the following message will

3-1
Command Reference IP Event Dampening Commands

prompt for the configuration error:

% Maximum penalty (10) is less than suppress penalty (2000). Increase maximum suppress time
Besides, when configuring this command, it will prompt the following message as well if the system
memory is not enough to save this configuration:
% No memory, configure dampening fail!
Note: For routers, this function can be configured on the master interface only. This function takes
effect for all sub-interfaces of the master interface with this command configured, but this command
cannot be configured on the sub-interface directly. This command cannot be configured on the virtual
template.

Configuration The following example configures the IP event dampening function.

Examples Ruijie(config)#interface gigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# dampening 30 1500 10000 100

Related
Command Description
Commands
clear counters Clears the interface counters.
Displays the statistics of the dampening
show dampening interface
interface.
show interface dampening Displays details of the dampening interface.

Platform When a Layer-3 port is converted to a Layer-2 port, the IP Event Dampening configuration on the port
Description will be deleted.

3.2 show dampening interface

Use this command to show the statistics of the dampening interface.

show dampening interface

Parameter
Parameter Description
Description
N/A N/A

Defaults N/A

Command Privileged EXEC mode/ global configuration mode/ interface configuration mode
mode

Usage Guide N/A

Configuration The following example displays the statistics of the dampening interface.
Examples Ruijie# show dampening interface
3 interfaces are configured with dampening.

3-2
Command Reference IP Event Dampening Commands

No interface is being suppressed.

Related
Command Description
Commands
Enables the IP event dampening function on
dampening
the interface.
clear counters Clears the interface counters.
Displays details of IP event dampening
show interface dampening
configuration.

Platform N/A
Description

3.3 show interface dampening

Use this command to display the details of IP event dampening configuration.

show interface [ interface-Id ] dampening

Parameter
Parameter Description
Description
interface-id Interface name

Defaults N/A

Command Privileged EXEC mode/ global configuration mode/ interface configuration mode
mode

Usage Guide If the interface-id is specified, only the dampening information of this specified interface is displayed.

Configuration The following example shows the details of IP event dampening configuration.
Examples Ruijie# show interface GigabitEthernet 0/1 dampening
Flaps Penalty Supp ReuseTm HalfL ReuseV SuppV MaxSTm MaxP Restart
0 0 FALSE 0 5 1000 2000 20 16000 0

Domain Description
Flaps Interface flapping times.
Penalty The current penalty value on the interface.
Supp Suppressed or not.
ReuseTm Time to unsuppress the interface, in seconds.
HalfL Half-life period, in seconds.
ReuseV Unsuppressed threshold.
SuppV Start suppression threshold.

3-3
Command Reference IP Event Dampening Commands

MaxSTm Maximum suppression time.

MaxP Maximum penalty value.
Restart The initial penalty value on the interface.

Related
Command Description
Commands
dampening Enables the IP event dampening function.
clear counters Clears the interface counters.
show dampening interface Displays statistics of the dampening interface.

Platform N/A
Description

3-4
Command Reference TCP Commands

4 TCP Commands

4.1 ip tcp adjust-mss

Use this command to change the Maximum Segment Size (MSS) option value of SYN packets sent
and received on an interface. Use the no form of this command to restore the default setting.
ip tcp adjust-mss max-segment-size
no ip tcp adjust-mss

Parameter
Parameter Description
Description
max-segment-size Maximum segment size in the range from 500 to 1460 bytes

Defaults The MSS option value of SYN packets is not changed by default.

Command Interface configuration mode

Mode

Usage Guide MSS refers to the maximum size of the payload of a TCP packet.
The TCP Path MTU (PMTU) is implemented as per RFC1191. This feature can improve the network
bandwidth utilization ratio. When the user uses TCP to transmit mass data, this feature can
substantially enhance the transmission performance.
When the client initiates a TCP connection, it negotiates the maximum payload of TCP packets
through the MSS option field of the TCP SYN packet. The MSS value of the client's SYN packet
implies the maximum payload of TCP packets sent by the server, and vice versa.
Configuring this command on the interface will change the MSS option of SYN packets received or
sent by the interface to the MSS value configured on the interface. If the MSS is configured on both
the inbound interface and the outbound interface of the SYN packet, the smaller of the two applies. It
is recommended that you configure the same value on the inbound interface and outbound interface.
This command actually changes the SYN packet exchanged during TCP connection establishment.
For some versions, this command may also change the SYN+ACK packet.
This command takes effect on the subsequent TCP connections to be established instead of
established TCP connections.

Configuration The following example changes the MSS option value of the TCPv4 SYN packet to 1000 bytes on
Examples port GigabitEthernet 0/0.
Ruijie(config-if-GigabitEthernet 0/0)# ip tcp adjust-mss 1000

Related
Command Description
Commands
N/A N/A

4-1
Command Reference TCP Commands

Platform N/A
Description

4.2 ip tcp keepalive

Use this command to enable the TCP keepalive function. Use the no form of this command to restore
the default setting,
ip tcp keepalive [ interval num1 ] [ times num2 ] [ idle-period num3 ]
no ip tcp keepalive

Parameter
Parameter Description
Description
The interval of sending the keepalive packet, in the range from1 to
interval num1
120 in the unit of seconds, The default is 75.
Keepalive packet sending times, in the range from 1 to 10. The
times num2
default is 6.
Idle time, the time period during which the peer end does not send
idle-period num3 any packet to the local end, in the range from 60 to 1800 in the unit of
seconds. The default is 900.

Defaults The function is disabled by default.

Command Global configuration mode

Mode

Usage Guide The keepalive function enables TCP to detect whether the peer end is operating properly.
Suppose the keepalive function is enabled together with default interval, times and idle-period
settings. TCP begins to send the keepalive packet at an interval of 75 seconds if it does not receive
any packet from the peer end in 900 seconds. The TCP connection is considered invalid and then
disconnected automatically if the device sends the keepalive packet for six consecutive times without
receiving any TCP packet from the peer end. This command applies to both IPv4 and IPv6 TCP.

Configuration The following example enables the TCP keepalive function on the device and sets the idle-period
Examples and interval to180 and 60 respectively. If the device sends the keepalive packet for four consecutive
times without receiving any TCP packet from the peer end, the TCP connection is considered invalid.
Ruijie(config)# ip tcp keepalive interval 60 times 4 idle-period 180

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4-2
Command Reference TCP Commands

4.3 ip tcp mss

Use this command to set the upper limit of the MSS value. Use the no form of this command to
restore the default setting.
ip tcp mss max-segment-size
no ip tcp mss

Parameter
Parameter Description
Description
max-segment-size Upper limit of the MSS value in the range from 68 to 10000 bytes

Defaults The default MSS = Outgoing IPv4/v6 MTU- IPv4/v6 header-TCP header.

Command Global configuration mode

Mode

Usage Guide This command is used to limit the maximum value of MSS for the TCP connection to be created. The
negotiated MSS cannot exceed the configured value. You can use this command to reduce the
maximum value of MSS. However, this configuration is not needed in general. This command applies
to both IPv4 and IPv6 TCP.

The MSS value is calculated as follows:

IPv4 TCP: MSS = Outgoing interface MTU –IP header size (20-byte)–TCP header size (20-byte).

If a connection supports certain options, the option length (with data offset taken into
consideration) should be deducted from an MSS value. For example, 20 bytes for MD5 digest
(with data offset taken into consideration) should be subtracted from the MSS.

The effective MSS is the smaller one between the calculated MSS and the configured MSS.

Configuration The following example sets the upper limit of the MSS value to 1300 bytes.
Examples Ruijie(config)# ip tcp mss 1300

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.4 ip tcp path-mtu-discovery

Use this command to enable Path Maximum Transmission Unit (PMTU) discovery function for TCP in
global configuration mode. Use the no form of this command to restore the default setting.
ip tcp path-mtu-discovery [ age-timer minutes | age-timer infinite ]

4-3
Command Reference TCP Commands

no ip tcp path-mtu-discovery

Parameter
Parameter Description
Description
The time interval for further discovery after discovering PMTU. Its
age-timer minutes
value ranges from 10 to 30 minutes. The default value is 10.
age-timer infinite No further discovery after discovering PMTU

Defaults This function is disabled by default.

Command Global configuration mode

Mode

Usage Guide Based on RFC1191, the TCP path MTU function improves the network bandwidth utilization and data
transmission when the user uses TCP to transmit the data in batch.
Enabling or disabling this function takes no effect for existent TCP connections and is only effective
for TCP connections to be created. This command applies to only IPv4 TCP. This function is enabled
for IPv6 TCP constantly and cannot be disabled.
According to RFC1191, after discovering the PMTU, the TCP uses a greater MSS to detect the new
PMTU at a certain interval, which is specified by the parameter age-timer. If the PMTU discovered is
smaller than the MSS negotiated between two ends of the TCP connection, the device will be trying to
discover the greater PMTU at the specified interval untill the PMTU value reaches the MSS or the
user stops this timer. Use the parameter age-timer infinite to stop this timer.

Configuration The following example enables PMTU discovery.

Examples Ruijie(config)# ip tcp path-mtu-discovery

Related
Command Description
Commands
Shows the PMTU value for the TCP
show tcp pmtu
connection.

Platform N/A
Description

4.5 ip tcp send-reset

Use this command to enable the device to send the reset packet when receiving the TCP port
unreachable packet. Use the no form of this command to disable this function.
ip tcp send-reset
no ip tcp send-reset

Parameter Parameter Description

4-4
Command Reference TCP Commands

Description
N/A N/A

Defaults This function is enabled by default.

Command Global configuration mode

Mode

Usage Guide In general, when dispatching the TCP packet, the TCP module replies a reset packet automatically to
disconnect the TCP connection with the peer end if the TCP connection that this packet belongs to is
not found, However, flooding TCP port unreachable packets pose an attack threat to the device, This
command can be used to disable the device from sending the reset packet when receiving the TCP
port unreachable packet. This command applies to both IPv4 and IPv6 TCP.

Configuration The following example disables the device from sending the reset packet when receiving the TCP
Examples port unreachable packet.
Ruijie(config)# no ip tcp send-reset

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.6 ip tcp synwait-time

Use this command to set the timeout value for SYN packets (the maximum time from SYN
transmission to successful three-way handshake). Use the no form of this command to restore the
default setting.
ip tcp synwait-time seconds
no ip tcp synwait-time seconds

Parameter
Parameter Description
Description
Timeout value for SYN packets in the range from 5 to 300 in the unit
seconds
of seconds.

Defaults The default is 20.

Command Global configuration mode

Mode

4-5
Command Reference TCP Commands

Usage Guide If there is an SYN attack in the network, reducing the SYN timeout value can prevent resource
consumption, but it takes no effect for successive SYN attacks. When the device actively requests a
connection with an external device, reducing the SYN timeout value can shorten the time for the user
to wait, such as telnet login. For poor network conditions, the timeout value can be increased
properly. This command applies to both IPv4 and IPv6 TCP.

Configuration The following example set the timeout value for SYN packets to 10 seconds.
Examples Ruijie(config)# ip tcp syntime-out 10

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.7 ip tcp window-size

Use this command to change the size of receiving buffer and sending buffer for TCP connections.
Use the no form of this command to restore the default setting.
ip tcp window-size size
no ip tcp window-size

Parameter
Parameter Description
Description
Size of receiving buffer and sending buffer for TCP connections in the
size
range from 128 to 65535 << 14 bytes.

Defaults The default is 65535.

Command Global configuration mode

Mode

Usage Guide The TCP receiving buffer is used to buffer the data received from the peer end. These data will be
subsequently read by application programs. Generally, the window size of TCP packets implies the
size of free space in the receiving buffer. For connections involving a large bandwidth and mass data,
increasing the size of receiving buffer will remarkably improve TCP transmission performance.
If the size of TCP window is larger than 65535 bytes, this function is enabled automatically.

Configuration The following example sets the TCP window size to 16386 bytes.
Examples Ruijie(config)# ip tcp window-size 16386

Related Command Description

4-6
Command Reference TCP Commands

Commands
N/A N/A

Platform N/A
Description

4.8 service tcp-keepalives-in

Use this command to enable the keepalive function for the TCP server. Use the no form of this
command to restore the default setting.
service tcp-keepalives-in [ interval ] [ garbage ]
no service tcp-keepalives-in

Parameter
Parameter Description
Description
The interval of sending keepalive packets, in the range from 1 to
interval
65535 in the unit of seconds. The default is 60.
The keepalive packet contains one-byte invalid data. The invalid data
garbage
is not contained by default.

Defaults This function is disabled by default.

Command Global configuration mode

Mode

Usage Guide The keepalive function enables the TCP server to detect whether the client is operating properly.
If the TCP server sends the keepalive packet for four consecutive times without receiving any TCP
packet from the client, the TCP connection is considered invalid and then is disconnected
automatically.

Configuration The following example enables the keepalive function for the TCP server and sets the interval of
Examples sending the keepalive packet to 10 seconds. The keepalive packet contains one-byte invalid data.
Ruijie(config)# service tcp-keepalives-in 10 garbage

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4-7
Command Reference TCP Commands

4.9 service tcp-keepalives-out

Use this command to enable the keepalive function for the TCP client. Use the no form of this
command to restore the default setting,
service tcp-keepalives-out [ interval ] [ garbage ]
no service tcp-keepalives-out [ interval ] [ garbage ]

Parameter
Parameter Description
Description
The interval of sending keepalive packets, in the range from 1 to
interval
65535 in the unit of seconds. The default is 60.
The keepalive packet contains one-byte invalid data. The invalid data
garbage
is not contained by default.

Defaults This function is disabled by default.

Command Global configuration mode

Mode

Usage Guide The keepalive function enables the TCP client to detect whether the server is operating properly.
If the TCP client sends the keepalive packet for four consecutive times without receiving any TCP
packet from the server, the TCP connection is considered invalid and then is disconnected
automatically.

