Sunteți pe pagina 1din 145

Quidway MA5200G Command Reference

Contents

Contents
8 VPN Commands.........................................................................................................................8-1
8.1 VPN Tunnel Management Commands..........................................................................................................8-1 8.1.1 debugging mpls l2vpn timer ................................................................................................................8-1 8.1.2 debugging tnlm ....................................................................................................................................8-2 8.1.3 debugging tunnel..................................................................................................................................8-3 8.1.4 description............................................................................................................................................8-3 8.1.5 destination............................................................................................................................................8-4 8.1.6 display interface tunnel ........................................................................................................................8-5 8.1.7 display tunnel-info ...............................................................................................................................8-7 8.1.8 display tunnel-policy............................................................................................................................8-8 8.1.9 interface tunnel.....................................................................................................................................8-9 8.1.10 source .................................................................................................................................................8-9 8.1.11 tunnel select-seq ...............................................................................................................................8-10 8.1.12 tunnel-policy .................................................................................................................................... 8-11 8.1.13 tunnel-protocol.................................................................................................................................8-12 8.2 L2TP Configuration Commands .................................................................................................................8-13 8.2.1 allow l2tp virtual-template .................................................................................................................8-13 8.2.2 bind slot..............................................................................................................................................8-13 8.2.3 bind source .........................................................................................................................................8-14 8.2.4 debugging l2tp ...................................................................................................................................8-15 8.2.5 debugging lns .....................................................................................................................................8-15 8.2.6 display l2tp session ............................................................................................................................8-16 8.2.7 display l2tp tunnel..............................................................................................................................8-17 8.2.8 display l2tp-group ..............................................................................................................................8-18 8.2.9 display Ins-group all ..........................................................................................................................8-19 8.2.10 l2tp aging .........................................................................................................................................8-20 8.2.11 l2tp enable ........................................................................................................................................8-20 8.2.12 l2tp-group.........................................................................................................................................8-21 8.2.13 l2tp-group.........................................................................................................................................8-22 8.2.14 l2tp-user radius-force .......................................................................................................................8-22 8.2.15 lns-group ..........................................................................................................................................8-23 8.2.16 mandatory-chap................................................................................................................................8-23

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

Contents

Quidway MA5200G Command Reference 8.2.17 mandatory-lcp ..................................................................................................................................8-24 8.2.18 reset l2tp tunnel................................................................................................................................8-25 8.2.19 start l2tp ...........................................................................................................................................8-25 8.2.20 test l2tp-tunnel .................................................................................................................................8-26 8.2.21 tunnel aaa-authentication .................................................................................................................8-27 8.2.22 tunnel authentication ........................................................................................................................8-28 8.2.23 tunnel avp-hidden.............................................................................................................................8-28 8.2.24 tunnel idle-cut ..................................................................................................................................8-29 8.2.25 tunnel load-sharing...........................................................................................................................8-30 8.2.26 tunnel name......................................................................................................................................8-31 8.2.27 tunnel password ...............................................................................................................................8-31 8.2.28 tunnel radius-force ...........................................................................................................................8-32 8.2.29 tunnel retransmit ..............................................................................................................................8-33 8.2.30 tunnel session-limit ..........................................................................................................................8-33 8.2.31 tunnel source ....................................................................................................................................8-34 8.2.32 tunnel timeout ..................................................................................................................................8-35 8.2.33 tunnel timer hello .............................................................................................................................8-36

8.3 GRE Configuration Commands ..................................................................................................................8-36 8.3.1 display gre-group ...............................................................................................................................8-36 8.3.2 gre checksum .....................................................................................................................................8-37 8.3.3 gre key................................................................................................................................................8-38 8.3.4 gre-group............................................................................................................................................8-38 8.3.5 tunnel-binding ....................................................................................................................................8-39 8.4 BGP/MPLS L3VPN Configuration Commands..........................................................................................8-40 8.4.1 apply access-vpn vpn-instance...........................................................................................................8-40 8.4.2 apply-label per-instance .....................................................................................................................8-41 8.4.3 description..........................................................................................................................................8-42 8.4.4 display fib vpn-instance .....................................................................................................................8-42 8.4.5 display ip vpn-instance.......................................................................................................................8-45 8.4.6 export route-policy.............................................................................................................................8-46 8.4.7 import route-policy ............................................................................................................................8-47 8.4.8 ip binding vpn-instance......................................................................................................................8-48 8.4.9 ip route-static vpn-instance ................................................................................................................8-48 8.4.10 ip vpn-instance .................................................................................................................................8-50 8.4.11 mpls te vpn-binding vpn-instance ....................................................................................................8-50 8.4.12 route-distinguisher ...........................................................................................................................8-51 8.4.13 routing-table limit ............................................................................................................................8-52 8.4.14 target ................................................................................................................................................8-53 8.4.15 tnl-policy..........................................................................................................................................8-54 8.4.16 vpn-target .........................................................................................................................................8-55 8.5 MPLS L2VPN Configuration Commands...................................................................................................8-56 8.5.1 ccc interface in-label out-label ...........................................................................................................8-56

ii

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

Contents

8.5.2 ccc interface out-interface ..................................................................................................................8-58 8.5.3 ce........................................................................................................................................................8-58 8.5.4 connection ce-offset ...........................................................................................................................8-59 8.5.5 debugging mpls l2vpn........................................................................................................................8-60 8.5.6 display bgp 12vpn ..............................................................................................................................8-61 8.5.7 display ccc..........................................................................................................................................8-63 8.5.8 display l2vpn ccc-interface vc-type ...................................................................................................8-64 8.5.9 display local-ce mac...........................................................................................................................8-65 8.5.10 display mpls l2vc .............................................................................................................................8-66 8.5.11 display mpls l2vpn ...........................................................................................................................8-69 8.5.12 display mpls l2vpn { export-route-target-list | import-route-target-list } .........................................8-71 8.5.13 display mpls l2vpn connection.........................................................................................................8-71 8.5.14 display mpls l2vpn forwarding-info.................................................................................................8-73 8.5.15 display mpls static-l2vc....................................................................................................................8-74 8.5.16 l2vpn-family.....................................................................................................................................8-74 8.5.17 local-ce ip.........................................................................................................................................8-75 8.5.18 local-ce mac .....................................................................................................................................8-76 8.5.19 local-ce mac broadcast .....................................................................................................................8-77 8.5.20 mpls l2vc..........................................................................................................................................8-77 8.5.21 mpls l2vpn........................................................................................................................................8-79 8.5.22 mpls l2vpn vpn-name.......................................................................................................................8-79 8.5.23 mpls static-l2vc ................................................................................................................................8-80 8.5.24 mtu ...................................................................................................................................................8-81 8.5.25 reset bgp 12vpn ................................................................................................................................8-82 8.5.26 reset local-ce mac.............................................................................................................................8-82 8.5.27 route-distinguisher ...........................................................................................................................8-83 8.5.28 vpn-target .........................................................................................................................................8-84 8.6 VPLS Configuration Commands.................................................................................................................8-85 8.6.1 debugging mpls l2vpn vpls_fib..........................................................................................................8-85 8.6.2 debugging mpls l2vpn vpls_mid ........................................................................................................8-85 8.6.3 description..........................................................................................................................................8-86 8.6.4 display vpls connection......................................................................................................................8-87 8.6.5 display vpls fib...................................................................................................................................8-90 8.6.6 display vpls mid .................................................................................................................................8-92 8.6.7 display vpls statistics..........................................................................................................................8-93 8.6.8 display vsi ..........................................................................................................................................8-94 8.6.9 display vsi remote ..............................................................................................................................8-95 8.6.10 encapsulation....................................................................................................................................8-97 8.6.11 l2 binding .........................................................................................................................................8-97 8.6.12 mac-learn-style.................................................................................................................................8-98 8.6.13 mac-learning ....................................................................................................................................8-98 8.6.14 mtu ...................................................................................................................................................8-99

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

iii

Contents

Quidway MA5200G Command Reference 8.6.15 multi-homing-preference ...............................................................................................................8-100 8.6.16 peer.................................................................................................................................................8-100 8.6.17 pwsignal .........................................................................................................................................8-101 8.6.18 qos car ............................................................................................................................................8-102 8.6.19 remote-vpn-target refresh...............................................................................................................8-102 8.6.20 reset traffic-statistics ......................................................................................................................8-103 8.6.21 route-distinguisher .........................................................................................................................8-104 8.6.22 shutdown........................................................................................................................................8-104 8.6.23 site..................................................................................................................................................8-105 8.6.24 tnl-policy........................................................................................................................................8-106 8.6.25 traffic-statistics...............................................................................................................................8-106 8.6.26 unknown-frame ..............................................................................................................................8-107 8.6.27 vpls bgp encapsulation ...................................................................................................................8-108 8.6.28 vpls-mac-limit ................................................................................................................................8-109 8.6.29 vpls-qos car .................................................................................................................................... 8-110 8.6.30 vpn-target ....................................................................................................................................... 8-111 8.6.31 vsi................................................................................................................................................... 8-112 8.6.32 vsi-id .............................................................................................................................................. 8-113

8.7 PWE3 Configuration Commands.............................................................................................................. 8-113 8.7.1 atm cell transfer................................................................................................................................ 8-113 8.7.2 bandwidth......................................................................................................................................... 8-114 8.7.3 control-word..................................................................................................................................... 8-115 8.7.4 display mpls l2vc ............................................................................................................................. 8-115 8.7.5 display mpls static-l2vc.................................................................................................................... 8-118 8.7.6 display mpls switch-l2vc.................................................................................................................. 8-119 8.7.7 display pw-template .........................................................................................................................8-120 8.7.8 explicit-path .....................................................................................................................................8-122 8.7.9 fragmentation ...................................................................................................................................8-122 8.7.10 l2 bridge-interworking ...................................................................................................................8-123 8.7.11 map pvc ..........................................................................................................................................8-124 8.7.12 mpls l2vc........................................................................................................................................8-124 8.7.13 mpls l2vpn......................................................................................................................................8-126 8.7.14 mpls l2vpn default martini .............................................................................................................8-127 8.7.15 mpls static-l2vc ..............................................................................................................................8-127 8.7.16 mpls switch-l2vc ............................................................................................................................8-129 8.7.17 peer-address ...................................................................................................................................8-131 8.7.18 ping vc............................................................................................................................................8-132 8.7.19 pw-template....................................................................................................................................8-134 8.7.20 reset pw ..........................................................................................................................................8-134 8.7.21 snmp-agent trap enable l2vc ..........................................................................................................8-135 8.7.22 tnl-policy........................................................................................................................................8-136 8.7.23 Transport ........................................................................................................................................8-137

iv

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

Contents

8.7.24 vccv................................................................................................................................................8-137 8.7.25 vpls-mac-limit ................................................................................................................................8-138

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

Tables

Quidway MA5200G Command Reference

Tables
Table 8-1 Description of the output of the debugging mpls l2vpn timer command.........................................8-2 Table 8-2 Description of the output the display interface tunnel command.....................................................8-6 Table 8-3 Description of the output the display tunnel-info command.............................................................8-8 Table 8-4 Description of the output the display tunnel-policy command .........................................................8-8 Table 8-5 Description of the output the display L2tp session command.........................................................8-17 Table 8-6 Description of the output the display L2tp tunnel command..........................................................8-18 Table 8-7 Description of the output of the display fib vpn-instance command ..............................................8-44 Table 8-8 Description of the output the display bgp l2vpn peer peer-ip-address command ..........................8-63 Table 8-9 Description of the output the display local-ce mac command.........................................................8-65 Table 8-10 Description of the output the display mpls l2vc command............................................................8-67 Table 8-11 Description of the output the display mpls l2vc remote-info command .......................................8-68 Table 8-12 Description of the output the display mpls l2vpn command.........................................................8-69 Table 8-13 Description of the output the display mpls l2vpn vpn-instance-name command..........................8-70 Table 8-14 Description of the output the display mpls l2vpn vpn-instance-name local-ce command ............8-70 Table 8-15 Description of the output the display mpls l2vpn vpninstance name remote-ce command ......8-71 Table 8-16 Description of the output the display vpls connection command .................................................8-88 Table 8-17 Description of the output the display vpls connection verbose command ...................................8-89 Table 8-18 Description of the output the display vpls connection command .................................................8-90 Table 8-19 Description of the output the display vpls fib command ...............................................................8-91 Table 8-20 Description of the output the display vpls mid command .............................................................8-93 Table 8-21 Description of the output the display vpls statistics command .....................................................8-94 Table 8-22 Description of the output the display vsi command.......................................................................8-94 Table 8-23 Description of the output the display vsi remote command ..........................................................8-96 Table 8-24 Description of the output the display mpls l2vc interface command.......................................... 8-117 Table 8-25 Description of the output the display mpls switch-l2vc command .............................................8-120 Table 8-26 Description of the output the display pw-template command ....................................................8-121

vi

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8
8.1.1 debugging mpls l2vpn timer
Syntax
debugging mpls l2vpn timer undo debugging mpls l2vpn timer

VPN Commands

8.1 VPN Tunnel Management Commands

View
User view

Parameter
None

Description
Using the debugging mpls l2vpn timer command, you can enable the debugging of MPLS L2VPN timer. Using the undo debugging mpls l2vpn timer command, you can disable the debugging. By default, the debugging of MPLS L2VPN timer is disabled.

Example
# Enable the debugging of MPLS L2VPN timer.
<Quidway> debugging mpls l2vpn timer *0.567921 RTA L2V/8/DBG: ! L2VPN TNL cache flushed *0.567921 RTA L2V/8/DBG: PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=1,vctype=4)... *0.567937 RTA L2V/8/DBG: ! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy1 *0.567937 RTA L2V/8/DBG:

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-1

8 VPN Commands
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=2,vctype=4)... *0.567937 RTA L2V/8/DBG:

Quidway MA5200G Command Reference

! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1 *0.567952 RTA L2V/8/DBG: PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=3,vctype=4)... *0.567952 RTA L2V/8/DBG: ! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1 *0.567952 RTA L2V/8/DBG: PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=4,vctype=4)... *0.567968 RTA L2V/8/DBG: ! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy4 *0.567968 RTA L2V/8/DBG: PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=5,vctype=4)... *0.567968 RTA L2V/8/DBG: ! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1 *0.567968 RTA L2V/8/DBG: ! L2VPN TNL cache flushed

Table 8-1 Description of the output of the debugging mpls l2vpn timer command Item ! L2VPN TNL cache flushed! ! PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=1,vctype=4) ! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy1 ! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1 ! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy4 Description The cache of the L2VPN tunnel is refreshed. Enables the tunnel timer of LDP VC. In the first VC refreshing process, no tunnel information exists in the cache, and tunneling policy policy1 and the tunnel to 2.2.2.9 are not found. Tunneling policy policy1 and the tunnel to 2.2.2.9 are found in the cache. Tunneling policy policy4 and the tunnel to 2.2.2.9 are not found in the cache.

8.1.2 debugging tnlm


Syntax
debugging tnlm { all | error | event } undo debugging tnlm { all | error | event }

View
User view

Parameter
all: enables the debugging of tunnel management.

8-2

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

error: enables the debugging of error for tunnel management. event: enables the debugging of event for tunnel management.

Description
Using the debugging tnlm command, you can enable the debugging of tunnel management. Using the undo debugging tnlm command, you can disable the debugging of tunnel management. By default, the debugging of tunnel management is disabled.

Example
# Enable the error debugging for tunnel management.
<Quidway> debugging tnlm error

8.1.3 debugging tunnel


Syntax
debugging tunnel undo debugging tunnel

View
User view

Parameter
None

Description
Using the debugging tunnel command, you can enable tunnel debugging. Using the undo debugging tunnel command, you can disable tunnel debugging. By default, tunnel debugging is disabled.

Example
# Enable tunnel debugging.
<Quidway> debugging tunnel

8.1.4 description
Syntax
description text undo description

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-3

8 VPN Commands

Quidway MA5200G Command Reference

View
Tunnel interface view

Parameter
text: specifies the description of the tunnel interface. It is a string of 1 to 64 characters.

Description
Using the description command, you can set the description of the current tunnel information. Using the undo description command, you can delete the description. The description command has no default value.

Example
# Set the description of Tunnel1/0/0.
<Quidway> system-view [Quidway] interface Tunnel1/0/0 [Quidway-Tunnel1/0/0] description This is a tunnel from 1.1.1.1 to 2.2.2.2

# Delete the description of Tunnel1/0/0.


<Quidway> system-view [Quidway] interface Tunnel1/0/0 [Quidway-Tunnel1/0/0] undo description

8.1.5 destination
Syntax
destination [ vpn-instance vpn-instance-name ] dest-ip-address undo destination

View
Tunnel interface view

Parameter
vpn-instance-name: specifies the name of the VPN instance that the tunnel destination belongs to. It is a string 1 to 31 characters. dest-ip-address: specifies the destination address of a tunnel, that is, the IP address of the physical or logical interface o the other end of the tunnel.

8-4

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the destination command, you can configure the destination IP address for the tunnel. The destination IP address of tunnel is the IP address of the actual physical interface receiving packets. For IPv6 manual tunnel and GRE tunnel, you must specify an IPv4 address as the destination address of the tunnel. However, for IPv6 to IPv4 tunnel and automatic tunnel, the destination address can be the IPv6 address of the next hop. The destination command is invalid to the latter two modes. Determine whether to configure the source and destination addresses for the tunnel interface according to practical application. For instance, only the destination IP address needs to be configured for MPLS TE tunnel. Using the undo destination command, you can delete the destination IP address. For the related commands, see interface tunnel and source.

Example
# Set the destination IP address for the tunnel.
<Quidway> system-view [Quidway] interface tunnel 1/0/0 [Quidway-Tunnel1/0/0] destination 10.18.4.128

8.1.6 display interface tunnel


Syntax
display interface tunnel [ interface-number ] [ | { begin | exclude | include } text ]

View
All views

Parameter
interface-number: specifies number of the tunnel interface in the form of "slot number/card number/port number". | : outputs the lines related to those including the character string text according to regular expression. begin: displays all the lines beginning with the line that matches the text. exclude: displays the lines not containing the lines that match the text. include: displays the lines containing the lines that match the text. text: specifies a regular expression for filtering output.

Description
Using the display interface tunnel command, you can display the information of tunnel interface.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-5

8 VPN Commands

Quidway MA5200G Command Reference

For the related commands, see destination, source, gre key and tunnel-protocol.

Example
# Display all the information of tunnel 7/1/1.
<Quidway> display interface Tunnel 7/1/1 Tunnel7/1/1 current state : UP Line protocol current state : DOWN Description : HUAWEI, Quidway Series, Tunnel7/1/1 Interface, Route Port The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled Encapsulation is TUNNEL, loopback not set Tunnel source 0.0.0.0, destination 0.0.0.0 Tunnel protocol/transport IPv6 over IPv4 QoS max-bandwidth : 64 Kbps Output queue : (Urgent queue : Size/Length/Discards) 0/50/0 Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0 Output queue : (FIFO queue : Size/Length/Discards) 0/256/0 5 minutes input rate 0 bytes/sec, 0 packets/sec 5 minutes output rate 0 bytes/sec, 0 packets/sec 0 packets input, 0 bytes 0 input error 0 packets output, 0 bytes 0 output error

Table 8-2 Description of the output the display interface tunnel command Item Tunnel7/1/1 current state : UP Line protocol current state : DOWN Description Quidway Series The Maximum Transmit Unit is 1500 bytes Internet protocol processing : disabled Encapsulation is TUNNEL loopback not set Tunnel source 0.0.0.0, destination 0.0.0.0 Tunnel protocol/transport IPv6 over IPv4 5 minutes input rate Description The physical state of the tunnel interface is Up The Line protocol state of the tunnel interface is Down The description information of the tunnel interface, being HUAWEI in this example The router is Quidway series The size of MTU in the tunnel is 1500 bytes in this example The Internet protocol processing is disabled Encapsulation mode is tunnel mode. Loopback test is not enabled. The source address and the destination address of the tunnel. The encapsulation protocol and transmission protocol of the tunnel, being IPv6 over IPv4 here The packet input rate within the last 5 minutes

8-6

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Item bytes/sec packets/sec 5 minutes output rate packets input input error packets output output error

Description Bytes per second Packets per second The packet output rate in the last 5 minutes The total number of input packets The total number of input error packets The total number of output packets The total number of output error packets

8.1.7 display tunnel-info


Syntax
display tunnel-info { tunnel-id | all | statistics [ slots ] }

View
All views

Parameter
tunnel-id: displays the tunnel information with the specified tunnel ID. all: displays the tunnel information of all the existing tunnels. statistics: displays the statistics of all tunnels.

Description
Using the display tunnel-info command, you can display the tunnel information.

Example
# Display the information about all tunnels.
<Quidway> display tunnel-info all * -> Allocated VC Token Tunnel ID 0x3a70000 0x3a70001 0x3a70002 0x3a70004 0x3a70005 0x3c70043 Type cr lsp cr lsp cr lsp cr lsp cr lsp local ifnet Destination 51.0.0.1 51.0.0.1 50.0.0.1 51.0.0.1 51.0.0.1 -Token 0 1 2 4 5 67 ----------------------------------------------------------------------

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-7

8 VPN Commands

Quidway MA5200G Command Reference

Table 8-3 Description of the output the display tunnel-info command Item Tunnel ID Type Destination Token Description Tunnel ID Tunnel type Destination IP address Token number

8.1.8 display tunnel-policy


Syntax
display tunnel-policy { all | tunnel-policy-name }

View
All views

Parameter
all: displays the information of all tunnel policies. tunnel-policy-name: displays the information of a specified tunnel policy. The tunnel-policy-name specifies the tunnel policy name. It is a string of 1 to 19 characters.

Description
Using the display tunnel-policy command, you can display the information of tunnel policy.

Example
# Display the information of all the tunnel policies.
<Quidway> display tunnel-policy all Tunnel Policy Name policy1 q Select-Seq LSP LSP 1 1 Load balance No ------------------------------------------------------

Table 8-4 Description of the output the display tunnel-policy command Item Tunnel Policy Name Select-Seq Load balance No Description Tunnel policy name Tunnel select sequence Load balance number

8-8

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.1.9 interface tunnel


Syntax
interface tunnel interface-number undo interface tunnel interface-number

View
System view

Parameter
interface-number: specifies tunnel interface number in the form of "slot number/card number/port number". The value ranges from 0 to 2047.

Description
Using the interface tunnel command, you can create tunnel interface. You have to create tunnel interface to connect two separate IPv6 networks through IPv4 network. The tunnel interface is valid after the attributes are configured. IPv6 packets can be forwarded after IPv6 is enabled. Using the undo interface tunnel command, you can delete tunnel interface.

Example
# Create tunnel7/1/1.
<Quidway> system-view [Quidway] interface tunnel 7/1/1

# Delete unnel7/1/1.
<Quidway> system-view [Quidway] undo interface tunnel 7/1/1

8.1.10 source
Syntax
source { ip-address | interface-type interface-number } undo source

View
Tunnel interface view

Parameter
ip-address: specifies the IP address of the real interface sending GRE packet in the address form of A.B.C.D.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-9

8 VPN Commands

Quidway MA5200G Command Reference

interface-type interface-number: specifies the type and number of the source Tunnel interface. The types include ATM, AUX, Eth-Trunk, Ethernet, Gigabit Ethernet, loopback , null, POS, Tunnel, and virtual template.

Description
Using the source command, you can configure the source interface or address for tunnel. Using the undo source command, you can delete the above settings. For encapsulation of IPv4 packet header, IPv4 address of the source interface has to be specified as the source address of Tunnel. The source address for Tunnel is the IP address of the physical interface sending packets. Determine whether to configure the source and destination address for Tunnel interface according to practical application. For instance, only the destination address needs to be configured for MPLS TE tunnel. For the related commands, see interface tunnel, destination.

