Table of Contents 1 IP Address Configuration Commands IP Performance Configuration Commands 2-1

Similar documents
Table of Contents 1 IP Address Configuration Commands IP Performance Configuration Commands 2-1

Command Manual (For Soliton) IP Address-IP Performance. Table of Contents

IP Services Volume Organization

IP performance optimization

tcp ipv6 timer fin-timeout 40 tcp ipv6 timer syn-timeout 40 tcp ipv6 window 41

Contents. IP addressing configuration commands 1 display ip interface 1 display ip interface brief 3 ip address 5

Table of Contents 1 IP Addressing Configuration IP Performance Configuration 2-1

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

Command Manual Network Protocol. Table of Contents

HP FlexFabric 5930 Switch Series

Table of Contents. 2 Static Route Configuration Commands 2-1 Static Route Configuration Commands 2-1 delete static-routes all 2-1 ip route-static 2-1

HPE FlexNetwork 5510 HI Switch Series

HPE 5920 & 5900 Switch Series

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

HPE FlexNetwork 5510 HI Switch Series

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

HPE FlexFabric 7900 Switch Series

Table of Contents 1 IPv6 Basics Configuration 1-1

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IPv4 and IPv6 Commands

Configuring IPv6 basics

H3C S5120-HI Switch Series

H3C S3100V2-52TP Switch

H3C S3100V2 Switch Series

H3C S5130-HI Switch Series

H3C SR6600 Routers. Layer 3 IP Services. Command Reference. Hangzhou H3C Technologies Co., Ltd.

K2289: Using advanced tcpdump filters

ICS 451: Today's plan

H3C S5500-HI Switch Series

H3C S5500-HI Switch Series

Configuring Routes on the ACE

H3C S12500 Series Routing Switches

Operation Manual - Network and Routing Protocol. Table of Contents

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Introduction to IPv6. IPv6 addresses

Portal configuration commands

IPv4. Christian Grothoff.

TSIN02 - Internetworking

Command Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

Configuring IPv6 for Gigabit Ethernet Interfaces

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields.

Module 7 Internet And Internet Protocol Suite

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

TCP /IP Fundamentals Mr. Cantu

Internet Protocols (chapter 18)

CHAPTER-2 IP CONCEPTS

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

HP 6125 Blade Switch Series

History Page. Barracuda NextGen Firewall F

II. Principles of Computer Communications Network and Transport Layer

TCP/IP Protocol Suite

Configuring attack detection and prevention 1

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Networking Technologies and Applications

ET4254 Communications and Networking 1

Operation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Internet Control Message Protocol (ICMP)

Configuring attack detection and prevention 1

TSIN02 - Internetworking

Introduction to IPv6. IPv6 addresses

MESSAGES error-reporting messages and query messages. problems processes IP packet specific information

Network Layer. The Network Layer. Contents Connection-Oriented and Connectionless Service. Recall:

Network Layer. Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control

User Datagram Protocol

Lecture 11: IP routing, IP protocols

Configuring TCP/IP Normalization and IP Reassembly Parameters

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

SEN366 (SEN374) (Introduction to) Computer Networks

H3C S5120-SI Switch Series

IPv6 Neighbor Discovery

Chapter 6 Global CONFIG Commands

Network Layer (4): ICMP

H3C S10500 Attack Protection Configuration Examples

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Introduction to Internetworking

Introduction to IPv6. IPv6 addresses

Internet Control Message Protocol

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

ARP attack protection commands

Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Packet Header Formats

Chapter 4 Network Layer

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

H3C SecPath Series High-End Firewalls

Interconnecting Networks with TCP/IP

Extended ACL Configuration Mode Commands

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

ICMP (Internet Control Message Protocol)

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Configuring IP addressing

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

Network layer: Overview. Network Layer Functions

Table of Contents 1 Static Routing Configuration RIP Configuration 2-1

Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

CS 457 Lecture 11 More IP Networking. Fall 2011

Da t e: August 2 0 th a t 9: :00 SOLUTIONS

HP FlexFabric 5700 Switch Series

Transcription:

Table of Contents 1 IP Address Configuration Commands 1-1 IP Address Configuration Commands 1-1 display ip interface 1-1 display ip interface brief 1-2 ip address 1-4 2 IP Performance Configuration Commands 2-1 IP Performance Configuration Commands 2-1 display fib 2-1 display fib ip-address 2-2 display fib acl 2-3 display fib 2-4 display fib ip-prefix 2-5 display fib statistics 2-5 display icmp statistics 2-6 display ip socket 2-7 display ip statistics 2-8 display tcp statistics 2-10 display tcp status 2-12 display udp statistics 2-13 icmp acl-priority 2-14 icmp redirect send 2-15 icmp unreach send 2-15 ip forward-broadcast 2-16 reset ip statistics 2-17 reset tcp statistics 2-17 reset udp statistics 2-17 tcp timer fin-timeout 2-18 tcp timer syn-timeout 2-18 tcp window 2-19 i

1 IP Address Configuration Commands IP Address Configuration Commands display ip interface display ip interface [ interface-type interface-number ] interface-type interface-number: Specifies an interface by its type and number. Use the display ip interface command to display information about a specified or all Layer 3 interfaces. If no argument is specified, information about all Layer 3 interfaces is displayed. # Display information about VLAN-interface 1. <Sysname> display ip interface Vlan-interface 1 Vlan-interface1 current state :UP Line protocol current state :UP Internet Address is 192.168.0.39/24 Primary Broadcast address : 192.168.0.255 The Maximum Transmit Unit : 1500 bytes IP packets input number: 9678, bytes: 475001, multicasts: 7 IP packets output number: 8622, bytes: 391084, multicasts: 0 TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 1-1

Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 1-1 on the fields of the display ip interface command Field Vlan-interface1 current state Current physical state of VLAN-interface 1 Line protocol current state Internet Address Broadcast address The Maximum Transmit Unit IP packets input number: 9678, bytes: 475001, multicasts: 7 IP packets output number: 8622, bytes: 391084, multicasts: 0 TTL invalid packet number ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Current state of the link layer protocol IP address of the interface followed by: Primary: Identifies a primary IP address, or Sub: Identifies a secondary IP address. Directed broadcast address of the subnet attached to the interface Maximum transmission unit on the interface Total number of packets, bytes, and multicast packets forwarded and received on the interface Number of received invalid TTL packets Total number of received ICMP packets, including: Echo reply packet, unreachable packet, source quench packet, routing redirect packet, Echo request packet, router advert packet, router solicit packet, time exceed packet, IP header bad packet, timestamp request packet, timestamp reply packet, information request packet, information reply packet, netmask request packet, netmask reply packet, and unknown types of packets. display ip interface brief display ip interface brief [ interface-type [ interface-number ] ] 1-2

interface-type: Interface type. interface-number: Interface number. Use the display ip interface brief command to display brief information about a specified or all Layer 3 interfaces. With no argument included, the command displays information about all layer 3 interfaces; with only the interface type specified, it displays information about all layer 3 interfaces of the specified type; with both the interface type and interface number specified, it displays information about the specified interface. Related commands: display ip interface. # Display brief information about VLAN-interface 1. <Sysname> display ip interface brief vlan-interface 1 *down: administratively down (l): loopback (s): spoofing Interface IP Address Physical Protocol Vlan-interface1 192.168.0.39 up up Vlan-inte... Table 1-2 on the fields of the display ip interface brief command Field *down (s) Interface IP Address Physical Protocol The interface is administratively shut down with the shutdown command. Spoofing attribute of the interface. It indicates that the interface whose link layer protocol is displayed up may have no such a link present or the link is set up only on demand. Interface name IP address of the interface (If no IP address is configured, unassigned is displayed.) Physical state of the interface Link layer protocol state of the interface Interface description information. If the description has no more than 12 characters, the whole description can be displayed. If it has more than 12 characters, only the first nine characters are displayed. 1-3