Configuration The following example enables the keepalive function for the TCP client and sets the interval of
Examples sending the keepalive packet to 10 seconds. The keepalive packet contains one-byte invalid data
Ruijie(config)# service tcp-keepalives-out 10 garbage

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.10 show tcp connect

Use this command to display basic information about the current TCP connections.
show tcp connect [ local-ip a.b.c.d ] [ local-port num ] [ peer-ip a.b.c.d ] [ peer-port num ]
Use this command to display the current IPv4 TCP connection statistics.
show tcp connect statistics

4-8
Command Reference TCP Commands

Parameter
Parameter Description
Description
local-ip a.b.c.d Local IP address.
local-port num Local port.
peer-ip a.b.c.d Peer IP address.
peer-port num Peer port.
statistics Displays IPv4 TCP connection statistics.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays the current IPv4 TCP connection information.
Examples Ruijie# show tcp connect
Number Local Address Foreign Address State Process name
1 0.0.0.0:22 0.0.0.0:0 LISTEN rg-sshd
2 0.0.0.0:23 0.0.0.0:0 LISTEN rg-telnetd
3 1.1.1.1:23 1.1.1.2:64201 ESTABLISHED rg-telnetd
Field Description
Number Sequence number.
Local Address The Local address and port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address The remote address and port number. The number after the
last “.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
State Current status of the TCP connection. There are eleven
possible states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent out.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the

4-9
Command Reference TCP Commands

peer end, and then sent its own FIN packet.

CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the
FIN packet.
Process name Process name.
The following example displays the current IPv4 TCP connection statistics.
Ruijie# show tcp connect statistics
State Count
----- -----
ESTABLISHED 1
SYN_SENT 0
SYN_RECV 0
FIN_WAIT1 0
FIN_WAIT2 0
TIME_WAIT 0
CLOSED 0
CLOSE_WAIT 0
LAST_ACK 0
LISTEN 1
CLOSING 0
Total: 2

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.11 show tcp parameter

Use this command to show TCP parameters.

show tcp parameter

Parameter
Parameter Description
Description
N/A N/A

4-10
Command Reference TCP Commands

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example shows TCP parameters.

Examples Ruijie# show tcp parameter
Hash table information:
Established hash bucket size: 16384
Bind hash bucket size: 16384
Memory information:
Global memory limit: low=92160, pressure=122880, high=184320 (unit: pages)
Per-socket receive buffer size: min=4096, default=87380, max=3932160 (unit:
bytes)
Per-socket send buffer size: min=4096, default=16384, max=3932160 (unit:
bytes)
Current allocated memory: 0
Current memory pressure flag: 0
SYN specific information:
Max SYN_RECV sockets per LISTEN socket: 65535
Max SYN retries: 5
Max SYN ACK retries: 5
Timewait specific information:
Max timewait sockets: 180000
Current timewait sockets: 0
Timewait recycle: 0
Reuse timewait port: 0
Keepalive information:
Keepalive on: 0
Idle period: 900 seconds
Interval: 75 seconds
Max probes: 6
MTU probing:
Enable mtu probing: 0
FIN specific information:
FIN_WAIT_2 timeout: 60 seconds
Orphan socket information:
Max orphans: 16384
Max orphan retries: 0
Current orphans: 0

Field Description

4-11
Command Reference TCP Commands

Field Description

Hash table information Hash table information

Memory information TCP cache information

SYN specific information TCP server listening information

Timewait specific information TCP connection information in the TIMEWAIT status

Keepalive informat on TCP keepalive information

MTU probing MTU probing information

FIN specific information TCP disconnection information

Orphan socket information Information about the TCP connections associated with specific
applications.

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4.12 show tcp pmtu

Use this command to display information about TCP PMTU.

show tcp pmtu [ local-ip a.b.c.d ] [ local-port num ] [ peer-ip a.b.c.d ] [ peer-port num ]

Parameter
Parameter Description
Description
local-ip a.b.c.d Local IP address.
local-port num Local port.
peer-ip a.b.c.d Peer IP address.
peer-port num Peer port.

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays PMTU of IPv4 TCP connection.

Examples Ruijie# show tcp pmtu
Number Local Address Foreign Address PMTU
1 192.168.195.212.23 192.168.195.112.13560 1440

4-12
Command Reference TCP Commands

Field Description
Number Sequence number.
Local Address The local address and the port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address The remote address and the port number. The number after the
last "." is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
PMTU PMTU value.

Related
Command Description
Commands
ip tcp path-mtu-discovery Enables the TCP PMTU discovery function.

Platform N/A
Description

4.13 show tcp port

Use this command to display information about the current TCP port.
show tcp port [ num ]

Parameter
Parameter Description
Description
num Port number

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays the current IPv4 TCP port status.
Examples Ruijie# show tcp port
TCP connections on port 23:
Number Local Address Foreign Address State
1 10.51.209.203:23 10.52.0.77:54366 ESTABLISHED
Total: 1

TCP connections on port 80:

Number Local Address Foreign Address State

4-13
Command Reference TCP Commands

Total: 0

TCP connections on port 4430:

Number Local Address Foreign Address State
Total: 0

Tcpv6 listen on 23 have total 1 connections.

Field Description
Number Serial number
Local Address Local address and port
Foreign Address Remote address and port
State Status of the current TCP connection. There are eleven possible
states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the
peer end, and then sent its own FIN packet.
CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the FIN
packet.

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

4-14
Command Reference TCP Commands

4.14 show tcp statistics

Use this command to show TCP statistics on received packets, three way handshake and time-wait.
show tcp parameter

Parameter
Parameter Description
Description
N/A N/A

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example shows TCP parameters.

Examples Ruijie# show tcp statistics
TCP Packets
Received: 1103
Errors : 0(checksum: 0)
Three way handshake
Request queue overflow: 0
Accept backlog full: 0
Web authentication limit per user: 0
Failed to alloc memory for request sock: 0
Failed to create open request child: 0
SYN ACK retransmits: 0
Timeouted requests: 0
Time-wait
Time-wait bucket table overflow: 0
Field Description

Field Description

TCP Packets Normal packets and error packets

Three way handshake Three way handshake information, including session request count,
server-client connection count, three way handshake failure count
caused by Web authentication limit, TCP socket failure count caused by
memory shortage, sub-session failure count, packet retransmission
count and session failure count caused by retransmission timeout.
Time-wait Session in TIMEWAIT state

Related
Command Description
Commands

4-15
Command Reference TCP Commands

N/A N/A

Platform N/A
Description

4-16
Command Reference IPv4/IPv6 REF Commands

5 IPv4/IPv6 REF Commands

5.1 clear ip ref packet statistics

Use this command to clear IPv4 Ruijie Express Forwarding (REF) packet statistics.
clear ip ref packet statistics

Parameter Parameter Description

Description N/A N/A

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example clears IPv4 REF packet statistics.

Examples Ruijie #clear ip ref packet statistics

Related Command Description

Commands N/A N/A

Platform N/A
Description

5.2 ip ref load-sharing original

Use this command to configure the algorithm that is used for load balancing during forwarding based
on the source and destination IPv4 addresses. Use the no form of this command to restore the
default setting.
ip ref load-sharing original
no ip ref load-sharing original

Parameter Parameter Description

Description N/A N/A

Defaults The default algorithm is based on the destination IPv4 address.

Command Global configuration mode

Mode

5-1
Command Reference IPv4/IPv6 REF Commands

Usage Guide The REF is responsible for data forwarding and supports two load balancing algorithms. One is based
on destination IP addresses and the other is based on the source and destination IP addresses.
When IP packets are forwarded on multiple paths, for example, when load balancing based on
destination IP addresses is configured, the REF forwards packets based on a path matching the
destination IP address of packets. By default, load balancing based on destination IP addresses is
used.

Configuration The following example configures the load balancing algorithm based on source and destination IP
Examples addresses.
Ruijie(config)# ip ref load-sharing original

The following example configures the load balancing algorithm based on destination IP addresses of
packets.
Ruijie(config)# no ip ref load-sharing original

Related Command Description

Commands N/A N/A

Platform N/A
Description

5.3 show ip ref adjacency

Use this command to display the information about the specified adjacent node or all adjacent nodes.
show ip ref adjacency [ glean | local | ip-address | interface interface_type interface_number |
discard | statistics ]

Parameter Parameter Description

Description glean Aggregate adjacent node, which is used for a direct route
local Local adjacent node, which is used by the local host
Ip-address Next-hop IP address
interface_type Interface type
interface_number Interface number
discard Displays discarded adjacent nodes.
statistics Statistics

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide This command can be used to display the information about the adjacent node table in the current

5-2
Command Reference IPv4/IPv6 REF Commands

REF module. By specifying parameters, the information about the aggregate adjacent node, local
adjacent node, adjacent node of the specified IP address, adjacent node associated with the
specified interface, and all adjacent nodes can be displayed.

Configuration The following example displays the information about all adjacent nodes in the adjacent node table.
Examples Ruijie# show ip ref adjacency
id state type rfct chg ip interface linklayer(header
data)
1 unresolved mcast 1 0 224.0.0.0
9 resolved forward 1 0 192.168.50.78 GigabitEthernet 0/0 00 25 64 C5
9D 6A 00 D0 F8 98 76 54 08 00
7 resolved forward 1 0 192.168.50.200 GigabitEthernet 0/0 00 04 5F 87
69 66 00 D0 F8 98 76 54 08 00
6 unresolved glean 1 0 0.0.0.0 GigabitEthernet 0/0
4 unresolved local 3 0 0.0.0.0 Local 1

Description of fields:

Field Description

id Adjacent node ID

Adjacent node state:

state Unresolved
Resolved
Adjacent node type
Local: local adjacency
Forward: forward adjacency
type
Discard: discard adjacency
Glean: glean adjacency
Mcast: multicast adjacency
rfct Reference count of the adjacent node

chg Whether the adjacent node is on the changing link.

ip IP address of the adjacent node

interface Interface

linklayer Layer 2 head

Related Command Description

Commands show ip ref route Displays all route information in the current REF module.

Platform N/A
Description

5-3
Command Reference IPv4/IPv6 REF Commands

5.4 show ip ref exact-route

This command is used to display the IPv4 REF exact route.

show ip ref exact-route [ oob ] source_ipaddress dest_ipaddress

Parameter Parameter Description

Description Out of band, namely, the network that the management
oob interface belongs to, supported only by the device supporting
the management interface.
source_ipaddress Source IP address of the packet
dest_ipaddress Destination IP address of the packet

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide This command is used to specify the source and the destination IP address of the IP packets, and to
display the path of forwarding the current packet with REF

Configuration The following example displays the IPv4 REF exact route from 192.168.217.74 to 192.168.13.1.
Examples Ruijie# show ip ref exact-route 192.168.217.74 192.168.13.1
192.168.217.74 --> 192.168.13.1:
id state type rfct chg ip interface linklayer(header
data)
9 resolved forward 1 0 192.168.17.1 GigabitEthernet 0/0 00 25 64 C5 9D
6A 00 D0 F8 98 76 54 08 00

Description of fields:

Field Description

id Adjacency ID

Adjacency state:
state Unresolved
Resolved
Adjacency type
Local: local adjacency
Forward: forward adjacency
type
Discard: discard adjacency
Glean: glean adjacency
Mcast: multicast adjacency
rfct Reference count of the adjacency

chg Whether the adjacency is on the changing link.

5-4
Command Reference IPv4/IPv6 REF Commands

ip Adjacency IP address

interface Interface

linklayer Layer 2 head

Related Command Description

Commands show ip ref route Displays all routing information in the current REF module.

Platform MGMT ports are supported on NBR6205-E, NBR6205-E V2, NBR6210-E, NBR6210-E V2 and
Description NBR6215-E but not on NBR6120-E.

5.5 show ip ref packet statistics

Use this command to display IPv4 REF packet statistics.

show ip ref packet statistics

Parameter
Parameter Description
Description
N/A N/A

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays IPv4 REF packet statistics.

Examples Ruijie# show ip ref pkt-statistic
IPv4 REF Packet Statistics:
Flags forward : 0
Ip head option : 0
Lookup FIB fail : 0
Deny forward : 0
Invalid adj id : 0
Invalid vsd id : 0
Glean adj : 0
TTL expiration : 0
Don't fragment : 0
Ip redirect : 0
Redirect p2p : 0
Forward adj : 0
Local adj : 0
Mcast reserved : 0

5-5
Command Reference IPv4/IPv6 REF Commands

Punt adj : 0
Cached reserve : 0
Cached drop : 0
Cached lost : 0
Null interface : 0
Total packets : 0

Field Description

IPv4 REF Packet

Total number of IPv4 REF packets.
Statistics

Flags forward Number of packets forwarded.

Ip head option Number of IP packets containing options.

Lookup FIB fail The number of packets forwarded quickly.

Deny forward Packet loss caused by no ip routing

Invalid adj id Invalid adjacency ID

Glean adj Number of the packets matching the gleaned adjacency.

TTL expiration Number of the packets exceeding the TTL.

Number of the packets that are not allowed to be fragmented or

Don't fragment
forwarded.

Ip redirect Number of the redirected packets

Redirect p2p Number of the P2P redirected packets.

Forward adj Number of the packets matching the forwarded adjacency

Local adj Number of the packets matching the local adjacency

Mcast reserved Number of packets reserved by multicast.

Punt adj Number of the packets matching the punt adjacency

Cached reserve Number of packets reserved after being cached.

Cached drop Number of packets that are dropped after being cached.

Cached lost Number of cached packets.

Null interface Number of packets sent to NULL0.

Total packets Total number of packets sent to the express forwarding module.

Related
Command Description
Commands
N/A N/A

Platform N/A
Description

5-6
Command Reference IPv4/IPv6 REF Commands

5.6 show ip ref resolve-list

Use this command to display the IPv4 REF resolution information.

show ip ref resolve-list

Parameter Parameter Description

Description N/A N/A

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example displays IPv4 REF resolution information.

Examples Ruijie# show ip ref resolve-list
IP res_state flags interface
1.1.1.1 unres 1 GigabitEthernet 0/0
Field Description
IP IP address
unres: unresolved
res_state
res: resolved
0: related to adjacency
flags
1: unrelated to adjacency
interface Interface

Related Command Description

Commands N/A N/A

Platform N/A
Description

5.7 show ip ref route

Use this command to display all the routing information in the IPv4 REF table.
show ip ref route [ oob ] [ default | ip mask | statistics ]

Parameter
Parameter Description
Description
Out of band, namely, the network that the management interface
oob belongs to, supported only by the device supporting the management
interface.

5-7
Command Reference IPv4/IPv6 REF Commands

default Specifies the default route.

ip Specifies the destination IP address of the route
mask Specifies the mask of the route.
statistics Statistics

Defaults N/A

Command Privileged EXEC mode

Mode

Usage Guide This command is used to display the related routing information on the current REF table, and specify
the default route and all the routing information matching IP/MASK.