Example
# Configure the source interface for tunnel.
<Quidway> system-view [Quidway] interface tunnel 1/0/1 [Quidway-Tunnel1/0/1] source GigabitEthernet 1/0/1

8.1.11 tunnel select-seq


Syntax
tunnel select-seq { cr-lsp | gre | lsp } * load-balance-number number undo tunnel select-seq

View
Tunnel-policy view

Parameter
cr-lsp: adopts CR-LSP tunnel as VPN tunnel. gre: adopts GRE tunnel as VPN tunnel. lsp: adopts LSP tunnel as VPN tunnel. load-balance-number number: specifies how many tunnels to be used for load balancing. The value ranges from 1 to 6.

Description
Using the tunnel select-seq command, you can configure the tunnel policy, that is, configure the tunnel preference sequence and set how many tunnels to be used for load balancing. Using the undo tunnel select-seq command, you can cancel the configuration.

8-10

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

By default, for L2VPN or L3VPN, if no tunnel policy is specified, LSP is taken as VPN tunnel and the number of tunnels for load balancing is 1. The range of load-balancing-number is controlled by License. For the related command, see tunnel-policy.

Example
# Set the preference sequence for the tunnel is that, the LSP tunnel by preference, and then GRE tunnel. The load-balancing-number is 1.
<Quidway> system-view [Quidway] tunnel-policy policy1 [Quidway-tunnel-policy-policy1] tunnel select-seq lsp gre load-balance-number 1

8.1.12 tunnel-policy
Syntax
tunnel-policy tunnel-policy-name undo tunnel-policy tunnel-policy-name

View
System view

Parameter
tunnel-policy-name: specifies the name of the tunnel policy. It is a string of 1 to 19 characters.

Description
Using the tunnel-policy command, you can create a tunnel policy and enter its view. Using the undo tunnel-policy command, you can delete the configured tunnel policy. Tunnel policy is used to select tunnels according to IP address. In tunnel policy, the select sequence and load-balancing-number can be configured. Proper tunnels can be selected based on tunnel policy for the application of various tunnels. For the related command, see tunnel select-seq.

Example
# Create a tunnel policy named policy1 and enter its view.
<Quidway> system-view [Quidway] tunnel-policy policy1 [Quidway-tunnel-policy-policy1]

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-11

8 VPN Commands

Quidway MA5200G Command Reference

8.1.13 tunnel-protocol
Syntax
tunnel-protocol { gre | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | mpls te } undo tunnel-protocol

View
Tunnel interface view

Parameter
gre: configures GRE tunnel as the tunnel mode. When this parameter is specified, the tunnel interface must in the slot where the TSU is inserted. ipv6-ipv4: configures IPv6 to IPv4 tunnel as the tunnel mode. 6to4: configures 6to4 tunnel as the tunnel mode. auto-tunnel: configures automatic tunnel as the tunnel mode. isatap: configures isatap tunnel as the tunnel mode. mpls te: configures MPLS tunnel as the tunnel mode.

Description
Using the tunnel-protocol command, you can configure the tunnel mode. Using the undo tunnel-protocol command, you can cancel the setting. Tunnel mode can be selected according to network topology and application. The manual tunnel is in point-to-point mode, and IPv6 to IPv4 tunnel is in point-to-multipoint mode as automatic tunnel. Only one automatic tunnel can be created in a node. For security, you can select GRE tunnel, which is point-to-point mode. GRE tunnel mode takes authentication key and checksum as its security mechanism.

Example
# Configure tunnel mode to 6to4.
<Quidway> system-view [Quidway] interface tunnel 1/0/0 [Quidway-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4

8-12

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.2 L2TP Configuration Commands


8.2.1 allow l2tp virtual-template
Syntax
allow l2tp virtual-template virtual-template-number [ remote lac-name ] [ default-domain domain-name ] undo allow

View
L2TP group view

Parameter
virtual-template-num: specifies the number of the VT bound to the Layer2 Tunneling Protocol (L2TP) group, ranging from 0 to 1023. remote lac-name: indicates the name of the remote L2TP Access Concentrator (LAC) of L2TP Network Server (LNS). lac-name specifies the name of LAC peer. It is a string of 1 to 30 characters. default-domain domain-name: indicates the default domain associated with the LNS. The domain-name parameter is a string of 1 to 64 characters.

Description
Using the allow l2tp virtual-template command, you can set the L2TP group to the LNS type, bind it to the virtual template, and specify the name of the peer. You have to configure all the groups except the default group default-lns. Using the undo allow command, you can delete the configuration and restore the default setting. By default, no virtual template is bound to L2TP group.

Example
# Set the L2TP group to the LNS type, bind it to virtual template 1, and name the peer lac1.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] allow l2tp virtual-template 1 remote lac1

Except default LNS of the L2TP group, LNSs of all L2TP groups must be configured with a remote-name.

8.2.2 bind slot


Syntax
bind slot slot-number

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-13

8 VPN Commands

Quidway MA5200G Command Reference

undo bind slot slot-number

View
LNS group view

Parameter
slot-number: specifies the slot number of the tunnel. The value range is the actual slot number in slot.

Description
Using the bind slot command, you can bind the tunnel board with the LNS backup group. Using the undo bind slot command, you can unbind the tunnel board with the LNS backup group.

Example
# Bind the tunnel board in slot 3 with the backup group backgroup.
<Quidway> system-view [Quidway] lns-group backgroup [Quidway-lns-group-backgroup] bind slot 3

8.2.3 bind source


Syntax
bind source { interface-type interface-number } undo bind source { interface-type interface-number }

View
LNS group view

Parameter
interface-type interface-number: specifies the interface bound to the backup group.

Description
Using the bind source command, you can bind the interface to the LNS backup group. Using the undo bind source command, you can unbind the interface.

Example
# Bind the loopback 0 with the LNS backup group.
<Quidway> system-view [Quidway] lns-group backgroup [Quidway-lns-group-backgroup] bind source LoopBack 0

8-14

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.2.4 debugging l2tp


Syntax
debugging l2tp { all | control | dump | error | event | hidden | payload | timestamp | syn } undo debugging l2tp { all | control | dump | error | event | hidden | payload | timestamp | syn }

View
User view

Parameter
all: enables the debugging of all the LAC information. control: enables the debugging of the control message. dump: enables the debugging of the PPP message. error: enables the debugging of the error message. event: enables the debugging of the LAC events. hidden: enables the debugging of the hidden Attribute Value Pair (AVP). payload: enables the debugging of LAC payload packets. timestamp: enables the debugging of the timestamp. syn: enables the debugging of synchronization information.

Description
Using the debugging l2tp command, you can enable the debugging for LAC. Using the undo debugging l2tp command, you can disable the debugging for LAC. By default, the LAC debugging is disabled.

Example
# Enable the debugging for LAC control messages.
<Quidway> debugging l2tp control

8.2.5 debugging lns


Syntax
debugging lns { all | control | dump | error | event | hidden | payload | timestamp | syn } undo debugging lns { all | control | dump | error | event | hidden | payload | timestamp | syn }

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-15

8 VPN Commands

Quidway MA5200G Command Reference

View
User view

Parameter
all: enables the debugging of all the LNS information. control: enables the debugging of the control message. dump: enables the debugging of the PPP message. error: enables the debugging of the error message. event: enables the debugging of the LNS events. hidden: enables the debugging of the hidden Attribute Value Pair (AVP). payload: enables the debugging of LNS payload packets. timestamp: enables the debugging of the timestamp. syn: enables the debugging of synchronization information.

Description
Using the debugging l2tp command, you can enable the debugging for LNS. Using the undo debugging l2tp command, you can disable the debugging for LNS. By default, the LNS debugging is disabled.

Example
# Enable the debugging for LNS control messages.
<Quidway> debugging lns control

8.2.6 display l2tp session


Syntax
display l2tp session [slot slot-number ] [ session-item session-id ]

View
All views

Parameter
session-item: displays the L2TP session information of the specified session ID. session-id: specifies the local ID of the L2TP session. The value is an integer. For the MA5200G-2, it ranges from 1 to 12288. For the MA5200G-4, it ranges from 1 to 24567. For the MA5200G-8, it ranges from 1 to 49152. slot: displays the L2TP session information of the specified tunnel board.

8-16

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

slot-number: specifies the slot number of the tunnel board.

Description
Using the display l2tp session command, you can display L2TP sessions. For the related command, see display l2tp tunnel.

Example
# Display L2TP sessions.
<Quidway> display l2tp session LocalSID 1 1 RemoteSID 2 LocalTID

Total session = 1

Table 8-5 Description of the output the display L2tp session command Item LocalSID RemoteSID LocalTID Total session Description The only value identifying a session for local The only value identifying a session for remote Local tag ID for tunnel The number of sessions

8.2.7 display l2tp tunnel


Syntax
display l2tp tunnel lac [ tunnel-item tunnel-id | tunnel-name tunnel-name ] display l2tp tunnel lns slot slot-number

View
All views

Parameter
lac: displays L2TP tunnel information of LAC. tunnel-item tunnel-id: displays the information of the L2TP tunnel with the specified ID. The value of local ID for L2TP tunnel ranges from 1 to 65,535. tunnel-name tunnel-name: displays L2TP information of a specific remote name. It is a string of 1 to 30 characters. lns slot slot-number: displays the L2TP tunnel information of the specified tunnel board. The value of slot-number is the slot number of tunnel board which is in slot actually.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-17

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the display l2tp tunnel command, you can display the information of L2TP tunnels. For the related command, see display l2tp session.

Example
# Display the current L2TP tunnel.
<Quidway> display l2tp tunnel LocalTID RemoteTID RemoteAddress Port Sessions RemoteName 2 22849 11.1.1.1 1701 1 lns Total tunnel = 1

Table 8-6 Description of the output the display L2tp tunnel command Item LocalTID RemoteTID RemoteAddress Port Sessions RemoteName Description The only value identifying a session for local The only value identifying a session for remote Remote IP address Remote port number The number of sessions on the tunnel Remote name

8.2.8 display l2tp-group


Syntax
display l2tp-group [ group-name ]

View
All views

Parameter
group-name: displays the configuration information of the specified L2TP group. It is a string of 1 to 30 characters.

Description
Using the display l2tp-group command, you can display the configuration information of an L2TP group.

Example
# Display the configuration information of L2TP group lns1.

8-18

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


<Quidway> display l2tp-group lns1 ----------------------------------------------L2tp-index: Group-Name: TunnelAuth: Tunnel Avp46: LocalName: Encrypt : avp-hidden: load-share: Hello Timeout : : 0 0 0 60 5 2 60 0 4294967295 255.255.255.255 1 lac1 0 0 0 3 lns1 Not tunnel authentication Not tunnel aaa-authentication Not tunnel Avp46 LNS

8 VPN Commands

Tunnel aaa Auth:

Radius-auth: 0 Retransmit: Idle cut : Used IfIndex SrcIp VtNum : : : :

SessionLimit: 49152

RemoteName: ForceChap : LcpReg LnsNum : :

DefaultDomain:default1

LnsIPAddr :

-----------------------------------------------

8.2.9 display Ins-group all


Syntax
display lns-group all

View
All views

Parameter
None

Description
Using the display lns-group all command, you can view all the LNS backup groups in the system.

Example
# Display all the LNS backup groups.
<Quidway> display lns-group all ------------------------------------------------------------------------------

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-19

8 VPN Commands
GroupNum GroupName 0 lns1 Interface Loopback0

Quidway MA5200G Command Reference


AllSlot ----

-------------------------------------------------------------------------

8.2.10 l2tp aging


Syntax
l2tp aging time undo l2tp aging

View
System view

Parameter
time: specifies the LNS aging time, ranging from 1 to 60, in minute.

Description
Using the l2tp aging command, you can set the LNS aging time. The default value is 5 minutes. Using the undo l2tp aging command, you can restore the default value. For the related command, see l2tp-group.

Example
# Set the LNS aging time to 10 minutes.
<Quidway> system-view [Quidway] l2tp aging 10

8.2.11 l2tp enable


Syntax
l2tp enable undo l2tp enable

View
System view

Parameter
None

8-20

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the l2tp enable command, you can enable the L2TP function. VPN services can be deployed only after the L2TP function is enabled. Using the undo l2tp enable command, you can disable the L2TP function. You can provide the VPN service only after explicitly enabling the L2TP function by using the command l2tp enable. By default, the L2TP function is disabled. For the related command, see l2tp-group.

Example
# Enable the L2TP function on the MA5200G.
<Quidway> system-view [Quidway] l2tp enable

8.2.12 l2tp-group
Syntax
l2tp-group group-name undo l2tp-group group-name

View
System view

Parameter
group-name: specifies the name of an L2TP group. It is a string of 1 to 30 characters.

Description
Using the l2tp-group command, you can create an L2TP group. Using the undo l2tp-group command, you can delete the L2TP group. After the L2TP group is deleted, all the configurations in this group are deleted. There are two default groups: default-lns and default-lac. You can only change the parameters of the default groups rather than deleting the groups. The default-lac group is used for the default LAC group. The default-lns group is used for the default LNS group.

Example
# Create an L2TP group huawei and enter its view.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei]

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-21

8 VPN Commands

Quidway MA5200G Command Reference

8.2.13 l2tp-group
Syntax
l2tp-group group-name undo l2tp-group group-name

View
Domain view

Parameter
group-name: specifies the name of an L2TP group. It is a string of 1 to 30 characters.

Description
Using the l2tp-group command, you can specify an L2TP group in the domain. Using the undo l2tp-group command, you can delete an L2TP group from the domain.

Example
# Specify an L2TP group test in domain huawei.
<Quidway> system-view [Quidway] aaa [Quidway-aaa] domain huawei [Quidway-aaa-domain-huawei] l2tp-group test

8.2.14 l2tp-user radius-force


Syntax
l2tp-user radius-force undo l2tp-user radius-force

View
Domain view

Parameter
None

Description
Using the l2tp-group command, you can specify the L2TP attributes delivered by the RADIUS server for the domain users. Using the undo l2tp-group command, you can cancel the L2TP attributes delivered by the RADIUS server for the domain users.

8-22

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
# Specify L2TP attributes delivered by the RADIUS server for the domain users.
<Quidway> system-view [Quidway] aaa [Quidway-aaa] domain huawei [Quidway-aaa-domain-huawei] l2tp-user radius-force

8.2.15 lns-group
Syntax
lns-group group-name undo lns-group group-name

View
System view

Parameter
group-name: specifies the name of LNS backup group. It is a string of 1 to 30 characters.

Description
Using the lns-group command, you can create an LNS backup group and enter its view. Using the undo lns-group command, you can delete the LNS backup group. By default, no LNS backup group is created.

Example
# Create a backup group named backgroup.
<Quidway> system-view [Quidway] lns-group backgroup

8.2.16 mandatory-chap
Syntax
mandatory-chap undo mandatory-chap

View
L2TP group view

Parameter
None

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-23

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the mandatory-chap command, you can conduct the mandatory CHAP re-authentication between the LNS and the Client. Using the undo mandatory-chap command, you can delete the mandatory CHAP re-authentication. By default, no user authentication is conducted on LNS side.

Example
# Conduct the mandatory CHAP re-authentication between the LNS and the Client.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] mandatory-chap

8.2.17 mandatory-lcp
Syntax
mandatory-lcp undo mandatory-lcp

View
L2TP group view

Parameter
None

Description
Using the mandatory-lcp command, you can conduct the mandatory LCP protocol re-negotiation of the LNS and the Client. Using the undo mandatory-lcp command, you can delete the re-negotiation. By default, the re-negotiation is not conducted on the LNS.

Example
# Conduct the mandatory LCP re-negotiation between the LSN and the Client.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] mandatory-lcp

8-24

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.2.18 reset l2tp tunnel


Syntax
reset l2tp tunnel { lac { tunnel-item tunnel-id | tunnel-name tunnel-name } | lns slot slot-number }

View
User view

Parameter
lac: resets L2TP tunnel connection of LAC. tunnel-item tunnel-id: resets the L2TP tunnel connection with the specified tunnel ID. The value of local ID for L2TP tunnel ranges from 1 to 65,535. tunnel-name tunnel-name: resets L2TP connection of a specified remote name. It is a string of 1 to 30 characters. lns slot slot-number: resets the L2TP tunnel connection of the specified tunnel board. The value of slot-number is the number of the tunnel board in slot.

Description
Using the reset l2tp tunnel command, you can disconnect the L2TP tunnel and all sessions on this tunnel. When the user on the peer end initiates a call again, the tunnel can be re-established. You can disconnect the tunnel by specifying name of the peer end of the tunnel. If no tunnel is matched, the command does not affect any tunnel. If multiple matching tunnels exist (with the same name but different IP addresses), all of them are disconnected. If you specify the parameter tunnel-id, only the matched tunnel is disconnected. For the related command, see display l2tp tunnel.

Example
# Disconnect the tunnel whose peer end named AS8010.
<Quidway> reset l2tp tunnel lac tunnel-name AS8010

8.2.19 start l2tp


Syntax
start l2tp [ ip ip-address [ weight ins-weight ] ] &<1-8> undo start

View
L2TP group view

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-25

8 VPN Commands

Quidway MA5200G Command Reference

Parameter
ip: configures the IP address for the peer LNS. ip-address: specifies the IPv4 address of the peer LNS. You can set up to eight IP addresses. weight: sets the weight for LNS. ins-weight: specifies the weight value. The value ranges from 1 to 10.

Description
Using the start l2tp command, you can set the triggering condition for the local end as the L2TP LAC to initiate a call. Using the undo start command, you can delete the triggering condition. The command runs on the LAC to specify the IP address of LNS. You can specify a VPN user by providing the full username. For a VPN user, the local end, namely LAC, sends a connection request to LNSs in the order of LNS configuration. When LAC receives the ACK from an LNS, the LNS becomes the peer end of the tunnel. Otherwise, the LAC sends the request to the next LNS to establish a tunnel. The ways of judging VPN users may conflict with each other. For example, the system may assign the LNS 1.1.1.1 according to the full username but also assign the LNS 1.1.1.2 according to the domain name of the same user. Therefore, it is necessary to define the precedence for the two ways. By default, the system checks for an L2TP group according to the full username. If not, then the domain name is used. By default, no triggering condition for L2TP LAC is configured in the system.

Example
# Set the IP address for the peer LNS to 10.10.10.1 and set the LNS weight to 1.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] start l2tp ip-address 10.10.10.1 weight 1

8.2.20 test l2tp-tunnel


Syntax
test l2tp-tunnel l2tp-group group-name ip-address ip-address

View
L2TP group view

Parameter
group-name: specifies the L2TP group name. It is a string of 1 to 30 characters. ip-address: specifies the IPv4 address of the peer LNS for L2TP tunnel.

8-26

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the test l2tp-tunnel command, you can configure on the LAC to test the connection of an L2TP tunnel with specified L2TP group and specified LNS address. By default, this function is disabled.

Example
# Test an L2TP tunnel with the L2TP group named huawei and LNS IP address 10.10.10.1.
<Quidway> system-view [Quidway] l2tp-group lac1 [Quidway-l2tp-lac1] test l2tp-tunnel l2tp-group huawei ip-address 10.10.10.1

8.2.21 tunnel aaa-authentication


Syntax
tunnel aaa-authentication undo tunnel aaa-authentication

View
L2TP group view

Parameter
None

Description
Using the tunnel aaa-authentication command, you can configure the AAA authentication on the L2TP tunnel. Using the undo tunnel aaa-authentication command, you can cancel the AAA authentication. Usually, when authenticating a L2TP tunnel, the MA5200G authenticates only the name and password. With the AAA authentication enabled on the L2TP tunnel, the MA5200G sends the name and password to the AAA server (RADIUS server or HWTACACS server) for authentication. The tunnel AAA authentication allows different passwords on the LAC and the LNS. By default, the tunnel AAA authentication is disabled on the L2TP tunnel.

Example
# Configure the AAA authentication on the L2TP tunnel.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel aaa-authentication

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-27

8 VPN Commands

Quidway MA5200G Command Reference

8.2.22 tunnel authentication


Syntax
tunnel authentication undo tunnel authentication

View
L2TP group view

Parameter
None

Description
Using the tunnel authentication command, you can enable the L2TP tunnel authentication. Using the undo tunnel authentication command, you can disable the L2TP tunnel authentication. In normal cases, both ends of an L2TP tunnel are verified by each other to ensure the security. If you want to test the connectivity of the network, or want to accept the connection initiated by an unknown peer, you may choose not to verify the tunnel. The L2TP tunnel authentication can be initiated by any of the two ends, LAC or LNS. If the authentication is initiated by any of the two, the tunnel is authenticated in the tunnel establishment. Only the passwords of the both sides are identical and not null, the tunnel can be established. Otherwise, the tunnel is disconnected. If the tunnel authentication is disabled by both LAC and LNS, whether the passwords of the both sides are identical takes no effect. By default, the L2TP tunnel authentication is enabled.

Example
# Disable the tunnel authentication on the MA5200G.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] undo tunnel authentication

8.2.23 tunnel avp-hidden


Syntax
tunnel avp-hidden undo tunnel avp-hidden

View
L2TP group view

8-28

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Parameter
None

Description
Using the tunnel avp-hidden command, you can hide AVP in transmission. Using the undo tunnel avp-hidden command, you can restore the default setting. By default, a tunnel transfers AVP in plain text. In the L2TP, some parameters are transferred in the form of AVP. If these data are security demanding, you can hide them in transmission by using this command.

The authentication passwords must be the same for configuring the AVP hidden function. Tunnel AAA authentication allows different passwords for both sides while AVP hidden requires the same password for resolution of the hidden AVP data for the algorithm reason. Do not configure the AVP hidden function when configuring AAA authentication; otherwise, the user cannot get on line.

Example
# Hide AVP in transmission.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel avp-hidden

8.2.24 tunnel idle-cut


Syntax
tunnel idle-cut time undo tunnel idle-cut

View
L2TP group view

Parameter
time: specifies the idle-cut time of the tunnel in seconds. Its value ranges from 0 to 100,000. Zero indicates that the local end will never clear the tunnel.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-29

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the tunnel idle-cut command, you can set the idle-cut time of the L2TP tunnel. Idle-cut time is the time a tunnel persists while carrying no session. After this time is running out, the tunnel will be cleared. When the idle-cut time of the L2TP tunnel is set to 0, it indicates that the local end will never clear the tunnel. However, if the tunnel is cleared by the peer end, the tunnel cannot be re-established any more. Using the undo tunnel idle-cut command, you can restore the default value. By default, the idle-cut time of the L2TP tunnel is 60 seconds.

Example
# Set the idle-cut time of the L2TP tunnel to be 100 seconds.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel idle-cut 100

8.2.25 tunnel load-sharing


Syntax
tunnel load-sharing undo tunnel load-sharing

View
L2TP group view

Parameter
None

Description
Using the tunnel load-sharing command, you can enable the load balancing. Using the undo tunnel load-sharing command, you can disable the load balancing. After configuring multiple LNSs, the MA5200G tries to connect LNSs in order until an LNS gives response and establishes a tunnel, and other LNSs are taken as the backup LNSs. If an LNS cannot load all the L2TP service because of its feature, you can allocate the service to multiple LNSs based on weight through the LNS load balancing.

Example
# Enable the load balancing.
[Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel load-sharing

8-30

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.2.26 tunnel name


Syntax
tunnel name name undo tunnel name

View
L2TP group view

Parameter
name: specifies the name of the local end of the tunnel. It is a string of 1 to 30 characters.

Description
Using the tunnel name command, you can specify the name of the local end of the tunnel. Using the undo tunnel name command, you can restore the default name of the local end. When an L2TP group is created, the name of the local end is initialized to the name of the MA5200G. By default, the name of the local end is the name of the device.