ip address ip address ip-address { mask mask-length } [ sub ] undo ip address [ ip-address { mask mask-length } [ sub ] ] VLAN interface view, loopback interface view ip-address: IP address, in dotted decimal notation. mask: Subnet mask, in dotted decimal notation. mask-length: Subnet mask length, the number of consecutive ones in the mask. It is in the range of 0 to 32. sub: Specifies a secondary IP address of a VLAN or loopback interface. Use the ip address command to specify an IP address and mask for a VLAN or loopback interface. Use the undo ip address command to remove an IP address and mask of a VLAN or loopback interface. By default, no IP address is configured for VLAN or loopback interface. Note that: If you execute the undo ip address command without any parameter, the switch deletes both primary and secondary IP addresses of the interface. The undo ip address ip-address { mask mask-length } command is used to delete the primary IP address. The undo ip address ip-address { mask mask-length } sub command is used to delete specified secondary IP addresses. You can assign at most five IP address to an interface, among which one is the primary IP address and the others are secondary IP addresses. A newly specified primary IP address overwrites the previous one if there is any. The primary and secondary IP addresses of an interface cannot reside on the same network segment; the IP address of a VLAN interface must not be in the same network segment as that of a loopback interface on a device. A VLAN interface cannot be configured with a secondary IP address if the interface has been configured to obtain an IP address through BOOTP or DHCP. Related commands: display ip interface. 1-4

# Assign the primary IP address 129.12.0.1 and secondary IP address 129.12.1.1 to VLAN-interface 1 with subnet mask 255.255.255.0. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ip address 129.12.0.1 255.255.255.0 [Sysname-Vlan-interface1] ip address 129.12.1.1 255.255.255.0 sub 1-5

2 IP Performance Configuration Commands Support for Canceling the System-Defined ACLs for ICMP Attack Guard is added. For specific commands, refer to icmp acl-priority. IP Performance Configuration Commands display fib display fib Use the display fib command to display all forwarding information base (FIB) information. # Display all FIB information. <Sysname> display fib Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS Destination/Mask Nexthop Flag TimeStamp Interface 10.153.17.0/24 10.153.17.99 U t[37] Vlan-interface1 10.153.18.88/32 127.0.0.1 GHU t[37] InLoopBack0 10.153.18.0/24 10.153.18.88 U t[37] LoopBack0 10.153.17.99/32 127.0.0.1 GHU t[37] InLoopBack0 127.0.0.0/8 127.0.0.1 U t[33] InLoopBack0 2-1

Table 2-1 on the fields of the display fib command Field Flag Destination/Mask Nexthop TimeStamp Interface Flags: U: A route is up and available. G: Gateway route H: Local host route B: Blackhole route D: Dynamic route S: Static route R: Rejected route E: Multi-path equal-cost route L: Route generated by ARP or ESIS Destination address/mask length Next hop address Timestamp Forwarding interface display fib ip-address display fib ip-address1 [ { mask1 mask-length1 } [ ip-address2 { mask2 mask-length2 } longer ] longer ] ip-address1, ip-address2: Destination IP addresses, in dotted decimal notation. ip-address1 and ip-address2 together define an address range. The FIB entries in this address range will be displayed. mask1, mask2: Subnet masks, in dotted decimal notation. mask-length1, mask-length2: Length of the subnet masks, the number of consecutive ones in the masks, in the range of 0 to 32. longer: Displays the FIB entries matching the specified address/mask and having masks longer than or equal to the specified mask. If no masks are specified, FIB entries that match the natural network address and have the masks longer than or equal to the natural mask will be displayed. 2-2