Configuration The following example displays all the routing information in the IPv4 REF table.
Examples Ruijie# show ip ref route
Codes: * - default route
# - zero route
ip mask weight path-id next-hop interface
255.255.255.255 255.255.255.255 1 4 0.0.0.0 Local 0
224.0.0.0 240.0.0.0 1 1 224.0.0.0
224.0.0.0 255.255.255.0 1 4 0.0.0.0 Local 0
192.168.50.0 255.255.255.0 1 6 0.0.0.0 FastEthernet 0/0
192.168.50.255 255.255.255.255 1 2 0.0.0.0
192.168.50.200 255.255.255.255 1 7 192.168.50.200 FastEthernet 0/0
192.168.50.122 255.255.255.255 1 4 0.0.0.0 Local 0
192.168.50.78 255.255.255.255 1 9 192.168.50.78 FastEthernet 0/0

Field Description

ip Destination IP address

mask Mask

path-id Adjacent identity

next-hop Address of next hop

weight Routing weight

interface Egress

Related
Command Description
Commands
Displays the accurate REF forwarding path of
show ip ref exact-route
an IP packet.

Platform MGMT ports are supported on NBR6205-E, NBR6205-E V2, NBR6210-E, NBR6210-E V2 and
Description NBR6215-E but not on NBR6120-E.

5-8
Command Reference Tunnel Commands

6 Tunnel Commands

6.1 show interfaces tunnel

Use this command to display the tunnel configuration.

show interfaces tunnel number

Parameter Parameter Description

Description
number Indicates the tunnel ID. If it is specified, the tunnel associated with
the number should already exist.

Defaults N/A

Command
Privileged EXEC mode/Global configuration mode/Interface configuration mode
Mode

Usage Guide Run this command to check the configurations of a tunnel.

Configuration The following example displays tunnel 1 information.

Examples Ruijie# show interfaces tunnel 1
// Here is the public information about the interface
Tunnel source 1.1.1.2, destination 1.1.1.1, routeable
Tunnel TOS/Traffic Class not set, Tunnel TTL 254
Tunnel config nested limit is 0, current nested number is 0
Tunnel protocol/transport is ipv6ip
Tunnel transport VPN is no set
Field Description
Field Description
Destination The tunnel destination address. The address
0.0.0.0 indicates that the destination address is
not configured.
Tunnel source The tunnel source address, which can be either
an IPv4 or an IPv6 address. If the tunnel
source interfacecommand is configured, the
tunnel source address is the interface address.
Tunnel TTL The TTL or hop limit field of the transmission
protocol.
Tunnel TOS The TOS or traffic class field of the
transmission protocol. Note that there is an
exception. If the field is 0, and the transmission
protocol is the same as the payload protocol,

6-1
Command Reference Tunnel Commands

the field of the payload protocol is copied to the

transmission protocol.
Tunnel nested-limit The limit to the number of tunnel nested
encapsulation times. This filed is displayed by
all tunnels except the 6to4, 6rd and isatap
tunnels.
Tunnel protocol/transport Tunnel encapsulation mode
Key With the key setting, this field is displayed by
only the GRE tunnel.
Checksuming With the checksum setting, this filed is
displayed by only the GRE tunnel.
Tunnel VPN The destination VRF.

Related Command Description

Commands
N/A N/A

Platform
Description N/A

6.2 show tunnel statistics

Use this command to display the number of configurable tunnel interfaces and configured tunnel
interfaces.
show tunnel statistics

Parameter Parameter Description

Description
N/A N/A

Defaults N/A

Command
Mode Privileged EXEC mode/Global configuration mode/Interface configuration mode

Usage Guide This command is used to display the number of configurable tunnel interfaces and configured tunnel
interfaces. Note that the actual forwarding capacity is restricted by the number of chipentries. It is
possible that the tunnel interface has been created while the chip entry list is full. In that case, the
syslog is generated.

Configuration The following example displays the number of configurable tunnel interfaces and configured tunnel
Examples interfaces.
Ruijie# show tunnel statistics
used: 2, limit: 1000

6-2
Command Reference Tunnel Commands

Related Command Description

Commands
N/A N/A

Platform
Description N/A

6.3 tunnel destination

Use this command to specify the destination IP address of a tunnel interface in interface configuration
mode.
Use the no form of this command to restore the default setting.
tunnel destinationip-address
no tunnel destination

Parameter Parameter Description

Description
ip-address Sets the IP address of the specified tunnel destination.

Defaults Nodestination IP address is setby default.

Command
Mode Interface configuration mode

Usage Guide This command must be used to specify the peer address during tunnel setup. Tunnels cannot be set
up if this command is not executed.

Configuration The following example sets the destination IP address of tunnel interface 0 to 61.154.101.3.
Examples Ruijie(config)# interface tunnel 0
Ruijie(config-if-Tunnel 0)# tunnel destination 61.154.101.3

Related Command Description

Commands
show interface tunnel Displays tunnel interface information.

Platform
Description N/A

6.4 tunnel mode

Use this command to set the encapsulation mode on a tunnel interface.

Use theno ordefaultform of this command to restore to the default setting.

6-3
Command Reference Tunnel Commands

tunnel mode { gre { ip | ipv6 } | ipip | ipv6ip }

no tunnel mode
default tunnel mode

Parameter Parameter Description

Description
gre ip GRE for the route at the IP layer
gre ipv6 GRE for the route at the IPv6 layer
ipip IP over IP encapsulation mode
ipv6ip IPv6 over IP encapsulation mode

Defaults For switches and wireless products, the default encapsulation mode is ipv6ip.
For gateways and routers, the default encapsulation mode is gre ip.

Command
Mode Interface configuration mode

Usage Guide The tunnel encapsulation format is the tunnel carrier protocol. The default encapsulation format of
tunnel interfaces is GRE. You can determine the encapsulation format of tunnel interfaces based on
the actual usage. By default, IP tunnel GRE can be implemented without any definition of the
encapsulation format.

Configuration The following example encapsulates GRE IP on tunnel interface 0.

Examples Ruijie(config)# interface tunnel 0
Ruijie(config-if-Tunnel 0)# tunnel mode gre ip

Related Command Description

Commands
show interface tunnel Displays tunnel interface information.

Platform
N/A
Description

6.5 tunnel source

Use this command to configurethe source IP address for the tunnel.

Use the no form of this command to restore the default setting.
tunnel source { ip-address | interface-type interface-number }
no tunnel source

Parameter Parameter Description

Description Source IP address of the tunnel used as the source IP address of the packets to
ip-address
be transmitted through the tunnel.

6-4
Command Reference Tunnel Commands

interface-type Interface referenced by the tunnel, which will be used as the source IP address
interface-number of the packets to be transmitted through the tunnel.

Defaults No tunnel source address is configured by default.

Command Interface configuration mode.

Mode

Usage Guide The source IP address of a tunnel can be a specified IP address or an IP address of an interface.
When you configure an auto tunnel (for example, 6to4 and isatap), it is recommended to specify the
source address.
A device shall not be configured multiple tunnels with the same encapsulation type, source address
and destination address.
If there are multiple auto tunnels, their source addresses shall be different.

Configuration The following example configures an IPv6 manual tunnel.

Examples Ruijie(config)# interface tunnel 1
Ruijie(config-if-Tunnel 1)# tunnel mode ipv6ip
Ruijie(config-if-Tunnel 1)# tunnel source GigabitEthernet 0/1
Ruijie(config-if-Tunnel 1)# tunnel destination 192.168.5.1

Related Command Description

Commands tunnel mode Configures the mode of a tunnel.
tunnel destination Configures the destination address of a tunnel.
Tunnel ttl Configures the TTL of the tunnel.

Platform N/A
Description

6.6 tunnel tos

Use this command to set the IPv4 ToS byte or IPv6 traffic class 8 bits fin tunnel intefface
configruation mode. Use the no form of this command to restore the default setting.
tunnel tos[number]
no tunnel tos

Parameter Parameter Description

Description number IPv4 ToS byte or IPv6 traffic class 8 bits, in the range from 0 to 255.

Defaults By default, the inner-layer IPv4 ToS byte is copied to the outer-layer IPv4 header, if both the
inner-layer carrier and the outer-layer encapsulation on a tunnel interface use the IPv4 protocol. By

6-5
Command Reference Tunnel Commands

default, the inner-layer IPv6 traffic class 8 bits are copied to the outer-layer IPv6 header if both the
inner-layer carrier and the outer-layer encapsulation on a tunnel interface use the Ipv6 protocol.
In other circumstances, the outer-layer IPv4 ToS and IPv6 traffic class are 0.

Command
Mode Interface configuration mode

Usage Guide This command is used to set GRE tunnel packets to a higher priority.

Configuration The following example sets the ToS byte for a GRE tunnel outer-layer encapsulation protocol to 20
Examples on interface tunnel 1.
Ruijie(config)# interface tunnel 1
Ruijie(config-if-Tunnel 1)# tunnel mode ipv6ip
Ruijie(config-if-Tunnel 1)# tunnel tos 20

Related Command Description

Commands show interface tunnel Displays tunnel interface information.

Platform N/A
Description

6.7 tunnel ttl

Use this command to specify the TTL value of the IPv4 header in the encapsulated IPv6 messages.
Use theno form of this command to restore the default setting.
tunnel ttl hop-count
no tunnel ttl

Parameter Parameter Description

Description hop-count TTL value

Defaults The default is 254.

Command Interface configuration mode

Mode

Usage Guide This command is used to specify the TTL value of the IPv4 header in the encapsulated IPv6
messages.

Configuration Ruijie(config)# interface tunnel 1

Examples Ruijie(config-if-Tunnel 1)# tunnel mode ipv6ip
Ruijie(config-if-Tunnel 1)# tunnel ttl 64

6-6
Command Reference Tunnel Commands

Related Command Description

Commands tunnel mode Configures the mode of a tunnel.
tunnel source Configures the source IP address of the tunnel.
tunnel destination Configures the destination IP address of a tunnel.

Platform N/A
Description

6.8 tunnel 6rd br

Use this command to configure the IPv4 address for 6rd br.
Use the no form of this command to remove the configuration.
tunnel 6rd bripv4-address
no tunnel 6rd br

Parameter Parameter Description

Description
ipv4-address The IPv4 address.

Defaults N/A

Command
Mode Interface configuration mode

Usage Guide This command is used to configure the IPv4 address for the 6rd relay router.

Configuration The following example configures the IPv4 address for tunnel 6rd br .
Examples Ruijie# configure terminal
Ruijie(config)# interface tunnel 100
Ruijie(config-if-Tunnel 100)# ipv6 enable
Ruijie(config-if-Tunnel 100)# tunnel 6rd br 10.1.2.1

Related Command Description

Commands
N/A N/A

Platform
Description N/A

6.9 tunnel 6rd ipv4

Use this command toconfigure the common IPv4 prefix and suffix length for the 6rd domain.
Use the no form of this command to remove the configuration.

6-7
Command Reference Tunnel Commands

tunnel 6rd ipv4 prefix-lengthprefix-lengthsuffix-lengthsuffix-length

no tunnel 6rd ipv4

Parameter Parameter Description

Description
prefix-length The IPv4 prefix length.

suffix-length The IPv4 suffix length.

Defaults N/A

Command
Interface configuration mode
Mode

Usage Guide This command is used to configure the common IPv4 prefix and suffix length for the 6rd domain. The
valid range is from 0 to 31. The sum of the prefix and suffix lengths is no greater than 31. If this
command is not configured, the prefix and suffix lengths are 0 by default.

Configuration The following example configuresthe IPv4 prefix and suffix length for the 6rd domain of tunnel 100.
Examples Ruijie# configure terminal
Ruijie(config)# interface tunnel 100
Ruijie(config-if-Tunnel 100)# ipv6 enable
Ruijie(config-if-Tunnel 100)# tunnel 6rd ipv4 prefix-length 8 suffix-length
8

Related Command Description

Commands
N/A N/A

Platform
Description N/A

6.10 tunnel 6rd prefix

Use this command to configure IPv6 prefix for the 6rd domain.
Use the no form of this command to restore the default setting.
tunnel 6rd prefixipv6-prefix prefix-length
no tunnel 6rd prefix

Parameter Parameter Description

Description
ipv6-prefix The IPv6 prefix of the 6rd domain.

6-8
Command Reference Tunnel Commands

prefix-length The IPv6 prefix length of the 6rd domain.

Defaults N/A

Command
Mode Interface configuration mode

Usage Guide This command is used to configure the IPv6 prefix for the 6rd domain. This command is mandatory
for the 6rd configuration. Without the 6rd prefix, the 6rd tunnel cannot be up. If the prefix length is set
to 0, it indicates that the 6rd prefix is removed.

Configuration The following example configuresthe IPv6 prefix for tunnel 100.
Examples Ruijie# configure terminal
Ruijie(config)# interface tunnel 100
Ruijie(config-if-Tunnel 100)# tunnel 6rd prefix 2001:da8::/32

Related Command Description

Commands
N/A N/A

Platform
Description N/A

6-9
Command Reference FPM Commands

7 FPM Commands

7.1 clear ip fpm counters

Use this command to clear counters about the IPv4 packets.

clear ip fpm counters

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration The following example clears counters about the IPv4 packets.
Examples Ruijie# clear ip fpm 1 2 counters

Platform
N/A
Description

7.2 ip session direct-trans-disable

Use this command to disable the function to transparently transmit packets when the flow table is full.
ip session direct-trans-disable

Use the no form of this command to restore the default setting.

no ip session direct-trans-disable

Parameter
Parameter Description
Description
N/A N/A

Defaults This configuration takes effect only on ACs and APs. With this feature, packets are transparently
transmitted instead of establishing any flow on wireless products when the flow table is full, and service
processing is not accelerated, thereby ensuring that service flows are not interrupted.

Command Global configuration mode

Mode

7-1
Command Reference FPM Commands

Usage Guide N/A

Configuration The following example disables the function to transparently transmit packets when the flow table is full.
Examples Ruijie(config)# ip session direct-trans-disable

Platform
N/A
Description

7.3 ip session tcp-loose

Use this command to enable the loose TCP status transition check function.
ip session tcp-loose

Use the no form of this command to restore the default setting.

no ip session tcp-loose

Parameter
Parameter Description
Description
N/A N/A.

Defaults By default, the loose TCP status check function is enabled.