Example
# Set the name of the local end of the tunnel to itsme.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel name itsme

8.2.27 tunnel password


Syntax
tunnel password { simple | cipher } password [ lac lns-ip-index ] [ lac lns-ip-index ] undo tunnel password

View
L2TP group view

Parameter
cipher: displays the password in cipher text. simple: displays the password in plain text.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-31

8 VPN Commands

Quidway MA5200G Command Reference

lac lns-ip-index: specifies the IP address of the LNS corresponding to the password when the MA5200G functions as the LAC. The MA5200G supports eight LNS addresses, so you can configure up to eight passwords. password: if the password is in simple mode, the password must be in plain text. If the password is in cipher mode, the password has to be in cipher text, encrypted or not, which depends on the input. Without encryption, the password is a string not more than 16 characters, for instance, 1234567. With encryption, the length of the password has to be 24 and in cipher mode, for instance, _(TT8F ] Y\5SQ=^Q`MAF4<1!!.

Description
Using the tunnel password command, you can specify the password used in tunnel authentication. Using the undo tunnel password command, you can cancel the password. By default, the password used in tunnel authentication is null.

Example
# Set the password used in tunnel authentication on the second LNS address to yougotit and display it in plain text.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel password simple yougotit lac 2

8.2.28 tunnel radius-force


Syntax
tunnel radius-force undo tunnel radius-force

View
L2TP group view

Parameter
None

Description
Using the tunnel radius-force command, you can configure the forced tunnel authentication of RADIUS. If the RADIUS delivers the tunnel password attribute, the peer end will be authenticated. Using the undo tunnel radius-force command, you can delete the force RADIUS tunnel authentication.

8-32

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
# Configure the force RADIUS tunnel authentication for the L2TP group huawei.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel radius-force

8.2.29 tunnel retransmit


Syntax
tunnel retransmit times undo tunnel retransmit

View
L2TP group view

Parameter
times: specifies the number of L2TP packet retransmissions. The value ranges from 1 to 10.

Description
Using the tunnel retransmit command, you can set the number of L2TP retransmissions. The every time retransmit interval is the 2 times that of last time interval. After the MA5200G sends the L2TP packet to the peer through an L2TP tunnel, if no response is received within a certain time (configured through the tunnel timeout command), it resends the packet. If no response is received after the number of L2TP retransmissions exceeds the value of times set in this command, the MA5200G considers that the L2TP tunnel has been broken abnormally, and clears this tunnel. Using the undo tunnel retransmit command, you can reset the number of L2TP packet retransmissions. By default, the number of L2TP packet retransmissions is 5.

Example
# Set the number of packet retransmissions to 3 for the L2TP group huawei.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel retransmit 3

8.2.30 tunnel session-limit


Syntax
tunnel session-limit max-session-number

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-33

8 VPN Commands

Quidway MA5200G Command Reference

undo tunnel session-limit

View
L2TP group view

Parameter
max-session-number: specifies the maximum number of sessions. The value is an integer. For the MA5200G-2, it ranges from 1 to 12288. For the MA5200G-4, it ranges from 1 to 24567. For the MA5200G-8, it ranges from 1 to 49152.

Description
Using the tunnel session-limit command, you can set the maximum number of sessions for a tunnel. This command is valid only when the MA5200G acts as the LAC. Using the undo tunnel session-limit command, you can restore the default value of the maximum number of sessions.

Example
# Set the maximum number of sessions for a tunnel to 100.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel session-limit 100

8.2.31 tunnel source


Syntax
tunnel source loopback number undo tunnel source

View
L2TP group view

Parameter
number: specifies the number of the loopback interface.

Description
Using the tunnel source command, you can configure loopback interface as the tunnel source interface used by the LAC to initiate a tunnel-establish request to the LNS. Using the undo tunnel source command, you can restore the default setting. If there is no IP address assigned to the specified tunnel source interface, the address in the local routing table is used as the source address.

8-34

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

This command is only valid when the MA5200G as the LAC. In order to improve the reliability of the communications between the LAC and the LNS, it is recommended to run the command tunnel source on the LAC side. By default, the LAC initiates a tunnel-establish request to the LNS by using an interface address in the local routing table as the source address.

Example
# Configure the LAC to use the interface loopback1 as the source interface of the tunnel.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel source loopback 1

8.2.32 tunnel timeout


Syntax
tunnel timeout time undo tunnel timeout

View
L2TP group view

Parameter
time: specifies the time-out time for L2TP retransmission. The value ranges from 1 to 10, in seconds.

Description
Using the tunnel timeout command, you can set the time-out period for L2TP packet retransmission. After the MA5200G sends an L2TP packet to the peer through an L2TP tunnel, if no response is received within the time-out period, it retransmits the packet. If no response is received after the number of L2TP packet retransmissions exceeds the value of times configured in the tunnel retransmit command, the MA5200G considers that the L2TP tunnel has been broken abnormally, and clears this tunnel. Using the undo tunnel timeout command, you can reset the time-out period for L2TP packet retransmission to the default value. By default, the time-out period for L2TP packet retransmission is 2 seconds.

Example
# Set the time-out period for packet retransmission to 3 seconds for the L2TP group huawei.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel timeout 3

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-35

8 VPN Commands

Quidway MA5200G Command Reference

8.2.33 tunnel timer hello


Syntax
tunnel timer hello hello-interval undo tunnel timer hello

View
L2TP group view

Parameter
hello-interval: specifies the interval at which the LAC or the LNS sends Hello messages when no packet is received. The value ranges from 60 to 10,000 in seconds.

Description
Using the tunnel timer hello command, you can set the interval for sending Hello messages in the tunnel. Using the undo tunnel timer hello command, you can restore the default value. You can set different intervals for sending Hello messages on the LNS and the LAC respectively. By default, the interval is 60 seconds.

Example
# Set the interval for sending Hello messages to 99 seconds.
<Quidway> system-view [Quidway] l2tp-group huawei [Quidway-l2tp-huawei] tunnel timer hello 99

8.3 GRE Configuration Commands


8.3.1 display gre-group
Syntax
display gre-group [ group-name ]

View
All views

Parameter
group-name: specifies the name of a GRE group. It is a string of 1 to 32 characters.

8-36

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the display gre-group command, you can view the configuration of the GRE backup group. If you do not specify the parameter, you can view all the backup groups.

Example
# Display the configuration of the GRE backup group gre-backup.
<Quidway> display gre-group gre-backup

8.3.2 gre checksum


Syntax
gre checksum undo gre checksum

View
Tunnel interface view

Parameter
None

Description
Using the gre checksum command, you can carry out end-to-end check on the ends of the GRE tunnel. Using the undo gre checksum command, you can disable the check. By default, end-to-end check on the ends of the GRE tunnel is disabled. If the check is configured on the local end but not on the remote end, the local end does not check the received the packets, but counts the checksum of the sent packets. If the check is configured on the remote end but not on the local end, the local end checks the packets from the remote end, but does not check the sent packets.

Example
# After a tunnel is set up between Tunnel1/0/0 and Tunnel2/0/0 on the router Quidway1, configure check on the two ends of the tunnel.
<Quidway> system-view [Quidway1] interface tunnel1/0/0 [Quidway1-Tunnel1/0/0] gre checksum [Quidway2] interface tunnel2/0/0 [Quidway2-Tunnel2/0/0] gre checksum

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-37

8 VPN Commands

Quidway MA5200G Command Reference

8.3.3 gre key


Syntax
gre key key-number undo gre key

View
Tunnel interface view

Parameter
Key-number: specifies the identification key for the GRE tunnel. The value is an integer ranging from 0 to 4,294,967,295.

Description
Using the gre key command, you can set the identification key for GRE tunnel. Through this weak security mechanism, you can prevent error identification and receive packets from other sources. Using the undo gre key command, you can cancel the current configuration. By default, the GRE tunnel identification is not configured. When setting key-number on both ends of the tunnel, make sure the values on two ends are identical, or do not set key-number on either end.

Example
# Set up a tunnel between routers Quidway1 and Quidway2 and set the identification key for the tunnel.
<Quidway1> system-view [Quidway1] interface tunnel3/0/0 [Quidway1-Tunnel3/0/0] gre key 123 <Quidway2> system-view [Quidway2] interface tunnel2/0/0 [Quidway2-Tunnel2/0/0] gre key 123

8.3.4 gre-group
Syntax
gre-group group-name undo gre-group group-name

View
System view

8-38

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Parameter
group-name: identifies the name of the GRE backup group. It is a string of 1 to 32 characters.

Description
Using the gre-group command, you can create the GRE backup group. Using the undo gre-group command, you can delete the GRE backup group. By default, no GRE backup group is created.

Example
# Create a GRE backup group gre-backup.
<Quidway> system-view [Quidway] gre-group gre-backup

8.3.5 tunnel-binding
Syntax
tunnel-binding tunnel interface-number [ preference value ] undo tunnel-binding tunnel interface-number [ preference value ]

View
GRE group view

Parameter
tunnel: indicates the tunnel bound to the GRE group. interface-number: specifies the interface number in the format of "slot number/card number/port number". preference: indicates the preference to be selected as the activated tunnel in the GRE group. value: specifies the preference value. The value ranges from 1 to 4,294,967,295.

Description
Using the tunnel-binding command, you can bind the tunnel interface to the GRE backup group. Using the undo tunnel-binding command, you can unbind the tunnel interface to the GRE backup group.

Example
# Bind the interface Tunnel 1/0/0 with the GRE backup group huawei.
<Quidway> system-view [Quidway] gre-group huawei

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-39

8 VPN Commands
[Quidway-gre-group-huawei] tunnel-binding Tunnel 1/0/0

Quidway MA5200G Command Reference

8.4 BGP/MPLS L3VPN Configuration Commands


8.4.1 apply access-vpn vpn-instance
Syntax
apply access-vpn vpn-instance vpn-instance-name &<1-6> undo apply access-vpn vpn-instance vpn-instance-name &<1-6>

View
Policy-based-route view

Parameter
vpn-instance-name: specifies the VPN instance name. It is a case sensitive string of 1 to 31 characters. You can specify a maximum of six VPN instance names at a time.

Description
Using the apply access-vpn vpn-instance command, you can set the VPN instance for the forwarding packets in the node of a policy. You can set six VPN instances for one node of a policy. If the VPN instance is matched, the packets are forwarded according to the first matched VPN instance routing table. Using the undo apply access-vpn vpn-instance command, you can delete the VPN instance from the node of a policy. If no parameters are specified for the undo command, all the VPN instances of the policy nodes are deleted from the forwarding information. When using the apply access-vpn vpn-instance command, specify an existing VPN instance.

Example
# Set VPN instances vpn1 and vpn2 for a node in a policy.
<Quidway> system-view [Quidway] policy-based-route policy1 permit node 10 [Quidway-policy-based-route-policy1-10] apply access-vpn vpn-instance vpn1 vpn2

# Delete vpn1 from the policy node so that the routing information of vpn1 is not used for forwarding.
<Quidway> system-view [Quidway] policy-based-route policy1 permit node 10 [Quidway-policy-based-route-policy1-10] undo apply access-vpn vpn-instance vpn1

8-40

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.4.2 apply-label per-instance


Syntax
apply-label per-instance undo apply-label per-instance

View
VPN instance view

Parameter
None

Description
Using the apply-label per-instance command, you can apply the label of the VPN instance to all the routes of the VPN instance to the peer PE. Using the undo apply-label per-instance command, you can disable this function. By default, each route of the VPN instances applies one label. After the execution of the apply-label per-instance command, if no route of the VPN instance is forwarded, all routes will use the label based on the VPN instance; if the route of the VPN instance is forwarded, without the label based on VPN, the route will release the original label and re-advertise the label of the current VPN instance. That is, all routes the VPN instance are resent after the execution of the command. After the execution of the undo apply-label per-instance command, if the original routes are advertised according to the principle of one label for a VPN, labels will be re-advertised and retransmitted.

Changing the label distribution way can lead to the route retransmission of the VPN instance. Be cautious to use the apply-label per-instance command and its undo command.

Example
# Configure the routes of vpn1 to use the label of the VPN instance.
<Quidway> system-view [Quidway] ip vpn-instance vpn1 [Quidway-vpn-instance-vpn1] apply-label per-instance

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-41

8 VPN Commands

Quidway MA5200G Command Reference

8.4.3 description
Syntax
description description-information undo description

View
VPN instance view

Parameter
description-information: specifies the description of a VPN instance.

Description
Using the description command, you can describe a particular VPN instance. Using the undo description command, you can delete the description. By default, there is no default value for the description command.

Example
# Describe a specific VPN instance vpn1.
<Quidway> system-view [Quidway] ip vpn-instance vpn1 [Quidway-vpn-instance-vpn1] description This is vpn1

# Delete the description of vpn1.


<Quidway> system-view [Quidway] ip vpn-instance vpn1 [Quidway-vpn-instance-vpn1] undo description

8.4.4 display fib vpn-instance


Syntax
display fib [ slot-id ] vpn-instance vpn-instance-name [ statistics | | { include | exclude | begin } text ] display fib vpn-instance vpn-instance-name [ acl acl-number [ verbose ] | interface interface-type interface-number | next-hop next-hop-addr | ip-prefix prefix-name [ verbose ] | statistics | [ verbose ] { | { include | exclude | begin } text } ] display fib [ slot-id ] vpn-instance vpn-instance-name [ destination-addr1 { mask1 | mask-length1 } ] [ destination-addr2 { mask2 | mask-length2 } ] [ verbose ] display fib [ slot-id ] vpn-instance vpn-instance-name destination-address [ mask | mask-length ] longer [ verbose ]

8-42

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

View
All views

Parameter
slot-id: displays the forwarding table of the I/O board in a specific slot. vpn-instance-name: specifies the name of a VPN instance. It is a case sensitive string of 1 to 31 characters. acl-number: specifies the ACL number. The value is an integer ranging from 2000 to 2999. prefix-name: specifies the name of an IP prefix. It is a string of 1 to 19 characters. statistics: displays the statistics of the forwarding table of a specified VPN instance. include: filters the output and outputs the information containing the specified character string. exclude: filters the output and outputs the information not containing the specified character string. text: specifies the regular expression used to match the specified character string in the output. destination-addr1: specifies the destination address 1. It is in dotted decimal format. mask1: specifies the subnet mask 1. It is in dotted decimal format. mask-length1: specifies the length of mask1. It is an integer ranging from 0 to 32. destination-addr2: specifies the destination address 2. It is in dotted decimal format. mask1: specifies the subnet mask 2. It is in dotted decimal format. mask-length1: specifies the length of mask2. It is an integer ranging from 0 to 32. verbose: displays the detailed FIB information of the VPN instance.

Description
Using the display fib vpn-instance command, you can display the forwarding table of the specified VPN instance. The key word ip-prefix prefix-name is used to filter FIB information of the specified VPN instance. Based on the input prefix-name, this command displays the FIB entries passing the filtering in a certain format. If the prefix-name is not specified, all FIB entries are displayed. If no FIB entry matches the prefix-name, the system prompts that the number of matched FIB entries is 0. If one or more FIB entries match the prefix-name, the entries are output in a certain format. Using the display fib [ slot-id ] vpn-instance vpn-instance-name dest-addr1 dest-mask1 dest-addr2 dest-mask2command, you can display the FIB entries whose destination address are in the range of dest-addr1 dest-mask1 to dest-addr2 dest-mask2. For the display fib [ slot-id ] dest-addr command, if the destination has a matched FIB entry in the natural mask range, all subnets with the mask are displayed. Otherwise, the FIB entry with the longest matching the destination is displayed.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-43

8 VPN Commands

Quidway MA5200G Command Reference

Using the display fib [ slot-id ] dest-addr dest-mask command, you can display the FIB entry that accurately matches the destination address and mask. Using the display fib [ slot-id ] dest-addr longer command, you can display all FIB entries whose destination match the IP address in the natural mask range. Using the display fib [ slot-id ] dest-addr dest-mask longer command, you can display all FIB entries whose destination match the IP address in the output mask range. If slot-id is specified, the FIB information on the corresponding board is displayed.

Example
# Display the forwarding table of the VPN instance vpn1.
<Quidway> display fib vpn-instance vpna <Quidway> display fib vpn-instance vpn1 FIB Table: Total number of Routes : 5 Destination/Mask Nexthop 10.2.1.0/24 2.2.2.2 10.2.1.1/32 10.1.1.2/32 10.1.1.0/24 10.1.1.1/32 2.2.2.2 127.0.0.1 10.1.1.2 10.1.1.1 Flag TimeStamp Interface TunnelID DGU t[0] Pos1/0/1 0x6002000 DGHU t[0] Pos1/0/1 HU U HU t[0] InLoop0 t[0] Pos1/0/0 t[0] Pos1/0/0 0x6002000 0x0 0x0 0x0

Table 8-7 Description of the output of the display fib vpn-instance command Item FIB Table Total number of Routes Destination/Mask Nexthop Flag Description Forwarding table of vpn1 Total number of routes Length of the destination IP address or mask Next hop address Current flag, which is a combination of B, D, G, H, S, U. B refers to black hole D refers to dynamic route G refers to gateway H refers to host route S refers to static route U refers to Up status TimeStamp Interface TounnelID Time stamp Outgoing interface to the destination address Index number of the forwarding entry

# Display the FIB entries matching the basic ACL.

8-44

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


<Quidway> display fib acl 2010 Route entry matched by access-list 2010: Summary counts: 1 Destination/Mask 127.0.0.0/8 Nexthop 127.0.0.1 Flag U TimeStamp t[0] Interface InLoopBack0

8 VPN Commands

Token 0x

# Display the forwarding table of vpn1.


<Quidway> display fib vpn-instance vpn1 FIB Table: Total number of Routes : 5

# Display the FIB entries matching the prefix list abc.


<Quidway> display fib vpn-instance vpn1 ip-prefix abc Route Entry matched by prefix-list abc Summary Counts :5 Destination/Mask Nexthop 10.2.1.0/24 2.2.2.2 10.2.1.1/32 10.1.1.2/32 10.1.1.0/24 10.1.1.1/32 2.2.2.2 127.0.0.1 10.1.1.2 10.1.1.1 Flag TimeStamp Interface DGU t[0] Pos2/0/0 0x6002000 DGHU t[0] Pos2/0/0 HU U HU t[0] InLoop0 t[0] Pos1/0/0 t[0] Pos1/0/0 0x6002000 0x0 0x0 0x0 Token

In this example, the prefix list abc is not found, so all FIB entries are displayed.

# Display the FIB entries whose destination address matches the IP address of 10.1.1.1 in the range of 255.255.255.0.
<Quidway> display fib vpn-instance vpn1 10.1.1.1 255.255.255.0 longer Route Entry Count: 2 Destination/Mask Nexthop 10.1.1.0/24 1.1.1.1 10.1.1.1/32 1.1.1.1 Flag TimeStamp Interface Token DGU t[0] S6/0/0 0x6002000 DGHU t[0] S6/0/0 0x60020

8.4.5 display ip vpn-instance


Syntax
display ip vpn-instance [ brief | verbose ] [ vpn-instance-name ]

View
All views

Parameter
brief: displays brief information about a VPN instance. verbose: displays detailed information about the VPN instance and associated interfaces. vpn-instance-name: specifies the name of a VPN instance. It is a case sensitive string of 1 to 31 characters.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-45

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the display ip vpn-instance command, you can display the information about a VPN instance. When no optional parameters are specified, the command displays the brief information about all the configured VPN instances.

Example
# Display the information about all the VPN instances.
<Quidway> display ip vpn-instance Total VPN-Instances configured : 1 VPN-Instance Name RD Creation Time 2004/12/06 11:26:06 vpna 200:1 <Quidway> display ip vpn-instance brief Total VPN-Instances configured : 1 VPN-Instance Name vpna RD 200:1 Creation Time 2004/12/06 11:26:06

# Display detailed information about all the VPN instances.


<Quidway> display ip vpn-instance verbose Total VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 1 Create date : 2005/10/15 17:20:37 Up time : 0 days, 03 hours, 24 minutes and 42 seconds Route Distinguisher : 200:1 Export VPN Targets : 1:1 Import VPN Targets : 1:1 Label policy: label per route Interfaces : Pos1/0/0

8.4.6 export route-policy


Syntax
export route-policy policy-name undo export route-policy

View
VPN-instance view

Parameter
policy-name: specifies the name of the export routing policy of the VPN instance. It is a string of 1 to 19 characters.

Description
Using the export route-policy command, you can associate a particular VPN instance with an export route policy.

8-46

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Using the undo export route-policy command, you can dissociate the VPN instance. To control advertised VPN routes more accurately than by using extended community, you can use the export routing policy. Export routing policy may filter the selected route in the advertised routes. There is no default value for the export route policy. If no export route policy is configured, all routes matching the Export Route Target (ERT) can pass the filtering.

Example
# Associate the VPN-instance vpn1 with an export route policy poly-1.
<Quidway> system-view [Quidway] ip vpn-instance vrf1 [Quidway-vpn-instance-vrf1] export route-policy poly-1

8.4.7 import route-policy


Syntax
import route-policy policy-name undo import route-policy

View
VPN instance view

Parameter
policy-name: specifies the import routing policy of the VPN instance. It is a string of 1 to 19 characters.

Description
Using the import route-policy command, you can associate the current VPN instance with an import routing policy. The VPN instance can be associated with only one routing policy, and the policy associated the last takes effect. Using the undo import route-policy command, you can dissociate the VPN instance. To control the import of VPN routes more accurately, you can use the import routing policy to filter the routes based on the extended community attribute of the VPN target. The import routing policy may reject the routes selected from the community in the output list. There is no default value for the import routing policy. If no import routing policy is configured, all routes matching the VPN target are allowed to join the VPN instance.

Example
# Associate a particular VPN instance vrf1 with a route policy poly-1.
<Quidway> system-view [Quidway] ip vpn-instance vrf1 [Quidway-vpn-instance-vrf1] import route-policy poly-1

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-47

8 VPN Commands

Quidway MA5200G Command Reference

8.4.8 ip binding vpn-instance


Syntax
ip binding vpn-instance vpn-instance-name undo ip binding vpn-instance vpn-instance-name

View
Interface view

Parameter
vpn-instance-name: specifies the name of the VPN instance that is associated with an interface. It is a case sensitive string of 1 to 31 characters.

Description
Using the ip binding vpn-instance command, you can associate an interface or a sub-interface with a VPN instance. Using the undo ip binding vpn-instance command, you can disassociate the VPN instance. By default, an interface belongs to public network. When run on an interface, these commands clear the layer 3 features such as IP address of the interface and routing protocols. Therefore, the IP address of the interface should be re-configured. An interface cannot function as the attachment circuit (AC) interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.

Example
# Associate GE1/0/0 with a VPN instance vrf1.
<Quidway> system-view [Quidway] interface gigabitethernet 1/0/0 [Quidway-GigabitEthernet1/0/0] ip binding vpn-instance vrf1

8.4.9 ip route-static vpn-instance


Syntax
ip route-static vpn-instance vpn-instance-name dest-ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | vpn-instance vpn-destination-name nexthop-address | nexthop-address [ public ] } [ preference value ] undo ip route-static vpn-instance vpn-instance-name { all | dest-ip-address { mask | mask-length } [ interface-type interface-number [ nexthop-address ] | vpn-instance

8-48

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

vpn-destination-name nexthop-address | nexthop-address [ public ] ] [ preference preference ] }

View
System view

Parameter
vpn-source-name: specifies the name of a VPN instance. It is a string of 1 to 31 characters. Every VPN instance has a static routing table and a unicast routing table. If the VPN instance name is set, the configured static routes are added to the static routing table of the VPN instance. dest-ip-address: specifies the destination IP address, in dotted decimal notation. mask: specifies the IP address mask in dotted decimal notation. mask-length: specifies the length of the mask, that is, number of consecutive 1s in the mask. The mask in dotted decimal notation can be substituted by the mask length. interface-type: specifies the type of the interface. interface-number: specifies the number of the interface. netxthop-address: specifies the next hop address for the router. vpn-destination-name: specifies the name of the destination VPN instance. It is a string of 1 to 31 characters. If this parameter is configured, the router can find the outgoing interface of the destination VPN instance in the static routing table according to the gateway address. public: specifies the router in the public network as the next hop. If a router is configured to belong to a VPN, the next hop or next hop gateway of the router can belong to the VPN instance or the public network. If the key word public is configured in the command, the next hop is the public network router. all: deletes all unicast static routes in the VPN instance. preference: specifies the priority of the router. The value is an integer ranging from 1 to 255.