Use the display fib ip-address command to view the FIB entries matching the specified destination IP address. If no mask or mask length is specified, the FIB entry that matches the destination IP address and has the longest mask will be displayed; if the mask is specified, the FIB entry that exactly matches the specified destination IP address and mask will be displayed. # Display FIB entry information which matches destination 12.158.10.0 and has a mask length no less than eight. <Sysname> display fib 12.158.10.0 longer Route Entry Count: 1 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS Destination/Mask Nexthop Flag TimeStamp Interface 12.158.10.0/24 12.158.10.1 U t[85391] Vlan-interface10 # Display FIB entry information which has a destination in the range of 12.158.10.0/24 to 12.158.10.6/24 and has a mask length of 24. <Sysname> display fib 12.158.10.0 255.255.255.0 12.158.10.6 255.255.255.0 Route Entry Count: 1 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS Destination/Mask Nexthop Flag TimeStamp Interface 12.158.10.0/24 12.158.10.1 U t[85391] Vlan-interface10 For details about the displayed information, see Table 2-1. display fib acl display fib acl acl-number acl-number: Basic ACL number, in the range of 2000 to 2999. Use the display fib acl command to display the FIB entries matching a specific ACL. For ACL, refer to the part discussing ACL in this manual. # Configure and display ACL 2001. 2-3

<Sysname> system-view System : return to User with Ctrl+Z. [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 211.71.75.0 0.0.0.255 [Sysname-acl-basic-2001] display acl 2001 Basic ACL 2001, 1 rule Acl's step is 1 rule 0 permit source 211.71.75.0 0.0.0.255 # Display the FIB entries filtered by ACL 2001. <Sysname> display fib acl 2001 Route Entry matched by access-list 2001 Summary Counts :1 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS Destination/Mask Nexthop Flag TimeStamp Interface 211.71.75.0/24 1.1.1.2 GSU t[250763] Vlan-interface2 For details about the displayed information, see Table 2-1. display fib display fib { begin exclude include } regular-expression : Uses a regular expression to match FIB entries. For detailed information about regular expression, refer to Configuration File Management Command. begin: Displays a specific FIB entry and all the FIB entries following it. The specific FIB entry is the first entry that matches the specified regular expression. exclude: Displays the FIB entries that do not match the specified regular expression. include: Displays the FIB entries that match the specified regular expression. regular-expression: A case-sensitive character string. Use the display fib command to display the FIB entries filtered by the specified regular expression. # Display the entries starting from the first one containing the string 169.254.0.0. <Sysname> display fib begin 169.254.0.0 169.254.0.0/16 2.1.1.1 U t[0] Vlan-interface1 2.0.0.0/16 2.1.1.1 U t[0] Vlan-interface1 For details about the displayed information, see Table 2-1. 2-4

display fib ip-prefix display fib ip-prefix ip-prefix-name ip-prefix-name: IP prefix list name, in the range of 1 to 19 characters. Use the display fib ip-prefix command to display the FIB entries matching a specific IP prefix list. For details about IP prefix list, refer to the part discussing IP routing in this manual. # Configure and display the IP prefix list abc. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] ip ip-prefix abc permit 211.71.75.0 24 [Sysname] display ip ip-prefix abc name index conditions ip-prefix / mask GE LE abc 10 permit 211.71.75.0/24 -- -- # Display the FIB entries matching IP prefix list abc. <Sysname> display fib ip-prefix abc Route Entry matched by prefix-list abc Summary Counts :1 Flag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS Destination/Mask Nexthop Flag TimeStamp Interface 211.71.75.0/24 1.1.1.2 GSU t[250763] Vlan-interface2 For details about the displayed information, see Table 2-1. display fib statistics display fib statistics 2-5

Use the display fib statistics command to display the total number of FIB entries. # Display the total number of FIB entries. <Sysname> display fib statistics Route Entry Count : 8 display icmp statistics display icmp statistics Use the display icmp statistics command to display the statistics about ICMP packets. Related commands: display ip interface, reset ip statistics. # Display the statistics about ICMP packets. <Sysname> display icmp statistics Input: bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output:echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replies 0 time exceeded 0 Table 2-2 on the fields of the display icmp statistics command Input: Field bad formats bad checksum echo Number of received wrong format packets Number of received wrong checksum packets Number of received echo packets 2-6