Command Global configuration mode

Mode

Usage Guide N/A

Configuration
Examples

Platform
N/A
Description

7.4 ip session tcp-state-inspection-enable

Use this command to enable the TCP status tracing function.

ip session tcp-state-inspection-enable

Use the no form of this command to restore the default setting.

no ip session tcp-state-inspection-enable

Parameter
Parameter Description
Description

7-2
Command Reference FPM Commands

N/A N/A

Defaults The TCP status tracing function is disabled by default.

Command Global configuration mode

Mode

Usage Guide N/A

Configuration The following example enables the TCP status tracing function.
Examples Ruijie(config)# ip session tcp-state-inspection-enable

Platform
N/A
Description

7.5 ip session threshold

Use this command to configure the number of packets that can be received for each flow in a certain
status.
ip session threshold {icmp-closed | icmp-started | rawip-closed | tcp-syn-sent | tcp-syn-receive |
tcp-closed | udp-closed} { num }

Use the no form of this command to restore the default setting.

no ip sessio threshold {icmp-closed | icmp-started | rawip-closed | tcp-syn-sent | tcp-syn-receive |
tcp-closed | udp-closed}

Parameter
Parameter Description
Description
Sets the number of packets permitted to pass in each ICMP flow in closed status,
icmp-closed
which is 10 by default and ranges from 1 to 2,000,000,000.
Sets the number of packets permitted to pass in each ICMP flow in started status,
icmp-started
which is 300 by default and ranges from 5 to 2,000,000,000.
Sets the number of packets permitted to pass in each RAWIP flow in closed status,
rawip-closed
which is 10 by default and ranges from 1 to 2,000,000,000.
Sets the number of packets permitted to pass in each TCP flow in syn-send status,
tcp-syn-sent
which is 10 by default and ranges from 5 to 2,000,000,000.
Sets the number of packets permitted to pass in each TCP flow in syn-receive status,
tcp-syn-receive
which is 20 by default and ranges from 5 to 2,000,000,000.
Sets the number of packets permitted to pass in each TCP flow in closed status,
tcp-closed
which is 20 by default and ranges from 5 to 2,000,000,000.
Sets the number of packets permitted to pass in each UDP flow in closed status,
udp-closed
which is 10 by default and ranges from 1 to 2,000,000,000.
num Sets the number of packets permitted to pass.

7-3
Command Reference FPM Commands

Defaults icmp-closed: 10;

icmp-started: 300;
rawip-closed: 10;
tcp-syn-sent: 10;
tcp-syn-receive: 20;
tcp-closed: 20;
udp-closed: 10.

Command Global configuration mode

Mode

Usage Guide To activate this configuration, run the ip session track-state-strictly command.

Configuratio The following example configures the number of packets that can be received for each flow in a certain
n Examples status to 100.
Ruijie(config)# ip session 1 2 threshold tcp-closed 100

Platform
N/A
Description

7.6 ip session timeout

Use this command to configure the aging time.

ip session timeout {icmp-closed | icmp-connected | icmp-started | rawip-closed | rawip-connected |
rawip-established | rawip-started | tcp-close-wait | tcp-closed | tcp-established | tcp-fin-wait1 |
tcp-fin-wait2 | tcp-syn-receive | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait | udp-closed |
udp-started | udp-connected | udp-established} { num }

Use the no form of this command to restore the default setting.

no ip session timeout {icmp-closed | icmp-connected | icmp-started | rawip-closed |
rawip-connected | rawip-established | rawip-started | tcp-close-wait | tcp-closed | tcp-established |
tcp-fin-wait1 | tcp-fin-wait2 | tcp-syn-receive | tcp-syn-sent | tcp-syn-sent2 | tcp-time-wait |
udp-closed | udp-started | udp-connected | udp-established}

Parameter
Parameter Description
Description
Sets the aging time of ICMP flows in closed status, which is 10 seconds by default
icmp-closed
and ranges from 5 to 60.
Sets the aging time of ICMP flows in connected status, which is 10 seconds by
icmp-connected
default and ranges from 5 to 120.
Sets the aging time of ICMP flows in started status, which is 10 seconds by default
icmp-started
and ranges from 5 to 120.
Sets the aging time of RAWIP flows in closed status, which is 10 seconds by default
rawip-closed
and ranges from 5 to 60.

7-4
Command Reference FPM Commands

Sets the aging time of RAWIP flows in connected status, which is 300 seconds by
rawip-connected
default and ranges from 10 to 300.
rawip-establishe Sets the aging time of RAWIP flows in established status, which is 300 seconds by
d default and ranges from 10 to 600.
Sets the aging time of TCP flows in started status, which is 300 seconds by default
rawip-started
and ranges from 10 to 300.
Sets the aging time of TCP flows in tcp-close-wait status, which is 60 seconds by
tcp-close-wait
default and ranges from 10 to 120.
Sets the aging time of TCP flows in tcp-closed status, which is 10 seconds by default
tcp-closed
and ranges from 5 to 20.
Sets the aging time of TCP flows in tcp-established status, which is 1,800 seconds by
tcp-established
default and ranges from 300 to 604,800.
Sets the aging time of TCP flows in tcp-fin-wait1 status, which is 60 seconds by
tcp-fin-wait1
default and ranges from 10 to 120.
Sets the aging time of TCP flows in tcp-fin-wait2 status, which is 60 seconds by
tcp-fin-wait2
default and ranges from 10 to 120.
Sets the aging time of TCP flows in tcp-syn-receive status, which is 10 seconds by
tcp-syn-receive
default and ranges from 5 to 30.
Sets the aging time of TCP flows in tcp-syn-sent status, which is 10 seconds by
tcp-syn-sent
default and ranges from 5 to 30.
Sets the aging time of TCP flows in tcp-syn_sent2 status, which is 10 seconds by
tcp-syn_sent2
default and ranges from 5 to 30.
Sets the aging time of TCP flows in tcp-time-wait status, which is 10 seconds by
tcp-time-wait
default and ranges from 5 to 60.
Sets the aging time of UDP flows in closed status, which is 10 seconds by default
udp-closed
and ranges from 5 to 60.
Sets the aging time of UDP flows in connected status, which is 30 seconds by default
udp-connected
and ranges from 10 to 300.
Sets the aging time of UDP flows in established status, which is 600 seconds by
udp-established
default and ranges from 120 to 600.
Sets the aging time of UDP flows in started status, which is 10 seconds by default
udp-started
and ranges from 10 to 300.
num Sets the aging time.

Defaults icmp-closed: 10 seconds;

icmp-connected: 10 seconds;
icmp-started: 10 seconds;
rawip-closed: 10 seconds;
rawip-connected; 300 seconds;
rawip-established: 300 seconds;
rawip-started: 300 seconds;
tcp-close-wait: 60 seconds;
tcp-closed: 10 seconds;
tcp-established: 1,800 seconds;

7-5
Command Reference FPM Commands

tcp-fin-wait1: 60 seconds;
tcp-fin-wait2: 60 seconds;
tcp-syn-receive: 10 seconds;
tcp-syn-sent: 10 seconds;
tcp-syn_sent2: 10 seconds;
tcp-time-wait: 10 seconds;
udp-closed: 10 seconds;
udp-connected: 30 seconds;
udp-established: 600 seconds;
udp-started: 10 seconds

Command Global configuration mode

Mode

Usage Guide N/A

Configuratio The following example sets the aging time of TCP flows in tcp-established status to 600 seconds.
n Examples Ruijie(config)# ip session 1 2 timeout tcp-established 600

Platform
N/A
Description

7.7 ip session track-state-strictly

Use this command to configure packet threshold check for flows in various states.
ip session track-state-strictly

Use the no form of this command to restore the default setting.

no ip session track-state-strictly

Parameter
Parameter Description
Description
N/A N/A

Defaults This function is disabled by default.

Command Global configuration mode

Mode

Usage Guide N/A

Configuration
The following example sets the packet threshold check for flows in various states.
Examples
Ruijie(config)# ip session track-state-strictly

7-6
Command Reference FPM Commands

Platform
N/A
Description

7.8 show ip fpm counters

Use this command to displays the counters about the IPv4 packets.
show ip fpm counters

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode

Mode

Usage Guide Use this command to display the counters about the IPv4 packets, including information about packet loss
and flows.

Configuration The following example displays counters about the IPv4 packets loss
Examples Ruijie# show ip fpm counters
Dropped packet counters:
Count Reason
0 Non-IPv4 packet
0 Bad IPv4 header length
0 Bad IPv4 total length
0 Fragment pkt
0 change flow state notify FW refuse
0 Bad IPv4 checksum
0 Invalid IPv4 address
0 Invalid TCP flags
0 Invalid ICMP message type
0 Invalid icmp initial message type
10 Invalid tcp init flags
0 Invalid tcp connection state
0 Connect over config threshold
0 Pkt drop by flow pre check
0 Connect has been terminated
0 Invalid egress fid
0 Out of capability
<end>
Rejected or terminated connection counters:
Count Reason
42938 Out of life time

7-7
Command Reference FPM Commands

0 Flow Terminated
0 Exceptional TCP connection
0 Exceptional UDP connection
0 Exceptional ICMP connection
0 Exceptional RawIP connection
0 Rejected by policy
0 Die by exist flow
0 Die gre data flow
<end>
Field Description

Field Description

Count The number of packet loss.

Reason Reasons of packet loss

Platform
N/A
Description

7.9 show ip fpm flows

Use this command to display IPv4 packet flow information.

show ip fpm flows

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode

Mode

Usage Guide N/A

Configuration Ruijie# show ip fpm flows

Examples Pr SrcAddr DstAddr SrcPort
DstPort Vrf SendBytes RecvBytes St srcif
dstif ctrl_flag delay
17 10.51.209.203 118.190.126.198 19415
3478 0 220892 207120 3 fff 8
0 110
6 10.51.209.203 10.51.209.241 38636
30001 0 3200698 1902454 1 fff 8
0 60
17 10.51.209.203 114.114.114.114 58509 53

7-8
Command Reference FPM Commands

0 186 405 3 fff 8

0 50
112 10.51.209.240 224.0.0.18 0
0 3775600 0 1 8 (ffff) fff (ffff)
40000
112 10.51.209.241 224.0.0.18 0
0 3775720 0 1 8 (ffff) fff (ffff)
40000

Field Description
Field Description
Pr Protocol
SrcAddr Source address
DstAddr Destination address
SrcPort Source port
DstPort Destination port
SendBytes Size of packets received from the request
direction.
RecvBytes Size of packets received from the response
direction.
St Current status of flow
srcif Source interface number
dstif Destination interface number
ctrl_flag Flow control field.
Platform
N/A
Description

7.10 show ip fpm flows filter

Use this command to display the specific IPv4 packet flow information.
show ip fpm flows filter protocol saddr smask daddr dmask

Parameter
Parameter Description
Description
protocol IP protocol in the range from 0 to 255.
saddr Source IP addresses.
smask Source IP mask in the range from 1 to 32.
daddr Destination IP addresses.
dmask Destination IP mask in the range from 1 to 32.

Command Privileged EXEC mode

Mode

7-9
Command Reference FPM Commands

Usage Guide N/A

Configuration Ruijie# show ip fpm flows filter 0 10.51.209.203 24 10.51.209.241 24

Examples Pr SrcAddr DstAddr SrcPort
DstPort Vrf SendBytes RecvBytes St srcif
dstif ctrl_flag delay
6 10.51.209.203 10.51.209.241 38636
30001 0 3217685 1912852 1 fff 8
0 60
6 10.51.209.203 10.51.209.241 34382
4334 0 1725942 1928503 1 fff 8
0 0
Field Description
Field Description
Pr Protocol
SrcAddr Source address
DstAddr Destination address
SrcPort Source port
DstPort Destination port
Size of packets received from the request
SendBytes
direction.
Size of packets received from the response
RecvBytes
direction.
St Current status of flow
srcif Source interface number
dstif Destination interface number
ctrl_flag Flow control field.

Platform
N/A
Description

7.11 show ip fpm statistics

Use this command to display IPv4 flow statistics.

show ip fpm statistics

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode

Mode

7-10
Command Reference FPM Commands

Usage Guide N/A

Configuration The following example displays IPv4 flow statistics on the device.
Examples Ruijie#show ip fpm statistics
The capacity of the flow table:150016.
Active flows num:109.
event count:65,
Fpm state inspection disable.
Field Description
Field Description
The capacity of the flow table The number of total flow tables.
Active flows num The number of active flow tables.
event count:65, The counter for current events.
Fpm state inspection disable The fpm state inspection is disabled.

Platform
N/A
Description

7-11
Command Reference NAT Commands

8 NAT Commands

8.1 address

Use this command to configure the address range of an empty NAT address pool.
Use the no form of this command to delete the address range of an address pool.
address start-ip end-ip [ match interface interface]
no address start-ip end-ip [ match interface interface]
address interface interface [ match interface interface]
no address interface interface [ match interface interface]

Parameter Parameter Description

Description start-ip Start IP address of an address block
end-ip End IP address of an address block
Sets the interface used when NAT has multiple outside interfaces.
The addresses defined in a pool use interface addresses and are
used when the interface addresses are unknown and will be
interface interface negotiated.
Note that this parameter must be used with the match interface
interface parameter, and the two interfaces must be consistent.
Otherwise, NAT may fail.
Sets the interface used when NAT has multiple outside interfaces.
match interface interface When the router determines the egress of packets, NAT uses this
egress to select an address that matches it from the pool.

Defaults No address range is defined by default.

Command
NAT address pool configuration mode
Mode

Usage Guide If you need to define multiple address ranges for an address pool, first enter NAT address pool
configuration mode, and then define the NAT address ranges. These commands are not supported on
aggregate ports.

Configuration The following example creates a mulnets address pool and defines two address blocks.
Examples Ruijie(config)# ip nat pool mulnets netmask 255.255.255.0
Ruijie(config-nat)# address 172.16.10.1 172.16.10.254
Ruijie(config-nat)# address 192.168.100.1 192.168.100.50

8-1
Command Reference NAT Commands

Related Command Description

Commands ip nat pool Defines the IP NAT address pool.

Notification 1. If the end IP address is smaller than the start address, the configuration fails and the following
prompt appears.
% End address less than start address
2. If the end IP address and the start IP address are not on the same network segment, the
configuration fails and the following prompt appears.
% Start and end addresses on different subnets
3: If the start IP address and the end IP address are both set to 0.0.0.0, the configuration fails and the
following prompt appears.
% Ip address 0.0.0.0 ~ 0.0.0.0 are invalid.
4. If the number of address range of an address pool exceeds 100, the configuration fails and the
following prompt appears.
% Reach max pool addr range
5. If the memory is insufficient, the configuration fails and the following prompt appears.
% Create address range fail
6. If the configured address range is consistent with the interface address, the configuration fails and
the following prompt appears.
% already use this interface's ip address,please delete and recreate
7. If the configured address range already exists, the configuration fails and the following prompt
appears.
% Already exist this range,please delete and recreate
8. If the configured address range is consistent with that of an interface and overlaps with that of an
existing address range, the configuration fails and the following prompt appears.
% Use interface's ip address overlap with existing range
9. If the configured address range conflicts with an existing address, the configuration fails and the
following prompt appears.
%Start and end addresses overlap with existing range
10. If the deleted address range contains an interface address range and is not available, the
configuration fails and the following prompt appears.
% address range with interface not exist
11. If the address range to be deleted is not available, the configuration fails and the following prompt
appears.
% Address range x.x.x.x-x.x.x.x not exist

Platform
N/A
Description

8.2 ip nat

Use this command to perform NAT on an interface.

Use the no form of this command to disable NAT on an interface.

8-2
Command Reference NAT Commands

ip nat { inside | outside }

no ip nat { inside | outside }

Parameter Parameter Description

Description
inside Performs NAT on incoming packets.
outside Performs NAT on outgoing packets.

Defaults NAT is not enabled by default.

Command
Interface configuration mode
Mode

Usage Guide NAT is performed only when packets are routed between outside and inside interfaces and meet a
certain rule. Therefore, at least an inside interface and an outside interface must be configured.

Configuration The following example dynamically translates the internal host 192.168.12.0/24 to the network
Examples segment with the global address 200.168.12.0/28. NAT is not allowed for the hosts in other network
segments of the internal network.
Ruijie# configure terminal
Ruijie(config)# interface GigabitEthernet 0/0
Ruijie(config-if-GigabitEthernet 0/0)# ip address 192.168.12.6 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/0)# ip nat inside
Ruijie(config-if-GigabitEthernet 0/0)# exit
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip address 200.168.12.17 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip nat outside
Ruijie(config-if-GigabitEthernet 0/1)# exit
Ruijie(config)# ip nat pool net200 200.168.12.1 200.168.12.15 netmask
255.255.255.0
Ruijie(config)# ip nat inside source list 1 pool net200
Ruijie(config)# access-list 1 permit 192.168.12.0 0.0.0.255
Related Command Description
Commands ip nat inside destination Enables NAT for the internal destination address.
ip nat inside source Enables NAT for internal source addresses.
ip nat outside source Enables NAT for external source addresses.
ip nat pool Defines the IP NAT address pool.
show ip nat translations Displays IP NAT entries.

Platform
N/A
Description

8-3
Command Reference NAT Commands

8.3 ip nat application

Use this command to implement special application of NAT.

Use the no form of this command to cancel this special application.
ip nat application source list list-num destination dest-ip { dest-change ip-addr | src-change
ip-addr }

ip nat application source list list-num destination { tcp dest-ip port-num | udp dest-ip port-num}
{ dest-change ip-addr port-num | src-change ip-addr port-num }

no ip nat application source list list-num destination dest-ip { dest-change ip-addr | src-change
ip-addr }

no ip nat application source list list-num destination { tcp dest-ip port-num | udp dest-ip port-num }
{ dest-change ip-addr port-num | src-change ip-addr port-num }

Parameter Parameter Description

Description Access list of internal local addresses, that is, match criteria
list-num
of the source addresses of packets
Internal global address match, that is, match criteria of the
destination addresses of packets. NAT entries are created
dest-ip only when the destination IP address matches this address
and the source IP address matches the previously defined
access list.
Matches the internal global address and the destination
port. NAT entries are created only when the destination
tcp dest-ip port-num address and port of the TCP packet match the criteria
defined here and the source address matches the
previously defined access list.
Matches the internal global address and the destination
port. NAT entries are created only when the destination
udp dest-ip port-num address and port of the UDP packet match the criteria
defined here and the source address matches the
previously defined access list.
Changes the destination address and port of the packet that
dest-change ip-addr port-num
meets criteria.
Changes the source address of the packet that meets
src-change ip-addr
criteria.

Defaults This rule is not defined by default.

Command
Mode Global configuration mode

8-4
Command Reference NAT Commands

Usage Guide In some advanced applications of NAT, it is necessary to change the source or destination addresses
of some particular IP packets. This command can be used to perform this operation. The following
example uses this command to implement the domain name resolution relay service (DNS relay).

Configuration The following example allows the host in the network segment 192.168.1.0 in the internal network to
Examples point the DNS server to the IP address 192.168.1.1 of the NAT inside interface. The NAT function of
the router forwards the DNS request from the host in the internal network to the true DNS server
202.101.98.55, and forwards the DNS response packet to the host in the internal network. Implement
this function with the ip nat application command. The semantics is: If there is a UDP packet whose
source address meets the criteria of access-list 1, destination address is 192.168.1.1, and destination
port is 53, and then change the destination address of this IP packet to 202.101.98.55 and the
destination port to 53.
Ruijie#configure terminal
Ruijie(config)# interface GigabitEthernet 0/0
Ruijie(config-if-GigabitEthernet 0/0)# ip address 192.168.1.1 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/0)# ip nat inside
Ruijie(config-if-GigabitEthernet 0/0)# exit
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip address 200.168.12.1 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip nat outside
Ruijie(config-if-GigabitEthernet 0/1.)# exit
Ruijie(config)# ip nat pool net200 200.168.12.2 200.168.12.10 netmask
255.255.255.0
Ruijie(config)# ip nat inside source list 1 pool net200
Ruijie(config)# access-list 1 permit 192.168.12.0 0.0.0.255
Ruijie(config)# ip nat application source list 1 destination udp 192.168.1.1
53 dest-change 202.101.98.55 53
Ruijie(config)# access-list 1 permit 192.168.1.0 0.0.0.255

Related Command Description

Commands
address Defines the address block range of an address pool.
clear ip nat translation Clears the NAT entry table.
Specifies that NAT should be performed on the traffic that
ip nat
passes this interface.
ip nat inside destination Enables NAT for the internal destination address.
ip nat inside source Enables NAT for internal source addresses.
ip nat outside source Enables NAT for external source addresses.
show ip nat translations Displays IP NAT entries.

Platform
Description N/A

8-5
Command Reference NAT Commands

8.4 ip nat inside destination

Use this command to enable NAT for the internal destination address.
Use the no form of this command to disable NAT for the internal destination address.
ip nat inside destination list access-list-number pool pool-name [ description description-text ]
no ip nat inside destination list access-list-number

Parameter Parameter Description

Description Internal global addresses are defined in the access list. If
the external network accesses the address in the access
list, the internal global address will be translated into the
list access-list-number
internal local address defined in the pool. Note that here
you should use the extended ACL in the range from 100 to
199 whose destination IP address is a virtual IP address.
A space in the address pool that defines the internal local
pool pool-name address. An internal local address will be assigned from
this space during destination address translation.
(Optional) Description, which contains up to 60 characters.
description description-text
By default, there is no description.

Defaults NAT for the internal source address is disabled by default.

Command
Mode Global configuration mode

Usage Guide Translation of internal destination addresses can be performed to realize load balance of TCP traffic.
When a host in the internal network is overloaded with TCP traffic, multiple hosts may be required to
balance the load of TCP traffic. In this case, you can use NAT to realize load balance of TCP traffic.
NAT will create a virtual host to provide the TCP service. This virtual host corresponds to multiple real
internal hosts. Then, NAT polls and replaces the destination address, so as to distribute the load.
However, no change is made to other IP traffic, unless NAT is configured otherwise.
When NAT is configured to realize TCP load balance, the address of the internal network can be either
a valid global address or a private network address. However, the address of the virtual host must be a
valid global address.

Configuration The following example configures the internal network to provide a virtual host address 10.10.10.100
Examples externally. The external network uses this address to access the WWW service. The hosts that
provide services in the internal LAN are actually two hosts with the addresses 10.10.10.1 and
10.10.10.2. During NAT, load balance is realized in polling mode.

Ruijie#configure terminal
Ruijie(config)# interface GigabitEthernet 0/0
Ruijie(config-if-GigabitEthernet 0/0)# ip address 10.10.10.254 255.255.255.0

8-6
Command Reference NAT Commands

Ruijie(config-if-GigabitEthernet 0/0)# ip nat inside

Ruijie(config-if-GigabitEthernet 0/0)# exit
Ruijie(config)# interface GigabitEthernet 0/1
Ruijie(config-if-GigabitEthernet 0/1)# ip address 200.168.12.17 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip nat outside
Ruijie(config-if-GigabitEthernet 0/1)# exit
Ruijie(config)# ip nat pool net10 10.10.10.1 10.10.10.2 prefix-length 24 type
rotary
Ruijie(config)# ip nat inside destination list 100 pool net10
Ruijie(config)# access-list 100 permit ip any host 10.10.10.100

Notification 1. If the configured rule already exists, the following prompt appears.
Translation with list xxx exist,please delete and recreate
2. If the memory is insufficient, the following prompt appears.
% create nat rule fail
3. If the unconfigured command is deleted, the following prompt appears.
% Translation not found
4. If the length of the description exceeds 60 characters, the following prompt appears.
Description is more than 60 characters

Related Command Description

Commands
Specifies that NAT should be performed on the traffic that
ip nat
passes this interface.
ip nat inside source Enables NAT for internal source addresses.
ip nat outside source Enable NAT for external source addresses.
ip nat pool Defines the IP NAT address pool
show ip nat translations Displays IP NAT entries.

Platform
Description N/A

8.5 ip nat inside source

1. Use this command to enable NAT for internal source addresses in interface configuration mode.
Use the no form of this command to disable static or dynamic NAT.
ip nat inside source list access-list-number { interface interface-type interface-number | pool
pool-name } [ overload ] [ description description-text ]
no ip nat inside source list access-list-number

2. Use this command to enable static NAT for internal source addresses. Use the no form of this
command to disable static NAT for interface source addresses.
ip nat inside source static local-ip global-ip [ match interface-type interface-number | netmask

8-7
Command Reference NAT Commands

mask ][ permit-inside ] [ description description-text ]

ip nat inside source static local-ip interface interface-type interface-number [permit-inside]
[ description description-text ]

no ip nat inside source static local-ip global-ip

no ip nat inside source static local-ip interface interface-type interface-number
3. Use this command to enable extended static NAT for interface source interfaces. Use the no form of
this command to disable extended static NAT for interface source interfaces.
ip nat inside source static { tcp local-ip local-port | udp local-ip local-port } global-ip global-port
[ match interface-type interface-number | netmask mask ] [ permit-inside ] [ description
description-text ]
ip nat inside source static { tcp local-ip local-port | udp local-ip local-port } interface interface-type
interface-number global-port [ permit-inside ] [ description description-text ]

ip nat inside source static { tcp local-ip port-range local-port1 local-port2 | udp local-ip port-range
local-port1 local-port2} global-ip port-range global-port1 global-port2 [ match interface-type
interface-number | netmask mask ] [ permit-inside ] [ description description-text ]
ip nat inside source static { tcp ip-range local-ip1 local-ip2 local-port | udp ip-range local-ip1
local-ip2 local-port} ip-range global-ip1 global-ip2 global-port [ match interface-type interface-number
| netmask mask ] [ permit-inside ] [ description description-text ]

ip nat inside source static { tcp ip-range local-ip1 local-ip2 port-range local-port1 local-port2 | udp
ip-range local-ip1 local-ip2 port-range local-port1 local-port2} ip-range global-ip1 global-ip2
port-range global-port1 global-port2 [ match interface-type interface-number | netmask mask ]
[ permit-inside ] [ description description-text ]

ip nat inside source static { tcp local-ip port-range local-port1 local-port2 | udp local-ip port-range
local-port1 local-port2} interface interface-type interface-number port-range global-port1 global-port2
[ permit-inside ] [ description description-text ]

no ip nat inside source static { tcp local-ip local-port | udp local-ip local-port } global-ip global-port

no ip nat inside source static { tcp local-ip local-port | udp local-ip local-port } interface
interface-type interface-number global-port

no ip nat inside source static { tcp local-ip port-range local-port1 local-port2 | udp local-ip
port-range local-port1 local-port2} global-ip port-range global-port1 global-port2 [ match
interface-type interface-number | netmask mask ] [ permit-inside ]

no ip nat inside source static { tcp ip-range local-ip1 local-ip2 local-port | udp ip-range local-ip1
local-ip2 local-port} ip-range global-ip1 global-ip2 global-port [ match interface-type interface-number
| netmask mask ] [ permit-inside ]

no ip nat inside source static { tcp ip-range local-ip1 local-ip2 port-range local-port1 local-port2 |

8-8
Command Reference NAT Commands

udp ip-range local-ip1 local-ip2 port-range local-port1 local-port2} ip-range global-ip1 global-ip2
port-range global-port1 global-port2 [ match interface-type interface-number | netmask mask ]
[ permit-inside ]

no ip nat inside source static { tcp local-ip port-range local-port1 local-port2 | udp local-ip
port-range local-port1 local-port2} interface interface-type interface-number port-range global-port1
global-port2 [ permit-inside ]

Parameter Parameter Description

Description Specifies the access list of local addresses. NAT
list access-list-number entries will be created only for the traffic with the
source address that matches this access list.
Uses the global address of the outside interface to
interface interface-type interface-number perform Network Address Port Translation (NAPT),
also called extended NAT.
Uses a global address in the address pool to
pool pool-name
perform NAT.
(Optional) Every global address in the pool can be
reused for translation, namely, NAPT. Currently, this
overload parameter is not set, and global addresses are
reusable. This parameter is added in order to be
compatible with the command of Cisco.
Defines the simple static NAT. local-ip is a local
address, and global-ip is a global address.
static local-ip global-ip
The no form of this command does not check the
validity of global-ip.
Defines the extended static NAT. protocol can be
static protocol
either TCP or UDP.
Service port number (TCP or UDP) of the local
local-port address. Each service typically corresponds to a
service port.
Service port number of the global address. The
external network accesses the services of hosts in
global-port
the internal network through this port. This port
number can be different from local-port.
Specifies an internal IP range. local-ip1 and
ip-range local-ip1 local-ip2 local-ip2 are start IP address and end IP address
respectively.
Specifies an external IP range. local-ip1 and
ip-range global-ip1 global-ip2 local-ip2 are start IP address and end IP address
respectively.
Specifies an internal port range. local-port1 and
port-range local-port1 local-port2
local-port2 are start port and end port respectively,

8-9
Command Reference NAT Commands

Specifies an external port range. local-port1 and

port-range global-port1 global-port2
local-port2 are start port and end port respectively,
Allows users in the internal network to access the
host with the IP address indicated by local-ip
permit-inside through global-ip. This keyword appears only in the
ip nat inside source static command is applicable
only on routers.
match interface-type interface-number Specifies the outside interface (used in smart DNS).
netmask mask Network mask
description description-text Configures a string of up to 60 characters.

Defaults NAT for internal source addresses is disabled by default.

Command
Mode Global configuration mode

Usage Guide When the IP address of the internal network is a private address and the internal network needs to
communicate with the external network, NAT must be configured to translate the internal private IP
address into the globally unique IP address.
If organizations, such as net bars or enterprises, access the network only for obtaining resources in the
external network, such as browsing Web pages, receiving and sending emails, and downloading files,
but not for providing network services for the external network, the IP address of the outside interface
can be used directly as the global address and the address is translated in NAPT mode. If NAT is not
configured, the internal network with the private address, even if physically interconnected with the
external network, is unable to interwork with the external network, because the external network does
not provide network routing for the private address.
Static NAT or NAPT should be configured for the internal hosts that provide services. To ensure
continuous service provisioning, do not use the address of the outside interface to perform NAPT
because this address is interconnected with ISP and is very likely to be translated. Generally, users in
the internal network can access the services provided by these internal hosts simply by using the IP
address of the internal network. However, some special application services can only be accessed by
users in the internal network using the global IP address. In this case, you need to add the keyword
permit-inside when configuring static NAT or static NAPT for internal source addresses. Moreover, it
is advisable to run the no ip redirects command on the inside interface to prevent the inside interface
from sending redirection packets.

Configuration The following example dynamically translates the internal host 192.168.12.0/24 to the network
Examples segment with the global address 200.168.12.0/28. NAT is not allowed for the hosts in other network
segments of the internal network.
Ruijie#configure terminal
Ruijie(config)# interface GigabitEthernet 0/0
Ruijie(config-if-GigabitEthernet 0/0)# ip address 192.168.12.6 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/0)# ip nat inside
Ruijie(config-if-GigabitEthernet 0/0)# exit

8-10
Command Reference NAT Commands

Ruijie(config)# interface GigabitEthernet 0/1

Ruijie(config-if-GigabitEthernet 0/1)# ip address 200.168.12.17 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip nat outside
Ruijie(config-if-GigabitEthernet 0/1)# exit
Ruijie(config)# ip nat pool net200 200.168.12.1 200.168.12.15 prefix-length 28
Ruijie(config)# ip nat inside source list 1 pool net200
Ruijie(config)# access-list 1 permit 192.168.12.0 0.0.0.255

Notification 1. If the IP address to be matched has been mapped, the configuration fails and the following prompt
appears.
x.x.x.x already mapped (x.x.x.x -> y.y.y.y)
2. If the IP address to be matched has been mapped to the interface address, and the corresponding
interface does not exist, the configuration fails and the following prompt appears.
x.x.x.x already mapped
3. When the destination IP address to be converted has been mapped, the configuration fails and the
following prompt appears.
x.x.x.x.x already mapped (y.y.y.y -> x.x.x.x)
4. If the destination interface to be converted has been mapped, the configuration fails and the
following prompt appears.
Interface xxx already mapped
5. If the configured ACL has been mapped, the configuration fails and the following prompt appears.
Translation with list xxx exist,please delete and recreate
6. If the memory is insufficient, the configuration fails and the following prompt appears.
% create nat rule fail
7. If the memory is insufficient during the generation of attached rules, the configuration fails and the
following information is displayed.
% create attach rule fail
8. If the memory is insufficient when the permit-inside command is used to generate attached rules,
the configuration fails and the following information is displayed.
% create permit_inside attach rule fail
9. If the unconfigured command is deleted, the following prompt appears.
% Translation not found

Related Command Description

Commands Specifies that the NAT should be performed on the
ip nat
traffic that passes this interface.
ip nat inside destination Enables NAT for the inside destination address.
ip nat outside source Enable NAT for external source addresses.
ip nat pool Defines the IP NAT address pool.
show ip nat translations Displays IP NAT entries.

Platform
Description N/A

8-11
Command Reference NAT Commands

8.6 ip nat keepalive

Use this command to configure the interval of sending gratuitous ARP (GARP) packets with the local
address.
ip nat keepalive [ keealive_out ]
no ip nat keepalive
default ip nat keepalive

Parameter Parameter Description

Description keealive_out Sending interval

Defaults The interval of sending GARP packets with the local address is not configured by default.

Command
Mode Global configuration mode

Some addresses in NAT rules should be taken as the local address. Sending GARP packets at intervals
Usage Guide
avoids address conflicts.

The following example sets the interval of sending GARP packets with the local address to 10 seconds.
Configuration
Ruijie#configure terminal
Examples
Ruijie(config)# ip nat keepalive 10

Related Command Description

Commands N/A N/A

Platform
N/A
Description

8.7 ip nat outside source

Use this command to enable NAT for the external source addresses.
Use the no form of this command is used to disable NAT for external source addresses.
ip nat outside source list access-list-number pool pool-name
ip nat outside source static global-ip local-ip
ip nat outside source static { tcp global-ip global-port | udp global-ip global-port } local-ip local-port
no ip nat outside source list access-list-number
no ip nat outside source static global-ip local-ip
no ip nat outside source static { tcp global-ip global-port | udp global-ip global-port } local-ip local-port

Parameter Parameter Description

8-12
Command Reference NAT Commands

Description Global address access list. NAT entries will be created

list access-list-number only for the traffic with the source address that matches
this access list.
Uses a local address in the address pool to perform
pool pool-name
NAT.
Defines the simple static NAT. local-ip is a local
static global-ip local-ip
address, and global-ip is a global address.
Defines the extended static NAT. protocol can be either
static protocol
TCP or UDP.
Service port number (TCP or UDP) of the local address.
local-port Each service typically corresponds to a service port.
This port number can be different from global-port.
global-port Service port number of the global address

Defaults NAT for external source addresses is disabled by default.

Command
Mode Global configuration mode

Usage Guide NAT for external source addresses is mainly used for the overlapped address space. Two private
networks to be interconnected are assigned with the same IP address, or a private network and a public
network are assigned with the same global IP address, which is called address overlap. Two network
hosts with the overlapped address cannot communicate with each other because they both determine
that the remote host is located in the local network. Overlapped address NAT is configured to resolve
the problem of communication between networks with the overlapped address. With overlapped
address NAT configured, the external network host address behaves like another network host address
in the internal network, and vice versa.
Configuration of overlapped address NAT includes two steps: 1) Configure the internal source address
NAT; 2) Configure the external source address NAT. The external source address translation can be
configured only when the address of the external network is overlapped with that of the internal network.
The external source address translation can be configured as static NAT or dynamic NAT.
Address overlap is inevitable when a non-registered global IP address is assigned to connect to the
Internet during internal network construction. Because the internal network generally uses the domain
name to access the external network host, routers must support NAT for DNS packets.

Configuration In the following example, the address of the internal network 92.168.12.0/24 is overlapped with that of
Examples the external network. After translation, the internal host can access the host in the network segment
92.168.12.0/24 in the external network through the network address 192.168.12.0/24.
Ruijie#configure terminal
Ruijie(config)# interface GigabitEthernet 0/0
Ruijie(config-if-GigabitEthernet 0/0)# ip address 192.168.12.55 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/0)# ip nat inside
Ruijie(config-if-GigabitEthernet 0/0)# exit

8-13
Command Reference NAT Commands

Ruijie(config)# interface Serial 10/1

Ruijie(config-if-GigabitEthernet 0/1)# ip address 192.168.10.1 255.255.255.0
Ruijie(config-if-GigabitEthernet 0/1)# ip nat outside
Ruijie(config-if-GigabitEthernet 0/1)# encapsulation ppp
Ruijie(config-if-GigabitEthernet 0/1)# exit
Ruijie(config)#ip nat pool net200 200.168.12.1 200.168.12.15 prefix-length 28
Ruijie(config)#ip nat pool net192 192.168.12.1 192.168.12.254 prefix-length 24
Ruijie(config)#ip nat inside source list 1 pool net200
Ruijie(config)#ip nat outside source list 1 pool net192
Ruijie(config)#access-list 1 permit 92.168.12.0 0.0.0.255
Ruijie(config)#ip route 192.168.12.0 255.255.255.0 192.168.100.2

Related Command Description

Commands Specifies that NAT should be performed for the traffic
ip nat
that passes this interface.
ip nat inside destination Enables NAT for internal destination address.
ip nat inside source Enables NAT for internal source address.
ip nat pool Defines the IP NAT address pool.
show ip nat translations Displays IP NAT entries.

Platform
Description N/A

8.8 ip nat pool

Use this command to define an address pool for NAT.

Use the no form of this command to delete the address pool.
ip nat pool pool-name start-ip end-ip { netmask netmask | prefix-length prefix-length } [ type rotary ]
ip nat pool pool-name { netmask netmask | prefix-length prefix-length } [ type rotary ]
no ip nat pool pool-name

Parameter Parameter Description

Description pool-name Name of the NAT address pool
start-ip Start IP address of the NAT address pool
end-ip End IP address of the NAT address pool
netmask netmask Net mask of an address in the NAT address pool
Length of the net mask of an address in the NAT
prefix-length prefix-length
address pool

8-14
Command Reference NAT Commands

Type of the NAT address pool. rotary means round

robin. That is, each address has the same probability of
type being assigned. The type is rotary no matter whether
rotary is set. The rotary parameter is introduced in
order to keep compatible with the command of Cisco.

Defaults No address pool is defined by default.

Command
Mode Global configuration mode

Usage Guide If multiple address blocks must be defined for an address pool, first create an empty address pool, and
define the address range.

Configuration The following example creates an address pool named net192, with the start address 192.168.12.1,
Examples end address 192.168.12.254, and a 24-bit net mask.
Ruijie#configure terminal
Ruijie(config)# ip nat pool net192 192.168.12.1 192.168.12.254 prefix-length 24

Notification 1. If the mask of address pool is set to 0.0.0.0, the configuration fails and the following prompt appears.
% netmask can not be 0
2. If the end address is smaller than the start address, the configuration fails and the following prompt
appears.
% End address less than start address
3. If the end IP address and the start IP address are not on the same network segment, the
configuration fails and the following prompt appears.
% Start and end addresses on different subnets
4. If the start IP address and the end IP address are both set to 0.0.0.0, the configuration fails and the
following prompt appears.
% Ip address 0.0.0.0 ~ 0.0.0.0 are invalid.
5. The pool type is different with the configured pool type, the configuration fails and the following
prompt appears.
%Cannot redefine pool type, please delete and recreate.
6. If the number of address range of an address pool exceeds 100, the configuration fails and the
following prompt appears.
% Exceed the max pool count
7. If the length of the address pool exceeds 32, the configuration fails and the following prompt appears.
% Length of pool name must be no more than 32 characters
8. If the memory is insufficient, the configuration fails and the following prompt appears.
%create pool fail
9. If the address pool to be deleted is not available, the following prompt appears.
% pool xxx not exist

Related Command Description

8-15
Command Reference NAT Commands

Commands address Defines the address block range of an address pool.

Specifies that NAT should be performed for the traffic
ip nat
that passes this interface.
ip nat inside destination Enables NAT for inside destination addresses.
ip nat inside source Enables NAT for internal source addresses.
ip nat outside source Enables NAT for external source addresses.
show ip nat statistics Displays IP NAT statistics.
show ip nat translations Displays IP NAT entries.

Platform
Description N/A

8.9 ip nat translation

Use this command to configure the NAT Application Layer Gateway (ALG).
ip nat translation { dns [ ttl ttl_time ] | ftp [ port port_num ] | tftp | pptp | h323 | rtsp | sip }
no ip nat translation { dns | ftp | tftp | pptp | h323 | rtsp | sip }

Parameter
Parameter Description
Description
ttl_time Defines the UDP TTL for DNS. The default is 0.
port_num Defines the port for FTP. The default is 21.

Defaults All NAT ALGs are enabled by default.

Command
Mode Global configuration mode

In NAT application, the IP addresses and ports of data packets are changed. However, the IP
addresses and ports of certain special protocols are contained in the valid data of the application layer.
Usage Guide
To successfully perform NAT for such special protocols, the specific protocol gateway needs to be
enabled.

The following example configures DNS TTL to 30 seconds.

Ruijie#configure terminal
Ruijie(config)# ip nat translation dns ttl 30
Configuration
Examples
The following example configures Port 25 for FTP.
Ruijie#configure terminal
Ruijie(config)# ip nat translation ftp port 25

Related Command Description

8-16
Command Reference NAT Commands

Commands N/A N/A

Platform
N/A
Description

8.10 show ip nat translations

Use this command to display NAT translations.

show ip nat translations [ acl_num ] [ icmp | tcp | udp ] [ verbose ]

Parameter Parameter Description

Description Displays NAT entries only for ICMP.
icmp
tcp Displays NAT entries only for TCP.
udp Displays NAT entries only for UDP.
ACL number, which supports only the extended ACL to filter the displayed
acl_num
content.
verbose Displays more detailed NAT entries.

Defaults N/A

Command
Mode Privileged EXEC mode

Usage Guide This command can be used to display the summary of IP NAT entries, such as protocols, internal global
addresses and port numbers, internal local addresses and port numbers, external local addresses and
port numbers, and external global addresses and port numbers. Used with the verbose parameter, it
displays more detailed information, including the timeout period configured for each entry, remaining
time for this entry, and flag of the entry.

Configuration The following example displays NAT translations.

Examples Ruijie# show ip nat translations verbose
timeout for NAT TCP flows: 86400
timeout for NAT TCP flows after a FIN or RST: 60
timeout for NAT TCP flows after a SYN : 60
timeout for NAT UDP flows: 300
timeout for NAT DNS flows: 60
timeout for NAT ICMP flows: 60
Pro Inside global Inside local Outside local Outside global
timeout vrf
tcp 192.168.5.103:1987 192.168.211.21 :1987 211.67.71.7 :80
211.67.71.7:80 timeout=85139 1

8-17
Command Reference NAT Commands

udp 192.168.5.103:1041 192.168.211.183:1041 202.101.98.55 :53

202.101.98.55:53 timeout=38 1
Field Description

Field Description

Protocol type. udp indicates the UDP translation entry. tcp indicates the TCP
Pro
translation entry. icmp indicates the ICMP translation entry.

Inside global Internal global address and port number

Inside local Internal local address and port number

Outside local External local address and port number

Outside global External global address and port number

timeout Time (in seconds) left before this NAT entry times out

Related Command Description

Commands ip nat Performs NAT on the traffic that passes this interface.
ip nat inside destination Enables NAT for internal destination addresses.
ip nat inside source Enables NAT for internal source addresses.
ip nat outside source Enables NAT for external source addresses.
ip nat pool Defines the IP NAT address pool.
show ip nat translations Displays IP NAT entries.

Platform
N/A
Description

8-18
Command Reference MLLB Commands

9 MLLB Commands

9.1 load-monitor uplink

Use this command to configure uplink load monitoring of MLLB.

load-monitor uplink

Use the no form of this command to cancel uplink load monitoring of MLLB.
no load-monitor

Use this command to restore the default configuration.

default load-monitor

Parameter
Parameter Description
Description
N/A N/A

Defaults Downlink load is monitored by default.

Command Global configuration mode

Mode

Usage Guide Generally, the downlink traffic of an egress interface is greater than the uplink traffic. In some scenarios,
for example, a scenario with a LAN server, the uplink traffic may be greater than the downlink traffic. In
this case, the uplink traffic can be monitored to calculate the bandwidth utilization rate and threshold.

Configuration #Configure uplink load monitoring of MLLB.

Example Ruijie(config)# load-monitor uplink

#Cancel uplink load monitoring of MLLB.

Ruijie(config)# no load-monitor

Verification Run the show mllb configure command to display the configuration information of MLLB.

Notification 1. When the uplink load monitoring of MLLB is configured, the following prompt appears.
Ruijie(config)#load-monitor uplink
multi-link load balance monitor to uplink.
2. When the uplink load monitoring of MLLB is restored, the following prompt appears.
Ruijie(config)#no load-monitor
multi-link load balance monitor to default.

9-1
Command Reference MLLB Commands

9.2 mllb detect domain add

Use this command to add domain names to be detected by MLLB.

mllb detect domain add domain-name

Use the no form of this command to delete all domain names detected by MLLB.
no mllb detect domain add

Use the no form of this command to delete specified domain names detected by MLLB.
no mllb detect domain add domain-name

Parameter
Parameter Description
Description
Indicates a domain name. A domain name contains no more than 63
domain-name
characters.

Defaults No domain name is configured by default.

Command Global configuration mode

Mode

Usage Guide Use this command to add a domain name to be detected.

Configuration #Add a domain name to be detected by MLLB.

Example Ruijie(config)# mllb detect domain add www.baidu.com

#Delete a domain name detected by MLLB.

Ruijie(config)# no mllb detect domain add www.baidu.com
Verification Run the show mllb detect configure command to display added domain names.

Notification 1. If a domain name to be detected by MLLB is added, the following prompt appears.
Ruijie(config)# mllb detect domain add www.baidu.com
Success to add mllb detect domain name: www.baidu.com.

2. If a domain name to be detected by MLLB is deleted, the following prompt appears.

Ruijie(config)#no mllb detect domain add www.baidu.com
Success to delete mllb detect domain name: www.baidu.com.

Common 1. The domain name has already been added.

Error Fail to add domain name:www.baidu.com, since it's exist.

2. The length of the domain name exceeds 63 bytes.

%The length of Domain
name(1111111111111111111111111111111111111111111111111111111111111111) should

9-2
Command Reference MLLB Commands

less than 63.

3. The number of added domain names has reached the limit set.
Fail to add domain name:www.baidu.com, since overflow capacity.

9.3 mllb detect domain dns-server

Use this command to add DNS servers and interfaces to be detected by MLLB.
mllb detect domain dns-server dns-ip interface [source-ip src-ip]

Use the no form of this command to delete all DNS servers and interfaces detected by MLLB.
no mllb detect domain dns-server

Use the no form of this command to delete specified DNS servers and interface detected by MLLB.
no mllb detect domain dns-server dns-ip interface

Parameter
Parameter Description
Description
Indicates the IP address of a DNS server and the type of the IP
dns-ip
address.
interface Indicates the name of an interface.
src-ip Specifies the source IP address of a detection packet.

Defaults No IP address or interface of a DNS server is configured by default.

Command Global configuration mode

Mode

Usage Guide Use this command to add a DNS server to be detected.

Configuration #Add a DNS server, interface, and source IP address to be detected.

Example Ruijie(config)# mllb detect domain dns-server 114.114.114.114 GigabitEthernet
0/4 source-ip 192.168.197.16

#Delete a DNS server and interface detected by MLLB.

Ruijie(config)# no mllb detect domain dns-server 114.114.114.114 GigabitEthernet
0/4
Verification Run the show mllb detect configure command to display added DNS servers.

9.4 mllb detect domain enable

Use this command to enable domain name detection and detect the accessibility of domain names by
polling according to the set period.

9-3
Command Reference MLLB Commands

mllb detect domain enable

Use the no form of this command to disable domain name detection.

no mllb detect domain enable

Use this command to restore the default configuration.

default mllb detect domain enable

Parameter
Parameter Description
Description
N/A N/A

Defaults Domain name detection is disabled by default.

Command Global configuration mode

Mode

Usage Guide Use this command to enable domain name detection.

Configuration #Enable domain name detection.

Example Ruijie(config)# mllb detect domain enable

#Disable domain name detection and the database recording function.

Ruijie(config)# no mllb detect domain enable

Verification Run the show mllb detect configure command to display the status of domain name detection.

Notification 1. If domain name detection is enabled, the following message is displayed:

Ruijie(config)# mllb detect domain enable
mllb detect domain is enabled.

2. If domain name detection is disabled, the following message is displayed:

Ruijie(config)# no mllb detect domain enable
mllb detect domain is disabled!

9.5 mllb detect domain interval

Use this command to configure the domain name detection interval.

mllb detect domain interval interval-time

Use the no form of this command to cancel the domain name detection interval.
no mllb detect domain interval

Use this command to restore the default configuration.

9-4
Command Reference MLLB Commands

default mllb detect domain interval

Parameter
Parameter Description
Description
Indicates a domain name detection interval in minutes. The value range
interval-time
is from 1 to 1,440.

Defaults The domain name detection interval is five minutes by default.

Command Global configuration mode

Mode

Usage Guide The domain name detection function is performed on a regular basis according to the configured domain
name, DNS server, and egress interface. Use this command to change the detection interval.

The detection interval is subject to the detection duration and is not an absolute value. Though the
default detection interval is five minutes, the second detection will be performed at a time later than
the five-minute interval, instead of at the exact time point of the five-minute interval.

Configuration #Set the domain name detection interval to 10 minutes.

Example Ruijie(config)# mllb detect domain interval 10

#Cancel the domain name detection interval.

Ruijie(config)# no mllb detect domain interval

Verification Run the show mllb detect configure command to display the configuration information of domain name
detection.

9.6 mllb detect network enable

Use this command to enable network detection, detect networks by polling according to the set period,
and record detected networks into the database.
mllb detect network enable

Use the no form of this command to disable network detection.

no mllb detect network enable

Use this command to restore the default configuration.

default mllb detect network enable

Parameter
Parameter Description
Description
N/A N/A

9-5
Command Reference MLLB Commands

Defaults Network detection and database recording are disabled by default.

Command Global configuration mode

Mode

Usage Guide Use this command to enable network detection and record detected networks into databases.
After the function is enabled, network delay, including TCP and UDP packet delays, will be detected
regularly, and the number of half-open connections (response packets are not received) and traffic
values of different routing modules are measured.

Configuration #Enable network detection.

Example Ruijie(config)# mllb detect network enable

#Disable network detection.

Ruijie(config)# no mllb detect network enable
Verification Run the show mllb detect configure command to display the status of network detection.

9.7 mllb detect network interval

Use this command to configure a network detection interval.

mllb detect network interval interval-time

Use the no form of this command to cancel the network detection interval.
no mllb detect network interval

Use this command to restore the default configuration.

default mllb detect network interval

Parameter
Parameter Description
Description
interval-time Indicates a network detection interval in minutes. The value range is from 1 to 1,440.

Defaults The network detection interval is five minutes by default.

Command Global configuration mode

Mode

Usage Guide The network detection function is performed at an interval of five minutes. Use this command to change
the detection interval.

Configuration #Set the network detection interval to 10 minutes.

Example Ruijie(config)# mllb detect network interval 10

#Restore the network detection interval.

9-6
Command Reference MLLB Commands

Ruijie(config)# no mllb detect network interval

Verification Run the show mllb detect configure command to display the configuration information of network
detection.

9.8 mllb enable

Use this command to enable MLLB.

mllb enable

Use the no form of this command to disable MLLB.

no mllb enable

Use this command to restore the default configuration.

default mllb enable

Parameter
Parameter Description
Description
N/A N/A

Defaults MLLB is disabled by default.

Command Global configuration mode

Mode

Usage Guide To enable the gateway to support load balancing, enable MLLB.

The load balancing function of MLLB is applicable to ECMP egress interfaces only.

Configuration #Enable MLLB.

Example Ruijie(config)# mllb enable

#Disable MLLB.
Ruijie(config)# no mllb enable

Verification Run the show mllb configure command to display the status of MLLB.

9.9 mllb first-choice

Use this command to configure the preferred egress interface of MLLB.

mllb first-choice interface-type interface-number

Use the no form of this command to cancel the preferred egress interface of MLLB.

9-7
Command Reference MLLB Commands

no mllb first-choice

Use this command to restore the default configuration.

default mllb first-choice

Parameter
Parameter Description
Description
interface-type
Indicates the name of an interface.
interface-number

Defaults No preferred egress interface is configured by default.

Command Global configuration mode

Mode

Usage Guide If the load of any one egress interface exceeds the threshold, no interface can balance load based on the
predefined policy. In this case, use this command to configure a preferred egress interface.

This command applies to ECMP egress interfaces of default routes only.

Configuration #Configure GigabitEthernet 0/1 as a preferred egress interface.

Example Ruijie(config)# mllb first-choice GigabitEthernet 0/1

Verification Run the show mllb configure command to display the configuration information of MLLB.

9.10 mllb interface

Use this command to configure the weight of an MLLB interfaces.

mllb interface inteface weight weight-num

Use the no form of this command to delete the weights of an MLLB interface.
no mllb interface inteface weight

Use this command to restore the default weight of an MLLB interface.

default mllb interface inteface weight

Parameter
Parameter Description
Description
Interface Indicates the name of an interface.
Specifies a weight value in kbps. The value range is from 1 to
weight-num
40,000,000.

Defaults The weight value of an interface is the downlink bandwidth by default.

9-8
Command Reference MLLB Commands

Command Global configuration mode

Mode

Usage Guide The weight value of an interface is the downlink bandwidth by default. Use this command to specify the
weight value of a specified interface in order to change the bandwidth utilization of the interface. For
example, the downlink bandwidth of the GE0/4 interface is 100 Mbps and the default weight value is
100,000 kbps. To increase the bandwidth utilization of the interface, change the weight value to 150,000
kbps; to decrease the bandwidth utilization of the interface, change the weight value to 50,000 kbps.

Configuration #Set the weight value of the GE0/4 interface to 100 Mbps.
Example Ruijie(config)# mllb interface GigabitEthernet 0/4 weight 100000

#Restore the weight value to the default downlink bandwidth of the interface.
Ruijie(config)# no mllb interface GigabitEthernet 0/4 weight

Verification Run the show run | include mllb command to display the weight value of the specified MLLB interface.

Notification 1. If the weight value of the GE0/4 interface is 100 Mbps, the following message is displayed:
Ruijie(config)# mllb interface GigabitEthernet 0/4 weight 100000
mllb interface GigabitEthernet 0/4 weight set to 100000.

2. If the weight value of the GE0/4 interface is restored, the following message is displayed:
Ruijie(config)# no mllb interface GigabitEthernet 0/4 weight 100000
clear mllb interface GigabitEthernet 0/4 weight!

9.11 mllb load-interval

Use this command to configure the load update period of MLLB.

mllb load-interval refresh-time

Use the no form of this command to cancel the load update period of MLLB.
no mllb load- interval

Use this command to restore the default configuration.

default mllb load- interval

Parameter
Parameter Description
Description
refresh-time Indicates an update period in seconds. The value range is from 3 to 30.

Defaults Load is updated at an interval of five seconds by default.

Command Global configuration mode

9-9
Command Reference MLLB Commands

Mode

Usage Guide By default, MLLB calculates interface load at an interval of five seconds, and determines whether the
load exceeds a threshold. Use this command to change the default value.

Configuration #Set the load update period of MLLB to 10 seconds.

Example Ruijie(config)# mllb load-interval 10

#Cancel the load update period of MLLB.

Ruijie(config)# no mllb load-interval

Verification Run the show mllb configure command to display the configuration information of MLLB.

9.12 mllb load-sharing original

Use this command to balance load based on the source IP address. This command applies to
bandwidth-based policies only. Packets with the same source IP address are transmitted through the
same egress interface.
mllb load-sharing original

Use the no form of this command to cancel the configuration.

no mllb load-sharing

Use this command to restore the default configuration.

default mllb load-sharing

Parameter
Parameter Description
Description
N/A N/A

Defaults Packets are sent based on the source and destination IP addresses by default.

Command Global configuration mode

Mode

Usage Guide Packets of some applications may be distributed to multiple egress interfaces according to the source
and destination IP addresses, which causes reconnection and intermittent interruption. These problems
can be resolved if packets are distributed according to the source IP address only.

Configuration #Balance load based on the source IP address.

Example Ruijie(config)# mllb load-sharing original

#Cancel the configuration.

Ruijie(config)# no mllb load-sharing

9-10
Command Reference MLLB Commands

Verification Run the show mllb configure command to display the configuration information of MLLB.

9.13 mllb policy

Use this command to configure a load balancing policy of MLLB.

mllb policy {bandwidth | load}

Use the no form of this command to cancel the load balancing policy of MLLB.
no mllb policy

Use this command to restore the default configuration.

default mllb policy

Parameter
Parameter Description
Description
N/A N/A

Defaults MLLB balances load based on the bandwidth by default.

Command Global configuration mode

Mode

Usage Guide
If the bandwidth-based policy is enabled, the bandwidth of the egress interface must be configured.

Configuration #Configure the bandwidth-based policy of MLLB.

Example Ruijie(config)# mllb policy bandwidth

#Configure the load-based policy of MLLB.

Ruijie(config)# mllb policy load

Verification Run the show mllb configure command to display the configuration information of MLLB.

9.14 mllb threshold

Use this command to configure load thresholds of MLLB.

mllb threshold { percent-upper | [lower percent-lower] }

Use the no form of this command to restore the load thresholds of MLLB.
no mllb threshold

Use this command to restore the default configurations.

9-11
Command Reference MLLB Commands

default mllb threshold

Parameter
Parameter Description
Description
Indicates an upper threshold in percentage. The value range is from 1 to
threshold percent-upper
100.
Indicates a lower threshold in percentage. The value range is from 1 to
lower percent-lower
100.

Defaults The upper and lower thresholds of egress interfaces are 100, respectively.

Command Global configuration mode

Mode

Usage Guide Use load thresholds as references for adding a link to balance load or removing a link from balancing
load. If the load of a link exceeds an upper threshold, the link will not be selected for load balancing. If the
load of the link becomes smaller than a lower threshold, the link is selected to balance load. Load
thresholds are indicated by percentage, and the value range is from 1 to 100. The lower threshold is
smaller than or equal to the upper threshold.

Configuration #Set the upper threshold to 95% and lower threshold to 85%.
Example Ruijie(config)# mllb threshold 95 lower 85

#Set the upper threshold to 95%.

Ruijie(config)# mllb threshold 95

#Set the lower threshold to 85%.

Ruijie(config)# mllb threshold lower 85

Verification Run the show mllb configure command to display the configuration information of MLLB.

9.15 show mllb configure

Use this command to display MLLB configuration information.

show mllb configure

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display MLLB configuration information.

9-12
Command Reference MLLB Commands

Configuration #Display MLLB configuration information.

Example Ruijie# show mllb configure
multi-link load balance configure:
multi-link load balance state: enable
multi-link load balance policy: load
multi-link load balance load-interval: 5
multi-link load balance threshold: 90 lower: 90
multi-link load balance load-monitor: down-link
multi-link load balance first-choice set to GigabitEthernet 0/1 is up
multi-link load balance load-sharing no original
Field description:
Field Description
state Indicates the MLLB state.
policy Indicates a load balancing policy of MLLB.
load -interval Indicates a load update interval.
threshold Indicates an upper load threshold.
lower Indicates a lower load threshold.
load-monitor Indicates a load monitoring direction.
first-choice Prioritizes an egress interface.
load-sharing Indicates a source IP address.

9.16 show mllb detect configure

Use this command to display MLLB detection configuration information.

show mllb detect configure

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display MLLB detection configuration information.

Configuration #Display MLLB detection configuration information.

Example Ruijie# show mllb detect configure
mllb detect configure:
network detect state: true
network detect interval: 300 seconds
domain detect state: true
domain detect interval: 300 seconds

9-13
Command Reference MLLB Commands

domain detect name:

domain name: www.cqu.edu.cn
domain name: www.baidu.com
total domain number: 2
domain detect dns server:
dns server and interface: 114.114.114.114 GigabitEthernet 0/4 source-ip
192.168.197.16
dns server and interface: 192.168.58.110 GigabitEthernet 0/4
total dns server and interface number: 2
has storage: true

Field description:
Field Description
state Indicates the states of network detection and
domain name detection.
interval Indicates the intervals of network detection and
domain name detection.
name Indicates a domain name to be detected.
dns server Indicates the DNS server and interface to be
detected.
domain number Indicates the number of configured domain
names.
interface number Indicates the number of configured DNS servers
(interfaces).
storage Indicates a storage device. If no storage device
exists, the detection result will not be recorded
into the database.

9.17 show mllb detect domain database from

Use this command to display information about the domain name database detected by MLLB.
show mllb detect domain database from begin-year begin-month begin-day begin-hour [to end-year
end-month end-day end-hour]

Parameter
Parameter Description
Description
begin-year Indicates the start year of a period.
begin-month Indicates the start month of a period.
begin-day Indicates the start day of a period.
begin-hour Indicates the start time of a period.
end-year Indicates the end year of a period.
end-month Indicates the end month of a period.
end-day Indicates the end day of a period.

9-14
Command Reference MLLB Commands

end-hour Indicates the end time of a period.

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display information about the domain name database detected by MLLB.

Configuration #Display information about the domain name database detected by the MLLB.
Example Ruijie# show mllb detect domain database from 2016 1 21 0:0:0
Date & Time Domain Dns-server
Ifindex Parse-ip Dns-time Tcp-connect Http_get
2016-01-21 00:00:07 www.cqu.edu.cn 192.168.58.110
5 222.178.10.35 1 65 59/1
2016-01-21 00:00:07 www.baidu.com 192.168.58.110 5
115.239.211.112 1 23 25/1
2016-01-21 00:00:07 www.gov.cn 192.168.58.110 5
117.26.144.16 0 18 197/1

Field description:
Field Description
Date & Time Indicates the date and time of domain name detection.
Domain Indicates a domain name to be detected.
Dns-server Indicates the IP address of a configured DNS server.
Ifindex Specifies the index of an egress interface.
Parse-ip Indicates the IP address parsed out from the domain name.
Dns-time Indicates DNS parsing duration in milliseconds.
Tcp-connect Indicates TCP connection duration in milliseconds.
Http_get Indicates HTTP Get request duration in milliseconds. The value 1
indicates request success, and the value 0 indicates a request
exception.

9.18 show mllb detect domain database select

Use this command to display specified information about the domain name database detected by MLLB.
show mllb detect domain database select { dns-server dns-ip | domain domain-name | error |
interface interface } { error from | from} begin-year begin-month begin-day begin-hour [to end-year
end-month end-day end-hour]

Parameter
Parameter Description
Description
dns-ip Indicates the IP address of a DNS server.
domain-name Indicates a domain name.
interface Indicates the name of an interface.

9-15
Command Reference MLLB Commands

begin-year Indicates the start year of a period.

begin-month Indicates the start month of a period.
begin-day Indicates the start day of a period.
begin-hour Indicates the start time of a period.
end-year Indicates the end year of a period.
end-month Indicates the end month of a period.
end-day Indicates the end day of a period.
end-hour Indicates the end time of a period.

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display specified information about the domain name database detected by MLLB.

Configuration #Display information about failures in detecting domain name databases by MLLB.
Example Ruijie# show mllb detect domain database select error from 2016 1 21 0:0:0
Date & Time Domain Dns-server
Ifindex Parse-ip Dns-time Tcp-connect Http_get
2016-01-21 00:00:39 www.baidu.com 114.114.114.114 5
115.239.210.27 33 0 0/0
2016-01-21 00:01:44 www.baidu.com 114.114.114.114 5
115.239.210.27 22 0 0/0
2016-01-21 00:03:20 www.baidu.com 192.168.58.110 5
115.239.210.27 0 0 0/0

Field description:
Field Description
Date & Time Indicates the date and time of domain name detection.
Domain Indicates a domain name to be detected.
Dns-server Indicates the IP address of a configured DNS server.
Ifindex Specifies the index of an egress interface.
Parse-ip Indicates the IP address parsed out from the domain name. The
value 0.0.0.0 indicates a parsing failure.
Dns-time Indicates DNS parsing duration in milliseconds.
Tcp-connect Indicates TCP connection duration in milliseconds. The value 0
indicates a connection failure.
Http_get Indicates HTTP Get request duration in milliseconds. The value 1
indicates request success, and the value 0 indicates a request
exception.

9.19 show mllb detect domain name

Use this command to display information about a specified domain name to be detected by MLLB.

9-16
Command Reference MLLB Commands

show mllb detect domain name domain-name dns-ip [interface [source-ip src-ip]]

Parameter
Parameter Description
Description
domain-name Indicates a domain name to be detected.
dns-ip Parses the domain name from this DNS server.
interface Detects the interface for performing domain name detection.
src-ip Specifies the source IP address of a detection packet.

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display information about a specified domain name to be detected by MLLB.

Configuration #Display information about a specified domain name to be detected by MLLB.

Example Ruijie# show mllb detect domain name www.qq.com 114.114.114.114 gigabitEthernet
0/4 source-ip 192.168.197.16
Input parameter: domain www.qq.com, dns server ip 114.114.114.114, out interface
GigabitEthernet 0/4.
Output:
dns parse ok: true.
tcp connect ok: true.
http get ok: true.
dns parse ip: 140.206.160.207.
dns parse delay: 24ms, tcp connect delay: 21ms, http get delay: 21ms.

Field description:
Field Description
dns parse ok Indicates whether a domain name is successfully parsed.
tcp connect ok Indicates whether a TCP connection is successfully
established.
http get ok Indicates whether an HTTP Get request is responded to.
dns parse ip Indicates the first IP address parsed out from the domain name
by the DNS server.
delay Indicates delays in milliseconds, which successively include the
DNS parsing delay, TCP connection delay, and HTTP Get
request delay.

9.20 show mllb detect network

Use this command to display information about a network detected by MLLB.

show mllb detect network {interface [interface-name] | source-ip source-ip-mask destination-ip

9-17
Command Reference MLLB Commands

destination-ip-mask | database {select interface select-interface-name from | from}} begin-year

begin-month begin-day begin-hour [to end-year end-month end-day end-hour]

Parameter
Parameter Description
Description
interface-name Specifies the name of an interface of a detected network.
source-ip Specifies the source IP address of a detected network.
source-ip-mask Specifies the source IP mask of a detected network.
destination-ip Specifies the destination IP address of a detected network.
destination-ip-mask Specifies the destination IP mask of a detected network.
Displays information about a specified interface of the database of a
select-interface-name
detected network.
begin-year Indicates the start year of a period.
begin-month Indicates the start month of a period.
begin-day Indicates the start day of a period.
begin-hour Indicates the start time of a period.
end-year Indicates the end year of a period.
end-month Indicates the end month of a period.
end-day Indicates the end day of a period.
end-hour Indicates the end time of a period.

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display information about a network detected by MLLB.

Configuration #Display information about a network detected by MLLB.

Example Ruijie# show mllb detect network interface

The analysis of half connection:

Interface Half(ALL total) Half(TCP total) Half(UDP
total) Half(DNS total)
GigabitEthernet 0/4 2/11 0/7 2/4
0/0
GigabitEthernet 0/5 0/1 0/0 0/0
0/0

The analysis of delay:

Interface Total delay(Min/Aver/Max/Count) TCP
delay(Min/Aver/Max/Count) UDP delay(Min/Aver/Max/Count) DNS
delay(Min/Aver/Max/Count)
GigabitEthernet 0/4 0/35/180/9 0/15/60/7
0/105/180/2 0/0/0/0
GigabitEthernet 0/5 0/0/0/0 0/0/0/0

9-18
Command Reference MLLB Commands

0/0/0/0 0/0/0/0

The analysis of route flows:

Interface Route type Total(Output/Input)Mbit
TCP(Output/Input) UDP(Output/Input)
DNS(Output/Input)
GigabitEthernet 0/4 ref_ip 64/168
64/160 0/0 0/0
GigabitEthernet 0/5 ref_ip 0/0
0/0 0/0 0/0
Ruijie#

Field description:
Field Description
Interface Indicates the name of a detected interface.
Half(ALL total) Indicates the number of half-open connections and total number of
connections of all protocols.
Half(TCP total) Indicates the number of half-open TCP connections and total
number of TCP connections.
Half(UDP total) Indicates the number of half-open UDP connections and total
number of UDP connections.
Half(DNS total) Indicates the number of half-open connections and total number of
DNS connections of DNS applications.
Total delay Indicates delays of all protocols in milliseconds, including the
minimum delay, average delay, maximum delay, and delay count.
TCP delay Indicates TCP delays in milliseconds, including the minimum delay,
average delay, maximum delay, and delay count.
UDP delay Indicates UDP delays in milliseconds, including the minimum delay,
average delay, maximum delay, and delay count.
DNS delay Indicates delays of DNS applications in milliseconds, including the
minimum delay, average delay, maximum delay, and delay count.
Route type Indicates the name of a routing module.
Total(Output/Input)Mbit Indicates traffic information of all protocols in Mbps, including the
uplink traffic and downlink traffic.
TCP(Output/Input) Indicates TCP traffic information in Mbps, including the uplink traffic
and downlink traffic successively.
UDP(Output/Input) Indicates UDP traffic information in Mbps, including the uplink traffic
and downlink traffic successively.
DNS(Output/Input) Indicates traffic information of DNS applications in Mbps, including
the uplink traffic and downlink traffic successively.

#Display information about the database for MLLB network detection.

Ruijie# show mllb detect network database from 2016 3 10 10:0:0
Date & Time Interface Type

9-19
Command Reference MLLB Commands

Total TCP UDP DNS

2016-03-10 10:00:13 Gi0/4 half-connect-flow-count(unknow/all)
3/14 0/5 3/9 0/2
delay(min/aver/max/count)ms
0/51/180/11 0/34/150/5 0/66/180/6 0/25/40/2
ref_ip-(output/input)Mbit
64/176 64/160 0/8 0/0

Field description:
Field Description
Date & Time Indicates the time of network detection.
Interface Indicates the interface of a detected network.
Type Indicates data types, including the number of half-open
connections, delay, and routing traffic information.
Total Indicates information about all protocols.
TCP Indicates TCP information.
UDP Indicates information of UDP.
DNS Indicates UDP information.

9.21 show mllb statistics

Use this command to display statistical information of MLLB egress interfaces.

show mllb statistics

Parameter
Parameter Description
Description
N/A N/A

Command Privileged EXEC mode, global configuration mode, and interface configuration mode
Mode

Usage Guide Use this command to display statistical information of MLLB egress interfaces.

Configuration #Display statistical information of MLLB egress interfaces.

Example Ruijie# show mllb statistics
Interface Packets Flows
-------------------------- -------- --------
GigabitEthernet 0/1 6750 879
GigabitEthernet 0/2 6580 871
Field description:
Field Description
Interface Indicates the name of an interface.

9-20
Command Reference MLLB Commands

Packets Indicates packet statistics.

Flows Indicates statistics about new flow.

9-21