Description
Using the ip route-static vpn-instance command, you can configure a static unicast route for a VPN instance. Using the undo ip route-static vpn-instance command, you can delete the static route of the VPN instance.

Example
# Configure a default route and set its next hop to 129.102.0.2.
<Quidway> system-view [Quidway] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 129.102.0.2

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-49

8 VPN Commands

Quidway MA5200G Command Reference

8.4.10 ip vpn-instance
Syntax
ip vpn-instance vpn-instance-name undo ip vpn-instance vpn-instance-name

View
System view

Parameter
vpn-instance-name: specifies the name of the VPN instance. to 31 characters. It is a case sensitive string of 1

Description
Using the ip vpn-instance command, you can create and configure a VPN instance. Using the undo ip vpn-instance command, you can delete the specified VPN instance. By default, the VPN instance is not defined. After creating the VPN instance, you can enter VPN instance view. The VPN instance is valid only when it is configured with a route distinguisher (RD). For the related command, see route-distinguisher.

Example
# Configure a VPN instance named vrf1.
<Quidway> system-view [Quidway] ip vpn-instance vrf1 [Quidway-vpn-instance-vrf1]

8.4.11 mpls te vpn-binding vpn-instance


Syntax
mpls te vpn-binding vpn-instance vpn-instance-name { behavior traffic-behavior-name | ip-precedence ip-precedence } [ bandwidth bandwidth ] undo mpls te vpn-binding vpn-instance [ vpn-instance-name ]

View
Tunnel interface view

Parameter
vpn-instance-name: specifies the name of a VPN instance. It is a string of 1 to 31 characters.

8-50

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

behavior traffic-behavior-name: applies the traffic behavior policy to the bound VPN instance. traffic-behavior-name indicates the traffic behavior name. It is a string in the range of 1 to 31. ip-precedence ip-precedence: specifies the precedence of the IP packet for the bound VPN instance. ip-precedence refers to the precedence of the IP packet. It is an integer in the range of 0 and 7. bandwidth bandwidth: sets the bandwidth for the bound VPN instance. bandwidth refers to the bandwidth value. It is an integer, whose range varies with the bandwidth of the tunnel interface, but its value cannot exceed the interface bandwidth.

Description
Using the mpls te vpn-binding vpn-instance command, you can bind a specified VPN instance to an MPLS TE tunnel. You can use this command to configure a Resource Reserved VPN (RRVPN). Using the undo mpls te vpn-binding vpn-instance command, you can unbind the VPN instance from the MPLS TE tunnel. The mpls te vpn-binding vpn-instance command is valid only for the tunnel whose tunneling protocol is MPLS TE. To validate the configuration, execute the mpls te commit command on the MPLS TE tunnel.
You cannot configure the commands mpls te reserved-for-binding and mpls te vpn-binding vpn-instance on a tunnel at the same time.

Example
# Bind the VPN instance vpna to tunnel1/0/0, and then validate the configuration.
<Quidway> system-view [Quidway] interface Tunnel1/0/0 [Quidway-Tunnel1/0/0] mpls te vpn-binding vpn-instance vpna ip-precedence 3 [Quidway-Tunnel1/0/0] mpls te commit

8.4.12 route-distinguisher
Syntax
route-distinguisher route-distinguisher

View
VPN instance view

Parameter
route-distinguisher: specifies the value of the RD. It is a string of 3 to 21 characters.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-51

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the route-distinguisher command, you can configure a particular VPN instance with a RD. An RD is used to create routes and forwarding table for a VPN and specifies the default route identifier. By adding an RD to the beginning of a specified IPv4 prefix, you create a unique VPN IPv4 prefix. The purpose of the RD is solely to allow one to create distinct routes to a common IPv4 address prefix. RD is either associated with the AS number (ASN), and in this case, it is formed by an AS number and a random number; or associated with the IP address, and in this case, it is formed by an IP address and a random number. There is no default value for RD. It must be configured as soon as the VPN instance is created. A VPN instance will not become effective until RD is configured. The RD has the following formats: 16-bit AS number (ASN): 32-bit user-defined number. For example, 101: 3. 32-bit IP address: 16-bit user-defined number. For example, 192.168.122.15: 1.

Example
# Configure VPN instance vpn1 with a RD.
<Quidway> system-view [Quidway] ip vpn-instance vpn1 [Quidway-vpn-instance-vpn1] route-distinguisher 22:1

8.4.13 routing-table limit


Syntax
routing-table limit number { alert percent | simply-alert } undo routing-table limit

View
VPN instance view

Parameter
number: specifies the maximum of routes allowed in a VPN instance. The value ranges from 1 to 2,000,000. alert-percent: specifies the percentage of the maximum of routes. The value is an integer ranging from 1 to 100. When the number of routes reaches (number%alert-percent)/100, the system raises the alarm. You can continue to add routes to the routing table of the VPN instance. When the number of routes reaches the number the later routes are discarded. simply-alert: indicates that when the maximum of routes allowed by a VPN instance exceeds the number, the system can still add routes to the routing table of the VPN instance and it raises an alarm. However, when total number of routes of private network and public network reaches the sum of unicast routes set in the specification file, the later VPN routes are discarded.

8-52

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

The number of unicast routes allowed in a PE is limited in the license file. The total number of all routes in the private network or public network cannot exceed this limit. Otherwise, the route manager refuses to add the excessive routes and raises an alarm. This limit is not restricted by the parameter simply-alert.

Description
Using the routing-table limit command, you can limit the maximum of routes in a VPN instance to avoid excessive imported routes on the PE router. Using the undo routing-table limit command, you can cancel the limitation. You are recommended to use this command with the peer route-limit command in BGP-VPN view. VPNv4 routes received by MBGP from the remote PE is stored in the VPNv4 routing table of BGP, and then added to the routing table of the VPN instance according to VPN target match relationship. The routing-table limit command can prevent excessive route from being added to the routing table, but it cannot prevent MBGP from receiving excessive routes from other PEs, which consumes a lot of space of the VPNv4 routing table. If EBGP runs between PE and CE, when the number of VPN routes exceeds the limit and the routes imported by EBGP cannot be added to the VPN routing table, the session with the peer is broken 30 seconds later, and PE and CE try to set up EBGP peer relationship again. When the undo routing-table limit command is run, the system re-collects routes from CE and routes belonging to the VPN instance in the VPNv4 routing table, and then adds them to the VPN routing table. The routing-table limit number simply-alert command is equivalent to the routing-table limit number 100 command. By default, the maximum of routes is not limited. However, the number of unicast routes allowed by a PE is limited. The limit is stipulated in the license file and does not depend on the routing-table limit command.

Example
# Limit the maximum route number in vpn1 to 1000.
<Quidway> system-view [Quidway] ip vpn-instance vpn1 [Quidway-vpn-instance-vpn1] route-distinguisher 100:1 [Quidway-vpn-instance-vpn1] routing-table limit 1000 simply-alert

8.4.14 target
Syntax
target { public | vpn-instance vpn-instance-name } undo target { public | vpn-instance vpn-instance-name }

View
Loopback interface view

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-53

8 VPN Commands

Quidway MA5200G Command Reference

Parameter
public: indicates that the destination VPN instance is a public network VPN instance. vpn-instance: specifies the destination VPN instance. vpn-instance-name: specifies the name of the destination VPN instance. It is a string of 1 to 31 characters.

Description
Using the target command, you can configure the destination VPN instance on the loopback interface. Using the undo target command, you can cancel the configuration. This command is used to configure VPN mutual access. To configure VPN mutual access, you must configure a static route of the source VPN instance. The destination address is the network segment of the destination VPN (or public network instance), and the next hop is the loopback interface. Then you need to specify the destination VPN (or public network instance) on the loopback interface. You can specify only one destination VPN (or public network instance) on a loopback interface. A VPN (or public network instance) can be specified on only one loopback interface. By default, destination VPN is not configured on the loopback interface.

Example
# Configure users in vpna to access the network segment 0.2.1.0/24.
<Quidway> system-view [Quidway] interface loopback 2 [Quidway-LoopBack2] ip address 10.2.1.10 32 [Quidway-LoopBack2] quit [Quidway] ip route-static vpn-instance vpna 10.2.1.1 24 LoopBack 2 [Quidway] interface loopback 2 [Quidway-LoopBack2] target vpn-instance vpnb [Quidway-LoopBack2] quit

8.4.15 tnl-policy
Syntax
tnl-policy policy-name undo tnl-policy

View
VPN instance view

8-54

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Parameter
policy-name: specifies the name of the tunneling policy associated with the tunnel. It is a string of 1 to 19 characters.

Description
Using the tnl-policy command, you can associate the current VPN instance with a tunneling policy. Using the undo tnl-policy command, you dissociate VPN instance. An application can use a tunnel policy when it selects tunnel from Tunnel Management Module in VPN. When the tunnel policy is created, a order for tunnel selection is defined. If there is no tunnel policy, the default order is used. That is, only LSP tunnel is selected. For the related commands, see tunnel select-seq and tunnel-policy.

Example
# Associate the VPN instance vpn2 with a tunnel policy po1.
<Quidway> system-view [Quidway] tunnel-policy po1 [Quidway-tunnel-policy-po1] tunnel select-seq lsp load-balance-number 1 [Quidway-tunnel-policy-po1] quit [Quidway] ip vpn-instance vpn2 [Quidway-vpn-instance-vpn2] route-distinguisher 22:33 [Quidway-vpn-instance-vpn2] tnl-policy po1

8.4.16 vpn-target
Syntax
vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] undo vpn-target { all | vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] }

View
VPN instance view

Parameter
import-extcommunity: imports routing information containing the specified extended community attribute value. export-extcommunity: specifies the extended community attribute value of the routing information to the destination VPN. both: adds the VPN target attribute to the inbound and outbound extended community list of the VPN instance.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-55

8 VPN Commands

Quidway MA5200G Command Reference

vpn-target: adds VPN target extended community attribute to the inbound or outbound VPN target extended community list of the VPN instance and specifies the RT value. It is a string of 3 to 21 characters. You can use any of the following formats to represent the RT value. 16-bit AS number: 32-bit user-defined number 32-bit IP address: your 16-bit user-defined number

Description
Using the vpn-target command, you associate a particular VPN instance with one or more VPN-targets. Using the undo vpn-target command, you can delete VPN-target(s) associated with a particular VPN instance. There is no default value for VT. It must be configured as soon as the VPN instance is created. When a PE sends a route to another PE, according to a VPN instance, it will attach some VTs to this route, and, these VTs are called Export VPN-target. When a PE receives a route from another PE, depending on some VTs, it can determine if this route can be accepted by a VPN instance, and, these VTs are called Import VPN-target. By using VT, you can control the route propagation among the nodes.

Example
# Associate the current VPN instance with vpn-target.
<Quidway> system-view [Quidway] ip vpn-instance vrf1 [Quidway-vpn-instance-vrf1] vpn-target 3:3 export-extcommunity [Quidway-vpn-instance-vrf1] vpn-target 4:4 import-extcommunity [Quidway-vpn-instance-vrf1] vpn-target 5:5 both

8.5 MPLS L2VPN Configuration Commands


8.5.1 ccc interface in-label out-label
Syntax
ccc ccc-connection-name interface interface-type1 interface-number1 in-label in-label-value out-label out-label-value { nexthop nexthop | out-interface interface-type2 interface-number2 } [ control-word | no-control-word ] undo ccc ccc-connection-name

View
System view

Parameter
ccc-connection-name: specifies the name of the CCC connection. It uniquely identifies a CCC connection on PE. The value is a string of 1 to 20 characters.

8-56

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

interface-type1 interface-number1: specifies the type and number of the interface connected to the first CE. in-label-value: specifies the incoming label. The value is an integer ranging from 16 to 1023. out-label-value: specifies the outgoing label. The value is an integer ranging from 16 to 1023. nexthop nexthop: specifies the IP address of the next hop. interface-type2 interface-number2: specifies the type and number of the interface connected to the second CE. out-interface: specifies the outgoing interface. control-word: enables the control word feature. no-control-word: disable the control word feature.

Description
Using the ccc interface in-label out-label command, you can create a remote CCC connection between CEs connected to different PEs. Using the undo ccc command, you can delete the CCC connection. The ccc interface in-label out-label command has to be configured in both the PE routers. The connection name is used to identify the CCC connection in a PE router. It can be different on the two PE routers. When P is connected to PEs, you must configure a static LSP between PE and PE. The incoming label of the first PE is outgoing label of the second PE, and outgoing label of the first PE router is incoming label of the second PE. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
If the outgoing interface is a broadcast interface, such as GE, you need to use the nexthop parameter to specify the IP address of the next hop. When configuring static LSP on P, you must specify the IP address of the next hop if the out going interface is a broadcast interface.

For the related command, see display ccc.

Example
# Create a remote CCC connection between CEs connected to different PE routers.
<Quidway1> system-view [Quidway1] ccc ccc-connection-1 interface pos 1/0/0 in-label 100 out-label 200 out-interface pos 2/0/0 <Quidway2> system-view [Quidway2] ccc ccc-connection-1 interface pos 2/0/0 in-label 200 out-label 100 out-interface pos 1/0/0 [Quidway1] ccc ccc-connection-2 interface pos 3/0/0 in-label 300 out-label 400 nexthop 20.1.1.2

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-57

8 VPN Commands

Quidway MA5200G Command Reference


[Quidway2] ccc ccc-connection-2 interface pos 4/0/0 in-label 400 out-label 300 nexthop 20.1.1.1

8.5.2 ccc interface out-interface


Syntax
ccc [ ip-interworking ] ccc-connection-name interface interface-type1 inteface-number1 out-interface interface-type2 inteface-number2 undo ccc ccc-connection-name

View
System view

Parameter
ccc-connection-name: specifies the name of a CCC connection. It uniquely identifies a CCC connection on a PE. It is a string of 1 to 20 characters. ip-interworking: enables interworking of different media on the local CCC connection. interface-type1 interface-number1: specifies the type and number of the interface connected to the first CE. interface-type2 interface-number2: specifies the type and number of the interface connected to the second CE.

Description
Using the ccc interface out-interface command, you can create a local CCC connection between two CEs connected to the same PE. Using the undo ccc command, you can delete the CCC connection. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN. For the related command, see display ccc.

Example
# Create a local CCC connection between two CEs connected to the same PE.
<Quidway> system-view [Quidway] ccc ccc-connect-1 interface pos 1/0/0 out-interface pos 2/0/0

8.5.3 ce
Syntax
ce ce-name [ id ce-id [ range ce-range ] [ default-offset ce-offset ] ]

8-58

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

undo ce ce-name

View
MPLS-L2VPN view

Parameter
ce-name: specifies a unique CE name in current VPN of the PE. It is a string of 1 t 20 characters. ce-id: specifies CE ID in a VPN. The value is an integer ranging from 0 to 249. ce-range: specifies the maximum number of CEs that can be connected to a PE. The value is an integer ranging from 1 to 250, and the default value is 10. ce-offset: specifies the default original CE offset. It can be 0 or 1. The default value is 0.

Description
Using the ce command, you can create a CE in a VPN. The CE ID identifies the CE. Using the undo ce command, you can delete the CE. You can execute the ce ce-name command to enter MPLS-L2VPN-CE view.
Before configuring the ce command on PE, you must configure the router distinguisher (RD) of the L2VPN instance.

Example
# Create a CE inside a VPN.
<Quidway> system-view [Quidway] mpls l2vpn vpn1 encapsulation ethernet [Quidway-mpls-l2vpn-vpn1] route-distinguisher 100:1 [Quidway-mpls-l2vpn-vpn1] ce ce1 id 1

8.5.4 connection ce-offset


Syntax
connection [ ce-offset id ] interface interface-type interface-number [ tunnel-policy policy-name ] [ raw | tagged ] undo connection ce-offset id

View
MPLS-L2VPN-CE view

Parameter
interface-type interface-number: specifies the type and number of the interface connected to the CE. The encapsulation type must be the same as that of the VPN it belongs to.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-59

8 VPN Commands

Quidway MA5200G Command Reference

id: specifies the ID of the remote CE connected to the L2VPN. The value must be smaller than ce-range. For the configuration of ce-range, see the ce command. policy-name: specifies the tunneling policy for VC. It is a string of 1 to 19 characters. raw: removes the VLAN tag. tagged: adds VLAN tag.

Description
Using the connection ce-offset command, you can create a Kompella connection. Using the undo connection ce-offset command, you can delete the Kompella connection. You need to specify the remote CE ID and local CE Interface when creating the Kompella connection. If no tunnel policy name is specified, the default policy, which selects LSP with load balance number 1, is taken. If tunnel policy name is specified, but the policy is not yet configured, the default policy is used. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.

Example
# Create a Kompella connection.
<Quidway1> system-view [Quidway1] mpls l2vpn l2vpn1 [Quidway1-mpls-l2vpn-l2vpn1] ce ce1 [Quidway1-mpls-l2vpn-l2vpn1-ce-ce1] connection ce-offset 2 interface pos 1/0/0 <Quidway2> system-view [Quidway2] mpls l2vpn l2vpn1 [Quidway2-mpls-l2vpn-l2vpn1] ce ce2 [Quidway2-mpls-l2vpn-ce-ce2] connection ce-offset 1 interface pos 2/0/0

8.5.5 debugging mpls l2vpn


Syntax
debugging mpls l2vpn { all | advertisement | download | error | event | timer | connections [ interface interface-type interface-number ] | vpls_fid | vpls_mid } undo debugging mpls l2vpn { all | advertisement | download | error | event | timer | connections [ interface interface-type interface-number ] | vpls_fid | vpls_mid }

View
User view

Parameter
all: enables the debugging of all the L2VPNs.

8-60

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

advertisement: enables the debugging of L2VPN BGP or L2VPN LDP advertisement information. download: enables the debugging of the process of delivering data to the agent. error: enables the debugging of L2VPN errors. event: enables the debugging of L2VPN events. timer: enables the debugging of the timer. connections: enables the debugging of L2VPN connection. vpls_fid: enables the debugging of L2VPN VPLS FIB. vpls_mid: enables the debugging of L2VPN VPLS MID.

Description
Using the debugging mpls l2vpn command, you can enable debugging of L2VPN. Using the undo debugging mpls l2vpn command, you can disable the L2VPN debugging. By default, the debugging is disabled.

Example
# Enable debugging of all L2VPNs.
<Quidway> debugging mpls l2vpn all

8.5.6 display bgp 12vpn


Syntax
display bgp l2vpn { all | group [ group-name ] | peer [ peer-ip-address verbose | verbose] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset offset-value ] ] }

View
All views

Parameter
all: displays the information about all BGP L2VPNs. group group-name: displays the information about the specified peer group. group-name specifies the name of the peer group. It is a string of 1 to 47 characters. peer peer-ip-address: displays the information about the specified BGP L2VPN peer. ip-address specifies the IPv4 address of the peer. verbose: displays the detailed information. route-distinguisher route-distinguisher: specifies the remote RD. The route-distinguisher parameter is a string of 3 to 21 characters. For the configuration of route-distinguisher, see the route-distinguisher command.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-61

8 VPN Commands

Quidway MA5200G Command Reference

ce-id ce-id: displays the information about the BGP L2VPN on the remote PE with the specified CE ID. The value of ce-id is an integer ranging from 0 to 65,535. label-offset offset-value: specifies label offset value. The value of offset-value is an integer ranging from 0 to 65,535.

Description
Using the display bgp l2vpn command, you can display the connection of the Kompella MPLS L2VPN.

Example
# Display all information about BGP L2VPNs.
<PE> display bgp l2vpn all BGP Local router ID : 1.1.1.9, local AS number : 100 Origin codes:i - IGP, e - EGP, ? - incomplete bgp.l2vpn: 1 destination Route Distinguisher: 100:1 CE ID 2 Label Offset 0 Label Base 19456 nexthop 3.3.3.9 pref 100 as-path

# Display the detailed information about the peer 3.3.3.9 of BGP L2VPN.
<PE> display bgp l2vpn peer 3.3.3.9 verbose Peer: 3.3.3.9 Type: IBGP link BGP version 4, remote router ID 3.3.3.9 BGP current state: Established, Up for 00h11m42s BGP current event: KATimerExpired BGP last state: OpenConfirm Port: Local - 4910 Remote - 179 Keepalive Time:60 sec Keepalive Time:60 sec Configured: Active Hold Time: 180 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Address family IPv4 Unicast: advertised and received Address family L2VPN: advertised and received Received: Total 19 messages, Update messages 3 Sent: Total 18 messages, Update messages 4 Minimum time between advertisement runs is 15 seconds Optional capabilities: Route refresh capability has been enabled Connect-interface has been configured Peer Preferred Value: 0 Routing policy configured: No routing policy is configured Local: 1.1.1.9

8-62

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Table 8-8 Description of the output the display bgp l2vpn peer peer-ip-address command Item Peer Type BGP version remote router ID BGP current state BGP current event BGP last state Port Description BGP peer Type of the BGP peer relationship, which can be IBGP or EBGP Version of the BGP protocol Router ID for the L2VPN instance of the peer Current state of the BGP peer Current state machine event of the BGP peer Last state of the BGP peer Port number

8.5.7 display ccc


Syntax
display ccc [ ccc-name | type { local | remote } ]

View
All views

Parameter
ccc-name: specifies the name of a CCC connection. It is a string of 1 to 20 characters. type: specifies the type the CCC connection. local: displays the local CCC connection. remote: displays the remote CCC connection.

Description
Using the display ccc command, you can display the information about a CCC connection. If the name or type of the connection is not specified, the information about all CCC connections is displayed. For the related commands, see ccc interface in-label out-label and ccc interface out-interface

Example
# Display the information about a specified CCC connection.
<Quidway> display ccc c1 name: c1, type: remote, state: down,

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-63

8 VPN Commands

Quidway MA5200G Command Reference


intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , nexthop: 20.1.1.1

# Display the information about all CCC connections.


<Quidway> display ccc total ccc vc : 1 local ccc vc : 0, 0 up remote ccc vc : 1, 0 up name: c1, type: remote, state: down, intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , nexthop: 20.1.1.1

# Display the information about all local CCC connections.


<Quidway> display ccc type local name: c2, type: local, state: up, intf1: Pos3/0/0 (up), intf2: Pos3/0/1 (up)

8.5.8 display l2vpn ccc-interface vc-type


Syntax
display l2vpn ccc-interface vc-type { all | ccc-type } [ up | down ]

View
All views

Parameter
all: displays all interfaces encapsulated by CCC. ccc-type: specifies the type of interface encapsulation in the CCC connection. The value can be bgp-vc, ccc, ldp-vc, rsvp-vc, static-vc or vpls-vc. up: displays all interfaces in Up state. down: displays the CCC interfaces in Down state.

Description
Using the display l2vpn ccc-interface vc-type command, you can display the interface used to form the VC in L2VPN.

Example
# Display the VC of L2VPN.
<Quidway> display l2vpn ccc-interface vc-type all Total ccc-interface of CCC VC: 1 up (1), down (0) Interface Encap Type State VC Type Pos1/0/0 ppp up CCC <Quidway> display l2vpn ccc-interface vc-type bgp-vc Total ccc-interface of BGP VC: 1 up (1), down (0) Interface Pos3/0/0 Encap Type State ppp up VC Type bgp-vc

8-64

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.5.9 display local-ce mac


Syntax
display local-ce mac [ interface-type interface-number ]

View
All views

Parameter
interface-type: specifies the interface type. The interface type can be Ethernet Gigabit Ethernet, or Eth-trunk interface. interface-number: specifies the interface number.

Description
Using the display local-ce mac command, you can view information about MAC and VLAN ID of local CE connected to the Ethernet interface encapsulated as interworking-type L2VPN. The information of all such interfaces will be output with no interface specified. For the related commands, see local-ce mac and local-ce ip.

Example
# Display the MAC information of all the Ethernet interfaces encapsulated as ip-interworking-type L2VPN.
<Quidway> display local-ce mac INTERFACE Eth12/2/0.1 Eth12/2/0.2 Eth12/2/0.7 Total:3 MAC ADDRESS EXPIRE TYPE VLAN PVC IP ADDRESS S B 8 D 7 Broadcast:1 197.1.1.1 ---------------------------------------------------------------00e0-fc20-b3a6 ffff-ffff-ffff 00e0-fc20-b3a6 Dynamic:1

----------------------------------------------------------------Static:1

Table 8-9 Description of the output the display local-ce mac command Item INTERFACE MAC ADDRESS EXPIRE TYPE VLAN PVC Description The name of the Ethernet interface encapsulated as the interworking-type l2vpn The MAC address of the local CE The aging time in minute S: static; D: dynamic; B: broadcast The VLAN ID The VPI and VCI of the ATM interface

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-65

8 VPN Commands

Quidway MA5200G Command Reference

Item IP ADDRESS

Description The IP address of the local CE learnt dynamically

8.5.10 display mpls l2vc


Syntax
display mpls l2vc [ interface interface-type interface-number | remote-info [vc-id ] | vc-id ]

View
All views

Parameter
interface: specifies the interface connected to CE. interface-type interface-number: specifies the type and number of the interface connected to CE. remote-info: displays the information about the Martini VC received from the peer. vc-id: specifies the ID of the layer 2 virtual circuit. The value is an integer ranging from 1 to 4,294,967,295.

Description
Using the display mpls l2vc command, you can display the entire Martini mode VCs configured on the router. If an interface is specified, only the Martini VC on the specified CE interface is displayed. For the related command, see mpls l2vc.

Example
# Display all the Martini VCs configured on the router.
<Quidway> display mpls l2vc Total ldp vc : 1 *Client Interface Session State AC Status VC State VC ID VC Type Destination Local VC Label Remote VC Label Control Word Local VC MTU Romete VC MTU Tunnel Policy Name 0 up : up : up : up : 100 : ip-interworking : 3.3.3.9 : 17408 : 17409 : Disable : 1500 : 1000 : -1 down : Atm6/0/0

8-66

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


Traffic Behavior Name: -PW Template Name Create time UP time Last change time : -: 0 days, 0 hours, 0 minutes, 23 seconds : 0 days, 0 hours, 0 minutes, 23 seconds : 0 days, 0 hours, 0 minutes, 23 seconds

8 VPN Commands

Table 8-10 Description of the output the display mpls l2vc command Item Total ldp vc Client Interface Session State AC Status VC State VC ID VC Type Destination Local VC Label Remote VC Label Control Word Local VC MTU Remote VC MTU Tunnel Policy Name Traffic Behavior Name PW Template Name Create time UP time Last change time Description Number of created LDP VCs with remote labels Client interface State of the LDP session State of the attachment circuit State of the VC VC ID, which uniquely identifies a VC Encapsulation type of VC Destination address Local VC label Remote local label State of the control word feature (enabled or disabled) MTU of the local VC interface MTU of the remote VC interface Name of the tunneling policy Name of the traffic behavior Name of the PW template Time passed after the VC is created Time during which the VC is Up Time passed after the last state change of the VC

# Display all the Martini VC of the CE connected with POS1/0/0 on the router.
<Quidway> display mpls l2vc interface pos 1/0/0 *Client Interface : Atm6/0/0 is up Session State AC State VC State VC ID VC Type Destination Local Group ID : up : up : up : 100 : ip-interworking : 3.3.3.9 : 0

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-67

8 VPN Commands
Remote Group ID : 0 Local VC Label Local VC MTU Romete VC MTU Local VCCV Remote VCCV Local Frag Remote Frag : 17408 : 1500 : 1500 : Disable : Disable : Disable : Disable Remote VC Label : 17408

Quidway MA5200G Command Reference

Local Ctrl Word : Disable Remote Ctrl Word : Disable Tunnel Policy : -Traffic Behavior : -PW Template Name : -VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp Create time UP time , TNL ID : 0x6002002 : 0 days, 0 hours, 0 minutes, 23 seconds : 0 days, 0 hours, 0 minutes, 23 seconds

Last change time : 0 days, 0 hours, 0 minutes, 23 seconds

# Display Martini VC information received from the remote peer.


<Quidway> display mpls l2vc remote-info Total remote ldp vc : 1 Transport Group Peer VC ID 100 ID 0 Addr 3.3.3.9 Remote Encap Remote VC Label C 0 MTU/ N 1500 1 S 0 Bit CELLS Bit Bit

interworking 17408

Table 8-11 Description of the output the display mpls l2vc remote-info command Item Total remote ldp vc Transport VC ID Group ID Peer Addr Remote Encap Remote VC label C Bit Mtu/CELLS N Bit S Bit Description Number of created LDP VC with route labels ID of the transported VC, which uniquely identifies a VC Encapsulation type of the L2VPN Address of the peer VC encapsulation mode of the peer VC label of the peer Whether control word feature is supported, value 1 indicates that the feature is supported, 0 indicates that is it not supported MTU of the L2VPN Whether Notification packet is supported, value 1 indicates that the packet is supported, 0 indicates that is it not supported Status code, the value 0 indicates forwarding status, and 1 indicates non-forwarding status

8-68

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.5.11 display mpls l2vpn


Syntax
display mpls l2vpn [ vpn-instance-name [ local-ce | remote-ce ] ]

View
All views

Parameter
vpn-instance-name: specifies the VPN name. It is a string of 1 to 31 characters. If the VPN name is not specified, then all the VPN information is displayed. local-ce: displays the configuration and states of all the local CEs on the specified VPN. remote-ce: displays the configuration and states of all the remote CEs on the specified VPN.

Description
Using the display mpls l2vpn command, you can view all the L2VPN information on the PE.

Example
# Display all the VPNs configured on the PE.
<Quidway> display mpls l2vpn VPN number: 1 vpn-name vpn1 ppp encap-type 100:1 route-distinguisher 128 1 mtu 1 ce(L) ce(R)

Table 8-12 Description of the output the display mpls l2vpn command Item VPN number vpn-name encap-type route-distinguisher mtu ce(L) ce(R) Description Number of crated L2VPN instances Name of the created VPN instance Encapsulation type of the L2VPN RD of the L2VPN MTU of the L2VPN Number of local CE connections, "L" indicates "local" Number of remote CE connections, "R" indicates "remote"

# Display the information about L2VPN vpn1.


< Quidway> display mpls l2vpn vpn1 VPN name: vpn1, encap type: interworking, local ce number(s): 1, remote ce number r(s): 1

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-69

8 VPN Commands
route distinguisher: 100:1, MTU: 128 import vpn target: 1:1, export vpn target: 1:1, remote vpn site(s) : no. remote-pe-id 1 3.3.3.9 route-distinguisher 100:1

Quidway MA5200G Command Reference

Table 8-13 Description of the output the display mpls l2vpn vpn-instance-name command Item VPN number encap-type local ce number(s) remote ce number(s) route-distinguisher import vpn target export vpn target Description Number of crated L2VPN instances Encapsulation type of the L2VPN Number of local CE connections Number of remote CE connections RD of the L2VPN VPN target attribute received VPN target attribute sent

# Display the information about the local CE on L2VPN vpn1.


<Quidway> display mpls l2vpn vpn1 local-ce ce-name ce1 ce-id 1 range 10 0 conn-num LB 19456/0/10

Table 8-14 Description of the output the display mpls l2vpn vpn-instance-name local-ce command Item ce-name ce-id range conn-num LB Description Name of the CE Defined CE ID, which uniquely identifies a CE Range of the local CE, which indicates the number of CEs that the local CE can be connected to Number of crated connections, namely, number of CEs the local CE connected to Label block distributed for a connection

# Display the information about the remote CE on L2VPN vpn1.


<Quidway> display mpls l2vpn vpn1 remote-ce no. ce-id peer-id 1 2 3.3.3.9 route-distinguisher 100:1 LB 19456/0/10

8-70

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Table 8-15 Description of the output the display mpls l2vpn vpninstance name remote-ce command Item no ce-id route-distinguisher Label Description Index number of the CE Defined CE ID, which uniquely identifies a CE RD of L2VPN block

8.5.12 display mpls l2vpn { export-route-target-list | import-route-target-list }


Syntax
display mpls l2vpn { export-route-target-list | import-route-target-list }

View
All views

Parameter
export-route-target-list: indicates the list of export route targets. import-route-target-list: indicates the list of import route targets.

Description
Using the display mpls l2vpn command, you can view the BGP VPN route target list.

Example
# Display BGP VPN target list.
<Quidway> display mpls l2vpn import-route-target-list import vpn target list: 744:7 745:7 746:7 888:8 <Quidway> display mpls l2vpn export-route-target-list export vpn target list: 755:7 888:8

8.5.13 display mpls l2vpn connection


Syntax
display mpls l2vpn connection vpn-name [ remote-ce ce-id | down | up | verbose ] display mpls l2vpn connection [ summary | interface interface-type interface-number ]

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-71

8 VPN Commands

Quidway MA5200G Command Reference

View
All views

Parameter
vpn-name: specifies the VPN name. It is a string of 1 to 31 characters. remote-ce ce-id: specifies CE with remote connection information to be displayed. ce-id is an integer in the range of 0249. down: displays the connections that are Down. If down or up is not specified, the verbose information about these two connections is displayed. up: displays the connections that are Up. If down or up is not specified, the verbose information about these two connections is displayed. verbose: displays detailed information of a connection. It is valid only when all the connections of VPN are displayed. summary: displays summarized information about the connections. interface interface-type interface-number: displays the type and number of the specified interface.

Description
Using the display mpls l2vpn connection command, you can view L2VPN connections in Kompella mode.

Example
# Display all L2VPN connections in Kompella mode.
<Quidway> display mpls l2vpn connection 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id 2 rmt up 3.3.3.9 route-distinguisher 100:1 intf Pos3/0/0

# Display L2VPN connections in Kompella mode on the VPN named vpn1.


<Quidway> display mpls l2vpn connection vpn1 VPN name: vpn1, 1 total connections, connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown CE name: ce1, id: 1, Rid type status peer-id 2 rmt up 3.3.3.9 route-distinguisher 100:1 intf Pos3/0/0

# Display L2VPN connections in Kompella mode on POS3/0/0.


<Quidway> display mpls l2vpn connection interface pos 3/0/0 conn-type: remote, local vc state: up, remote vc state: up,

8-72

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


local ce-id: 1, local ce name: ce1, remote ce-id: 2, intf(state,encap): Pos3/0/0(up,ppp), peer id: 3.3.3.9, route-distinguisher: 100:1, local vc label: 19456, remote vc label: 19456, tunnel policy: policy1 tunnel type: lsp , id: 0x6002018

8 VPN Commands

# Display the summarized information of L2VPN connections in Kompella mode.


<Quidway> display mpls l2vpn connection summary 1 total connections, connections: 1 up, 0 down , 0 local, 1 remote, 0 unknown No. 1 vpn-name vpn1 local-num remote-num unknown-num up-num total-num 0 1 0 1 1

8.5.14 display mpls l2vpn forwarding-info


Syntax
display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number [ | { begin | exclude | include } text ]

View
All views

Parameter
vc-label: specifies the VC label of L2VPN. The value is an integer ranging from 16 to 1,048,575. interface interface-type interface-number: specifies the type and number of the interface. | : matches the output through the regular expression. begin: displays all the lines beginning with the regular expression text. exclude: displays the lines not containing l the regular expression text. include: displays the lines containing the regular expression text. text: specifies the regular expression.

Description
Using the display mpls l2vpn forwarding-info command, you can view MPLS L2VPN forwarding information.

Example
# Display forwarding information of MPLS L2VPN.
<Quidway> display mpls l2vpn forwarding-info interface pos 3/0/0 VCLABEL TUNNELTYPE ENTRYTYPE CTLWORD CC CV TUNNELID -------------------------------------------------------19457 1 LSP SEND FALSE 0 0 0x6002018 Record(s) Found.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-73

8 VPN Commands

Quidway MA5200G Command Reference


<Quidway> display mpls l2vpn forwarding-info 19457 interface pos 3/0/0 VCLABEL TUNNELTYPE ENTRYTYPE CTLWORD CC CV TUNNELID -------------------------------------------------------19457 1 LSP SEND FALSE 0 0 0x6002018 Record(s) Found.

8.5.15 display mpls static-l2vc


Syntax
display mpls static-l2vc [ interface interface-type interface-number | vc-id | state { up | down}]

View
All views

Parameter
interface interface-type interface-number: specifies the type and number of the interface. vc-id: specifies the ID of a layer 2 virtual circuit. It is an integer in the range of 14,294,967,295. state{ up | down }: displays the information of a Up or Down VC.

Description
Using the display mpls static-l2vc command, you can display all the static VCs configured on the router. If the interface name is specified, the static VC on the specified CE interface (the one connected to CE) is displayed.

Example
# Display the static VC configured on the router.
<Quidway> display mpls static-l2vc total connections: 1, 1 up, 0 down ce-intf Pos3/0/0 state destination up 3.3.3.9 tr-label rcv-label tnl-policy 100 200 policy1

# Display the static VC configured on the interface POS 3/0/0.


<Quidway> display mpls static-l2vc interface pos 3/0/0 CE-interface: Pos3/0/0 is up, VC State: up, Destination: 3.3.3.9, Transmit-vpn-label: 100, Receive-vpn-label: 200, Tunnel Policy: policy1 Tunnel Type: lsp , ID: 0x226013

8.5.16 l2vpn-family
Syntax
l2vpn-family undo l2vpn-family

8-74

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

View
BGP view

Parameter
None

Description
Using the l2vpn-family command, you can enter extended address family view of BGP L2VPN. Using the undo l2vpn-family command, you can delete the configuration of the extended address family.

Example
# Enter L2VPN extended address family view.
<Quidway> system-view [Quidway] bgp 100 [Quidway-bgp] l2vpn-family [Quidway-bgp-af-l2vpn]

8.5.17 local-ce ip
Syntax
local-ce ip ip-address undo local-ce ip

View
Ethernet interface view

Parameter
ip-address: specifies the IP address of the GE primary interface or sub-interface of the CE that connected to the local interface.

Description
Using the local-ce ip command, you can configure the PE with the IP address of the GE interface on the CE connecting the PE. Using the undo local-ce ip command, you can delete the configuration. If there is neither static MAC address configured by the local-ce mac command, nor dynamic MAC address learnt from CE, when PC sends to CE the IP messages which are received through the L2VPN channel, the PC takes the static IP address as its destination IP address to send the ARP request messages.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-75

8 VPN Commands

Quidway MA5200G Command Reference

By default, 20 minutes later, the learnt dynamic MAC address determines whether to delete the ARP entry by detecting whether the EC still exists. For the related command, see display local-ce mac.

Example
# Configure the IP address of the CE primary interface connected to GE 1/0/0 to 197.1.1.1.
<Quidway> system-view [Quidway] interface GigabitEthernet1/0/0 [Quidway-GigabitEthernet1/0/0] local-ce ip 197.1.1.1

8.5.18 local-ce mac


Syntax
local-ce mac mac-address undo local-ce mac

View
Ethernet interface view

Parameter
mac-address: specifies the MAC address of the Ethernet primary interface or sub-interface connected to the local interface.

Description
Using the local-ce mac command, you can configure the PE with the MAC address of the Ethernet primary interface or sub-interface on the CE connecting the PE. Using the undo local-ce mac command, you can delete the configuration. The MAC address is used when the PE sends messages to the CE. After the configuration, all the IP packets received from L2VPN channel are encapsulated in such configured static MAC to send to CE. For the sub-interface, the VLAN ID being encapsulated is the minimum local VLAN ID. For the related command, see display local-ce mac.

Example
# Configure MAC address of the CE primary interface connected to GE1/0/0 to 00e0-fc20-b3a8.
<Quidway> system-view [Quidway] interface GigabitEthernet1/0/0 [Quidway-GigabitEthernet1/0/0] local-ce mac 00e0-fc20-b3a8

8-76

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.5.19 local-ce mac broadcast


Syntax
local-ce mac broadcast undo local-ce mac broadcast

View
Ethernet interface view

Parameter
None

Description
Using the local-ce mac broadcast command, you can enable broadcast on the Ethernet primary interface or sub-interface connected to CE on PE. Using the undo local-ce mac broadcast command, you can cancel the configuration. After the local-ce mac broadcast command is configured, when the PE sends IP packets to the CE, if there is no static or dynamic MAC address of the local CE, and there is no Ethernet interface address of the CE connected with the PE, the PE takes the broadcast address as destination MAC address. For the sub-interface, the VLAN ID being encapsulated is the minimum local VLAN ID. For the related command, see display local-ce mac.

Example
# Enable broadcast on GE 1/0/0.1.
<Quidway> system-view [Quidway] interface GigabitEthernet1/0/0.1 [Quidway-GigabitEthernet1/0/0.1] local-ce mac broadcast

8.5.20 mpls l2vc


Syntax
mpls l2vc dest-ip-addr vc-id [ [ control-word | no-control-word ] | [ ip-interworking | raw | tagged ] | tunnel-policy policy-name | ip-layer2 ] * undo mpls l2vc

View
Interface view

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-77

8 VPN Commands

Quidway MA5200G Command Reference

Parameter
Dest-ip-address: specifies the IP address of the peer PE. vc-id: specifies the VC ID of the L2VPN connection. The value is an integer ranging from 1 to 4,294,967,295. policy-name: specifies the tunneling policy for a VC. It is a string of 1 to 19 characters. control-word: enables the control word option. no-control-word: disables the control word option. raw: removes the VLAN tag. tagged: adds the VLAN tag. ip-interworking: enables MPLS L2VPN IP interworking. ip-layer2: it is selected when the MA5200G interworks with the devices from other vendors.

Description
Using the mpls l2vc command, you can create a Martini L2VPN connection. Using the undo mpls l2vc command, you can delete the Martini L2VPN connection. To create a Martini connection, you must specify the IP address of the destination PE and VC ID. The command has to be configured in the PE routers with the same VC ID. If the tunnel policy name is not specified, the default policy is used. The default policy adopts LSP, and the number of tunnel sharing the load is 1. If tunnel policy name is specified, but the policy is not configured, the default policy is used. By default, control word is enabled for ATM and Frame Relay encapsulation. For all other encapsulations, it is disabled. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN. For the related command, see display mpls l2vc.

Example
# Create a Martini connection.
<Quidway> system-view [Quidway] interface pos 2/0/0 [Quidway1-Pos2/0/0] mpls l2vc 2.2.2.9 999

# Delete the Martini connection.


<Quidway> system-view [Quidway] interface pos 2/0/0 [Quidway1-Pos2/0/0] undo mpls l2vc

8-78

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.5.21 mpls l2vpn


Syntax
mpls l2vpn undo mpls l2vpn

View
System view

Parameter
None

Description
Using the mpls l2vpn command, you can enable L2VPN. All other L2VPN commands can be configured only after L2VPN is enabled through this command. Using the undo mpls l2vpn command, you can disable L2VPN and delete all the L2VPN configurations.

Example
# Enable L2VPN.
<Quidway> system-view [Quidway] mpls l2vpn

8.5.22 mpls l2vpn vpn-name


Syntax
mpls l2vpn vpn-name [ encapsulation { ethernet | hdlc | ppp | vlan | ip-interworking | atm-aal5-sdu } [ control-word | no-control-word ] ] undo mpls l2vpn [ vpn-name ]

View
System view

Parameter
vpn-name: specifies a unique VPN name on PE. It is a string of 1 to 31 characters. encapsulation: indicates the encapsulation types. The value can be Ethernet, hdlc, ppp, vlan, ip-interworking, or atm-aal5-sdu. control-word: enables the feature of control word. no-control-word: disables the feature of control word.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-79

8 VPN Commands

Quidway MA5200G Command Reference

ip-interworking: enables interworking of Kompella L2VPN.

Description
Using the mpls l2vpn command, you can create a Kompella VPN. The name must be specified and used to identify the VPN on the PE router. You must specify the encapsulation mode; otherwise, the VPN cannot be set up. The encapsulation mode must match the encapsulation type of the CE Interfaces. Using the undo mpls l2vpn command, you can delete the corresponding VPN.

Example
# Create a VPN in Kompella mode.
<Quidway> system-view [Quidway] mpls l2vpn vpn1 encapsulation ppp [Quidway-mpls-l2vpn-vpn1]

# Enter MPLS-L2VPN view.


<Quidway> system-view [Quidway] mpls l2vpn vpn1 [Quidway-mpls-l2vpn-vpn1]

# Delete the related VPN.


<Quidway> system-view [Quidway] undo mpls l2vpn vpn1

8.5.23 mpls static-l2vc


Syntax
mpls static-l2vc destination dest-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking ] undo mpls static-l2vc

View
Interface view

Parameter
dest-router-id: specifies the ID of the destination router. transmit-label-value: specifies the label value for transmitting VPN. The label is a static layer 2 outgoing label. The value is an integer ranging from 16 to 1023. receive-label-value: specifies the label value for receiving VPN. The label is a static layer 2 incoming label. The value is an integer ranging from 16 to 1023. policy-name: specifies the tunneling policy name. it is a string of 1 to 19 characters. control-word: enables the feature of control word.

8-80

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

no-control-word: disables the feature of control word raw: removes the VLAN label. tagged: adds the VLAN label. ip-interworking: enables interworking of Martini L2VPN IP.

Description
Using the mpls static-l2vc destination command, you can create a static VC connection between CEs connected to different PE routers. Using the undo mpls static-l2vc command, you can delete the static connection. The default policy specifies the tunneling sequence as LSP, and the number of tunnel sharing the load is 1. If the name of the tunneling policy is not specified, the default policy is taken. If the name of the tunnel policy is specified but the policy is not configured, the default policy is used. You must create static VC connections on PEs on both ends. The destination address is the IP address of the peer PE. The outgoing label of the local PE is the incoming label of the peer, and the incoming label of the local PE is the outgoing label of the peer. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.

Example
# Create a static VC connection between CEs connected to different PE routers.
<Quidway> system-view [Quidway] interface GigabitEthernet1/0/0 [Quidway-GigabitEthernet1/0/0] mpls static-l2vc destination 1.1.1.1 transmit-vpn-label 111 receive-vpn-label 222 tunnel-policy pol1 [Quidway-GigabitEthernet1/0/0] mpls static-l2vc destination 2.2.2.2 transmit-vpn-label 222 receive-vpn-label 111 tunnel-policy pol1

8.5.24 mtu
Syntax
mtu mtu-value

View
MPLS-L2VPN view

Parameter
mtu-value: specifies the MTU value of L2VPN. The value is an integer ranging from 46 to 16,352, and the default value is 128.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-81

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the mtu command, you can set the MTU of the MPLS L2VPN. By default, MTU of L2VPN is 128.

Example
# Set the maximum transmission value.
<Quidway> system-view [Quidway] mpls l2vpn vpn1 [Quidway-mpls-l2vpn-vpn1] mtu 1000

8.5.25 reset bgp 12vpn


Syntax
reset bgp l2vpn { as-number | peer-ip-address | all | internal | external }

View
User view

Parameter
as-number: specifies the AS where the peer of L2VPN is located. It is an integer in the range of 1 to 65535. peer-ip-address: specifies the IP address of the peer of L2VPN. all: resets all L2VPN BGP connections. internal: resets IBGP sessions of L2VPN in the same AS. external: resets EBGP sessions of inter-AS L2VPN.

Description
Using the reset bgp l2vpn command, you can reset the BGP connection of L2VPN.

Example
# Reset all L2VPN BGP connections.
<Quidway> reset bgp l2vpn all

8.5.26 reset local-ce mac


Syntax
reset local-ce mac [ interface-type interface-number ]

8-82

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

View
User view

Parameter
interface-type: specifies the interface type. It must be an Ethernet, GE, or Eth-trunk interface. interface-number: specifies the interface number.

Description
Using the reset local-ce mac command, you can reset the MAC address and VLAN ID of the local CE, which are dynamically learned by the ip-interworking Ethernet interface in L2VPN mode. If an interface name is specified, the information of the interface will be deleted. Otherwise, the information of all interfaces will be deleted. For the related command, see display local-ce mac.

Example
# Reset the MAC address and VLAN ID of the local CE, which are dynamically learned by the Ethernet interface in ip-interworking L2VPN mode.
<Quidway> reset local-ce mac

8.5.27 route-distinguisher
Syntax
route-distinguisher route-distinguisher

View
MPLS-L2VPN view

Parameter
route-distinguisher: specifies the RD. The value can be ASN:nn or IP-address:nn. It is a string of 3 to 21 characters.

Description
Using the route-distinguisher command, you can configure RD. On the same PE, different VPNs have different RDs. For the same VPN on multiple PEs, the RD can be the same or different. There are two formats of RD: a two-byte ASN plus a 4-byte random number; or a 4-byte IP address plus a two-byte random number. 16-bit ASN: 32-bit customized number, such as 101:3. 32-bit IP address: 16-bit customized number, such as 192.168.122.15:1. The value of RD cannot be changed directly. To change it, VPN must be deleted and recreated in new RD value.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-83

8 VPN Commands

Quidway MA5200G Command Reference

There is no default value for RD. It must be configured as soon as the VPN is created. A VPN will not become effective until RD is configured. It must be noted that once an RD has been configured, it cannot be dissociated from the VPN.

Example
# Configure the RD.
<Quidway> system-view [Quidway] mpls l2vpn vpn1 [Quidway-mpls-l2vpn-vpn1] route-distinguisher 300:1

8.5.28 vpn-target
Syntax
vpn-target vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ] undo vpn-target { all | vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ] }

View
MPLS-L2VPN view

Parameter
export-extcommunity: adds export VPN extended community. import-extcommunity: adds import VPN extended community. both: adds both the import and export VPN extended communities to the current VPN. all: ands all VPN extended communities. vpn-target: specifies the VPN target extended community to be added to the import or export VPN. It is a string of 3 to 21 characters.

Description
Using the vpn-target command, you can specify the VPN-target attributes for L2VPN. Using the undo vpn-target command, you can delete the VPN-target associated with L2VPN. There is no default value for VT. VPN-target has two formats as follows: 16-bit ASN: 32-bit customized number, such as: 101:3 32-bit ASN: 16-bit customized number, such as 192.168.122.15:1 Without a specific keyword both or export or import, both is taken by default.

Example
# Configure VPN-target attributes for L2VPN named VPN1.

8-84

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


<Quidway> system-view [Quidway] mpls l2vpn vpn1 [Quidway-mpls-l2vpn-vpn1] vpn-target 100:1 [Quidway-mpls-l2vpn-vpn1] vpn-target 1:1 2:2 export-extcommunity

8 VPN Commands

[Quidway-mpls-l2vpn-vpn1] vpn-target 1.2.3.4:11 12:12 import-extcommunity

# Delete the VPN-target attributes of VPN1.


<Quidway> system-view [Quidway] mpls l2vpn vpn1 [Quidway-mpls-l2vpn-vpn1] undo vpn-target 12:12 import-extcommunity [Quidway-mpls-l2vpn-vpn1] undo vpn-target all

8.6 VPLS Configuration Commands


8.6.1 debugging mpls l2vpn vpls_fib
Syntax
debugging mpls l2vpn vpls_fib undo debugging mpls l2vpn vpls_fib

View
User view

Parameter
None

Description
Using the debugging mpls l2vpn vpls_fib command, you can enable the debugging of VPLS FIB. Using the undo debugging mpls l2vpn vpls_fib command, you can disable the debugging of VPLS FIB. By default, the debugging of VPLS FIB is disabled.

Example
# Enable the debugging of VPLS FIB.
<Quidway> debugging mpls l2vpn vpls_fib

8.6.2 debugging mpls l2vpn vpls_mid


Syntax
debugging mpls l2vpn vpls_mid

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-85

8 VPN Commands

Quidway MA5200G Command Reference

undo debugging mpls l2vpn vpls_mid

View
User view

Parameter
None

Description
Using the debugging mpls l2vpn vpls_mid command, you can enable the debugging of VPLS multicast information description (MID). Using the undo debugging mpls l2vpn vpls_mid command, you can disable the debugging of VPLS MID. By default the debugging of VPLS MID is disabled. For the related command, see display vpls mid.

Example
# Enable the debugging of VPLS MID.
<Quidway> debugging mpls l2vpn vpls_mid

8.6.3 description
Syntax
description description undo description

View
VSI view

Parameter
description: specifies the description of the VSI. It is a string of 1 to 64 characters.

Description
Using the description command, you can set the description of the current VSI. The description helps you to identify VSI instances. Using the undo description command, you can delete the description of the current VSI. By default, the description of VSI is null.

8-86

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
# Set the description of the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] description vsi-company1

8.6.4 display vpls connection


Syntax
display vpls connection [ ldp | bgp | vsi vsi-name ] [ down | up ] [ verbose ]

View
All views

Parameter
ldp: displays LDP signaling connections. bgp: displays BGP signaling connections. vsi vsi-name: displays connections of the specified Virtual Switch Instance (VSI). The vsi-name parameter is a string of 1 to 31 characters. down: displays connections in down state. up: displays connections in up state. verbose: displays connections in detail.

Description
Using the display vpls connection command, you can display VPLS connection. By specifying different keywords or parameters, you can display the connection at your will. If no keyword or parameter is specified, all connections in up state is displayed.

Example
# Display the connections of all VSIs.
<Quidway> display vpls connection 2 total connections, connections: 2 up, 0 down, 1 ldp, 1 bgp VSI Name: a2 VsiID 2 EncapType vlan PeerAddr 1.1.1.1 PeerAddr 1.1.1.1 Signaling: ldp InLabel 17408 Signaling: bgp InLabel 19457 OutLabel VCState 19458 up OutLabel VCState 17409 up

VSI Name: bgp1 SiteID RD 1 168.1.1.1:1

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-87

8 VPN Commands

Quidway MA5200G Command Reference

Table 8-16 Description of the output the display vpls connection command Item VSI Name Signaling VsiID EncapType PeerAddr InLabel OutLabel VCState SiteID RD Description The name of VSI Signaling mode, LDP or BGP VSI ID VPLS encapsulation type, that is, the encapsulation type of packets on VC IP address of the peer Local VC labels Remote VC labels The state of VC ID of the site where the VSI is located Router distinguisher, which identifies a VSI instance on a PE in the VPLS using BGP as the signaling protocol

# Display the detailed connection information of all VSIs. <Quidway> display


VSI Name: a2 **Remote Vsi ID VC State Encapsulation Group ID MTU PW Type : 2 : up : vlan : 0 : 1500 : label vpls connection verbose Signaling: ldp

Peer Ip Address : 1.1.1.1 Local VC Label : 17408 Remote VC Label : 17409 Tunnel Policy Tunnel ID VSI Name: bgp1 **Remote Site ID VC State RD Encapsulation MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID : 1 : up : 168.1.1.1:1 : vlan : 1500 : 1.1.1.1 : label : 19457 : 19458 : -: 0x6002011, : -: 0x6002011, Signaling: bgp

Remote Label Block : 19456/5/0 Export vpn target : 100:1,

8-88

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Table 8-17 Description of the output the display vpls connection verbose command Item VSI Name Signaling Remote Vsi ID VC State Encapsulation Group ID MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID Remote Label Block Export vpn target Description Name of the VSI Signaling mode, which can be LDP or BGP ID of the remote VSI, which is the same as that of the local VSI State of the VS, namely, Up or Down VPLS encapsulation mode of the VSI, that is, packet encapsulation mode (VLAN or Ethernet) on the VD Group ID, which is a protocol field not used currently, the default value is 0 MTU of the VSI IP address of the peer PE The type of PW, Label indicates MPLS tunnel Local VC label Remote VC label Tunneling policy for the L2VPN Tunnel ID Remote label block Export extended community to the destination VPN

# Display the detailed information about connection with BGP signaling of the VSI company1.
<Quidway> display vpls connection vsi company1 verbose VSI Name: company1 **Remote Site ID VC State RD Encapsulation MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID : 1 : up : 168.1.1.1:1 : vlan : 1500 : 1.1.1.9 : label : 19457 : 19458 : -: 0x6002000, Signaling: bgp

Remote Label Block : 19456/5/0

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-89

8 VPN Commands

Quidway MA5200G Command Reference

Table 8-18 Description of the output the display vpls connection command Item VSI Name Signaling Remote Site ID VCState RD Encapsulation Group ID MTU Peer Ip Address PW Type Local VC Label Remote VC Label Tunnel Policy Tunnel ID Remote Label Block Description The name of VSI Signaling mode, LDP or BGP VC labels distributed by peers The state of VC The local router ID VPLS encapsulation type of VSI, that is, the encapsulation type of the packets transmitted on VC Group ID, which is a protocol field not used currently, the default value is 0 MTU of the VSI IP address of the peer PE The type of PW, Label indicates MPLS tunnel Local VC labels Remote VC labels Tunneling policy Tunnel ID Remote label block

8.6.5 display vpls fib


Syntax
display vpls fib [ vsi vsi-name | link link-id ] [ verbose ]

View
All views

Parameter
vsi vsi-name: displays FIB of the specified VSI. The vsi-name parameter is a string of 1 to 31 characters. link link-id: displays FIB of the specified connection. The value of link-id ranges from 1 to 40,960. verbose: displays FIB in detail.

8-90

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the display vpls fib command, you can display VPLS FIB information. By specifying different keywords or parameters in the command lines, you can display FIB at your will. If no keyword or parameter is specified, all forwarding entries are displayed.

Example
# Display forwarding tables of all VPLSs.
<Quidway> display vpls fib Total Number Vsi-Name a 1 : 1, 1 up, 0 down Link-ID Link-Type VPLS Remote Link Link-State up

# Display forwarding tables of the VSI named company1 in detail.


<Quidway> display vpls fib vsi company1 verbose **Vsi-Name Vsi Index: 0 Link-ID Tunnel ID : 1 : 0x6002001 Link-Type L2 MTU Next Hop Lsp token : VPLS Remote-link : 1500 : 168.1.1.2 : 0x7 Link-State : up Tunnel Label: 1024 : company1

Enable CtrWord: Disabled Link VCLabel : 19458 Out Interface : Pos2/0/0 Out VCLabel SendCounter Op type : 19457 : 0 : add

Recv Counter: 0 Down Status : OK

Table 8-19 Description of the output the display vpls fib command Item VSI Name Link-ID Link-Type Link-State Vsi Index Tunnel ID Enable CtrWord L2 MTU Link VCLabel Tunnel Label Out Interface Next Hop Out VCLabel Description Name of the VSI ID of a link Type of link State of link VSI index Tunnel ID Whether to enable Control Word MTU of the Layer 2 packets Inbound label of virtual circuit Value of the Tunnel label Outbound interface Next hop address Outbound label of virtual circuit

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-91

8 VPN Commands

Quidway MA5200G Command Reference

Item Lsp token Send Counter Recv Counter Op type Down Status

Description LSP token Sending counter Receiving counter Operation type Down status of the FIB

8.6.6 display vpls mid


Syntax
display vpls mid token vsi vsi-name display vpls mid interface vsi vsi-name [ vlan vlan-id ]

View
All views

Parameter
token: displays MID of a token, that is, the multicast table on the network side. interface: displays the MID of an interface, that is the MID on the AC side. vsi vsi-name: displays MID of the specified VSI. It is a string of 1 to 31 characters. vlan vlan-id: displays MID on the VC side with the specified VLAN ID. vlan-id is an integer in the range of 14094.

Description
Using the display vpls mid command, you can display MID. The MID information contains token information and interface information. By specifying different keywords or parameters in the command lines, you can display MID at your will.

Example
# Display token MID of the VSI named company1 on the public network side.
<Quidway> display vpls mid token vsi company1 VSI Name : company1, Total PW Number : 1 SLOT ID 2 LspToken(s) 0x2

# Display MID of the VSI named company1 on the AC side in VLAN 100.
<Quidway> display vpls mid interface vsi company1 VSI Name : company1, Total AC Number : 1

8-92

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


VLAN ID 100 SLOT ID 2 Interface(s)

8 VPN Commands

Ethernet2/0/1.1

Table 8-20 Description of the output the display vpls mid command Item VSI Name Total PW Number SLOT ID LspToken Total AC Number VLAN ID Interface Description The name of the Virtual Switch Instance (VSI) The total number of PWs The slot ID LSP token The total number of ACs VLAN ID Interface number

8.6.7 display vpls statistics


Syntax
display vpls statistics [ vsi vsi-name ]

View
All views

Parameter
vsi vsi-name: displays statistics of the specified VSI. The vsi-name parameter is a string of 1 to 31 characters.

Description
Using the display vpls statistics command, you can display statistics of VSI. When specifying vsi vsi-name, you can display statistics of the specified VSI.

Example
# Display the statistics of VSI.
<Quidway> display vpls statistics *VsiName :company1 In Frames : 42949672971 Out Frames : 85899345941 In Bytes : 64424509456 Out Bytes : 107374182426 In Discard : 21474836485

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-93

8 VPN Commands

Quidway MA5200G Command Reference

Table 8-21 Description of the output the display vpls statistics command Item VsiName In Frames Out Frames In Bytes Out Bytes In Discard Description The name of the Virtual Switch Instance (VSI) Received frames Sent frames Received bytes Sent bytes Discarded frames

8.6.8 display vsi


Syntax
display vsi [ vsi-name ] [ verbose ]

View
All views

Parameter
vsi-name: indicates the name of the VSI. It is a string of 1 to 31 characters. verbose: displays the information of the VSI in detail.

Description
Using the display vsi command, you can view the information about the specified VSI. By default, the information of all VSIs is displayed.

Example
# Display VSI named company1.
<Quidway> display vsi company1 Vsi Name company1 Mem Disc auto PW Mac Encap Type Mtu Vsi Type Learn Value State 1500 up

bgp unqualify vlan

Table 8-22 Description of the output the display vsi command Item Vsi Name Mem Disc Description The name of VSI Member discovery mode

8-94

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Item PW Type Mac Learn Encap Type Mtu Value Vsi State

Description The type of PW Learning mode of the MAC address Encapsulation type The value of the MTU The state of VSI

8.6.9 display vsi remote


Syntax
display vsi remote { ldp [ route-id ip-address ] [ pw-id pw-id ] | bgp [ nexthop nexthop-ip-address [ export-vpn-target vpn-target ] | route-distinguisher route-distinguisher ] }

View
All views

Parameter
ldp: displays the information about the remote VSI which is in LDP signaling mode. bgp: displays the information about the remote VSI which is in BGP signaling mode. route-id ip-address: displays the information about the remote VSI of the specified peer. ip-address specifies the IPv4 address of the peer. pw-id pw-id: displays the information about the remote VSI with the specified PW. pw-id specifies ID of the PW, which uniquely identifies a PW. The value of pw-id is an integer ranging from 1 to 4,294,967,295. nexthop nexthop-ip-address: displays the information about the remote VSI with the specified next hop address. nexthop-ip-address specifies the IPv4 address of the next hop. export-vpn-target vpn-target: displays the information about the remote VSI instance with the specified outbound VPN target. The vpn-target parameter specifies the outbound VPN target. It is a string of 3 to 21 characters, which is represented in the following two formats: 16-bit AS number : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number route-distinguisher route-distinguisher: displays the information about the remote VSI with the specified RD. The route-distinguisher parameter specifies the RD. It is a string of 3 to 21 characters, which is represented in the following two formats: 16-bit AS number : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-95

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the display vsi remote command, you can display the information about the remote VSI. By specifying keywords in the command lines, you can display information about the remote VSI with different signaling modes. By default, information about all remote VSIs is displayed.

Example
# Display remote VSI with LDP signaling.
<Quidway> display vsi remote ldp Vsi ID 123 Peer RouterID 3.3.3.9 VC Label 17408 Group ID 0 Encap Type vlan MTU Value 1500 Vsi Index 1

# Display remote VSI with BGP signaling.


[Quidway] display vsi remote bgp **BGP RD NextHop EncapType MTU : 169.1.1.2:1 : 3.3.3.9 : vlan : 1500

MHoming Preference : 0 Remote Label Block : 19456/5/0,

Table 8-23 Description of the output the display vsi remote command Item Vsi ID Peer RouterID VC Label Group ID Encap Type MTU Value Vsi Index BGP RD NextHop EncapType MTU MHoming Preference Remote Label Block Description VSI ID The peer IP address VC label Group ID The encapsulation type of PW MTU value VSI index Route-Distinguisher of local VSI Next hop of the VIS connection The encapsulation type The MTU of the VSI data Multi-home preference of VSI Remote label block

8-96

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.6.10 encapsulation
Syntax
encapsulation { ethernet | vlan }

View
VSI view

Parameter
ethernet: sets the encapsulation mode to Ethernet. vlan: sets the encapsulation mode to VLAN conformed to 802.1Q standard.

Description
Using the encapsulation command, you can set and enable the encapsulation capability of the interface in VSI view. By default, the encapsulation type is set to VLAN.

Example
# Set the encapsulation type of the current VSI to Ethernet.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] encapsulation ethernet

8.6.11 l2 binding
Syntax
l2 binding vsi vsi-name undo l2 binding vsi vsi-name

View
Gigabit Ethernet interface view, Gigabit Ethernet sub-interface view, Eth-trunk interface view, Eth-trunk sub-interface view

Parameter
vsi vsi-name: specifies the name for the VSI bound with the interface. The vsi-name parameter is a string of 1 to 31 characters.

Description
Using the l2 binding command, you can bind an interface to a VSI. Using the undo l2 binding command, you can cancel the binding.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-97

8 VPN Commands

Quidway MA5200G Command Reference

By default, interfaces are not bound to VSI.

Example
# Bind an Ethernet sub-interface to the VSI.
<Quidway> system-view [Quidway] interface gigabitethernet 2/0/1.1 [Quidway-GigabitEthernet2/0/1.1] l2 binding vsi company1

8.6.12 mac-learn-style
Syntax
mac-learn-style { qualify | unqualify }

View
VSI view

Parameter
qualify: indicates the qualified mode of MAC addresses learning. unqualify: indicates the unqualified mode of MAC addresses learning.

Description
Using the mac-learn-style command, you can set the MAC address learning mode of VSI. If you choose qualified mode, MAC address learning is based on VLAN. Each VLAN has its own MAC address space, which can overlap with each other. If you choose unqualified style, MAC address learning is based on VSI. Each VSI has a MAC address space. By default, MAC address learning mode is unqualified.
The MA5200G supports the unqualified MAC address learning only.

Example
# Set the MAC address learning mode of the VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] mac-learn-style unqualify

8.6.13 mac-learning
Syntax
mac-learning { enable | disable }

8-98

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

View
VSI view

Parameter
enable: enables MAC address learning of VSI. disable: disables MAC address learning of VSI.

Description
Using the mac-learning enable command, you can enable MAC address learning of VSI. Using the mac-learning disable command, you can disable MAC address learning of VSI. By default, MAC address learning of VSI is enabled.

Example
# Enable MAC address learning of the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] mac-learning enable

8.6.14 mtu
Syntax
mtu mtu-value undo mtu

View
VSI view

Parameter
mtu-value: indicates the MTU value of VSI. It is an integer in the range of 328 to 65535. By default, it is 1500.

Description
Using the mtu command, you can set MTU for VSI.

Example
# Set MTU for the VSI named company1.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] mtu 1600

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-99

8 VPN Commands

Quidway MA5200G Command Reference

8.6.15 multi-homing-preference
Syntax
multi-homing-preference preference undo multi-homing-preference

View
VSI view

Parameter
preference: specifies the multi-homing preference of VSI. It is an integer in range of 1 to 65535.

Description
Using the multi-homing-preference command, you can specify the value of the multi-homing preference of VSI. Using the undo multi-homing-preference command, you can cancel the configuration of the multi-homing preference.

Example
# Set the value of the multi-homing preference of VSI named company1 to 1500.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] multi-homing-preference 1500

8.6.16 peer
Syntax
peer peer-address [ negotiation-vc-id vc-id ] [ tunnel-policy policy-name ] [ upe ] undo peer peer-address [ negotiation-vc-id vc-id ]

View
VSI-LDP view

Parameter
peer-address: specifies the IPv4 address of the peer. It is usually a loopback address. negotiation-vc-id vc-id: indicates the unique ID of a virtual circuit. The VC ID is used when VSI IDs on two ends are different but IP interworking is required. The parameter vc-id cannot be identical to IDs configured for other VSIs on the local end or other IDs configured by negotiation-vc-id for the VSI. That is, vc-id must be a VC ID not used before. The value is an integer ranging from 1 to 4,294,967,295.

8-100

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

policy-name: specifies the tunnel policy name for peers. It is a string of 1 to 19 characters. upe: identifies whether the peer is the PE on the user end. This parameter is applicable to Hierarchical Virtual Private LAN Service (HVPLS).

Description
Using the peer command, you can set the VSI peer. Before configuring the VSI peer, set an ID for the VSI. In the peer command, if upe is selected, the peers are on user side rather than in the range of split horizon. By default, VSI has no peer.

Example
# Set the peer for the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] pwsignal ldp [Quidway-vsi-company1-ldp] peer 3.3.3.3 negotiation-vc-id 10 upe

# Delete the peer of VSI.


<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] pwsignal ldp [Quidway-vsi-company1-ldp] undo peer 3.3.3.3

8.6.17 pwsignal
Syntax
pwsignal { bgp | ldp }

View
VSI view

Parameter
bgp: uses BGP signaling. ldp: uses LDP signaling.

Description
Using the pwsignal command, you can set the signaling of VSI. You are recommended to configure the signaling mode for a VSI right after it is created. If member discovery mode of VSI is set to be static, the signaling must be LDP. If it is set as automatic, the signaling protocol must be BGP. Once the signaling of VSI is set successfully, it cannot be changed. To change it, you must delete this VSI and then re-create another one.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-101

8 VPN Commands

Quidway MA5200G Command Reference

Example
# Set the signaling of the current VSI to LDP.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] pwsignal ldp [Quidway-vsi-company1-ldp]

# Set the signaling of the current VSI to BGP.


<Quidway> system-view [Quidway] vsi company2 [Quidway-vsi-company2] pwsignal bgp [Quidway-vsi-company2-bgp]

8.6.18 qos car


Syntax
qos car { broadcast | multicast | unicast } { inbound | outbound } car-name | multicast | unicast } { inbound | outbound } undo qos car { broadcast

View
VSI view

Parameter
car-name: specifies the name of CAR. It is a string of 1 to 32 characters. inbound: enables CAR for the upstream packet of the VSI. outbound: enables CAR for the downstream packet of the VSI.

Description
Using the qos car command, you can enable CAR on the VSI to limit the traffic of broadcast, multicast, and unicast packets. Using the undo qos car command, you can disable CAR.

Example
# Enable CAR for the upstream unicast packet
<Quidway> system-view [Quidway] vsi vsi1 [Quidway-vsi-vsi1] qos car unicast inbound car1

of VSI1.

8.6.19 remote-vpn-target refresh


Syntax
remote-vpn-target refresh

8-102

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

View
VSI-BGP view

Parameter
None

Description
Using the remote-vpn-target refresh command, you can refresh the VPN target from the remote PE.

Example
# Enable the VSI company2 to refresh the VPN target from the remote PE.
<Quidway> system-view [Quidway] vsi company2 [Quidway-vsi-company2] pwsignal bgp [Quidway-vsi-company2-bgp] remote-vpn-target refresh

8.6.20 reset traffic-statistics


Syntax
reset traffic-statistics

View
VSI view

Parameter
None

Description
Using the reset traffic-statistics command, you can reset traffic statistics of VSI. To get the traffic statistics in a certain period, you can use this command to clear statistics, and after a while you can view the statistics.

Example
# Reset traffic statistics of the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] reset traffic-statistics

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-103

8 VPN Commands

Quidway MA5200G Command Reference

8.6.21 route-distinguisher
Syntax
route-distinguisher route-distinguisher

View
VSI-BGP view

Parameter
route-distinguisher: identifies a VSI on a PE and is shortened as RD. On a PE, different VSIs have different RDs. Same VSIs on different PEs have same or different RDs. RD has two formats as follows: 16-bit ASN : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number

Description
Using the route-distinguisher command, you can configure RD for VSI. After RD is configured successfully, it cannot be changed directly. To change the RD, you must delete this VSI at first and then re-configure RD after creating a VSI.

Example
# Configure RD with the format of 16-bit ASN plus 32-bit user-define number for VSI.
<Quidway> system-view [Quidway] vsi company2 [Quidway-vsi-company2] pwsignal bgp [Quidway-vsi-company2-bgp] route-distinguisher 101:3

# Configure RD with the format of 32-bit IP address plus 16-bit user-defined number for VSI.
[Quidway-vsi-company2-bgp] route-distinguisher 2.2.2.2:1

8.6.22 shutdown
Syntax
shutdown undo shutdown

View
VSI view

Parameter
None

8-104

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the shutdown command, you can disable the VSI. Using the undo shutdown command, you can enable the VSI.

Example
# Disable the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] shutdown

# Enable the current VSI.


<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] undo shutdown

8.6.23 site
Syntax
site site-id [ range site-range ] [ default-offset { 0 | 1 } ] undo site site-id

View
VSI-BGP view

Parameter
site-id: identifies a site for VSI. It is an integer in the range of 0 to 65534. range site-range: indicates the site range of VSI number. It is an integer in the range of 1 to 65534. Its default value is 10. default-offset: indicates the initial site ID offset, whose value is 1 or 0 and the default value is 0.

Description
Using the site command, you can specify a site ID for a site. Before setting the site ID of a VSI, you must set the route-distinguisher for the VSI. Different sites in the same VPLS must have different site ID.

Example
# Set the site ID of the current VSI to 1 and the number of sites which can be connected with this VSI to 100.
<Quidway> system-view [Quidway] vsi company2 [Quidway-vsi-company2] pwsignal bgp

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-105

8 VPN Commands
[Quidway-vsi-company2-bgp] site 1 range 100

Quidway MA5200G Command Reference

8.6.24 tnl-policy
Syntax
tnl-policy policy-name undo tnl-policy

View
VSI view

Parameter
policy-name: specifies the tunneling policy name. It is a string of 1 to 19 characters without space.

Description
Using the tnl-policy command you can specify the tunneling policy. Using the undo tnl-policy command, you can delete the tunneling policy. When an application selects tunnels in the tunnel management module of VPN, it uses the tunneling policy. When creating a tunneling policy, you must set the order for tunnel selection. If no tunnel policy is configured, the default order is used, that is, only LSP tunnel is selected. For the related command, see tunnel select-seq and tunnel-policy.

Example
# Specify the tunnel policy name for the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] tnl-policy tnlpolicyofcompany1

8.6.25 traffic-statistics
Syntax
traffic-statistics { enable | disable }

View
VSI view

Parameter
enable: enables traffic statistics of VSI. disable: disables traffic statistics of VSI.

8-106

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Description
Using the traffic-statistics enable command, you can enable VSI traffic statistics. Using the traffic-statistics disable command, you can disable VSI traffic statistics. By default, traffic statistics of VSI is enabled.

Example
# Enable traffic statistics of the current VSI.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] traffic-statistics enable

8.6.26 unknown-frame
Syntax
unknown-frame { unicast | mulcast } { drop | local-handle | broadcast }

View
VSI view

Parameter
unicast: specifies the type of unknown frames as unicast. mulcast: specifies the type of unknown frames as multicast. drop: drops received unknown frames. local-handle: locally processes received unknown frames. broadcast: broadcasts received unknown frames.

Description
Using the unknown-frame command, you can specify the processing mode for received unknown frames. Unknown frames consist of unicast unknown frames and multicast unknown frames. The processing modes consist of drop, local processing and broadcast.

Example
# Set processing mode for unicast unknown frames to drop.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] unknown-frame unicast drop

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-107

8 VPN Commands

Quidway MA5200G Command Reference

8.6.27 vpls bgp encapsulation


Syntax
vpls bgp encapsulation { ethernet | vlan }

View
System view

Parameter
ethernet: sets the encapsulation mode of VPLS packets on the AC link to Ethernet. vlan: sets the encapsulation mode of VPLS packets on the AC link to VLAN.

Description
Using the vpls bgp encapsulation command, you can specify the encapsulation mode of VPLS packets received by the local PE. The encapsulation mode of VPLS packets can be Ethernet or VLAN. By default, encapsulation mode of VPLS packets on the VC link is VLAN. The vpls bgp encapsulation command is used only for communicate between devices. The latest draft for VPLS BGP specifies that the encapsulation mode of VPLS packets can be Ethernet or VLAN. This command can change the encapsulation mode of packets exchanged between the two devices to VLAN or Ethernet. For example, if the PE receives a VPLS packet encapsulated in VLAN tag from the peer, it considers the encapsulation mode of all VPLS packets from the peer to be VLAN. If the encapsulation mode of VLSP packets from the peer is changed to Ethernet, the PE cannot communicate with the peer. The encapsulation mode of VPLS packets on the AC link is determined by the access mode. The access mode falls into VLAN access and Ethernet access. VLAN access The Ethernet frame header of the packet transmitted between the CE and PE contains a VLAN tag. The VLAN tag is a service delimiter tagged by the ISP to differentiate users. Such a tag is called a provider tag (P-tag). Ethernet access The Ethernet frame header of the packet transmitted between the CE and PE does not contain a service delimiter. The VLAN tag in the frame header is only an internal VLAN tag of the user packet. Such a tag is called a user tag (U-tag).

Example
# Configure the encapsulation mode of VPLS packets on the AC link to Ethernet.
[Quidway] mpls lsr-id 1.1.1.1 [Quidway] mpls [Quidway-mpls] quit [Quidway] mpls l2vpn

8-108

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


[Quidway] vpls bgp encapsulation ethernet

8 VPN Commands

8.6.28 vpls-mac-limit
Syntax
vpls-mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max rate interval } * undo vpls-mac-limit

View
VSI view

Parameter
action: indicates the action performed by the system when the number of MAC entries reaches the limit. discard: discards the packet using the MAC address that is learnt after the number of MAC entries reaches the limit. forward: forwards the packet using the MAC address that is learnt after the number of MAC entries reaches the limit. But the unlearned MAC addresses are not added in MAC address table. alarm: determines whether to raise an alarm when the number of the MAC entries reaches the limit. disable: does not raise an alarm when the number of the MAC entries reaches the limit. enable: raises an alarm in system log when the number of the MAC entries reaches the limit. maximum max: specifies the maximum of MAC entries that can be learned. It is an integer in the range of 0 to 64512. When max is set to 0, the number of MAC addresses that can be learned is not limited. rate interval: specifies the MAC learning interval. It is an integer in the range of 0 to 1000 (ms). When the value is set to 0, the learning interval is not limited. This parameter is invalid currently.

Description
Using the vpls-mac-limit command, you can set the rule for MAC address learning of the VSI. Using the undo vpls-mac-limit command, you can cancel the configuration of the rule of the MAC address learning. If the VSI has learned some MAC addresses, use the undo mac-address dynamic command to clear the learned MAC. Or the limit of MAC addresses can be learned is inaccurate.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-109

8 VPN Commands

Quidway MA5200G Command Reference

Example
# Set the maximum of MAC entries that VSI company1 can learn to 1000. The learning interval is 100ms. If the learnt MAC entries reach 1000, the packets with MAC addresses learned later are forwarded.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] vpls-mac-limit action forward alarm enable maximum 100 rate 600

8.6.29 vpls-qos car


Syntax
vpls-qos car vpls-car-name { cir cir-value [ pir pir-value ] } [ cbs cbs-value pbs pbs-value ] [ green { discard | forward } ] [ yellow { discard | forward } ] [ red { discard | forward } ] undo vpls-qos car vpls-var-name

View
System view

Parameter
vpls-car-name: specifies the name of a VPLS CAR. It is a string of 1 to 32 characters. cir: indicates the committed information rate (CIR). cir-value: specifies the average rate of the traffic. It is in the range of 10010000000 kbit/s. pir: indicates the peak information rate (PIR). pir-value: specifies the value of the PIR. It is in the range of 10010000000 kbit/s. cbs: indicates the committed burst size (CBS), that is, the depth of the token bucket. cbs-value: specifies the value of the CBS. It is in the range of 1000033554432 bytes. pbs: indicates the peak burst size (PBS). pbs-value: specifies the value of the PBS. It is in the range of 033554432 bytes. green: indicates the action performed when the packet traffic is within the CIR value range. yellow: indicates the action performed when the packet traffic is within the CIR value range. red: indicates the action performed when the packet traffic is out of the CIR value range. pass: allows the packet with the specified color to pass. forward: forwards the packet with the specified color to pass.

Description
Using the vpls-qos car command, you can configure a VPLS CAR. Using the vpls-qos car command, you can delete a VPLS CAR.

8-110

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
# Configure a VPLS CAR car1.
<Quidway> system-view [Quidway] vpls-qos car car1 cir 2000 cbs 30000 green forward

8.6.30 vpn-target
Syntax
vpn-target vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ] undo vpn-target { all | vpn-target &<1-16> } [ both | export-extcommunity | import-extcommunity ]

View
VSI-BGP view

Parameter
vpn-target: adds VPN target extended community attributes to VPN target extended community list of VSI and specifies the RT value. It is a string of 3 to 21 characters. You can denote the RT value in either format as follows: 16-bit AS number: 32-bit user-defined number 32-bit address: 16-bit user-defined number export-extcommunity: indicates the outbound routes to the VPN target extended community. import-extcommunity: indicates the inbound routes from the VPN target extended community. both: indicates the inbound routes from the VPN target extended community and outbound routes to the VPN target extended community. all: deletes all VPN targets.

Description
Using the vpn-target command, you can associate the current VSI with one or more VPN targets. Using the undo vpn-target command, you can delete a VPN target associated with the current VSI. Without the default value, VT must be configured after VSI is created. When a PE sends routes to other PEs according to VSI, it attaches export VPN target to the routes. When a PE receives routes from other PEs, it determines whether these routes should be added to VSI according to the import VPN target. Therefore, route advertisement between nodes is under the control of the VPN target.

Example
# Associate the current VSI with a VPN target.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-111

8 VPN Commands
<Quidway> system-view [Quidway] vsi company2 [Quidway-vsi-company2] pwsignal bgp [Quidway-vsi-company2-bgp] vpn-target 3:3 export-extcommunity [Quidway-vsi-company2-bgp] vpn-target 4:4 import-extcommunity [Quidway-vsi-company2-bgp] vpn-target 5:5 both

Quidway MA5200G Command Reference

8.6.31 vsi
Syntax
vsi vsi-name [ auto | static ] undo vsi vsi-name

View
System view

Parameter
vsi-name: specifies the name of a VSI. It is a string of 1 to 31 characters. auto: uses automatic member discovery mode. static: uses static member discovery mode.

Description
Using the vsi command, you can create a VSI and enter VSI view. After creating a VSI, you must specify the member discovery mode (also called signaling mode) for this VSI. After specified, the member discovery mode cannot be changed. To change it, you must delete the VSI, re-create a VSI, and then specify the member discovery mode. If a VSI already exists in the system, you can use the vsi command to enter VSI view. Using the undo vsi command, you can delete a VSI. By default, no VSI is defined.

Example
# Create a VSI aaa in static member discovery mode.
<Quidway> system-view [Quidway] vsi aaa static [Quidway-vsi-aaa]

# Delete the VSI named aaa.


<Quidway> system-view [Quidway] undo vsi aaa

8-112

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.6.32 vsi-id
Syntax
vsi-id vsi-id

View
VSI-LDP view

Parameter
vsi-id: identifies a VSI. It is an integer in the range of 1 to 4294967295.

Description
Using the vsi-id command, you can set ID for a VSI. After ID is successfully set for a VSI, you cannot change the ID. Different VSIs cannot use the same ID. By default, no VSI ID is set.

Example
# Set the current VSI ID to 1.
<Quidway> system-view [Quidway] vsi company1 [Quidway-vsi-company1] pwsignal ldp [Quidway-vsi-company1-ldp] vsi-id 1

8.7 PWE3 Configuration Commands


8.7.1 atm cell transfer
Syntax
atm cell transfer undo atm cell transfer

View
ATM interface view

Parameter
None

Description
Using the atm cell transfer command, you can enable port relay on an ATM interface.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-113

8 VPN Commands

Quidway MA5200G Command Reference

Using the undo atm cell transfer command, you can disable port relay on an ATM interface. By default, ATM port relay is disabled. If an ATM interface works in port relay mode, you can configure IPoA forwarding or cell relay in other modes on this ATM interface or its sub-interface only after you disable port relay.

Example
# Configure interface ATM 1/0/1 to work in port relay mode.
<Quidway> system-view [Quidway] interface atm 1/0/1 [Quidway-atm1/0/1] atm cell transfer

8.7.2 bandwidth
Syntax
bandwidth bandwidth-value undo bandwidth

View
PW template view

Parameter
bandwidth-value: indicates the bandwidth value of the PW template. It is an integer in the range of 1 to 32000000, in kbit/s. By default, the value is 0, that is, the bandwidth of PW is not guaranteed.

Description
Using the bandwidth command, you can specify the bandwidth of the PW template. Using the undo bandwidth command, you can cancel the setting of the PW template bandwidth. In configuring RSVP-PW, to set the bandwidth, you need to use the TE tunnel.

Example
# Set the bandwidth of the PW template as 2000000.
<Quidway> system-view [Quidway] pw-template pwt1 [Quidway-pw-template-pwt1] bandwidth 2000000

# Set the bandwidth of the PW template unspecified.


<Quidway> system-view [Quidway] pw-template pwt1 [Quidway-pw-template-pwt1] bandwidth 2000000

8-114

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

8.7.3 control-word
Syntax
control-word undo control-word

View
PW template view

Parameter
None

Description
Using the control-word command, you can enable Control Word of the PW template. Using the undo control-word command, you can disable Control Word of the PW template. In the case of load balancing, packets may become disordered. At this moment, you can regroup them through Control Word. Furthermore, when a PE is connected with other PEs by Ethernet link and connected with CE by PPP link, PPP fails to negotiate since the length of PPP control packet is less than the minimum length supported by Ethernet. At this moment, you can avoid this situation through adding Control Word. By default, the PW template does not support Control Word.

Example
# Enable Control Word of the PW template named pwt.
<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] control-word

# Disable Control Word of the PW template named pwt.


<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] undo control-word

8.7.4 display mpls l2vc


Syntax
display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] ]

View
All views

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-115

8 VPN Commands

Quidway MA5200G Command Reference

Parameter
interface: indicates the interface connected with CE. interface-type interface-number: specifies the type and number of the interface connected with CE. remote-info: displays the PW information of the next hop S-PE or U-PE on the PW. vc-id: specifies the ID of a layer 2 virtual circuit. It is an integer in the range of 1 to 4294967295.

Description
Using the display mpls l2vc command, you can display the information about the specified or all dynamic PWs. If you do not specify the vc-id, the router displays the PW information, which is established by the next hop PW S-PE or U-PE and the local end. For the related command, see mpls l2vc.

Example
# Display LDP PW on the specified interface.
<Quidway> display mpls l2vc interface atm 1/0/0 *Client Interface : Atm1/0/0 is up Session State AC State VC State VC ID VC Type Destination Local Group ID Local VC Label Local VC MTU Romete VC MTU Local VCCV Remote VCCV Local Frag Remote Frag : up : up : up : 100 : ip-interworking : 2.2.2.2 : 0 : 17409 : 1500 : 1500 : Disable : Disable : Disable : Disable

Remote Group ID : 0 Remote VC Label : 17408

Local Ctrl Word : Disable Remote Ctrl Word : Disable Tunnel Policy : -Traffic Behavior : -PW Template Name : -VC tunnel/token info : 1 tunnels/tokens NO.0 TNL Type : lsp Create time UP time , TNL ID : 0x6002000 : 0 days, 8 hours, 31 minuts, 50 seconds : 0 days, 4 hours, 25 minuts, 54 seconds

Last change time : 0 days, 4 hours, 25 minuts, 54 seconds

8-116

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Table 8-24 Description of the output the display mpls l2vc interface command Item Client interface Session State AC Status VC State VC ID VC Type Destination Local Group ID Remote Group ID Local VC MTU Remote VC MTU Local VCCV Remote VCCV Local Frag Remote Frag Local Ctrl Word Remote Ctrl Word Tunnel Policy Traffic Behavior PW Template Name VC Tunnel/token info TNL Type TNL ID Create Time Up Time Last Change Time Description Interfaces and their state The state of the session between the two endpoints of the PW The state of the interface connected with CE, namely, the state of POS 1/0/0 The state or PW, Up or Down the ID of this displayed Virtual Circuit The encapsulation type of L2VC The peer IP address The ID of the local Group The ID of the remote Group The MTU of the local VC The MTU of the remote VC Whether to enable the local Virtual Circuit Connection Verification (VCCV) or not Whether to enable the remote VCCV or not Whether to enable the local fragmentation or not Whether to enable the remote fragmentation or not Whether to enable the local Control Word or not Whether to enable the remote Control Word or not The tunnel policy name The traffic behavior The PW template name VC Tunnel or token information The tunnel type The tunnel ID How long this VC has been established How long this VC keeps Up Duration from the latest change-state to now

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-117

8 VPN Commands

Quidway MA5200G Command Reference

8.7.5 display mpls static-l2vc


Syntax
display mpls static-l2vc [ interface interface-type interface-number | vc-id | state { up | down } ]

View
All views

Parameter
interface: indicates the interface connected with CE. interface-type: specifies the interface type. interface-number: specifies the interface number. vc-id: specifies the ID of a VC. It is an integer ranging from 1 to 4,294,967,295. interface: indicates the interface connected to CE. state: displays the states of all VCs.

Description
Using the display mpls static-l2vc command, you can display the specified or all static PWs. If no interface is specified, all static PWs are displayed. For the related command, see mpls static-l2vc.

Example
# Display static-PW on the specified interface.
<Quidway> display mpls static-l2vc interface pos 1/0/0 *Client Interface AC Status VC State VC ID VC Type Destination Transmit VC Label Receive VC Label Control Word VCCV Capability Tunnel Policy PW Template Name Traffic Behavior NO.0 TNL Type : lsp Create time UP time Last change time : Pos1/0/0 is up : up : up : 100 : ppp : 3.3.3.9 : 100 : 100 : Disable : Disable : policy1 : pwt : -, TNL ID : 0x6002001

VC tunnel/token info : 1 tunnels/tokens : 0 days, 0 hours, 11 minuts, 27 seconds : 0 days, 0 hours, 11 minuts, 27 seconds : 0 days, 0 hours, 11 minuts, 27 seconds

8-118

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

For description of output of the display mpls static-l2vc interface command, see Table 8-24.

8.7.6 display mpls switch-l2vc


Syntax
display mpls switch-l2vc [ [ ingress ip-address egress ] ip-address vc-id encapsulation encapsulation-type | state { up | down } ]

View
All views

Parameter
ingress ip-address: indicates the IP address of the source interface. egress ip-address: indicates the IP address of the destination interface. vc-id: specifies VC ID. It is an integer in the range of 1 to 4294967295. pw-type: specifies the encapsulation type of PW, including atm-1to1-vcc, atm-1to1-vpc, atm-aal5-pdu, atm-aal5-sdu, atm-nto1-vcc, atm-nto1-vpc, atm-trans-cell, ethernet, fr, hdlc, ppp or vlan. state: displays the state of a VC.

Description
Using the display mpls switch-l2vc command, you can display either the specified PW or all PWs switching, including static PW, dynamic PW or mixed PWs switching.

Example
# Display a specified static PW.
<Quidway> display mpls switch-l2vc 1.1.1.9 100 encapsulation ppp *Switch-l2vc type Peer IP Address VC ID VC Type VC State Local/Remote Label Local/Remote Control Word : SVC<---->SVC : 3.3.3.9, 1.1.1.9 : 100, 100 : ppp : up : 1025/1024, 1024/1025 : Disable/Disable, Disable/Disable

Local/Remote VCCV Capality : Disable/Disable, Disable/Disable Local/Remote Frag Capability : Disable/Disable, Disable/Disable Switch-l2vc tunnel info 1 tunnels for peer 3.3.3.9 NO.0 TNL Type : lsp NO.0 TNL Type : lsp Create time UP time Last change time , TNL ID : 0x22000 , TNL ID : 0x22002 : 0 days, 0 hours, 0 minuts, 3 seconds : 0 days, 0 hours, 0 minuts, 3 seconds : 0 days, 0 hours, 0 minuts, 3 seconds 1 tunnels for peer 1.1.1.9 :

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-119

8 VPN Commands

Quidway MA5200G Command Reference

Table 8-25 Description of the output the display mpls switch-l2vc command Item Switch-l2vc Type Peer IP Address VC ID VC Type VC State In/Out Label Local/Remote Control Word Local/Remote VCCV Capability Local/Remote Frag Capability Switch-l2vc Tunnel Info Create Time Up Time Last Change Time Description Switch type, including LDP<-->LDP, LDP-SVC, SVC<-->SVC or RSVP<-->RSVP The peer IP address IDs of two switched VCs The type of encapsulated interfaces VC state Inbound or outbound label on both sides Enabling state of the local or remote Control Word on both sides Enabling state of the local or remote Virtual Circuit Connection Verification (VCCV) on both sides The local or remote fragmentation capability on both sides Tunnel information on both ends of switch L2VC How long this VC switching has been created How long this VC switching is UP Duration from the latest state change to now

8.7.7 display pw-template


Syntax
display pw-template [ pw-template-name ]

View
All views

Parameter
pw-template-name: specifies the PW template name. It is a string of 1 to 19 characters.

Description
Using the display pw-template command, you can view the information of the specified or all PW templates. If pw-template-name is not specified, the information of all PW templates is displayed. For the related command, see pw-template.

8-120

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
In the following display information, two PW templates are displayed. On the first template, some attributes are set in advance. On the second template, the default attributes are used.

# Display all PW templates configured on the router.


<Quidway> display pw-template Total PW template number : 2 PW Template Name : pwt PeerIP CtrlWord MaxAtmCells Fragmentation Behavior Name Total PW : 1.1.1.1 : Enable : 1 : Disable : -: 0, Static PW : 0, LDP PW : 0, Rsvp PW : 0 Tnl Policy Name : --

VCCV Capability : cw lsp-ping

PW Template Name : PWT PeerIP CtrlWord MaxAtmCells Fragmentation Behavior Name Total PW : 2.2.2.2 : Enable : 1000 : Disable : -: 0, Static PW : 0, LDP PW : 0, Rsvp PW : 0 Tnl Policy Name : --

VCCV Capability : cw lsp-ping

Table 8-26 Description of the output the display pw-template command Item PeerIP PW Template Name Tnl Policy Name PW Type CtrlWord MTU MaxAtmCells VCCV Capability Fragmentation Behavior Name Total PW Description The peer IP address The name of the PW template The policy name of the external layer tunnel The encapsulation type of PW Whether to enable Control Word or not MTU of the interface The maximum number of ATM cells Whether to enable the Virtual Circuit Connection Verification (VCCV), such as Control Word or Label Alert Whether to enable fragmentation or not The QoS behavior policy name The total number of PWs using this PW template, including static PW, dynamic PW and RSVP PW

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-121

8 VPN Commands

Quidway MA5200G Command Reference

8.7.8 explicit-path
Syntax
explicit-path path-name

View
PW template view

Parameter
path-name: specifies the path name. It is a string of 1 to 31 characters.

Description
Using the explicit-path command, you can set explicit path for a PW template. In the process of configuring RSVP-PW, the active end needs to set explicit path to establish the signaling. The displayed path is the one of TE. You need to enable TE before using the explicit-path. By default, the explicit path of the PW template is not set.

Example
# Create a explicit path of the PW template on the active end and name it path1.
<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] explicit-path path1

8.7.9 fragmentation
Syntax
fragmentation undo fragmentation

View
PW interface

Parameter
None

Description
Using the fragmentation command, you can enable the PW template to fragmentize the packets larger than MTU.

8-122

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Using the undo fragmentation command, you can disable the packet fragmentation function of the PW template. By default, packet fragmentation function of the PW template is disabled. If the packet that reaches the PW is larger than the MTU, the packet is fragmentized and reassembled on the peer UFPE.

Example
# Enable packet fragmentation function of PW template pwt.
<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] fragmentation

8.7.10 l2 bridge-interworking
Syntax
l2 bridge-interworking undo l2 bridge-interworking

View
Interface view

Parameter
None

Description
Using the l2 bridge-interworking command, you can enable bridge interworking on an interface. Using the undo l2 bridge-interworking command, you can disable bridge interworking on an interface. By default, bridge interworking is disabled on the interface.

Example
# Enable bridge interworking on interface ATM2/0/1.
<Quidway> system-view [Quidway] interface atm 2/0/1 [Quidway-Atm2/0/1] pvc 20/20 [Quidway-atm-pvc-Atm2/0/1-20/20-0] l2 bridge-interworking

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-123

8 VPN Commands

Quidway MA5200G Command Reference

8.7.11 map pvc


Syntax
map pvc vpi vpi vci vci undo map pvc

View
PVC view

Parameter
vpi: specifies the VPI value to be mapped of the remote CE. The value is an integer ranging from 0 to 255. vci: specifies the VCI value to be mapped of the remote CE. The value is an integer ranging from 0 to 255.

Description
Using the map pvc command, you can configure the mapping between the local PVC and the remote PVC. Using the undo map pvc command, you can cancel the mapping. VPI/VCI mapping is optional. If the VPI/VCI values of the CE devices on two ends are the same, VPI/VCI mapping is not required.

Example
# Configure the mapping between the PVC with VPI/VCI values 20/20 and that with VPI/VCI values 10/10 on ATM2/0/1.
<Quidway> system-view [Quidway] interface atm 2/0/1 [Quidway-Atm2/0/1] pvc 20/20 [Quidway-atm-pvc-Atm2/0/1-20/20-0] map pvc vpi 10 vci 10

8.7.12 mpls l2vc


Syntax
mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ tunnel-policy policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking | ip-layer2 ] ] * undo mpls l2vc

View
Interface view

8-124

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Parameter
ip-address: indicates LSR-ID of PW peer routers. pw-template-name: specifies the name of a PW template. It is a character string in the range of 1 to 19. vc-id: indicates L2VC ID. It is an integer in the range of 1 to 4294967295. policy-name: indicates the policy name of the tunnel. It is a character string in the range of 1 to 19. behavior-name: specifies the QoS behavior name. It is a character string in the range of 1 to 31. control-word: enables Control Word. no-control-word: disables Control Word. raw: specifies the encapsulation type is without VLAN tag. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged. tagged: specifies the VLAN tag VLAN tag is attached. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged. ip-layer2: to connect the MA5200G to a third party's device, you need to choose ip-layer2. ip-interworking: if the internetworking devices are all Huawei's, you need to choose ip-interworking.

Description
Using the mpls l2vc command, you can create the dynamic VC connection on such CEs connected with different PEs. Using the undo mpls l2vc command, you can delete the dynamic VC connection on CE interfaces. By default, only the L2VPN with the encapsulation type of ATM supports Control Word. Other types of L2VPN can enable Control Word only after explicitly specified. PEs on both ends of a PW need to create dynamic VC connection, and the destination address is the IP address of the peer PE. You can set template attributes for a PW template, such as peer, tunnel policy, Control Word (CW) and Virtual Circuit Connection Verification (VCCV). In configuring LDP-PW, you can directly import this PW template instead of explicitly specifying PW attributes. Once PW template attributes are specified, they can be updated at any time. The updated attributes take effect through the use of the reset pw command. If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1. If the tunnel policy name has been specified but no policy is set, it still uses the default tunnel policy. An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-125

8 VPN Commands

Quidway MA5200G Command Reference

If the PW attribute is specified in the mpls l2v command line, the PW attribute configured in the PW template is invalid.

For the related command, see display mpls l2vc.

Example
# Configure explicit LDP-PW, whose LSR-ID of the peer router is 2.2.2.9 and L2VC ID is 100.
<Quidway> system-view [Quidway] interface pos1/0/0 [Quidway1-Serial 1/0/0] mpls l2vc 2.2.2.9 100

# Configure LDP-PW through importing the PW template named pwt, whose L2VC ID is 101.
<Quidway> system-view [Quidway] interface pos1/0/0 [Quidway1-Serial 1/0/0] mpls l2vc pw-template pwt 101

# Delete LDP-PW.
<Quidway> system-view [Quidway] interface pos1/0/0 [Quidway1-Serial 1/0/0] undo mpls l2vc

8.7.13 mpls l2vpn


Syntax
mpls l2vpn undo mpls l2vpn

View
System view

Parameter
None

Description
Using the mpls l2vpn command, you can enable L2VPN. You can configure other commands relate to L2VPN only after enabling L2VPN. Using the undo mpls l2vpn command, you can disable L2VPN and delete the configuration of all L2VPNs.

Example
# Enable L2VPN on the router named Quidway.
<Quidway> system-view

8-126

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference


[Quidway] mpls l2vpn

8 VPN Commands

# Disable L2VPN on the router named Quidway.


<Quidway> system-view [Quidway] undo mpls l2vpn

8.7.14 mpls l2vpn default martini


Syntax
mpls l2vpn default martini undo mpls l2vpn default martini

View
System view

Parameter
None

Description
Using the mpls l2vpn default martini command, you can set signaling behavior of dynamic PW as withdraw mode, namely, Martini mode. Using the undo mpls l2vpn default martini command, you can restore signaling behavior of dynamic PW as notification mode. Withdraw mode supports neither notification mode nor adaptive behavior based on the remote information. If the remote PW does not support notification mode, it can adapt to withdraw mode.

Example
# Set signaling behavior of dynamic-PW as withdraw mode.
<Quidway> system-view [Quidway] mpls l2vpn default martini

# Restore signaling behavior of dynamic PW to notification mode.


<Quidway> system-view [Quidway] undo mpls l2vpn default martini

8.7.15 mpls static-l2vc


Syntax
mpls static-l2vc { destination ip-address | pw-template pw-template-name vc-id } * transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking | ip-layer2 ]

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-127

8 VPN Commands

Quidway MA5200G Command Reference

undo mpls static-l2vc

View
Interface view

Parameter
ip-address: indicates LSR-ID of the peer routers. pw-template-name: specifies the PW template name. vc-id: specifies PW ID. It is an integer in the range of 1 to 4294967295. transmit-label-value: indicates outbound label value. It is an integer in the range of 16 to 1023. receive-label-value: indicates inbound label value. It is an integer in the range of 16 to 1023. policy-name: specifies the tunnel policy name. It is a character string in the range of 1 to 19. behavior-name: specifies the QoS behavior name for the L2VC. It is a string of 1 to 31 characters. control-word: enables Control Word. no-control-word: disables Control Word. raw: specifies the VLAN tag is stripped. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged. tagged: specifies the VLAN tag VLAN tag is attached. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged. ip-interworking: enables static PW IP interworking.

Description
Using the mpls static-l2vc command, you can create static VC connection on CEs connected with different PEs. Using the undo mpls static-l2vc command, you can delete the static VC connection on CE interfaces. You can set template attributes for a static PW template, such as peer, tunnel policy, Control Word (CW) and Virtual Circuit Connection Verification (VCCV). In configuring LDP-PW, you can directly import this static PW template instead of explicitly specifying PW attributes. After the static PW template attributes are specified, they can be updated at any time. The update takes effect when the reset pw command is run. To set up a PW, you need to create a static VC connection between PEs at both ends of the PW. The destination address is the IP address of the peer PE. Transmission labels of the PE on one end acts as receiving labels of the PE on the other end. If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1. If the tunnel policy name has been specified but no policy is set, it still uses the default tunnel policy. By default, only the L2VPN with the encapsulation type of ATM supports control word. Other types of L2VPN can enable control word only after explicitly specified.

8-128

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN. For the related command, see display mpls static-l2vc.

Example
# Configure static PW. Its peer LSR-ID is 1.1.1.1, label value for sending packets is 100, label value for receiving packets is also 100 and the tunnel policy is named policy1.
[Quidway1-Pos1/0/0] mpls static-l2vc destination 1.1.1.1 transmit-vpn-label 100 receive-vpn-label 100 tunnel-policy policy1

# Import the PW template to configure static PW. L2VC ID is 100, label value for sending packets is 100, and label value for receiving packets is also 100.
<Quidway> system-view [Quidway] interface pos1/0/0 [Quidway1-Pos1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100 receive-vpn-label 100

# Delete static PW.


<Quidway> system-view [Quidway] interface pos1/0/0 [Quidway1-Pos1/0/0] undo mpls static-l2vc

8.7.16 mpls switch-l2vc


Syntax
mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation encapsulation-type mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ] mpls switch-l2vc ip-address vc-id between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ] undo mpls switch-l2vc { ip-address vc-id encapsulation encapsulation-type | all }

View
System view

Parameter
ip-address: indicates LSR-ID of PW peer routers. vc-id: indicates L2VC ID. It is an integer in the range of 1 to 4294967295.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-129

8 VPN Commands

Quidway MA5200G Command Reference

trans-label: indicates the static label used for sending packets. It is an integer in the range of 16 to 1023. rcv-label: indicates the static label used for receiving packets. It is an integer in the range of 16 to 1023. encapsulation-type: indicates the encapsulation type of static PW, including atm-1to1-vcc, atm-1to1-vpc, atm-aal5-pdu, atm-aal5-sdu, atm-nto1-vcc, atm-nto1-vpc, atm-trans-cell, ethernet, hdlc, ip-interworking, raw, tagged, ip-layer2, ppp and vlan.
If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged. When configure dynamic and dynamic (or static) PW switching, to interwork with the third party's device, you need to choose ip-layer2. If the interworking devices are all huawei's, you need to choose ip-interworking.

mtu mtu-value: specifies the value of MTU during the dynamic PW signaling negotiation. It is an integer in the range of 46 to 1500. control-word: enables control word. no-control-word: disables control word. all: deletes all PW switching.

Description
Using the mpls switch-l2vc ip-address vc-id command, you can configure PW switching on S-PE to carry out MH-PW. PW switching consists of one dynamic PW switched with another dynamic PW, one static PW switched with another static PW, and a dynamic PW switched with a static PW. Using the mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation { encapsulation-type | ip interworking } command, you can configure dynamic PW and dynamic PW switching.
When configuring mixed PW switching, ip-address vc-id before between is of dynamic PW, while that after between is of static PW. Both cannot be interchanged.

Using the mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert | cw cv lsp-ping ] ] command, you can configure static PW and static PW switching. Using the mpls switch-l2vc ip-address vc-id between ip-address vc-id trans trans-label recv received-label encapsulation { encapsulation-type | ip-interworking } [ mtu mtu-value ] [ control-word | no-control-word ] command, you can configure mixed PWs switching. Using the undo mpls switch-l2vc command, you can delete the PW switching. To switch one dynamic PW with another dynamic PW is simpler. Remote labels are sent from two neighboring end ports, U-PE or S-PE, to this S-PE through signaling. Control Word (CW) is sent from two U-PEs to this S-PE through signaling. To switch one static PW with another static PW needs configuring PW labels. CW is enabled through the command.

8-130

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

To switch a dynamic PW with a static PW, PW labels should be configured on static PW side. For Fixed Network products, no interface mode comes into being, so you need to set MTU manually. Otherwise, signaling negotiation on the dynamic side will fail. CW is enabled through the command. The two VC-IDs of two PWs to switch can be different. If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1. By default, only such L2VPN with the encapsulation type of ATM supports control word. Other types of L2VPN can enable control word only after explicitly specified. For the related command, see display mpls switch-l2vc.
On the same node, combination of PW ID and PW type must be unique, but PW IDs of the two PWs to switch can be identical.

Example
# Configure dynamic PW and dynamic PW switching.
<Quidway> system-view [Quidway] mpls switch-l2vc 1.1.1.9 100 between 3.3.3.9 100 encapsulation vlan

# Configure static PW and static PW switching.


<Quidway> system-view [Quidway] mpls switch-l2vc 1.1.1.9 100 trans 100 recv 100 between 3.3.3.9 100 trans 200 recv 200 encapsulation vlan

# Configure mixed PWs switching.


<Quidway> system-view [Quidway] mpls switch-l2vc 1.1.1.9 100 between 3.3.3.9 100 trans 200 recv 200 encapsulation vlan mtu 1500

# Delete PW switching.
<Quidway> system-view [Quidway] undo mpls switch-l2vc 1.1.1.9 100 encapsulation vlan

8.7.17 peer-address
Syntax
peer-address ip-address

View
PW template view

Parameter
ip-address: indicates the IP address of remote PW.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-131

8 VPN Commands

Quidway MA5200G Command Reference

Description
Using the peer-address command, you can assign the peer IP address for a PW template. ip-address is consistent with mpls l2vc. The IP address can be updated in real time. The updated IP address takes effect after the reset pw command is run.

Example
# Assign remote IP address for the PW template.
<Quidway> system-view [Quidway] pw-template pwt1 [Quidway-pw-template-pwt1] peer-address 1.1.1.1

8.7.18 ping vc
Syntax
ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-value | -v ] * control-word [ remote peer-pw-id ] ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-value | -v ] * label-alert [ remote remote-ip-address ]

View
All views

Parameter
pw-type: specifies the type of the local PW. Types of local PWs supporting the ping vc command are atm-aal5-sud, atm-aal5, Ethernet, hdlc, ip-interworking, ppp, vlan. pw-id: specifies the ID of the local PW. It is an integer in the range of 14,294,967,295. -c echo-number: specifies the number of echo request packets. The echo-number parameter is an integer in the range of 1 to 4294967295. -m time-value: specifies the time for waiting for the next packet to be sent. The time-value parameter is an integer in the range of 1 to 10000, in milliseconds. -s data-bytes: specifies the number of bytes in the echo request packet. The data-bytes parameter is an integer in the range of 65 to 8100. -t timeout-value: specifies the timeout time for sending echo request packets. The timeout-value is an integer in the range of 0 to 65535. -v: displays the detailed output. control-word: indicates that the ping packet is not sent to the upper layer by the switch node in multi-hop PW mode. When control word mode is used, you can ping only the end node. Before pinging a VC, enable the control word of the PW. label-alert: indicates that the switch node forcibly sends the ping packet to the upper layer in multi-hop PW mode. When MPLS router alert mode is used, you can ping any switch node of the PW. Before using the MPLS router alert mode, configure Virtual Circuit Connectivity Verification (VCCV) on the PW template.

8-132

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

remote: indicates the information on the remote PW. The information on the remote PW is encoded to the ping packet so that the packet can reach the related PW. By default, the information in the ping packet is the local PW information, which applies to the single-hop PW. pw-type: specifies the type of the remote PW. By default, the remote PW type is the same as that of the local PW. peer-pw-id: specifies the ID of the remote PW. By default, the ID of the remote PW is the same as that of the local PW. It is an integer in the range of 1 to 4294967295. remote-ip-address: specifies the IP address of the remote PW. By default, the system finds the next hop address according to the local PW. For multi-hop PW, if control-word is selected, you must specify the IP address of the end node. If MPLS router alert mode is used, you can specify the IP address of a switch node or the end mode. The echo request packet is sent to the peer and then returned. The peer does not forwards the ping packet.

Description
Using the ping vc command, you can check the state of a PW. When a PW is Up, you can locate the fault of the PW, for example, lost or incorrect forwarding entries. To check the whole PW, select control-word. The label-alert key word can also used to check the whole PW, but the forwarding entries are the same as those in actual application only when control-word is selected.

Example
# Check the connectivity of an Ethernet PW by using the ping vc command with the control-word key word on the U-PE.
<U-PE> ping vc ethernet 100 control-word remote 100 Reply: bytes=100 Sequence=1 time = 11 ms Reply: bytes=100 Sequence=2 time = 4 ms Reply: bytes=100 Sequence=3 time = 4 ms Reply: bytes=100 Sequence=4 time = 4 ms Reply: bytes=100 Sequence=5 time = 4 ms --- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ethernet, ID = 100 ping statistics--5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/5/11 ms

# Check the connectivity of a PPP PW by using the ping vc command with the label-alert key word on the U-PE.
<U-PE> ping vc ppp 100 -c 10 -m 10 -s 65 -t 100 -v label-alert remote 2.2.2.2 Reply: bytes=65 Sequence=1 time = 31 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=2 time = 15 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=3 time = 32 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=4 time = 15 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=5 time = 32 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=6 time = 15 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=7 time = 15 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=8 time = 16 ms Return Code 3, Subcode 1 Reply: bytes=65 Sequence=9 time = 15 ms Return Code 3, Subcode 1

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-133

8 VPN Commands

Quidway MA5200G Command Reference


Reply: bytes=65 Sequence=10 time = 32 ms Return Code 3, Subcode 1 --- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ppp, ID = 100 ping statistics 10 packet(s) transmitted 10 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/21/32 ms

8.7.19 pw-template
Syntax
pw-template pw-template-name undo pw-template pw-template-name

View
System view

Parameter
pw-template-name: specifies the PW template name. It is string of 1 to 19 characters, without space.

Description
Using the pw-template command, you can create the PW template and enter the PW view. Using the undo pw-template command, you can delete a created PW template. Note that when a PW template is being imported by PW, it cannot be deleted at that moment. For the related command, see display pw-template.

Example
# Create a PW template named pwt1.
<Quidway> system-view [Quidway] pw-template pwt1

# Delete the PW template named pwt1.


<Quidway> system-view [Quidway] undo pw-template pwt1

8.7.20 reset pw
Syntax
reset pw { pw-id { pw-type | ip-interworking } | pw-template pw-template-name }

View
User view

8-134

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Parameter
pw-id: indicates VC ID connected with L2VPN. It is an integer in the range of 1 to 4,294,967,295. pw-type: indicates the encapsulation type of PW. The types of the PW encapsulation, which support reset pw command, include atm-aal5-sdu, atm-trans-cell, ethernet, hdlc, ip-interworking, ip-layer2, ppp, vlan, and ip-layer2. ip-interworking: enables IP interworking. pw-template: resets all PWs on the PW template. pw-template-name: specifies the PW template name. It is a character string in the range of 1 to19.

Description
Using the reset pw command, you can reset the PW template. If a PW template has been set, resetting of the PW template will lead to resetting of all PWs which are using the PW template. If a PW uses a PW template, its attributes change along with the PW template.

Example
# Reset PW through VC-ID and VC-TYPE.
<Quidway> reset pw 100 ppp

# Reset all PWs which are using the PW template named pwt1.
<Quidway> reset pw pw-template pwt1

8.7.21 snmp-agent trap enable l2vc


Syntax
snmp-agent trap enable l2vc [ delete | statechange ] undo snmp-agent trap enable l2vc [ delete | statechange ]

View
System view

Parameter
delete: sets the type of the trap packet for an L2VC to delete. statechange: sets the type of the trap packet for an L2VC to statechange.

Description
Using the snmp-agent trap enable command, you can allow the device to send trap packets and set the parameters of trap or notification.

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-135

8 VPN Commands

Quidway MA5200G Command Reference

Using the undo snmp-agent trap enable command, you can cancel the current settings. By default, trap packet sending is disabled. Types of trap packets that can be sent by the PWE3 are delete and statechange.

Example
# Allow the device to send L2VC trap packets to 10.1.1.1/24. The trap packet type is delete; security mode is V2C; the community name is public.
<Quidway> system-view [Quidway] snmp-agent trap enable l2vc delete [Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v2c

# Allow the device to send L2VC trap packets of both types to 10.1.1.1/24. The security mode is V3, that is, the trap packets are authenticated but not encrypted. The community name is super.
<Quidway> system-view [Quidway] snmp-agent trap enable l2vc [Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname super v3 authentication

8.7.22 tnl-policy
Syntax
tnl-policy policy-name undo tnl-policy

View
PW template view

Parameter
policy-name: specifies the tunnel policy name of PW. It is a string of 1 to 19 characters.

Description
Using the tnl-policy command, you can configure the tunnel policy for the PW template. Using the undo tnl-policy command, you can disable the PW template to use any tunnel policy. By default, the PW template is not configured with the tunnel policy.

Example
# Specify the tunnel policy for the PW template pwt as policy1.
<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] tnl-policy policy1

8-136

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

# Cancel the tunnel policy applied for pwt.


<Quidway> system-view [Quidway] pw-template pwt [Quidway-pw-template-pwt] undo tnl-policy

8.7.23 Transport
Syntax
transport [ aal0 | aal5 ] undo transport

View
ATM sub-interface view.

Parameter
None

Description
Using the transport command, you can configure the mode of ATM sub-interface relay. The relay mode of an ATM sub-interface can be cell relay, frame relay, and IPoA forwarding (non-relay). You can use the transport aal0 and transport aal5 to configure cell relay and frame relay. If you do not configure the transport command, the ATM sub-interface works in IPoA forwarding mode. Using the undo transport command, you can cancel the ATM sub-interface relay mode. Based on encapsulation mode, ATM relay falls into cell relay and frame rely. Cell relay applies to all AAL types (represented by AAL0), and frame relay applies to AAL5. When a P2MP sub-interface works in cell relay mode, the relay mode is N-to-1 cell relay. When a P2P sub-interface works in cell relay mode, the relay mode is 1-to-1 cell relay. When a P2P sub-interface works in frame relay mode, the relay mode is AAL5 SDU relay.

Example
# Configure the relay mode of ATM 1/0/1.1 sub-interface to cell relay.
<Quidway> system-view [Quidway] interface atm 1/0/1.1 [Quidway-atm1/0/1.1] transport aal0

8.7.24 vccv
Syntax
vccv cc { alert | cw } * cv lsp-ping undo vccv

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-137

8 VPN Commands

Quidway MA5200G Command Reference

View
PW template view

Parameter
alert: enables the MPLS router alert channel. cw: enables the control word channel.

Description
Using the vccv cc command, you can enable connectivity check for a VC. Using the undo vccv comamnd, you can disable connectivity check for a VC. VC connectivity can be checked manually or automatically. Automatic check falls into BFD and OAM. Manual check falls into LSP ping and trace route. Channels used for the check can be control word channel or MPLS router alert channel. Dynamic and static PWs support the VCCV ping function.

Example
# Enable pwt1 template to use the control word channel to check the VC connectivity.
<Quidway> system-view [Quidway] pw-template pwt1 [Quidway-pw-template-pwt1] vccv cc cw cv lsp-ping

8.7.25 vpls-mac-limit
Syntax
vpls-mac-limit action { discard | forward } | alarm { disable | enable } maximum max undo vpls-mac-limit

View
Interface view, VSI view

Parameter
max: specifies the maximum number of MAC addresses. It is an integer in the range of 032768.

Description
Using the vpls-mac-limit command, you can set the limit of MAC addresses for an interface or a VSI. When the number of MAC addresses exceeds the limit, you can configure system to perform the action (discard or forward) or generate an alarm. Using the undo vpls-mac-limit command, you can cancel the setting of MAC address limit.

8-138

Huawei Technologies Proprietary

Issue 02 (2007-06-30)

Quidway MA5200G Command Reference

8 VPN Commands

Example
# Set the maximum number of MAC addresses on VSI1 to 200 and configure the system to generate an alarm if the number of MAC addresses exceeds the limit.
<Quidway> system-view [Quidway] vsi vsi1 [Quidway-vsi-vsi1] vpls-mac-limit action forward alarm enable maximum 200

Issue 02 (2007-06-30)

Huawei Technologies Proprietary

8-139