Output: Field destination unreachable source quench redirects echo reply parameter problem timestamp information request mask requests mask replies time exceeded echo destination unreachable source quench redirects echo reply parameter problem timestamp information reply mask requests mask replies time exceeded Number of received destination unreachable packets Number of received source quench packets Number of received redirection packets Number of received replies Number of received parameter problem packets Number of received time stamp packets Number of received information request packets Number of received mask requests Number of received mask replies Number of received expiration packets Number of sent echo packets Number of sent destination unreachable packets Number of sent source quench packets Number of sent redirection packets Number of sent replies Number of sent parameter problem packets Number of sent time stamp packets Number of sent information reply packets Number of sent mask requests Number of sent mask replies Number of sent expiration packets display ip socket display ip socket [ socktype sock-type ] [ task-id socket-id ] socktype sock-type: Displays the socket information of this type. The sock type is in the range 1 to 3, corresponding to TCP, UDP and raw IP respectively. task-id: ID of a task, with the value ranging from 1 to 100. socket-id: ID of a socket, with the value ranging from 0 to 3072. Use the display ip socket command to display socket information. 2-7

# Display the information about the socket of the TCP type. <Sysname> display ip socket socktype 1 SOCK_STREAM: Task = VTYD(18), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = VTYD(18), socketid = 2, Proto = 6, LA = 10.153.17.99:23, FA = 10.153.17.56:1161, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Task = VTYD(18), socketid = 3, Proto = 6, LA = 10.153.17.99:23, FA = 10.153.17.82:1121, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2-3 on the fields of the display ip socket command Field SOCK_STREAM SOCK_DGRAM SOCK_RAW Task socketid Proto sndbuf rcvbuf sb_cc rb_cc socket option socket state Indicates the socket type is TCP Indicates the socket type is UDP Indicates the socket type is raw IP Task ID Socket ID Protocol number used by the socket Sending buffer size of the socket Receiving buffer size of the socket Current data size in the sending buffer. The value makes sense only for the socket of TCP type, because only TCP is able to cache data. Current data size in the receiving buffer Option of a socket State of a socket display ip statistics display ip statistics 2-8

Use the display ip statistics command to display the statistics about IP packets. Related commands: display ip interface, reset ip statistics. # Display the statistics about IP packets. <Sysname> display ip statistics Input: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output: forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment:input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0 Reassembling:sum 0 timeouts 0 Table 2-4 on the fields of the display ip statistics command Input: Output: Field sum local bad protocol bad format bad checksum bad options forwarding local dropped no route compress fails Total number of packets received Total number of packets with destination being local Total number of unknown protocol packets. Unknown protocol packets are destined to the local device, but the upper layer protocol specified in their IP header cannot be processed by the device. (For example, if a switch is not enabled with the Layer 3 multicast function, it considers IGMP packets as unknown protocol packets.) Total number of packets with incorrect header format that contains a wrong version, or has a header length less than 20 bytes. Total number of packets with incorrect checksum Total number of packets with incorrect option Total number of IP packets forwarded by the local device Total number of IP packets initiated from the local device Total number of IP packets discarded Total number of IP packets for which no route is available Total number of IP packets failed to compress 2-9

Fragment: Reassembling: Field input output dropped fragmented couldn't fragment sum timeouts Total number of fragments received Total number of fragments sent Total number of fragments discarded Total number of IP packets successfully fragmented Total number of IP packets that cannot be fragmented Total number of IP packets reassembled Total number of reassembly timeout IP packets display tcp statistics display tcp statistics Use the display tcp statistics command to display the statistics about TCP packets. Related commands: display tcp status, reset tcp statistics. # Display the statistics about TCP connections. <Sysname> display tcp statistics Received packets: Total: 753 packets in sequence: 412 (11032 bytes) window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes) out-of-order packets: 0 (0 bytes) packets of data after window: 0 (0 bytes) packets received after close: 0 ACK packets: 481 (8776 bytes) duplicate ACK packets: 7, too much ACK packets: 0 Sent packets: Total: 665 2-10

urgent packets: 0 control packets: 5 (including 1 RST) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 40 (28 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 2-5 on the fields of the display tcp statistics command Received packets: Field Total packets in sequence window probe packets window update packets checksum error offset error short error duplicate packets partially duplicate packets out-of-order packets packets of data after window packets received after close ACK packets duplicate ACK packets too much ACK packets Total number of packets received Number of packets arriving in sequence Number of window probe packets received Number of window update packets received Number of checksum error packets received Number of offset error packets received Number of received packets with length being too small Number of completely duplicate packets received Number of partially duplicate packets received Number of out-of-order packets received Number of packets outside the receiving window Number of packets that arrived after connection is closed Number of ACK packets received Number of duplicate ACK packets received Number of ACK packets for data unsent 2-11

Sent packets: Field Total urgent packets control packets window probe packets window update packets data packets data packets retransmitted ACK-only packets: 40 Total number of packets sent Number of urgent packets sent Number of control packets sent; in brackets are retransmitted packets Number of window probe packets sent; in the brackets are resent packets Number of window update packets sent Number of data packets sent Number of data packets retransmitted Number of ACK packets sent; in brackets are delayed ACK packets Retransmitted timeout connections dropped in retransmitted timeout Keepalive timeout keepalive probe Keepalive timeout, so connections disconnected Initiated connections accepted connections established connections Closed connections Packets dropped with MD5 authentication Packets permitted with MD5 authentication Number of retransmission timer timeouts Number of connections broken due to retransmission timeouts Number of keepalive timer timeouts Number of keepalive probe packets sent Number of connections broken due to keepalive probe failures Number of connections initiated Number of connections accepted Number of connections established Number of connections closed; in brackets are connections closed accidentally (before receiving SYN from the peer) and connections closed initiatively (after receiving SYN from the peer) Number of packets dropped with MD5 authentication Number of packets permitted with MD5 authentication display tcp status display tcp status 2-12

Use the display tcp status command to display the state of all the TCP connections so that you can monitor TCP connections in real time. # Display the state of all the TCP connections. <Sysname> display tcp status *: TCP MD5 Connection TCPCB Local Add:port Foreign Add:port State 03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening 04217174 100.0.0.204:23 100.0.0.253:65508 Established Table 2-6 on the fields of the display tcp status command Field * TCPCB Local Add:port Foreign Add:port State If there is an asterisk before a connection, it means that the TCP connection is authenticated through the MD5 algorithm. TCP control block Local IP address and port number Remote IP address and port number State of the TCP connection display udp statistics display udp statistics Use the display udp statistics command to display the statistics about UDP packets. Related commands: reset udp statistics. # Display the statistics about UDP packets. <Sysname> display udp statistics Received packets: Total: 26320 checksum error: 0 shorter than header: 0, data length larger than packet: 0 2-13

no socket on port: 0 total broadcast or multicast packets : 25006 no socket broadcast or multicast packets: 24989 not delivered, input socket full: 0 input packets missing pcb cache: 1314 Sent packets: Total: 7187 Table 2-7 on the fields of the display udp statistics command Received packets: Sent packets: Total Field checksum error shorter than header data length larger than packet no socket on port total broadcast or multicast packets no socket broadcast or multicast packets not delivered, input socket full input packets missing pcb cache Total Total number of received UDP packets Total number of packets with incorrect checksum Number of packets with data shorter than header Number of packets with data longer than packet Number of unicast packets with no socket on port Total number of received broadcast or multicast packets Total number of broadcast or multicast packets without socket on port Number of not delivered packets due to a full socket cache Number of packets without matching PCB cache Total number of UDP packets sent icmp acl-priority icmp acl-priority undo icmp acl-priority System view Use the icmp acl-priority command to restore the system-defined ACLs for ICMP attack guard. Use the undo icmp acl-priority command to cancel the system-defined ACLs for ICMP attack guard. By default, the system keeps the system-defined ACLs for ICMP attack guard. 2-14

In a secure network, you can cancel the system-defined ACLs for ICMP attack guard, and thus increase the available ACL resources for setting user-defined security policies. With the system-defined ACLs for ICMP attack guard canceled, the ICMP attacks in the network may affect the device s processing for normal packets. Therefore, before canceling the system-defined ACLs for ICMP attack guard, check ICMP attack vulnerabilities in the network to make sure that the network can operate properly after you cancel the system-defined ACLs for ICMP attack guard. # Cancel the system-defined ACLs for ICMP attack guard. <Sysname> system-view [Sysname] undo icmp acl-priority icmp redirect send icmp redirect send undo icmp redirect send System view Use the icmp redirect send command to enable the device to send ICMP redirection packets. Use the undo icmp redirect send command to disable the device from sending ICMP redirection packets. By default, the device is enabled to send ICMP redirection packets. # Disable the device from sending ICMP redirection packets. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] undo icmp redirect send icmp unreach send icmp unreach send undo icmp unreach send System view 2-15

Use the icmp unreach send command to enable the device to send ICMP destination unreachable packets. After enabled with this feature, the switch, upon receiving a packet with an unreachable destination, discards the packet and then sends a destination unreachable packet to the source host. Use the undo icmp unreach send command to disable the device from sending ICMP destination unreachable packets. By default, the device is enabled to send ICMP destination unreachable packets. # Disable the device from sending ICMP destination unreachable packets. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] undo icmp unreach send ip forward-broadcast ip forward-broadcast undo ip forward-broadcast System view Use the ip forward-broadcast command to enable the device to receive directed broadcasts to a directly connected network. Use the undo ip forward-broadcast command to disable the device from receiving directed broadcasts to a directly connected network. By default, the device is disabled from receiving directed broadcasts to a directly connected network. # Enable the device to receive directed broadcasts to a directly connected network. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] ip forward-broadcast 2-16

reset ip statistics reset ip statistics User view Use the reset ip statistics command to clear the statistics about IP packets. You can use the display ip statistics command to view the current IP packet statistics. Related commands: display ip interface. # Clear the statistics about IP packets. <Sysname> reset ip statistics reset tcp statistics reset tcp statistics User view Use the reset tcp statistics command to clear the statistics about TCP packets. You can use the display tcp statistics command to view the current TCP packet statistics. # Clear the statistics about TCP packets. <Sysname> reset tcp statistics reset udp statistics reset udp statistics User view 2-17

Use the reset udp statistics command to clear the statistics about UDP packets. You can use the display udp statistics command to view the current UDP packet statistics. # Clear the statistics about UDP packets. <Sysname> reset udp statistics tcp timer fin-timeout tcp timer fin-timeout time-value undo tcp timer fin-timeout System view time-value: TCP finwait timer, in seconds, with the value ranging from 76 to 3600. Use the tcp timer fin-timeout command to configure the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default value of the TCP finwait timer. By default, the value of the TCP finwait timer is 675 seconds. When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the finwait timer is enabled. If the switch does not receive FIN packets before finwait timer times out, the TCP connection will be terminated. Related commands: tcp timer syn-timeout, tcp window. # Configure the value of the TCP finwait timer to 800 seconds. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] tcp timer fin-timeout 800 tcp timer syn-timeout tcp timer syn-timeout time-value undo tcp timer syn-timeout 2-18

System view time-value: TCP synwait timer, in seconds, with the value ranging from 2 to 600. Use the tcp timer syn-timeout command to configure the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default value of the TCP synwait timer. By default, the value of the TCP synwait timer is 75 seconds. When sending the SYN packet, TCP starts the synwait timer. If the response packet is not received before synwait times out, the TCP connection will be terminated. Related commands: tcp timer fin-timeout, tcp window. # Configure the value of the TCP synwait timer to 80 seconds. <Sysname> system-view System : return to User with Ctrl+Z. [Sysname] tcp timer syn-timeout 80 tcp window tcp window window-size undo tcp window System view window-size: Size of the transmission and receiving buffers of the connection-oriented socket, measured in kilobytes (KB), in the range of 1 to 32. Use the tcp window command to configure the size of the transmission and receiving buffers of the connection-oriented socket. Use the undo tcp window command to restore the default size of the transmission and receiving buffers of the connection-oriented socket. By default, the size of the transmission and receiving buffers is 8 KB. Related commands: tcp timer fin-timeout, tcp timer syn-timeout. # Configure the size of the transmission and receiving buffers of the connection-oriented socket to 3 KB. <Sysname> system-view 2-19

System : return to User with Ctrl+Z. [Sysname] tcp window 3 2-20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback