01-08 vpn commands
TRANSCRIPT
Quidway MA5200G Command Reference Contents
Issue 02 (2007-06-30) Huawei Technologies Proprietary i
Contents
8 VPN Commands.........................................................................................................................8-1 8.1 VPN Tunnel Management Commands..........................................................................................................8-1
8.1.1 debugging mpls l2vpn timer ................................................................................................................8-1 8.1.2 debugging tnlm ....................................................................................................................................8-2 8.1.3 debugging tunnel..................................................................................................................................8-3 8.1.4 description............................................................................................................................................8-3 8.1.5 destination............................................................................................................................................8-4 8.1.6 display interface tunnel ........................................................................................................................8-5 8.1.7 display tunnel-info ...............................................................................................................................8-7 8.1.8 display tunnel-policy............................................................................................................................8-8 8.1.9 interface tunnel.....................................................................................................................................8-9 8.1.10 source .................................................................................................................................................8-9 8.1.11 tunnel select-seq...............................................................................................................................8-10 8.1.12 tunnel-policy ....................................................................................................................................8-11 8.1.13 tunnel-protocol.................................................................................................................................8-12
8.2 L2TP Configuration Commands .................................................................................................................8-13 8.2.1 allow l2tp virtual-template .................................................................................................................8-13 8.2.2 bind slot..............................................................................................................................................8-13 8.2.3 bind source.........................................................................................................................................8-14 8.2.4 debugging l2tp ...................................................................................................................................8-15 8.2.5 debugging lns .....................................................................................................................................8-15 8.2.6 display l2tp session ............................................................................................................................8-16 8.2.7 display l2tp tunnel..............................................................................................................................8-17 8.2.8 display l2tp-group ..............................................................................................................................8-18 8.2.9 display Ins-group all ..........................................................................................................................8-19 8.2.10 l2tp aging .........................................................................................................................................8-20 8.2.11 l2tp enable ........................................................................................................................................8-20 8.2.12 l2tp-group.........................................................................................................................................8-21 8.2.13 l2tp-group.........................................................................................................................................8-22 8.2.14 l2tp-user radius-force .......................................................................................................................8-22 8.2.15 lns-group ..........................................................................................................................................8-23 8.2.16 mandatory-chap................................................................................................................................8-23
Contents Quidway MA5200GCommand Reference
ii Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.2.17 mandatory-lcp ..................................................................................................................................8-24 8.2.18 reset l2tp tunnel................................................................................................................................8-25 8.2.19 start l2tp ...........................................................................................................................................8-25 8.2.20 test l2tp-tunnel .................................................................................................................................8-26 8.2.21 tunnel aaa-authentication .................................................................................................................8-27 8.2.22 tunnel authentication........................................................................................................................8-28 8.2.23 tunnel avp-hidden.............................................................................................................................8-28 8.2.24 tunnel idle-cut ..................................................................................................................................8-29 8.2.25 tunnel load-sharing...........................................................................................................................8-30 8.2.26 tunnel name......................................................................................................................................8-31 8.2.27 tunnel password ...............................................................................................................................8-31 8.2.28 tunnel radius-force ...........................................................................................................................8-32 8.2.29 tunnel retransmit ..............................................................................................................................8-33 8.2.30 tunnel session-limit ..........................................................................................................................8-33 8.2.31 tunnel source ....................................................................................................................................8-34 8.2.32 tunnel timeout ..................................................................................................................................8-35 8.2.33 tunnel timer hello .............................................................................................................................8-36
8.3 GRE Configuration Commands ..................................................................................................................8-36 8.3.1 display gre-group ...............................................................................................................................8-36 8.3.2 gre checksum .....................................................................................................................................8-37 8.3.3 gre key................................................................................................................................................8-38 8.3.4 gre-group............................................................................................................................................8-38 8.3.5 tunnel-binding....................................................................................................................................8-39
8.4 BGP/MPLS L3VPN Configuration Commands..........................................................................................8-40 8.4.1 apply access-vpn vpn-instance...........................................................................................................8-40 8.4.2 apply-label per-instance .....................................................................................................................8-41 8.4.3 description..........................................................................................................................................8-42 8.4.4 display fib vpn-instance .....................................................................................................................8-42 8.4.5 display ip vpn-instance.......................................................................................................................8-45 8.4.6 export route-policy.............................................................................................................................8-46 8.4.7 import route-policy ............................................................................................................................8-47 8.4.8 ip binding vpn-instance......................................................................................................................8-48 8.4.9 ip route-static vpn-instance ................................................................................................................8-48 8.4.10 ip vpn-instance .................................................................................................................................8-50 8.4.11 mpls te vpn-binding vpn-instance ....................................................................................................8-50 8.4.12 route-distinguisher ...........................................................................................................................8-51 8.4.13 routing-table limit ............................................................................................................................8-52 8.4.14 target ................................................................................................................................................8-53 8.4.15 tnl-policy..........................................................................................................................................8-54 8.4.16 vpn-target .........................................................................................................................................8-55
8.5 MPLS L2VPN Configuration Commands...................................................................................................8-56 8.5.1 ccc interface in-label out-label ...........................................................................................................8-56
Quidway MA5200G Command Reference Contents
Issue 02 (2007-06-30) Huawei Technologies Proprietary iii
8.5.2 ccc interface out-interface..................................................................................................................8-58 8.5.3 ce........................................................................................................................................................8-58 8.5.4 connection ce-offset ...........................................................................................................................8-59 8.5.5 debugging mpls l2vpn........................................................................................................................8-60 8.5.6 display bgp 12vpn ..............................................................................................................................8-61 8.5.7 display ccc..........................................................................................................................................8-63 8.5.8 display l2vpn ccc-interface vc-type ...................................................................................................8-64 8.5.9 display local-ce mac...........................................................................................................................8-65 8.5.10 display mpls l2vc .............................................................................................................................8-66 8.5.11 display mpls l2vpn ...........................................................................................................................8-69 8.5.12 display mpls l2vpn { export-route-target-list | import-route-target-list } .........................................8-71 8.5.13 display mpls l2vpn connection.........................................................................................................8-71 8.5.14 display mpls l2vpn forwarding-info.................................................................................................8-73 8.5.15 display mpls static-l2vc....................................................................................................................8-74 8.5.16 l2vpn-family.....................................................................................................................................8-74 8.5.17 local-ce ip.........................................................................................................................................8-75 8.5.18 local-ce mac .....................................................................................................................................8-76 8.5.19 local-ce mac broadcast .....................................................................................................................8-77 8.5.20 mpls l2vc..........................................................................................................................................8-77 8.5.21 mpls l2vpn........................................................................................................................................8-79 8.5.22 mpls l2vpn vpn-name .......................................................................................................................8-79 8.5.23 mpls static-l2vc ................................................................................................................................8-80 8.5.24 mtu ...................................................................................................................................................8-81 8.5.25 reset bgp 12vpn ................................................................................................................................8-82 8.5.26 reset local-ce mac.............................................................................................................................8-82 8.5.27 route-distinguisher ...........................................................................................................................8-83 8.5.28 vpn-target .........................................................................................................................................8-84
8.6 VPLS Configuration Commands.................................................................................................................8-85 8.6.1 debugging mpls l2vpn vpls_fib..........................................................................................................8-85 8.6.2 debugging mpls l2vpn vpls_mid ........................................................................................................8-85 8.6.3 description..........................................................................................................................................8-86 8.6.4 display vpls connection......................................................................................................................8-87 8.6.5 display vpls fib...................................................................................................................................8-90 8.6.6 display vpls mid .................................................................................................................................8-92 8.6.7 display vpls statistics..........................................................................................................................8-93 8.6.8 display vsi ..........................................................................................................................................8-94 8.6.9 display vsi remote ..............................................................................................................................8-95 8.6.10 encapsulation....................................................................................................................................8-97 8.6.11 l2 binding .........................................................................................................................................8-97 8.6.12 mac-learn-style.................................................................................................................................8-98 8.6.13 mac-learning ....................................................................................................................................8-98 8.6.14 mtu ...................................................................................................................................................8-99
Contents Quidway MA5200GCommand Reference
iv Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.6.15 multi-homing-preference ...............................................................................................................8-100 8.6.16 peer.................................................................................................................................................8-100 8.6.17 pwsignal .........................................................................................................................................8-101 8.6.18 qos car ............................................................................................................................................8-102 8.6.19 remote-vpn-target refresh...............................................................................................................8-102 8.6.20 reset traffic-statistics ......................................................................................................................8-103 8.6.21 route-distinguisher .........................................................................................................................8-104 8.6.22 shutdown........................................................................................................................................8-104 8.6.23 site..................................................................................................................................................8-105 8.6.24 tnl-policy........................................................................................................................................8-106 8.6.25 traffic-statistics...............................................................................................................................8-106 8.6.26 unknown-frame ..............................................................................................................................8-107 8.6.27 vpls bgp encapsulation ...................................................................................................................8-108 8.6.28 vpls-mac-limit ................................................................................................................................8-109 8.6.29 vpls-qos car ....................................................................................................................................8-110 8.6.30 vpn-target ....................................................................................................................................... 8-111 8.6.31 vsi...................................................................................................................................................8-112 8.6.32 vsi-id ..............................................................................................................................................8-113
8.7 PWE3 Configuration Commands..............................................................................................................8-113 8.7.1 atm cell transfer................................................................................................................................8-113 8.7.2 bandwidth.........................................................................................................................................8-114 8.7.3 control-word.....................................................................................................................................8-115 8.7.4 display mpls l2vc .............................................................................................................................8-115 8.7.5 display mpls static-l2vc....................................................................................................................8-118 8.7.6 display mpls switch-l2vc..................................................................................................................8-119 8.7.7 display pw-template .........................................................................................................................8-120 8.7.8 explicit-path .....................................................................................................................................8-122 8.7.9 fragmentation ...................................................................................................................................8-122 8.7.10 l2 bridge-interworking ...................................................................................................................8-123 8.7.11 map pvc..........................................................................................................................................8-124 8.7.12 mpls l2vc........................................................................................................................................8-124 8.7.13 mpls l2vpn......................................................................................................................................8-126 8.7.14 mpls l2vpn default martini .............................................................................................................8-127 8.7.15 mpls static-l2vc ..............................................................................................................................8-127 8.7.16 mpls switch-l2vc ............................................................................................................................8-129 8.7.17 peer-address ...................................................................................................................................8-131 8.7.18 ping vc............................................................................................................................................8-132 8.7.19 pw-template....................................................................................................................................8-134 8.7.20 reset pw ..........................................................................................................................................8-134 8.7.21 snmp-agent trap enable l2vc ..........................................................................................................8-135 8.7.22 tnl-policy........................................................................................................................................8-136 8.7.23 Transport ........................................................................................................................................8-137
Quidway MA5200G Command Reference Contents
Issue 02 (2007-06-30) Huawei Technologies Proprietary v
8.7.24 vccv................................................................................................................................................8-137 8.7.25 vpls-mac-limit ................................................................................................................................8-138
Tables Quidway MA5200GCommand Reference
vi Huawei Technologies Proprietary Issue 02 (2007-06-30)
Tables
Table 8-1 Description of the output of the debugging mpls l2vpn timer command.........................................8-2
Table 8-2 Description of the output the display interface tunnel command.....................................................8-6
Table 8-3 Description of the output the display tunnel-info command.............................................................8-8
Table 8-4 Description of the output the display tunnel-policy command .........................................................8-8
Table 8-5 Description of the output the display L2tp session command.........................................................8-17
Table 8-6 Description of the output the display L2tp tunnel command..........................................................8-18
Table 8-7 Description of the output of the display fib vpn-instance command ..............................................8-44
Table 8-8 Description of the output the display bgp l2vpn peer peer-ip-address command ..........................8-63
Table 8-9 Description of the output the display local-ce mac command.........................................................8-65
Table 8-10 Description of the output the display mpls l2vc command............................................................8-67
Table 8-11 Description of the output the display mpls l2vc remote-info command .......................................8-68
Table 8-12 Description of the output the display mpls l2vpn command.........................................................8-69
Table 8-13 Description of the output the display mpls l2vpn vpn-instance-name command..........................8-70
Table 8-14 Description of the output the display mpls l2vpn vpn-instance-name local-ce command............8-70
Table 8-15 Description of the output the display mpls l2vpn vpn—instance name remote-ce command ......8-71
Table 8-16 Description of the output the display vpls connection command .................................................8-88
Table 8-17 Description of the output the display vpls connection verbose command ...................................8-89
Table 8-18 Description of the output the display vpls connection command .................................................8-90
Table 8-19 Description of the output the display vpls fib command ...............................................................8-91
Table 8-20 Description of the output the display vpls mid command .............................................................8-93
Table 8-21 Description of the output the display vpls statistics command .....................................................8-94
Table 8-22 Description of the output the display vsi command.......................................................................8-94
Table 8-23 Description of the output the display vsi remote command ..........................................................8-96
Table 8-24 Description of the output the display mpls l2vc interface command..........................................8-117
Table 8-25 Description of the output the display mpls switch-l2vc command .............................................8-120
Table 8-26 Description of the output the display pw-template command ....................................................8-121
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-1
8 VPN Commands
8.1 VPN Tunnel Management Commands 8.1.1 debugging mpls l2vpn timer
Syntax debugging mpls l2vpn timer
undo debugging mpls l2vpn timer
View User view
Parameter None
Description Using the debugging mpls l2vpn timer command, you can enable the debugging of MPLS L2VPN timer.
Using the undo debugging mpls l2vpn timer command, you can disable the debugging.
By default, the debugging of MPLS L2VPN timer is disabled.
Example # Enable the debugging of MPLS L2VPN timer.
<Quidway> debugging mpls l2vpn timer
*0.567921 RTA L2V/8/DBG:
! L2VPN TNL cache flushed
*0.567921 RTA L2V/8/DBG:
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=1,vctype=4)...
*0.567937 RTA L2V/8/DBG:
! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy1
*0.567937 RTA L2V/8/DBG:
8 VPN Commands Quidway MA5200GCommand Reference
8-2 Huawei Technologies Proprietary Issue 02 (2007-06-30)
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=2,vctype=4)...
*0.567937 RTA L2V/8/DBG:
! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1
*0.567952 RTA L2V/8/DBG:
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=3,vctype=4)...
*0.567952 RTA L2V/8/DBG:
! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1
*0.567952 RTA L2V/8/DBG:
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=4,vctype=4)...
*0.567968 RTA L2V/8/DBG:
! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy4
*0.567968 RTA L2V/8/DBG:
PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=5,vctype=4)...
*0.567968 RTA L2V/8/DBG:
! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1
*0.567968 RTA L2V/8/DBG:
! L2VPN TNL cache flushed
Table 8-1 Description of the output of the debugging mpls l2vpn timer command
Item Description
! L2VPN TNL cache flushed! The cache of the L2VPN tunnel is refreshed.
! PWE3 [LDP TNL TIMER] Processing for LDP VC(vcid=1,vctype=4)
Enables the tunnel timer of LDP VC.
! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy1
In the first VC refreshing process, no tunnel information exists in the cache, and tunneling policy policy1 and the tunnel to 2.2.2.9 are not found.
! L2VPN TNL cache HIT for destination 2.2.2.9 and tunnel-policy policy1
Tunneling policy policy1 and the tunnel to 2.2.2.9 are found in the cache.
! L2VPN TNL cache MISS for destination 2.2.2.9 and tunnel-policy policy4
Tunneling policy policy4 and the tunnel to 2.2.2.9 are not found in the cache.
8.1.2 debugging tnlm
Syntax debugging tnlm { all | error | event }
undo debugging tnlm { all | error | event }
View User view
Parameter all: enables the debugging of tunnel management.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-3
error: enables the debugging of error for tunnel management.
event: enables the debugging of event for tunnel management.
Description Using the debugging tnlm command, you can enable the debugging of tunnel management.
Using the undo debugging tnlm command, you can disable the debugging of tunnel management.
By default, the debugging of tunnel management is disabled.
Example # Enable the error debugging for tunnel management.
<Quidway> debugging tnlm error
8.1.3 debugging tunnel
Syntax debugging tunnel
undo debugging tunnel
View User view
Parameter None
Description Using the debugging tunnel command, you can enable tunnel debugging.
Using the undo debugging tunnel command, you can disable tunnel debugging.
By default, tunnel debugging is disabled.
Example # Enable tunnel debugging.
<Quidway> debugging tunnel
8.1.4 description
Syntax description text
undo description
8 VPN Commands Quidway MA5200GCommand Reference
8-4 Huawei Technologies Proprietary Issue 02 (2007-06-30)
View Tunnel interface view
Parameter text: specifies the description of the tunnel interface. It is a string of 1 to 64 characters.
Description Using the description command, you can set the description of the current tunnel information.
Using the undo description command, you can delete the description.
The description command has no default value.
Example # Set the description of Tunnel1/0/0.
<Quidway> system-view
[Quidway] interface Tunnel1/0/0
[Quidway-Tunnel1/0/0] description This is a tunnel from 1.1.1.1 to 2.2.2.2
# Delete the description of Tunnel1/0/0.
<Quidway> system-view
[Quidway] interface Tunnel1/0/0
[Quidway-Tunnel1/0/0] undo description
8.1.5 destination
Syntax destination [ vpn-instance vpn-instance-name ] dest-ip-address
undo destination
View Tunnel interface view
Parameter vpn-instance-name: specifies the name of the VPN instance that the tunnel destination belongs to. It is a string 1 to 31 characters.
dest-ip-address: specifies the destination address of a tunnel, that is, the IP address of the physical or logical interface o the other end of the tunnel.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-5
Description Using the destination command, you can configure the destination IP address for the tunnel. The destination IP address of tunnel is the IP address of the actual physical interface receiving packets.
For IPv6 manual tunnel and GRE tunnel, you must specify an IPv4 address as the destination address of the tunnel. However, for IPv6 to IPv4 tunnel and automatic tunnel, the destination address can be the IPv6 address of the next hop. The destination command is invalid to the latter two modes.
Determine whether to configure the source and destination addresses for the tunnel interface according to practical application. For instance, only the destination IP address needs to be configured for MPLS TE tunnel.
Using the undo destination command, you can delete the destination IP address.
For the related commands, see interface tunnel and source.
Example # Set the destination IP address for the tunnel.
<Quidway> system-view
[Quidway] interface tunnel 1/0/0
[Quidway-Tunnel1/0/0] destination 10.18.4.128
8.1.6 display interface tunnel
Syntax display interface tunnel [ interface-number ] [ | { begin | exclude | include } text ]
View All views
Parameter interface-number: specifies number of the tunnel interface in the form of "slot number/card number/port number".
| : outputs the lines related to those including the character string text according to regular expression.
begin: displays all the lines beginning with the line that matches the text.
exclude: displays the lines not containing the lines that match the text.
include: displays the lines containing the lines that match the text.
text: specifies a regular expression for filtering output.
Description Using the display interface tunnel command, you can display the information of tunnel interface.
8 VPN Commands Quidway MA5200GCommand Reference
8-6 Huawei Technologies Proprietary Issue 02 (2007-06-30)
For the related commands, see destination, source, gre key and tunnel-protocol.
Example # Display all the information of tunnel 7/1/1.
<Quidway> display interface Tunnel 7/1/1
Tunnel7/1/1 current state : UP
Line protocol current state : DOWN
Description : HUAWEI, Quidway Series, Tunnel7/1/1 Interface, Route Port
The Maximum Transmit Unit is 1500 bytes
Internet protocol processing : disabled
Encapsulation is TUNNEL, loopback not set
Tunnel source 0.0.0.0, destination 0.0.0.0
Tunnel protocol/transport IPv6 over IPv4
QoS max-bandwidth : 64 Kbps
Output queue : (Urgent queue : Size/Length/Discards) 0/50/0
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0
Output queue : (FIFO queue : Size/Length/Discards) 0/256/0
5 minutes input rate 0 bytes/sec, 0 packets/sec
5 minutes output rate 0 bytes/sec, 0 packets/sec
0 packets input, 0 bytes
0 input error
0 packets output, 0 bytes
0 output error
Table 8-2 Description of the output the display interface tunnel command
Item Description
Tunnel7/1/1 current state : UP The physical state of the tunnel interface is Up
Line protocol current state : DOWN
The Line protocol state of the tunnel interface is Down
Description The description information of the tunnel interface, being HUAWEI in this example
Quidway Series The router is Quidway series
The Maximum Transmit Unit is 1500 bytes
The size of MTU in the tunnel is 1500 bytes in this example
Internet protocol processing : disabled
The Internet protocol processing is disabled
Encapsulation is TUNNEL Encapsulation mode is tunnel mode.
loopback not set Loopback test is not enabled.
Tunnel source 0.0.0.0, destination 0.0.0.0
The source address and the destination address of the tunnel.
Tunnel protocol/transport IPv6 over IPv4
The encapsulation protocol and transmission protocol of the tunnel, being IPv6 over IPv4 here
5 minutes input rate The packet input rate within the last 5 minutes
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-7
Item Description
bytes/sec Bytes per second
packets/sec Packets per second
5 minutes output rate The packet output rate in the last 5 minutes
packets input The total number of input packets
input error The total number of input error packets
packets output The total number of output packets
output error The total number of output error packets
8.1.7 display tunnel-info
Syntax display tunnel-info { tunnel-id | all | statistics [ slots ] }
View All views
Parameter tunnel-id: displays the tunnel information with the specified tunnel ID.
all: displays the tunnel information of all the existing tunnels.
statistics: displays the statistics of all tunnels.
Description Using the display tunnel-info command, you can display the tunnel information.
Example # Display the information about all tunnels.
<Quidway> display tunnel-info all
* -> Allocated VC Token
Tunnel ID Type Destination Token
----------------------------------------------------------------------
0x3a70000 cr lsp 51.0.0.1 0
0x3a70001 cr lsp 51.0.0.1 1
0x3a70002 cr lsp 50.0.0.1 2
0x3a70004 cr lsp 51.0.0.1 4
0x3a70005 cr lsp 51.0.0.1 5
0x3c70043 local ifnet -- 67
8 VPN Commands Quidway MA5200GCommand Reference
8-8 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Table 8-3 Description of the output the display tunnel-info command
Item Description
Tunnel ID Tunnel ID
Type Tunnel type
Destination Destination IP address
Token Token number
8.1.8 display tunnel-policy
Syntax display tunnel-policy { all | tunnel-policy-name }
View All views
Parameter all: displays the information of all tunnel policies.
tunnel-policy-name: displays the information of a specified tunnel policy.
The tunnel-policy-name specifies the tunnel policy name. It is a string of 1 to 19 characters.
Description Using the display tunnel-policy command, you can display the information of tunnel policy.
Example # Display the information of all the tunnel policies.
<Quidway> display tunnel-policy all
Tunnel Policy Name Select-Seq Load balance No
------------------------------------------------------
policy1 LSP 1
q LSP 1
Table 8-4 Description of the output the display tunnel-policy command
Item Description
Tunnel Policy Name Tunnel policy name
Select-Seq Tunnel select sequence
Load balance No Load balance number
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-9
8.1.9 interface tunnel
Syntax interface tunnel interface-number
undo interface tunnel interface-number
View System view
Parameter interface-number: specifies tunnel interface number in the form of "slot number/card number/port number". The value ranges from 0 to 2047.
Description Using the interface tunnel command, you can create tunnel interface. You have to create tunnel interface to connect two separate IPv6 networks through IPv4 network. The tunnel interface is valid after the attributes are configured. IPv6 packets can be forwarded after IPv6 is enabled.
Using the undo interface tunnel command, you can delete tunnel interface.
Example # Create tunnel7/1/1.
<Quidway> system-view
[Quidway] interface tunnel 7/1/1
# Delete unnel7/1/1.
<Quidway> system-view
[Quidway] undo interface tunnel 7/1/1
8.1.10 source
Syntax source { ip-address | interface-type interface-number }
undo source
View Tunnel interface view
Parameter ip-address: specifies the IP address of the real interface sending GRE packet in the address form of A.B.C.D.
8 VPN Commands Quidway MA5200GCommand Reference
8-10 Huawei Technologies Proprietary Issue 02 (2007-06-30)
interface-type interface-number: specifies the type and number of the source Tunnel interface. The types include ATM, AUX, Eth-Trunk, Ethernet, Gigabit Ethernet, loopback , null, POS, Tunnel, and virtual template.
Description Using the source command, you can configure the source interface or address for tunnel.
Using the undo source command, you can delete the above settings.
For encapsulation of IPv4 packet header, IPv4 address of the source interface has to be specified as the source address of Tunnel. The source address for Tunnel is the IP address of the physical interface sending packets.
Determine whether to configure the source and destination address for Tunnel interface according to practical application. For instance, only the destination address needs to be configured for MPLS TE tunnel.
For the related commands, see interface tunnel, destination.
Example # Configure the source interface for tunnel.
<Quidway> system-view
[Quidway] interface tunnel 1/0/1
[Quidway-Tunnel1/0/1] source GigabitEthernet 1/0/1
8.1.11 tunnel select-seq
Syntax tunnel select-seq { cr-lsp | gre | lsp } * load-balance-number number
undo tunnel select-seq
View Tunnel-policy view
Parameter cr-lsp: adopts CR-LSP tunnel as VPN tunnel.
gre: adopts GRE tunnel as VPN tunnel.
lsp: adopts LSP tunnel as VPN tunnel.
load-balance-number number: specifies how many tunnels to be used for load balancing. The value ranges from 1 to 6.
Description Using the tunnel select-seq command, you can configure the tunnel policy, that is, configure the tunnel preference sequence and set how many tunnels to be used for load balancing.
Using the undo tunnel select-seq command, you can cancel the configuration.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-11
By default, for L2VPN or L3VPN, if no tunnel policy is specified, LSP is taken as VPN tunnel and the number of tunnels for load balancing is 1. The range of load-balancing-number is controlled by License.
For the related command, see tunnel-policy.
Example # Set the preference sequence for the tunnel is that, the LSP tunnel by preference, and then GRE tunnel. The load-balancing-number is 1.
<Quidway> system-view
[Quidway] tunnel-policy policy1
[Quidway-tunnel-policy-policy1] tunnel select-seq lsp gre load-balance-number 1
8.1.12 tunnel-policy
Syntax tunnel-policy tunnel-policy-name
undo tunnel-policy tunnel-policy-name
View System view
Parameter tunnel-policy-name: specifies the name of the tunnel policy. It is a string of 1 to 19 characters.
Description Using the tunnel-policy command, you can create a tunnel policy and enter its view. Using the undo tunnel-policy command, you can delete the configured tunnel policy.
Tunnel policy is used to select tunnels according to IP address. In tunnel policy, the select sequence and load-balancing-number can be configured.
Proper tunnels can be selected based on tunnel policy for the application of various tunnels.
For the related command, see tunnel select-seq.
Example # Create a tunnel policy named policy1 and enter its view.
<Quidway> system-view
[Quidway] tunnel-policy policy1
[Quidway-tunnel-policy-policy1]
8 VPN Commands Quidway MA5200GCommand Reference
8-12 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.1.13 tunnel-protocol
Syntax tunnel-protocol { gre | ipv6-ipv4 [ 6to4 | auto-tunnel | isatap ] | mpls te }
undo tunnel-protocol
View Tunnel interface view
Parameter gre: configures GRE tunnel as the tunnel mode. When this parameter is specified, the tunnel interface must in the slot where the TSU is inserted.
ipv6-ipv4: configures IPv6 to IPv4 tunnel as the tunnel mode.
6to4: configures 6to4 tunnel as the tunnel mode.
auto-tunnel: configures automatic tunnel as the tunnel mode.
isatap: configures isatap tunnel as the tunnel mode.
mpls te: configures MPLS tunnel as the tunnel mode.
Description Using the tunnel-protocol command, you can configure the tunnel mode.
Using the undo tunnel-protocol command, you can cancel the setting.
Tunnel mode can be selected according to network topology and application. The manual tunnel is in point-to-point mode, and IPv6 to IPv4 tunnel is in point-to-multipoint mode as automatic tunnel. Only one automatic tunnel can be created in a node.
For security, you can select GRE tunnel, which is point-to-point mode. GRE tunnel mode takes authentication key and checksum as its security mechanism.
Example # Configure tunnel mode to 6to4.
<Quidway> system-view
[Quidway] interface tunnel 1/0/0
[Quidway-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-13
8.2 L2TP Configuration Commands 8.2.1 allow l2tp virtual-template
Syntax allow l2tp virtual-template virtual-template-number [ remote lac-name ] [ default-domain domain-name ]
undo allow
View L2TP group view
Parameter virtual-template-num: specifies the number of the VT bound to the Layer2 Tunneling Protocol (L2TP) group, ranging from 0 to 1023.
remote lac-name: indicates the name of the remote L2TP Access Concentrator (LAC) of L2TP Network Server (LNS). lac-name specifies the name of LAC peer. It is a string of 1 to 30 characters.
default-domain domain-name: indicates the default domain associated with the LNS. The domain-name parameter is a string of 1 to 64 characters.
Description Using the allow l2tp virtual-template command, you can set the L2TP group to the LNS type, bind it to the virtual template, and specify the name of the peer. You have to configure all the groups except the default group default-lns.
Using the undo allow command, you can delete the configuration and restore the default setting.
By default, no virtual template is bound to L2TP group.
Example # Set the L2TP group to the LNS type, bind it to virtual template 1, and name the peer lac1.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] allow l2tp virtual-template 1 remote lac1
Except default LNS of the L2TP group, LNSs of all L2TP groups must be configured with a remote-name.
8.2.2 bind slot
Syntax bind slot slot-number
8 VPN Commands Quidway MA5200GCommand Reference
8-14 Huawei Technologies Proprietary Issue 02 (2007-06-30)
undo bind slot slot-number
View LNS group view
Parameter slot-number: specifies the slot number of the tunnel. The value range is the actual slot number in slot.
Description Using the bind slot command, you can bind the tunnel board with the LNS backup group.
Using the undo bind slot command, you can unbind the tunnel board with the LNS backup group.
Example # Bind the tunnel board in slot 3 with the backup group backgroup.
<Quidway> system-view
[Quidway] lns-group backgroup
[Quidway-lns-group-backgroup] bind slot 3
8.2.3 bind source
Syntax bind source { interface-type interface-number }
undo bind source { interface-type interface-number }
View LNS group view
Parameter interface-type interface-number: specifies the interface bound to the backup group.
Description Using the bind source command, you can bind the interface to the LNS backup group.
Using the undo bind source command, you can unbind the interface.
Example # Bind the loopback 0 with the LNS backup group.
<Quidway> system-view
[Quidway] lns-group backgroup
[Quidway-lns-group-backgroup] bind source LoopBack 0
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-15
8.2.4 debugging l2tp
Syntax debugging l2tp { all | control | dump | error | event | hidden | payload | timestamp | syn }
undo debugging l2tp { all | control | dump | error | event | hidden | payload | timestamp | syn }
View User view
Parameter all: enables the debugging of all the LAC information.
control: enables the debugging of the control message.
dump: enables the debugging of the PPP message.
error: enables the debugging of the error message.
event: enables the debugging of the LAC events.
hidden: enables the debugging of the hidden Attribute Value Pair (AVP).
payload: enables the debugging of LAC payload packets.
timestamp: enables the debugging of the timestamp.
syn: enables the debugging of synchronization information.
Description Using the debugging l2tp command, you can enable the debugging for LAC.
Using the undo debugging l2tp command, you can disable the debugging for LAC.
By default, the LAC debugging is disabled.
Example # Enable the debugging for LAC control messages.
<Quidway> debugging l2tp control
8.2.5 debugging lns
Syntax debugging lns { all | control | dump | error | event | hidden | payload | timestamp | syn }
undo debugging lns { all | control | dump | error | event | hidden | payload | timestamp | syn }
8 VPN Commands Quidway MA5200GCommand Reference
8-16 Huawei Technologies Proprietary Issue 02 (2007-06-30)
View User view
Parameter all: enables the debugging of all the LNS information.
control: enables the debugging of the control message.
dump: enables the debugging of the PPP message.
error: enables the debugging of the error message.
event: enables the debugging of the LNS events.
hidden: enables the debugging of the hidden Attribute Value Pair (AVP).
payload: enables the debugging of LNS payload packets.
timestamp: enables the debugging of the timestamp.
syn: enables the debugging of synchronization information.
Description Using the debugging l2tp command, you can enable the debugging for LNS.
Using the undo debugging l2tp command, you can disable the debugging for LNS.
By default, the LNS debugging is disabled.
Example # Enable the debugging for LNS control messages.
<Quidway> debugging lns control
8.2.6 display l2tp session
Syntax display l2tp session [slot slot-number ] [ session-item session-id ]
View All views
Parameter session-item: displays the L2TP session information of the specified session ID.
session-id: specifies the local ID of the L2TP session. The value is an integer. For the MA5200G-2, it ranges from 1 to 12288. For the MA5200G-4, it ranges from 1 to 24567. For the MA5200G-8, it ranges from 1 to 49152.
slot: displays the L2TP session information of the specified tunnel board.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-17
slot-number: specifies the slot number of the tunnel board.
Description Using the display l2tp session command, you can display L2TP sessions.
For the related command, see display l2tp tunnel.
Example # Display L2TP sessions.
<Quidway> display l2tp session
LocalSID RemoteSID LocalTID
1 1 2
Total session = 1
Table 8-5 Description of the output the display L2tp session command
Item Description
LocalSID The only value identifying a session for local
RemoteSID The only value identifying a session for remote
LocalTID Local tag ID for tunnel
Total session The number of sessions
8.2.7 display l2tp tunnel
Syntax display l2tp tunnel lac [ tunnel-item tunnel-id | tunnel-name tunnel-name ]
display l2tp tunnel lns slot slot-number
View All views
Parameter lac: displays L2TP tunnel information of LAC.
tunnel-item tunnel-id: displays the information of the L2TP tunnel with the specified ID. The value of local ID for L2TP tunnel ranges from 1 to 65,535.
tunnel-name tunnel-name: displays L2TP information of a specific remote name. It is a string of 1 to 30 characters.
lns slot slot-number: displays the L2TP tunnel information of the specified tunnel board. The value of slot-number is the slot number of tunnel board which is in slot actually.
8 VPN Commands Quidway MA5200GCommand Reference
8-18 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the display l2tp tunnel command, you can display the information of L2TP tunnels.
For the related command, see display l2tp session.
Example # Display the current L2TP tunnel.
<Quidway> display l2tp tunnel
LocalTID RemoteTID RemoteAddress Port Sessions RemoteName
2 22849 11.1.1.1 1701 1 lns
Total tunnel = 1
Table 8-6 Description of the output the display L2tp tunnel command
Item Description
LocalTID The only value identifying a session for local
RemoteTID The only value identifying a session for remote
RemoteAddress Remote IP address
Port Remote port number
Sessions The number of sessions on the tunnel
RemoteName Remote name
8.2.8 display l2tp-group
Syntax display l2tp-group [ group-name ]
View All views
Parameter group-name: displays the configuration information of the specified L2TP group. It is a string of 1 to 30 characters.
Description Using the display l2tp-group command, you can display the configuration information of an L2TP group.
Example # Display the configuration information of L2TP group lns1.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-19
<Quidway> display l2tp-group lns1
-----------------------------------------------
L2tp-index: 3
Group-Name: lns1
TunnelAuth: Not tunnel authentication
Tunnel aaa Auth: Not tunnel aaa-authentication
Tunnel Avp46: Not tunnel Avp46
LocalName: LNS
Encrypt : 0
avp-hidden: 0
load-share: 0
Radius-auth: 0
Hello : 60
Retransmit: 5
Timeout : 2
Idle cut : 60
SessionLimit: 49152
Used : 0
IfIndex : 4294967295
SrcIp : 255.255.255.255
VtNum : 1
RemoteName: lac1
DefaultDomain:default1
ForceChap : 0
LcpReg : 0
LnsNum : 0
LnsIPAddr :
-----------------------------------------------
8.2.9 display Ins-group all
Syntax display lns-group all
View All views
Parameter None
Description Using the display lns-group all command, you can view all the LNS backup groups in the system.
Example # Display all the LNS backup groups.
<Quidway> display lns-group all
------------------------------------------------------------------------------
8 VPN Commands Quidway MA5200GCommand Reference
8-20 Huawei Technologies Proprietary Issue 02 (2007-06-30)
GroupNum GroupName Interface AllSlot
0 lns1 Loopback0 ----
-------------------------------------------------------------------------
8.2.10 l2tp aging
Syntax l2tp aging time
undo l2tp aging
View System view
Parameter time: specifies the LNS aging time, ranging from 1 to 60, in minute.
Description Using the l2tp aging command, you can set the LNS aging time. The default value is 5 minutes.
Using the undo l2tp aging command, you can restore the default value.
For the related command, see l2tp-group.
Example # Set the LNS aging time to 10 minutes.
<Quidway> system-view
[Quidway] l2tp aging 10
8.2.11 l2tp enable
Syntax l2tp enable
undo l2tp enable
View System view
Parameter None
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-21
Description Using the l2tp enable command, you can enable the L2TP function. VPN services can be deployed only after the L2TP function is enabled.
Using the undo l2tp enable command, you can disable the L2TP function.
You can provide the VPN service only after explicitly enabling the L2TP function by using the command l2tp enable.
By default, the L2TP function is disabled.
For the related command, see l2tp-group.
Example # Enable the L2TP function on the MA5200G.
<Quidway> system-view
[Quidway] l2tp enable
8.2.12 l2tp-group
Syntax l2tp-group group-name
undo l2tp-group group-name
View System view
Parameter group-name: specifies the name of an L2TP group. It is a string of 1 to 30 characters.
Description Using the l2tp-group command, you can create an L2TP group.
Using the undo l2tp-group command, you can delete the L2TP group. After the L2TP group is deleted, all the configurations in this group are deleted.
There are two default groups: default-lns and default-lac. You can only change the parameters of the default groups rather than deleting the groups. The default-lac group is used for the default LAC group. The default-lns group is used for the default LNS group.
Example # Create an L2TP group huawei and enter its view.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei]
8 VPN Commands Quidway MA5200GCommand Reference
8-22 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.2.13 l2tp-group
Syntax l2tp-group group-name
undo l2tp-group group-name
View Domain view
Parameter group-name: specifies the name of an L2TP group. It is a string of 1 to 30 characters.
Description Using the l2tp-group command, you can specify an L2TP group in the domain.
Using the undo l2tp-group command, you can delete an L2TP group from the domain.
Example # Specify an L2TP group test in domain huawei.
<Quidway> system-view
[Quidway] aaa
[Quidway-aaa] domain huawei
[Quidway-aaa-domain-huawei] l2tp-group test
8.2.14 l2tp-user radius-force
Syntax l2tp-user radius-force
undo l2tp-user radius-force
View Domain view
Parameter None
Description Using the l2tp-group command, you can specify the L2TP attributes delivered by the RADIUS server for the domain users.
Using the undo l2tp-group command, you can cancel the L2TP attributes delivered by the RADIUS server for the domain users.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-23
Example # Specify L2TP attributes delivered by the RADIUS server for the domain users.
<Quidway> system-view
[Quidway] aaa
[Quidway-aaa] domain huawei
[Quidway-aaa-domain-huawei] l2tp-user radius-force
8.2.15 lns-group
Syntax lns-group group-name
undo lns-group group-name
View System view
Parameter group-name: specifies the name of LNS backup group. It is a string of 1 to 30 characters.
Description Using the lns-group command, you can create an LNS backup group and enter its view.
Using the undo lns-group command, you can delete the LNS backup group.
By default, no LNS backup group is created.
Example # Create a backup group named backgroup.
<Quidway> system-view
[Quidway] lns-group backgroup
8.2.16 mandatory-chap
Syntax mandatory-chap
undo mandatory-chap
View L2TP group view
Parameter None
8 VPN Commands Quidway MA5200GCommand Reference
8-24 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the mandatory-chap command, you can conduct the mandatory CHAP re-authentication between the LNS and the Client.
Using the undo mandatory-chap command, you can delete the mandatory CHAP re-authentication.
By default, no user authentication is conducted on LNS side.
Example # Conduct the mandatory CHAP re-authentication between the LNS and the Client.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] mandatory-chap
8.2.17 mandatory-lcp
Syntax mandatory-lcp
undo mandatory-lcp
View L2TP group view
Parameter None
Description Using the mandatory-lcp command, you can conduct the mandatory LCP protocol re-negotiation of the LNS and the Client.
Using the undo mandatory-lcp command, you can delete the re-negotiation.
By default, the re-negotiation is not conducted on the LNS.
Example # Conduct the mandatory LCP re-negotiation between the LSN and the Client.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] mandatory-lcp
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-25
8.2.18 reset l2tp tunnel
Syntax reset l2tp tunnel { lac { tunnel-item tunnel-id | tunnel-name tunnel-name } | lns slot slot-number }
View User view
Parameter lac: resets L2TP tunnel connection of LAC.
tunnel-item tunnel-id: resets the L2TP tunnel connection with the specified tunnel ID. The value of local ID for L2TP tunnel ranges from 1 to 65,535.
tunnel-name tunnel-name: resets L2TP connection of a specified remote name. It is a string of 1 to 30 characters.
lns slot slot-number: resets the L2TP tunnel connection of the specified tunnel board. The value of slot-number is the number of the tunnel board in slot.
Description Using the reset l2tp tunnel command, you can disconnect the L2TP tunnel and all sessions on this tunnel.
When the user on the peer end initiates a call again, the tunnel can be re-established. You can disconnect the tunnel by specifying name of the peer end of the tunnel.
If no tunnel is matched, the command does not affect any tunnel. If multiple matching tunnels exist (with the same name but different IP addresses), all of them are disconnected. If you specify the parameter tunnel-id, only the matched tunnel is disconnected.
For the related command, see display l2tp tunnel.
Example # Disconnect the tunnel whose peer end named AS8010.
<Quidway> reset l2tp tunnel lac tunnel-name AS8010
8.2.19 start l2tp
Syntax start l2tp [ ip ip-address [ weight ins-weight ] ] &<1-8>
undo start
View L2TP group view
8 VPN Commands Quidway MA5200GCommand Reference
8-26 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Parameter ip: configures the IP address for the peer LNS.
ip-address: specifies the IPv4 address of the peer LNS. You can set up to eight IP addresses.
weight: sets the weight for LNS.
ins-weight: specifies the weight value. The value ranges from 1 to 10.
Description Using the start l2tp command, you can set the triggering condition for the local end as the L2TP LAC to initiate a call.
Using the undo start command, you can delete the triggering condition.
The command runs on the LAC to specify the IP address of LNS. You can specify a VPN user by providing the full username.
For a VPN user, the local end, namely LAC, sends a connection request to LNSs in the order of LNS configuration. When LAC receives the ACK from an LNS, the LNS becomes the peer end of the tunnel. Otherwise, the LAC sends the request to the next LNS to establish a tunnel.
The ways of judging VPN users may conflict with each other. For example, the system may assign the LNS 1.1.1.1 according to the full username but also assign the LNS 1.1.1.2 according to the domain name of the same user. Therefore, it is necessary to define the precedence for the two ways. By default, the system checks for an L2TP group according to the full username. If not, then the domain name is used.
By default, no triggering condition for L2TP LAC is configured in the system.
Example # Set the IP address for the peer LNS to 10.10.10.1 and set the LNS weight to 1.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] start l2tp ip-address 10.10.10.1 weight 1
8.2.20 test l2tp-tunnel
Syntax test l2tp-tunnel l2tp-group group-name ip-address ip-address
View L2TP group view
Parameter group-name: specifies the L2TP group name. It is a string of 1 to 30 characters.
ip-address: specifies the IPv4 address of the peer LNS for L2TP tunnel.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-27
Description Using the test l2tp-tunnel command, you can configure on the LAC to test the connection of an L2TP tunnel with specified L2TP group and specified LNS address.
By default, this function is disabled.
Example # Test an L2TP tunnel with the L2TP group named huawei and LNS IP address 10.10.10.1.
<Quidway> system-view
[Quidway] l2tp-group lac1
[Quidway-l2tp-lac1] test l2tp-tunnel l2tp-group huawei ip-address 10.10.10.1
8.2.21 tunnel aaa-authentication
Syntax tunnel aaa-authentication
undo tunnel aaa-authentication
View L2TP group view
Parameter None
Description Using the tunnel aaa-authentication command, you can configure the AAA authentication on the L2TP tunnel.
Using the undo tunnel aaa-authentication command, you can cancel the AAA authentication.
Usually, when authenticating a L2TP tunnel, the MA5200G authenticates only the name and password. With the AAA authentication enabled on the L2TP tunnel, the MA5200G sends the name and password to the AAA server (RADIUS server or HWTACACS server) for authentication. The tunnel AAA authentication allows different passwords on the LAC and the LNS.
By default, the tunnel AAA authentication is disabled on the L2TP tunnel.
Example # Configure the AAA authentication on the L2TP tunnel.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel aaa-authentication
8 VPN Commands Quidway MA5200GCommand Reference
8-28 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.2.22 tunnel authentication
Syntax tunnel authentication
undo tunnel authentication
View L2TP group view
Parameter None
Description Using the tunnel authentication command, you can enable the L2TP tunnel authentication.
Using the undo tunnel authentication command, you can disable the L2TP tunnel authentication.
In normal cases, both ends of an L2TP tunnel are verified by each other to ensure the security. If you want to test the connectivity of the network, or want to accept the connection initiated by an unknown peer, you may choose not to verify the tunnel.
The L2TP tunnel authentication can be initiated by any of the two ends, LAC or LNS. If the authentication is initiated by any of the two, the tunnel is authenticated in the tunnel establishment. Only the passwords of the both sides are identical and not null, the tunnel can be established. Otherwise, the tunnel is disconnected. If the tunnel authentication is disabled by both LAC and LNS, whether the passwords of the both sides are identical takes no effect.
By default, the L2TP tunnel authentication is enabled.
Example # Disable the tunnel authentication on the MA5200G.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] undo tunnel authentication
8.2.23 tunnel avp-hidden
Syntax tunnel avp-hidden
undo tunnel avp-hidden
View L2TP group view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-29
Parameter None
Description Using the tunnel avp-hidden command, you can hide AVP in transmission.
Using the undo tunnel avp-hidden command, you can restore the default setting.
By default, a tunnel transfers AVP in plain text.
In the L2TP, some parameters are transferred in the form of AVP. If these data are security demanding, you can hide them in transmission by using this command.
The authentication passwords must be the same for configuring the AVP hidden function. Tunnel AAA authentication allows different passwords for both sides while AVP hidden
requires the same password for resolution of the hidden AVP data for the algorithm reason. Do not configure the AVP hidden function when configuring AAA authentication; otherwise, the user cannot get on line.
Example # Hide AVP in transmission.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel avp-hidden
8.2.24 tunnel idle-cut
Syntax tunnel idle-cut time
undo tunnel idle-cut
View L2TP group view
Parameter time: specifies the idle-cut time of the tunnel in seconds. Its value ranges from 0 to 100,000. Zero indicates that the local end will never clear the tunnel.
8 VPN Commands Quidway MA5200GCommand Reference
8-30 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the tunnel idle-cut command, you can set the idle-cut time of the L2TP tunnel. Idle-cut time is the time a tunnel persists while carrying no session. After this time is running out, the tunnel will be cleared.
When the idle-cut time of the L2TP tunnel is set to 0, it indicates that the local end will never clear the tunnel. However, if the tunnel is cleared by the peer end, the tunnel cannot be re-established any more.
Using the undo tunnel idle-cut command, you can restore the default value.
By default, the idle-cut time of the L2TP tunnel is 60 seconds.
Example # Set the idle-cut time of the L2TP tunnel to be 100 seconds.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel idle-cut 100
8.2.25 tunnel load-sharing
Syntax tunnel load-sharing
undo tunnel load-sharing
View L2TP group view
Parameter None
Description Using the tunnel load-sharing command, you can enable the load balancing.
Using the undo tunnel load-sharing command, you can disable the load balancing.
After configuring multiple LNSs, the MA5200G tries to connect LNSs in order until an LNS gives response and establishes a tunnel, and other LNSs are taken as the backup LNSs.
If an LNS cannot load all the L2TP service because of its feature, you can allocate the service to multiple LNSs based on weight through the LNS load balancing.
Example # Enable the load balancing.
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel load-sharing
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-31
8.2.26 tunnel name
Syntax tunnel name name
undo tunnel name
View L2TP group view
Parameter name: specifies the name of the local end of the tunnel. It is a string of 1 to 30 characters.
Description Using the tunnel name command, you can specify the name of the local end of the tunnel.
Using the undo tunnel name command, you can restore the default name of the local end.
When an L2TP group is created, the name of the local end is initialized to the name of the MA5200G.
By default, the name of the local end is the name of the device.
Example # Set the name of the local end of the tunnel to itsme.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel name itsme
8.2.27 tunnel password
Syntax tunnel password { simple | cipher } password [ lac lns-ip-index ]
undo tunnel password [ lac lns-ip-index ]
View L2TP group view
Parameter cipher: displays the password in cipher text.
simple: displays the password in plain text.
8 VPN Commands Quidway MA5200GCommand Reference
8-32 Huawei Technologies Proprietary Issue 02 (2007-06-30)
lac lns-ip-index: specifies the IP address of the LNS corresponding to the password when the MA5200G functions as the LAC. The MA5200G supports eight LNS addresses, so you can configure up to eight passwords.
password: if the password is in simple mode, the password must be in plain text. If the password is in cipher mode, the password has to be in cipher text, encrypted or not, which depends on the input. Without encryption, the password is a string not more than 16 characters, for instance, 1234567. With encryption, the length of the password has to be 24 and in cipher mode, for instance, _(TT8F ] Y\5SQ=^Q`MAF4<1!!.
Description Using the tunnel password command, you can specify the password used in tunnel authentication.
Using the undo tunnel password command, you can cancel the password.
By default, the password used in tunnel authentication is null.
Example # Set the password used in tunnel authentication on the second LNS address to yougotit and display it in plain text.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel password simple yougotit lac 2
8.2.28 tunnel radius-force
Syntax tunnel radius-force
undo tunnel radius-force
View L2TP group view
Parameter None
Description Using the tunnel radius-force command, you can configure the forced tunnel authentication of RADIUS. If the RADIUS delivers the tunnel password attribute, the peer end will be authenticated.
Using the undo tunnel radius-force command, you can delete the force RADIUS tunnel authentication.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-33
Example # Configure the force RADIUS tunnel authentication for the L2TP group huawei.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel radius-force
8.2.29 tunnel retransmit
Syntax tunnel retransmit times
undo tunnel retransmit
View L2TP group view
Parameter times: specifies the number of L2TP packet retransmissions. The value ranges from 1 to 10.
Description Using the tunnel retransmit command, you can set the number of L2TP retransmissions. The every time retransmit interval is the 2 times that of last time interval.
After the MA5200G sends the L2TP packet to the peer through an L2TP tunnel, if no response is received within a certain time (configured through the tunnel timeout command), it resends the packet.
If no response is received after the number of L2TP retransmissions exceeds the value of times set in this command, the MA5200G considers that the L2TP tunnel has been broken abnormally, and clears this tunnel.
Using the undo tunnel retransmit command, you can reset the number of L2TP packet retransmissions.
By default, the number of L2TP packet retransmissions is 5.
Example # Set the number of packet retransmissions to 3 for the L2TP group huawei.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel retransmit 3
8.2.30 tunnel session-limit
Syntax tunnel session-limit max-session-number
8 VPN Commands Quidway MA5200GCommand Reference
8-34 Huawei Technologies Proprietary Issue 02 (2007-06-30)
undo tunnel session-limit
View L2TP group view
Parameter max-session-number: specifies the maximum number of sessions. The value is an integer. For the MA5200G-2, it ranges from 1 to 12288. For the MA5200G-4, it ranges from 1 to 24567. For the MA5200G-8, it ranges from 1 to 49152.
Description Using the tunnel session-limit command, you can set the maximum number of sessions for a tunnel. This command is valid only when the MA5200G acts as the LAC.
Using the undo tunnel session-limit command, you can restore the default value of the maximum number of sessions.
Example # Set the maximum number of sessions for a tunnel to 100.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel session-limit 100
8.2.31 tunnel source
Syntax tunnel source loopback number
undo tunnel source
View L2TP group view
Parameter number: specifies the number of the loopback interface.
Description Using the tunnel source command, you can configure loopback interface as the tunnel source interface used by the LAC to initiate a tunnel-establish request to the LNS.
Using the undo tunnel source command, you can restore the default setting.
If there is no IP address assigned to the specified tunnel source interface, the address in the local routing table is used as the source address.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-35
This command is only valid when the MA5200G as the LAC. In order to improve the reliability of the communications between the LAC and the LNS, it is recommended to run the command tunnel source on the LAC side.
By default, the LAC initiates a tunnel-establish request to the LNS by using an interface address in the local routing table as the source address.
Example # Configure the LAC to use the interface loopback1 as the source interface of the tunnel.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel source loopback 1
8.2.32 tunnel timeout
Syntax tunnel timeout time
undo tunnel timeout
View L2TP group view
Parameter time: specifies the time-out time for L2TP retransmission. The value ranges from 1 to 10, in seconds.
Description Using the tunnel timeout command, you can set the time-out period for L2TP packet retransmission. After the MA5200G sends an L2TP packet to the peer through an L2TP tunnel, if no response is received within the time-out period, it retransmits the packet.
If no response is received after the number of L2TP packet retransmissions exceeds the value of times configured in the tunnel retransmit command, the MA5200G considers that the L2TP tunnel has been broken abnormally, and clears this tunnel.
Using the undo tunnel timeout command, you can reset the time-out period for L2TP packet retransmission to the default value.
By default, the time-out period for L2TP packet retransmission is 2 seconds.
Example # Set the time-out period for packet retransmission to 3 seconds for the L2TP group huawei.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel timeout 3
8 VPN Commands Quidway MA5200GCommand Reference
8-36 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.2.33 tunnel timer hello
Syntax tunnel timer hello hello-interval
undo tunnel timer hello
View L2TP group view
Parameter hello-interval: specifies the interval at which the LAC or the LNS sends Hello messages when no packet is received. The value ranges from 60 to 10,000 in seconds.
Description Using the tunnel timer hello command, you can set the interval for sending Hello messages in the tunnel.
Using the undo tunnel timer hello command, you can restore the default value.
You can set different intervals for sending Hello messages on the LNS and the LAC respectively.
By default, the interval is 60 seconds.
Example # Set the interval for sending Hello messages to 99 seconds.
<Quidway> system-view
[Quidway] l2tp-group huawei
[Quidway-l2tp-huawei] tunnel timer hello 99
8.3 GRE Configuration Commands 8.3.1 display gre-group
Syntax display gre-group [ group-name ]
View All views
Parameter group-name: specifies the name of a GRE group. It is a string of 1 to 32 characters.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-37
Description Using the display gre-group command, you can view the configuration of the GRE backup group. If you do not specify the parameter, you can view all the backup groups.
Example # Display the configuration of the GRE backup group gre-backup.
<Quidway> display gre-group gre-backup
8.3.2 gre checksum
Syntax gre checksum
undo gre checksum
View Tunnel interface view
Parameter None
Description Using the gre checksum command, you can carry out end-to-end check on the ends of the GRE tunnel.
Using the undo gre checksum command, you can disable the check.
By default, end-to-end check on the ends of the GRE tunnel is disabled.
If the check is configured on the local end but not on the remote end, the local end does not check the received the packets, but counts the checksum of the sent packets. If the check is configured on the remote end but not on the local end, the local end checks the packets from the remote end, but does not check the sent packets.
Example # After a tunnel is set up between Tunnel1/0/0 and Tunnel2/0/0 on the router Quidway1, configure check on the two ends of the tunnel.
<Quidway> system-view
[Quidway1] interface tunnel1/0/0
[Quidway1-Tunnel1/0/0] gre checksum
[Quidway2] interface tunnel2/0/0
[Quidway2-Tunnel2/0/0] gre checksum
8 VPN Commands Quidway MA5200GCommand Reference
8-38 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.3.3 gre key
Syntax gre key key-number
undo gre key
View Tunnel interface view
Parameter Key-number: specifies the identification key for the GRE tunnel. The value is an integer ranging from 0 to 4,294,967,295.
Description Using the gre key command, you can set the identification key for GRE tunnel. Through this weak security mechanism, you can prevent error identification and receive packets from other sources.
Using the undo gre key command, you can cancel the current configuration.
By default, the GRE tunnel identification is not configured.
When setting key-number on both ends of the tunnel, make sure the values on two ends are identical, or do not set key-number on either end.
Example # Set up a tunnel between routers Quidway1 and Quidway2 and set the identification key for the tunnel.
<Quidway1> system-view
[Quidway1] interface tunnel3/0/0
[Quidway1-Tunnel3/0/0] gre key 123
<Quidway2> system-view
[Quidway2] interface tunnel2/0/0
[Quidway2-Tunnel2/0/0] gre key 123
8.3.4 gre-group
Syntax gre-group group-name
undo gre-group group-name
View System view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-39
Parameter group-name: identifies the name of the GRE backup group. It is a string of 1 to 32 characters.
Description Using the gre-group command, you can create the GRE backup group.
Using the undo gre-group command, you can delete the GRE backup group.
By default, no GRE backup group is created.
Example # Create a GRE backup group gre-backup.
<Quidway> system-view
[Quidway] gre-group gre-backup
8.3.5 tunnel-binding
Syntax tunnel-binding tunnel interface-number [ preference value ]
undo tunnel-binding tunnel interface-number [ preference value ]
View GRE group view
Parameter tunnel: indicates the tunnel bound to the GRE group.
interface-number: specifies the interface number in the format of "slot number/card number/port number".
preference: indicates the preference to be selected as the activated tunnel in the GRE group.
value: specifies the preference value. The value ranges from 1 to 4,294,967,295.
Description Using the tunnel-binding command, you can bind the tunnel interface to the GRE backup group.
Using the undo tunnel-binding command, you can unbind the tunnel interface to the GRE backup group.
Example # Bind the interface Tunnel 1/0/0 with the GRE backup group huawei.
<Quidway> system-view
[Quidway] gre-group huawei
8 VPN Commands Quidway MA5200GCommand Reference
8-40 Huawei Technologies Proprietary Issue 02 (2007-06-30)
[Quidway-gre-group-huawei] tunnel-binding Tunnel 1/0/0
8.4 BGP/MPLS L3VPN Configuration Commands 8.4.1 apply access-vpn vpn-instance
Syntax apply access-vpn vpn-instance vpn-instance-name &<1-6>
undo apply access-vpn vpn-instance vpn-instance-name &<1-6>
View Policy-based-route view
Parameter vpn-instance-name: specifies the VPN instance name. It is a case sensitive string of 1 to 31 characters. You can specify a maximum of six VPN instance names at a time.
Description Using the apply access-vpn vpn-instance command, you can set the VPN instance for the forwarding packets in the node of a policy.
You can set six VPN instances for one node of a policy. If the VPN instance is matched, the packets are forwarded according to the first matched VPN instance routing table.
Using the undo apply access-vpn vpn-instance command, you can delete the VPN instance from the node of a policy. If no parameters are specified for the undo command, all the VPN instances of the policy nodes are deleted from the forwarding information.
When using the apply access-vpn vpn-instance command, specify an existing VPN instance.
Example # Set VPN instances vpn1 and vpn2 for a node in a policy.
<Quidway> system-view
[Quidway] policy-based-route policy1 permit node 10
[Quidway-policy-based-route-policy1-10] apply access-vpn vpn-instance vpn1 vpn2
# Delete vpn1 from the policy node so that the routing information of vpn1 is not used for forwarding.
<Quidway> system-view
[Quidway] policy-based-route policy1 permit node 10
[Quidway-policy-based-route-policy1-10] undo apply access-vpn vpn-instance vpn1
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-41
8.4.2 apply-label per-instance
Syntax apply-label per-instance
undo apply-label per-instance
View VPN instance view
Parameter None
Description Using the apply-label per-instance command, you can apply the label of the VPN instance to all the routes of the VPN instance to the peer PE.
Using the undo apply-label per-instance command, you can disable this function.
By default, each route of the VPN instances applies one label.
After the execution of the apply-label per-instance command, if no route of the VPN instance is forwarded, all routes will use the label based on the VPN instance; if the route of the VPN instance is forwarded, without the label based on VPN, the route will release the original label and re-advertise the label of the current VPN instance. That is, all routes the VPN instance are resent after the execution of the command.
After the execution of the undo apply-label per-instance command, if the original routes are advertised according to the principle of one label for a VPN, labels will be re-advertised and retransmitted.
Changing the label distribution way can lead to the route retransmission of the VPN instance. Be cautious to use the apply-label per-instance command and its undo command.
Example # Configure the routes of vpn1 to use the label of the VPN instance.
<Quidway> system-view
[Quidway] ip vpn-instance vpn1
[Quidway-vpn-instance-vpn1] apply-label per-instance
8 VPN Commands Quidway MA5200GCommand Reference
8-42 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.4.3 description
Syntax description description-information
undo description
View VPN instance view
Parameter description-information: specifies the description of a VPN instance.
Description Using the description command, you can describe a particular VPN instance.
Using the undo description command, you can delete the description.
By default, there is no default value for the description command.
Example # Describe a specific VPN instance vpn1.
<Quidway> system-view
[Quidway] ip vpn-instance vpn1
[Quidway-vpn-instance-vpn1] description This is vpn1
# Delete the description of vpn1.
<Quidway> system-view
[Quidway] ip vpn-instance vpn1
[Quidway-vpn-instance-vpn1] undo description
8.4.4 display fib vpn-instance
Syntax display fib [ slot-id ] vpn-instance vpn-instance-name [ statistics | | { include | exclude | begin } text ]
display fib vpn-instance vpn-instance-name [ acl acl-number [ verbose ] | interface interface-type interface-number | next-hop next-hop-addr | ip-prefix prefix-name [ verbose ] | statistics | [ verbose ] { | { include | exclude | begin } text } ]
display fib [ slot-id ] vpn-instance vpn-instance-name [ destination-addr1 { mask1 | mask-length1 } ] [ destination-addr2 { mask2 | mask-length2 } ] [ verbose ]
display fib [ slot-id ] vpn-instance vpn-instance-name destination-address [ mask | mask-length ] longer [ verbose ]
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-43
View All views
Parameter slot-id: displays the forwarding table of the I/O board in a specific slot.
vpn-instance-name: specifies the name of a VPN instance. It is a case sensitive string of 1 to 31 characters.
acl-number: specifies the ACL number. The value is an integer ranging from 2000 to 2999.
prefix-name: specifies the name of an IP prefix. It is a string of 1 to 19 characters.
statistics: displays the statistics of the forwarding table of a specified VPN instance.
include: filters the output and outputs the information containing the specified character string.
exclude: filters the output and outputs the information not containing the specified character string.
text: specifies the regular expression used to match the specified character string in the output.
destination-addr1: specifies the destination address 1. It is in dotted decimal format.
mask1: specifies the subnet mask 1. It is in dotted decimal format.
mask-length1: specifies the length of mask1. It is an integer ranging from 0 to 32.
destination-addr2: specifies the destination address 2. It is in dotted decimal format.
mask1: specifies the subnet mask 2. It is in dotted decimal format.
mask-length1: specifies the length of mask2. It is an integer ranging from 0 to 32.
verbose: displays the detailed FIB information of the VPN instance.
Description Using the display fib vpn-instance command, you can display the forwarding table of the specified VPN instance.
The key word ip-prefix prefix-name is used to filter FIB information of the specified VPN instance. Based on the input prefix-name, this command displays the FIB entries passing the filtering in a certain format. If the prefix-name is not specified, all FIB entries are displayed.
If no FIB entry matches the prefix-name, the system prompts that the number of matched FIB entries is 0. If one or more FIB entries match the prefix-name, the entries are output in a certain format.
Using the display fib [ slot-id ] vpn-instance vpn-instance-name dest-addr1 dest-mask1 dest-addr2 dest-mask2command, you can display the FIB entries whose destination address are in the range of dest-addr1 dest-mask1 to dest-addr2 dest-mask2.
For the display fib [ slot-id ] dest-addr command, if the destination has a matched FIB entry in the natural mask range, all subnets with the mask are displayed. Otherwise, the FIB entry with the longest matching the destination is displayed.
8 VPN Commands Quidway MA5200GCommand Reference
8-44 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Using the display fib [ slot-id ] dest-addr dest-mask command, you can display the FIB entry that accurately matches the destination address and mask.
Using the display fib [ slot-id ] dest-addr longer command, you can display all FIB entries whose destination match the IP address in the natural mask range.
Using the display fib [ slot-id ] dest-addr dest-mask longer command, you can display all FIB entries whose destination match the IP address in the output mask range.
If slot-id is specified, the FIB information on the corresponding board is displayed.
Example # Display the forwarding table of the VPN instance vpn1.
<Quidway> display fib vpn-instance vpna
<Quidway> display fib vpn-instance vpn1
FIB Table:
Total number of Routes : 5
Destination/Mask Nexthop Flag TimeStamp Interface TunnelID
10.2.1.0/24 2.2.2.2 DGU t[0] Pos1/0/1 0x6002000
10.2.1.1/32 2.2.2.2 DGHU t[0] Pos1/0/1 0x6002000
10.1.1.2/32 127.0.0.1 HU t[0] InLoop0 0x0
10.1.1.0/24 10.1.1.2 U t[0] Pos1/0/0 0x0
10.1.1.1/32 10.1.1.1 HU t[0] Pos1/0/0 0x0
Table 8-7 Description of the output of the display fib vpn-instance command
Item Description
FIB Table Forwarding table of vpn1
Total number of Routes Total number of routes
Destination/Mask Length of the destination IP address or mask
Nexthop Next hop address
Flag Current flag, which is a combination of B, D, G, H, S, U. B refers to black hole D refers to dynamic route G refers to gateway H refers to host route S refers to static route U refers to Up status
TimeStamp Time stamp
Interface Outgoing interface to the destination address
TounnelID Index number of the forwarding entry
# Display the FIB entries matching the basic ACL.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-45
<Quidway> display fib acl 2010
Route entry matched by access-list 2010:
Summary counts: 1
Destination/Mask Nexthop Flag TimeStamp Interface Token
127.0.0.0/8 127.0.0.1 U t[0] InLoopBack0 0x
# Display the forwarding table of vpn1.
<Quidway> display fib vpn-instance vpn1
FIB Table:
Total number of Routes : 5
# Display the FIB entries matching the prefix list abc.
<Quidway> display fib vpn-instance vpn1 ip-prefix abc
Route Entry matched by prefix-list abc
Summary Counts :5
Destination/Mask Nexthop Flag TimeStamp Interface Token
10.2.1.0/24 2.2.2.2 DGU t[0] Pos2/0/0 0x6002000
10.2.1.1/32 2.2.2.2 DGHU t[0] Pos2/0/0 0x6002000
10.1.1.2/32 127.0.0.1 HU t[0] InLoop0 0x0
10.1.1.0/24 10.1.1.2 U t[0] Pos1/0/0 0x0
10.1.1.1/32 10.1.1.1 HU t[0] Pos1/0/0 0x0
In this example, the prefix list abc is not found, so all FIB entries are displayed.
# Display the FIB entries whose destination address matches the IP address of 10.1.1.1 in the range of 255.255.255.0.
<Quidway> display fib vpn-instance vpn1 10.1.1.1 255.255.255.0 longer
Route Entry Count: 2
Destination/Mask Nexthop Flag TimeStamp Interface Token
10.1.1.0/24 1.1.1.1 DGU t[0] S6/0/0 0x6002000
10.1.1.1/32 1.1.1.1 DGHU t[0] S6/0/0 0x60020
8.4.5 display ip vpn-instance
Syntax display ip vpn-instance [ brief | verbose ] [ vpn-instance-name ]
View All views
Parameter brief: displays brief information about a VPN instance.
verbose: displays detailed information about the VPN instance and associated interfaces.
vpn-instance-name: specifies the name of a VPN instance. It is a case sensitive string of 1 to 31 characters.
8 VPN Commands Quidway MA5200GCommand Reference
8-46 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the display ip vpn-instance command, you can display the information about a VPN instance.
When no optional parameters are specified, the command displays the brief information about all the configured VPN instances.
Example # Display the information about all the VPN instances.
<Quidway> display ip vpn-instance
Total VPN-Instances configured : 1
VPN-Instance Name RD Creation Time
vpna 200:1 2004/12/06 11:26:06
<Quidway> display ip vpn-instance brief
Total VPN-Instances configured : 1
VPN-Instance Name RD Creation Time
vpna 200:1 2004/12/06 11:26:06
# Display detailed information about all the VPN instances.
<Quidway> display ip vpn-instance verbose
Total VPN-Instances configured : 1
VPN-Instance Name and ID : vpna, 1
Create date : 2005/10/15 17:20:37
Up time : 0 days, 03 hours, 24 minutes and 42 seconds
Route Distinguisher : 200:1
Export VPN Targets : 1:1
Import VPN Targets : 1:1
Label policy: label per route
Interfaces : Pos1/0/0
8.4.6 export route-policy
Syntax export route-policy policy-name
undo export route-policy
View VPN-instance view
Parameter policy-name: specifies the name of the export routing policy of the VPN instance. It is a string of 1 to 19 characters.
Description Using the export route-policy command, you can associate a particular VPN instance with an export route policy.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-47
Using the undo export route-policy command, you can dissociate the VPN instance.
To control advertised VPN routes more accurately than by using extended community, you can use the export routing policy. Export routing policy may filter the selected route in the advertised routes.
There is no default value for the export route policy. If no export route policy is configured, all routes matching the Export Route Target (ERT) can pass the filtering.
Example # Associate the VPN-instance vpn1 with an export route policy poly-1.
<Quidway> system-view
[Quidway] ip vpn-instance vrf1
[Quidway-vpn-instance-vrf1] export route-policy poly-1
8.4.7 import route-policy
Syntax import route-policy policy-name
undo import route-policy
View VPN instance view
Parameter policy-name: specifies the import routing policy of the VPN instance. It is a string of 1 to 19 characters.
Description Using the import route-policy command, you can associate the current VPN instance with an import routing policy. The VPN instance can be associated with only one routing policy, and the policy associated the last takes effect.
Using the undo import route-policy command, you can dissociate the VPN instance.
To control the import of VPN routes more accurately, you can use the import routing policy to filter the routes based on the extended community attribute of the VPN target. The import routing policy may reject the routes selected from the community in the output list.
There is no default value for the import routing policy. If no import routing policy is configured, all routes matching the VPN target are allowed to join the VPN instance.
Example # Associate a particular VPN instance vrf1 with a route policy poly-1.
<Quidway> system-view
[Quidway] ip vpn-instance vrf1
[Quidway-vpn-instance-vrf1] import route-policy poly-1
8 VPN Commands Quidway MA5200GCommand Reference
8-48 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.4.8 ip binding vpn-instance
Syntax ip binding vpn-instance vpn-instance-name
undo ip binding vpn-instance vpn-instance-name
View Interface view
Parameter vpn-instance-name: specifies the name of the VPN instance that is associated with an interface. It is a case sensitive string of 1 to 31 characters.
Description Using the ip binding vpn-instance command, you can associate an interface or a sub-interface with a VPN instance.
Using the undo ip binding vpn-instance command, you can disassociate the VPN instance.
By default, an interface belongs to public network.
When run on an interface, these commands clear the layer 3 features such as IP address of the interface and routing protocols. Therefore, the IP address of the interface should be re-configured.
An interface cannot function as the attachment circuit (AC) interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
Example # Associate GE1/0/0 with a VPN instance vrf1.
<Quidway> system-view
[Quidway] interface gigabitethernet 1/0/0
[Quidway-GigabitEthernet1/0/0] ip binding vpn-instance vrf1
8.4.9 ip route-static vpn-instance
Syntax ip route-static vpn-instance vpn-instance-name dest-ip-address { mask | mask-length } { interface-type interface-number [ nexthop-address ] | vpn-instance vpn-destination-name nexthop-address | nexthop-address [ public ] } [ preference value ]
undo ip route-static vpn-instance vpn-instance-name { all | dest-ip-address { mask | mask-length } [ interface-type interface-number [ nexthop-address ] | vpn-instance
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-49
vpn-destination-name nexthop-address | nexthop-address [ public ] ] [ preference preference ] }
View System view
Parameter vpn-source-name: specifies the name of a VPN instance. It is a string of 1 to 31 characters. Every VPN instance has a static routing table and a unicast routing table. If the VPN instance name is set, the configured static routes are added to the static routing table of the VPN instance.
dest-ip-address: specifies the destination IP address, in dotted decimal notation.
mask: specifies the IP address mask in dotted decimal notation.
mask-length: specifies the length of the mask, that is, number of consecutive 1s in the mask. The mask in dotted decimal notation can be substituted by the mask length.
interface-type: specifies the type of the interface.
interface-number: specifies the number of the interface.
netxthop-address: specifies the next hop address for the router.
vpn-destination-name: specifies the name of the destination VPN instance. It is a string of 1 to 31 characters. If this parameter is configured, the router can find the outgoing interface of the destination VPN instance in the static routing table according to the gateway address.
public: specifies the router in the public network as the next hop. If a router is configured to belong to a VPN, the next hop or next hop gateway of the router can belong to the VPN instance or the public network. If the key word public is configured in the command, the next hop is the public network router.
all: deletes all unicast static routes in the VPN instance.
preference: specifies the priority of the router. The value is an integer ranging from 1 to 255.
Description Using the ip route-static vpn-instance command, you can configure a static unicast route for a VPN instance.
Using the undo ip route-static vpn-instance command, you can delete the static route of the VPN instance.
Example # Configure a default route and set its next hop to 129.102.0.2.
<Quidway> system-view
[Quidway] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 129.102.0.2
8 VPN Commands Quidway MA5200GCommand Reference
8-50 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.4.10 ip vpn-instance
Syntax ip vpn-instance vpn-instance-name
undo ip vpn-instance vpn-instance-name
View System view
Parameter vpn-instance-name: specifies the name of the VPN instance. It is a case sensitive string of 1 to 31 characters.
Description Using the ip vpn-instance command, you can create and configure a VPN instance. Using the undo ip vpn-instance command, you can delete the specified VPN instance.
By default, the VPN instance is not defined.
After creating the VPN instance, you can enter VPN instance view. The VPN instance is valid only when it is configured with a route distinguisher (RD).
For the related command, see route-distinguisher.
Example # Configure a VPN instance named vrf1.
<Quidway> system-view
[Quidway] ip vpn-instance vrf1
[Quidway-vpn-instance-vrf1]
8.4.11 mpls te vpn-binding vpn-instance
Syntax mpls te vpn-binding vpn-instance vpn-instance-name { behavior traffic-behavior-name | ip-precedence ip-precedence } [ bandwidth bandwidth ]
undo mpls te vpn-binding vpn-instance [ vpn-instance-name ]
View Tunnel interface view
Parameter vpn-instance-name: specifies the name of a VPN instance. It is a string of 1 to 31 characters.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-51
behavior traffic-behavior-name: applies the traffic behavior policy to the bound VPN instance. traffic-behavior-name indicates the traffic behavior name. It is a string in the range of 1 to 31.
ip-precedence ip-precedence: specifies the precedence of the IP packet for the bound VPN instance. ip-precedence refers to the precedence of the IP packet. It is an integer in the range of 0 and 7.
bandwidth bandwidth: sets the bandwidth for the bound VPN instance. bandwidth refers to the bandwidth value. It is an integer, whose range varies with the bandwidth of the tunnel interface, but its value cannot exceed the interface bandwidth.
Description Using the mpls te vpn-binding vpn-instance command, you can bind a specified VPN instance to an MPLS TE tunnel. You can use this command to configure a Resource Reserved VPN (RRVPN).
Using the undo mpls te vpn-binding vpn-instance command, you can unbind the VPN instance from the MPLS TE tunnel.
The mpls te vpn-binding vpn-instance command is valid only for the tunnel whose tunneling protocol is MPLS TE.
To validate the configuration, execute the mpls te commit command on the MPLS TE tunnel.
You cannot configure the commands mpls te reserved-for-binding and mpls te vpn-binding vpn-instance on a tunnel at the same time.
Example # Bind the VPN instance vpna to tunnel1/0/0, and then validate the configuration.
<Quidway> system-view
[Quidway] interface Tunnel1/0/0
[Quidway-Tunnel1/0/0] mpls te vpn-binding vpn-instance vpna ip-precedence 3
[Quidway-Tunnel1/0/0] mpls te commit
8.4.12 route-distinguisher
Syntax route-distinguisher route-distinguisher
View VPN instance view
Parameter route-distinguisher: specifies the value of the RD. It is a string of 3 to 21 characters.
8 VPN Commands Quidway MA5200GCommand Reference
8-52 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the route-distinguisher command, you can configure a particular VPN instance with a RD.
An RD is used to create routes and forwarding table for a VPN and specifies the default route identifier. By adding an RD to the beginning of a specified IPv4 prefix, you create a unique VPN IPv4 prefix. The purpose of the RD is solely to allow one to create distinct routes to a common IPv4 address prefix. RD is either associated with the AS number (ASN), and in this case, it is formed by an AS number and a random number; or associated with the IP address, and in this case, it is formed by an IP address and a random number.
There is no default value for RD. It must be configured as soon as the VPN instance is created.
A VPN instance will not become effective until RD is configured.
The RD has the following formats:
16-bit AS number (ASN): 32-bit user-defined number. For example, 101: 3. 32-bit IP address: 16-bit user-defined number. For example, 192.168.122.15: 1.
Example # Configure VPN instance vpn1 with a RD.
<Quidway> system-view
[Quidway] ip vpn-instance vpn1
[Quidway-vpn-instance-vpn1] route-distinguisher 22:1
8.4.13 routing-table limit
Syntax routing-table limit number { alert percent | simply-alert }
undo routing-table limit
View VPN instance view
Parameter number: specifies the maximum of routes allowed in a VPN instance. The value ranges from 1 to 2,000,000.
alert-percent: specifies the percentage of the maximum of routes. The value is an integer ranging from 1 to 100. When the number of routes reaches (number%alert-percent)/100, the system raises the alarm. You can continue to add routes to the routing table of the VPN instance. When the number of routes reaches the number the later routes are discarded.
simply-alert: indicates that when the maximum of routes allowed by a VPN instance exceeds the number, the system can still add routes to the routing table of the VPN instance and it raises an alarm. However, when total number of routes of private network and public network reaches the sum of unicast routes set in the specification file, the later VPN routes are discarded.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-53
The number of unicast routes allowed in a PE is limited in the license file. The total number of all routes in the private network or public network cannot exceed this limit. Otherwise, the route manager refuses to add the excessive routes and raises an alarm. This limit is not restricted by the parameter simply-alert.
Description Using the routing-table limit command, you can limit the maximum of routes in a VPN instance to avoid excessive imported routes on the PE router.
Using the undo routing-table limit command, you can cancel the limitation.
You are recommended to use this command with the peer route-limit command in BGP-VPN view. VPNv4 routes received by MBGP from the remote PE is stored in the VPNv4 routing table of BGP, and then added to the routing table of the VPN instance according to VPN target match relationship.
The routing-table limit command can prevent excessive route from being added to the routing table, but it cannot prevent MBGP from receiving excessive routes from other PEs, which consumes a lot of space of the VPNv4 routing table.
If EBGP runs between PE and CE, when the number of VPN routes exceeds the limit and the routes imported by EBGP cannot be added to the VPN routing table, the session with the peer is broken 30 seconds later, and PE and CE try to set up EBGP peer relationship again.
When the undo routing-table limit command is run, the system re-collects routes from CE and routes belonging to the VPN instance in the VPNv4 routing table, and then adds them to the VPN routing table.
The routing-table limit number simply-alert command is equivalent to the routing-table limit number 100 command.
By default, the maximum of routes is not limited. However, the number of unicast routes allowed by a PE is limited. The limit is stipulated in the license file and does not depend on the routing-table limit command.
Example # Limit the maximum route number in vpn1 to 1000.
<Quidway> system-view
[Quidway] ip vpn-instance vpn1
[Quidway-vpn-instance-vpn1] route-distinguisher 100:1
[Quidway-vpn-instance-vpn1] routing-table limit 1000 simply-alert
8.4.14 target
Syntax target { public | vpn-instance vpn-instance-name }
undo target { public | vpn-instance vpn-instance-name }
View Loopback interface view
8 VPN Commands Quidway MA5200GCommand Reference
8-54 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Parameter public: indicates that the destination VPN instance is a public network VPN instance.
vpn-instance: specifies the destination VPN instance.
vpn-instance-name: specifies the name of the destination VPN instance. It is a string of 1 to 31 characters.
Description Using the target command, you can configure the destination VPN instance on the loopback interface.
Using the undo target command, you can cancel the configuration.
This command is used to configure VPN mutual access. To configure VPN mutual access, you must configure a static route of the source VPN instance. The destination address is the network segment of the destination VPN (or public network instance), and the next hop is the loopback interface. Then you need to specify the destination VPN (or public network instance) on the loopback interface.
You can specify only one destination VPN (or public network instance) on a loopback interface. A VPN (or public network instance) can be specified on only one loopback interface.
By default, destination VPN is not configured on the loopback interface.
Example # Configure users in vpna to access the network segment 0.2.1.0/24.
<Quidway> system-view
[Quidway] interface loopback 2
[Quidway-LoopBack2] ip address 10.2.1.10 32
[Quidway-LoopBack2] quit
[Quidway] ip route-static vpn-instance vpna 10.2.1.1 24 LoopBack 2
[Quidway] interface loopback 2
[Quidway-LoopBack2] target vpn-instance vpnb
[Quidway-LoopBack2] quit
8.4.15 tnl-policy
Syntax tnl-policy policy-name
undo tnl-policy
View VPN instance view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-55
Parameter policy-name: specifies the name of the tunneling policy associated with the tunnel. It is a string of 1 to 19 characters.
Description Using the tnl-policy command, you can associate the current VPN instance with a tunneling policy.
Using the undo tnl-policy command, you dissociate VPN instance.
An application can use a tunnel policy when it selects tunnel from Tunnel Management Module in VPN. When the tunnel policy is created, a order for tunnel selection is defined. If there is no tunnel policy, the default order is used. That is, only LSP tunnel is selected.
For the related commands, see tunnel select-seq and tunnel-policy.
Example # Associate the VPN instance vpn2 with a tunnel policy po1.
<Quidway> system-view
[Quidway] tunnel-policy po1
[Quidway-tunnel-policy-po1] tunnel select-seq lsp load-balance-number 1
[Quidway-tunnel-policy-po1] quit
[Quidway] ip vpn-instance vpn2
[Quidway-vpn-instance-vpn2] route-distinguisher 22:33
[Quidway-vpn-instance-vpn2] tnl-policy po1
8.4.16 vpn-target
Syntax vpn-target vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ]
undo vpn-target { all | vpn-target &<1-8> [ both | export-extcommunity | import-extcommunity ] }
View VPN instance view
Parameter import-extcommunity: imports routing information containing the specified extended community attribute value.
export-extcommunity: specifies the extended community attribute value of the routing information to the destination VPN.
both: adds the VPN target attribute to the inbound and outbound extended community list of the VPN instance.
8 VPN Commands Quidway MA5200GCommand Reference
8-56 Huawei Technologies Proprietary Issue 02 (2007-06-30)
vpn-target: adds VPN target extended community attribute to the inbound or outbound VPN target extended community list of the VPN instance and specifies the RT value. It is a string of 3 to 21 characters. You can use any of the following formats to represent the RT value.
16-bit AS number: 32-bit user-defined number 32-bit IP address: your 16-bit user-defined number
Description Using the vpn-target command, you associate a particular VPN instance with one or more VPN-targets.
Using the undo vpn-target command, you can delete VPN-target(s) associated with a particular VPN instance.
There is no default value for VT. It must be configured as soon as the VPN instance is created.
When a PE sends a route to another PE, according to a VPN instance, it will attach some VTs to this route, and, these VTs are called Export VPN-target. When a PE receives a route from another PE, depending on some VTs, it can determine if this route can be accepted by a VPN instance, and, these VTs are called Import VPN-target. By using VT, you can control the route propagation among the nodes.
Example # Associate the current VPN instance with vpn-target.
<Quidway> system-view
[Quidway] ip vpn-instance vrf1
[Quidway-vpn-instance-vrf1] vpn-target 3:3 export-extcommunity
[Quidway-vpn-instance-vrf1] vpn-target 4:4 import-extcommunity
[Quidway-vpn-instance-vrf1] vpn-target 5:5 both
8.5 MPLS L2VPN Configuration Commands 8.5.1 ccc interface in-label out-label
Syntax ccc ccc-connection-name interface interface-type1 interface-number1 in-label in-label-value out-label out-label-value { nexthop nexthop | out-interface interface-type2 interface-number2 } [ control-word | no-control-word ]
undo ccc ccc-connection-name
View System view
Parameter ccc-connection-name: specifies the name of the CCC connection. It uniquely identifies a CCC connection on PE. The value is a string of 1 to 20 characters.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-57
interface-type1 interface-number1: specifies the type and number of the interface connected to the first CE.
in-label-value: specifies the incoming label. The value is an integer ranging from 16 to 1023.
out-label-value: specifies the outgoing label. The value is an integer ranging from 16 to 1023.
nexthop nexthop: specifies the IP address of the next hop.
interface-type2 interface-number2: specifies the type and number of the interface connected to the second CE.
out-interface: specifies the outgoing interface.
control-word: enables the control word feature.
no-control-word: disable the control word feature.
Description Using the ccc interface in-label out-label command, you can create a remote CCC connection between CEs connected to different PEs.
Using the undo ccc command, you can delete the CCC connection.
The ccc interface in-label out-label command has to be configured in both the PE routers. The connection name is used to identify the CCC connection in a PE router. It can be different on the two PE routers.
When P is connected to PEs, you must configure a static LSP between PE and PE. The incoming label of the first PE is outgoing label of the second PE, and outgoing label of the first PE router is incoming label of the second PE.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
If the outgoing interface is a broadcast interface, such as GE, you need to use the nexthop parameter to specify the IP address of the next hop. When configuring static LSP on P, you must specify the IP address of the next hop if the out going interface is a broadcast interface.
For the related command, see display ccc.
Example # Create a remote CCC connection between CEs connected to different PE routers.
<Quidway1> system-view
[Quidway1] ccc ccc-connection-1 interface pos 1/0/0 in-label 100 out-label 200
out-interface pos 2/0/0
<Quidway2> system-view
[Quidway2] ccc ccc-connection-1 interface pos 2/0/0 in-label 200 out-label 100
out-interface pos 1/0/0
[Quidway1] ccc ccc-connection-2 interface pos 3/0/0 in-label 300 out-label 400 nexthop
20.1.1.2
8 VPN Commands Quidway MA5200GCommand Reference
8-58 Huawei Technologies Proprietary Issue 02 (2007-06-30)
[Quidway2] ccc ccc-connection-2 interface pos 4/0/0 in-label 400 out-label 300 nexthop
20.1.1.1
8.5.2 ccc interface out-interface
Syntax ccc [ ip-interworking ] ccc-connection-name interface interface-type1 inteface-number1 out-interface interface-type2 inteface-number2
undo ccc ccc-connection-name
View System view
Parameter ccc-connection-name: specifies the name of a CCC connection. It uniquely identifies a CCC connection on a PE. It is a string of 1 to 20 characters.
ip-interworking: enables interworking of different media on the local CCC connection.
interface-type1 interface-number1: specifies the type and number of the interface connected to the first CE.
interface-type2 interface-number2: specifies the type and number of the interface connected to the second CE.
Description Using the ccc interface out-interface command, you can create a local CCC connection between two CEs connected to the same PE.
Using the undo ccc command, you can delete the CCC connection.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
For the related command, see display ccc.
Example # Create a local CCC connection between two CEs connected to the same PE.
<Quidway> system-view
[Quidway] ccc ccc-connect-1 interface pos 1/0/0 out-interface pos 2/0/0
8.5.3 ce
Syntax ce ce-name [ id ce-id [ range ce-range ] [ default-offset ce-offset ] ]
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-59
undo ce ce-name
View MPLS-L2VPN view
Parameter ce-name: specifies a unique CE name in current VPN of the PE. It is a string of 1 t 20 characters.
ce-id: specifies CE ID in a VPN. The value is an integer ranging from 0 to 249.
ce-range: specifies the maximum number of CEs that can be connected to a PE. The value is an integer ranging from 1 to 250, and the default value is 10.
ce-offset: specifies the default original CE offset. It can be 0 or 1. The default value is 0.
Description Using the ce command, you can create a CE in a VPN. The CE ID identifies the CE.
Using the undo ce command, you can delete the CE.
You can execute the ce ce-name command to enter MPLS-L2VPN-CE view.
Before configuring the ce command on PE, you must configure the router distinguisher (RD) of the L2VPN instance.
Example # Create a CE inside a VPN.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1 encapsulation ethernet
[Quidway-mpls-l2vpn-vpn1] route-distinguisher 100:1
[Quidway-mpls-l2vpn-vpn1] ce ce1 id 1
8.5.4 connection ce-offset
Syntax connection [ ce-offset id ] interface interface-type interface-number [ tunnel-policy policy-name ] [ raw | tagged ]
undo connection ce-offset id
View MPLS-L2VPN-CE view
Parameter interface-type interface-number: specifies the type and number of the interface connected to the CE. The encapsulation type must be the same as that of the VPN it belongs to.
8 VPN Commands Quidway MA5200GCommand Reference
8-60 Huawei Technologies Proprietary Issue 02 (2007-06-30)
id: specifies the ID of the remote CE connected to the L2VPN. The value must be smaller than ce-range. For the configuration of ce-range, see the ce command.
policy-name: specifies the tunneling policy for VC. It is a string of 1 to 19 characters.
raw: removes the VLAN tag.
tagged: adds VLAN tag.
Description Using the connection ce-offset command, you can create a Kompella connection.
Using the undo connection ce-offset command, you can delete the Kompella connection.
You need to specify the remote CE ID and local CE Interface when creating the Kompella connection. If no tunnel policy name is specified, the default policy, which selects LSP with load balance number 1, is taken. If tunnel policy name is specified, but the policy is not yet configured, the default policy is used.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
Example # Create a Kompella connection.
<Quidway1> system-view
[Quidway1] mpls l2vpn l2vpn1
[Quidway1-mpls-l2vpn-l2vpn1] ce ce1
[Quidway1-mpls-l2vpn-l2vpn1-ce-ce1] connection ce-offset 2 interface pos 1/0/0
<Quidway2> system-view
[Quidway2] mpls l2vpn l2vpn1
[Quidway2-mpls-l2vpn-l2vpn1] ce ce2
[Quidway2-mpls-l2vpn-ce-ce2] connection ce-offset 1 interface pos 2/0/0
8.5.5 debugging mpls l2vpn
Syntax debugging mpls l2vpn { all | advertisement | download | error | event | timer | connections [ interface interface-type interface-number ] | vpls_fid | vpls_mid }
undo debugging mpls l2vpn { all | advertisement | download | error | event | timer | connections [ interface interface-type interface-number ] | vpls_fid | vpls_mid }
View User view
Parameter all: enables the debugging of all the L2VPNs.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-61
advertisement: enables the debugging of L2VPN BGP or L2VPN LDP advertisement information.
download: enables the debugging of the process of delivering data to the agent.
error: enables the debugging of L2VPN errors.
event: enables the debugging of L2VPN events.
timer: enables the debugging of the timer.
connections: enables the debugging of L2VPN connection.
vpls_fid: enables the debugging of L2VPN VPLS FIB.
vpls_mid: enables the debugging of L2VPN VPLS MID.
Description Using the debugging mpls l2vpn command, you can enable debugging of L2VPN.
Using the undo debugging mpls l2vpn command, you can disable the L2VPN debugging.
By default, the debugging is disabled.
Example # Enable debugging of all L2VPNs.
<Quidway> debugging mpls l2vpn all
8.5.6 display bgp 12vpn
Syntax display bgp l2vpn { all | group [ group-name ] | peer [ peer-ip-address verbose | verbose] | route-distinguisher route-distinguisher [ ce-id ce-id [ label-offset offset-value ] ] }
View All views
Parameter all: displays the information about all BGP L2VPNs.
group group-name: displays the information about the specified peer group. group-name specifies the name of the peer group. It is a string of 1 to 47 characters.
peer peer-ip-address: displays the information about the specified BGP L2VPN peer. ip-address specifies the IPv4 address of the peer.
verbose: displays the detailed information.
route-distinguisher route-distinguisher: specifies the remote RD. The route-distinguisher parameter is a string of 3 to 21 characters. For the configuration of route-distinguisher, see the route-distinguisher command.
8 VPN Commands Quidway MA5200GCommand Reference
8-62 Huawei Technologies Proprietary Issue 02 (2007-06-30)
ce-id ce-id: displays the information about the BGP L2VPN on the remote PE with the specified CE ID. The value of ce-id is an integer ranging from 0 to 65,535.
label-offset offset-value: specifies label offset value. The value of offset-value is an integer ranging from 0 to 65,535.
Description Using the display bgp l2vpn command, you can display the connection of the Kompella MPLS L2VPN.
Example # Display all information about BGP L2VPNs.
<PE> display bgp l2vpn all
BGP Local router ID : 1.1.1.9, local AS number : 100
Origin codes:i - IGP, e - EGP, ? - incomplete
bgp.l2vpn: 1 destination
Route Distinguisher: 100:1
CE ID Label Offset Label Base nexthop pref as-path
2 0 19456 3.3.3.9 100
# Display the detailed information about the peer 3.3.3.9 of BGP L2VPN.
<PE> display bgp l2vpn peer 3.3.3.9 verbose
Peer: 3.3.3.9 Local: 1.1.1.9
Type: IBGP link
BGP version 4, remote router ID 3.3.3.9
BGP current state: Established, Up for 00h11m42s
BGP current event: KATimerExpired
BGP last state: OpenConfirm
Port: Local - 4910 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time:60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec
Peer optional capabilities:
Peer support bgp multi-protocol extended
Peer support bgp route refresh capability
Address family IPv4 Unicast: advertised and received
Address family L2VPN: advertised and received
Received: Total 19 messages, Update messages 3
Sent: Total 18 messages, Update messages 4
Minimum time between advertisement runs is 15 seconds
Optional capabilities:
Route refresh capability has been enabled
Connect-interface has been configured
Peer Preferred Value: 0
Routing policy configured:
No routing policy is configured
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-63
Table 8-8 Description of the output the display bgp l2vpn peer peer-ip-address command
Item Description
Peer BGP peer
Type Type of the BGP peer relationship, which can be IBGP or EBGP
BGP version Version of the BGP protocol
remote router ID Router ID for the L2VPN instance of the peer
BGP current state Current state of the BGP peer
BGP current event Current state machine event of the BGP peer
BGP last state Last state of the BGP peer
Port Port number
8.5.7 display ccc
Syntax display ccc [ ccc-name | type { local | remote } ]
View All views
Parameter ccc-name: specifies the name of a CCC connection. It is a string of 1 to 20 characters.
type: specifies the type the CCC connection.
local: displays the local CCC connection.
remote: displays the remote CCC connection.
Description Using the display ccc command, you can display the information about a CCC connection. If the name or type of the connection is not specified, the information about all CCC connections is displayed.
For the related commands, see ccc interface in-label out-label and ccc interface out-interface
Example # Display the information about a specified CCC connection.
<Quidway> display ccc c1
name: c1, type: remote, state: down,
8 VPN Commands Quidway MA5200GCommand Reference
8-64 Huawei Technologies Proprietary Issue 02 (2007-06-30)
intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , nexthop: 20.1.1.1
# Display the information about all CCC connections.
<Quidway> display ccc
total ccc vc : 1
local ccc vc : 0, 0 up
remote ccc vc : 1, 0 up
name: c1, type: remote, state: down,
intf: Pos1/0/0 (up), in-label: 100 , out-label: 200 , nexthop: 20.1.1.1
# Display the information about all local CCC connections.
<Quidway> display ccc type local
name: c2, type: local, state: up,
intf1: Pos3/0/0 (up), intf2: Pos3/0/1 (up)
8.5.8 display l2vpn ccc-interface vc-type
Syntax display l2vpn ccc-interface vc-type { all | ccc-type } [ up | down ]
View All views
Parameter all: displays all interfaces encapsulated by CCC.
ccc-type: specifies the type of interface encapsulation in the CCC connection. The value can be bgp-vc, ccc, ldp-vc, rsvp-vc, static-vc or vpls-vc.
up: displays all interfaces in Up state.
down: displays the CCC interfaces in Down state.
Description Using the display l2vpn ccc-interface vc-type command, you can display the interface used to form the VC in L2VPN.
Example # Display the VC of L2VPN.
<Quidway> display l2vpn ccc-interface vc-type all
Total ccc-interface of CCC VC: 1
up (1), down (0)
Interface Encap Type State VC Type
Pos1/0/0 ppp up CCC
<Quidway> display l2vpn ccc-interface vc-type bgp-vc
Total ccc-interface of BGP VC: 1
up (1), down (0)
Interface Encap Type State VC Type
Pos3/0/0 ppp up bgp-vc
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-65
8.5.9 display local-ce mac
Syntax display local-ce mac [ interface-type interface-number ]
View All views
Parameter interface-type: specifies the interface type. The interface type can be Ethernet Gigabit Ethernet, or Eth-trunk interface.
interface-number: specifies the interface number.
Description Using the display local-ce mac command, you can view information about MAC and VLAN ID of local CE connected to the Ethernet interface encapsulated as interworking-type L2VPN.
The information of all such interfaces will be output with no interface specified.
For the related commands, see local-ce mac and local-ce ip.
Example # Display the MAC information of all the Ethernet interfaces encapsulated as ip-interworking-type L2VPN.
<Quidway> display local-ce mac
INTERFACE MAC ADDRESS EXPIRE TYPE VLAN PVC IP ADDRESS
----------------------------------------------------------------
Eth12/2/0.1 00e0-fc20-b3a6 S
Eth12/2/0.2 ffff-ffff-ffff B
Eth12/2/0.7 00e0-fc20-b3a6 8 D 7
-----------------------------------------------------------------
Total:3 Dynamic:1 Static:1 Broadcast:1 197.1.1.1
Table 8-9 Description of the output the display local-ce mac command
Item Description
INTERFACE The name of the Ethernet interface encapsulated as the interworking-type l2vpn
MAC ADDRESS The MAC address of the local CE
EXPIRE The aging time in minute
TYPE S: static; D: dynamic; B: broadcast
VLAN The VLAN ID
PVC The VPI and VCI of the ATM interface
8 VPN Commands Quidway MA5200GCommand Reference
8-66 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Item Description
IP ADDRESS The IP address of the local CE learnt dynamically
8.5.10 display mpls l2vc
Syntax display mpls l2vc [ interface interface-type interface-number | remote-info [vc-id ] | vc-id ]
View All views
Parameter interface: specifies the interface connected to CE.
interface-type interface-number: specifies the type and number of the interface connected to CE.
remote-info: displays the information about the Martini VC received from the peer.
vc-id: specifies the ID of the layer 2 virtual circuit. The value is an integer ranging from 1 to 4,294,967,295.
Description Using the display mpls l2vc command, you can display the entire Martini mode VCs configured on the router.
If an interface is specified, only the Martini VC on the specified CE interface is displayed.
For the related command, see mpls l2vc.
Example # Display all the Martini VCs configured on the router.
<Quidway> display mpls l2vc
Total ldp vc : 1 0 up 1 down
*Client Interface : Atm6/0/0
Session State : up
AC Status : up
VC State : up
VC ID : 100
VC Type : ip-interworking
Destination : 3.3.3.9
Local VC Label : 17408
Remote VC Label : 17409
Control Word : Disable
Local VC MTU : 1500
Romete VC MTU : 1000
Tunnel Policy Name : --
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-67
Traffic Behavior Name: --
PW Template Name : --
Create time : 0 days, 0 hours, 0 minutes, 23 seconds
UP time : 0 days, 0 hours, 0 minutes, 23 seconds
Last change time : 0 days, 0 hours, 0 minutes, 23 seconds
Table 8-10 Description of the output the display mpls l2vc command
Item Description
Total ldp vc Number of created LDP VCs with remote labels
Client Interface Client interface
Session State State of the LDP session
AC Status State of the attachment circuit
VC State State of the VC
VC ID VC ID, which uniquely identifies a VC
VC Type Encapsulation type of VC
Destination Destination address
Local VC Label Local VC label
Remote VC Label Remote local label
Control Word State of the control word feature (enabled or disabled)
Local VC MTU MTU of the local VC interface
Remote VC MTU MTU of the remote VC interface
Tunnel Policy Name Name of the tunneling policy
Traffic Behavior Name Name of the traffic behavior
PW Template Name Name of the PW template
Create time Time passed after the VC is created
UP time Time during which the VC is Up
Last change time Time passed after the last state change of the VC
# Display all the Martini VC of the CE connected with POS1/0/0 on the router.
<Quidway> display mpls l2vc interface pos 1/0/0
*Client Interface : Atm6/0/0 is up
Session State : up
AC State : up
VC State : up
VC ID : 100
VC Type : ip-interworking
Destination : 3.3.3.9
Local Group ID : 0
8 VPN Commands Quidway MA5200GCommand Reference
8-68 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Remote Group ID : 0
Local VC Label : 17408
Remote VC Label : 17408
Local VC MTU : 1500
Romete VC MTU : 1500
Local VCCV : Disable
Remote VCCV : Disable
Local Frag : Disable
Remote Frag : Disable
Local Ctrl Word : Disable
Remote Ctrl Word : Disable
Tunnel Policy : --
Traffic Behavior : --
PW Template Name : --
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x6002002
Create time : 0 days, 0 hours, 0 minutes, 23 seconds
UP time : 0 days, 0 hours, 0 minutes, 23 seconds
Last change time : 0 days, 0 hours, 0 minutes, 23 seconds
# Display Martini VC information received from the remote peer.
<Quidway> display mpls l2vc remote-info
Total remote ldp vc : 1
Transport Group Peer Remote Remote C MTU/ N S
VC ID ID Addr Encap VC Label Bit CELLS Bit Bit
100 0 3.3.3.9 interworking 17408 0 1500 1 0
Table 8-11 Description of the output the display mpls l2vc remote-info command
Item Description
Total remote ldp vc Number of created LDP VC with route labels
Transport VC ID ID of the transported VC, which uniquely identifies a VC
Group ID Encapsulation type of the L2VPN
Peer Addr Address of the peer
Remote Encap VC encapsulation mode of the peer
Remote VC label VC label of the peer
C Bit Whether control word feature is supported, value 1 indicates that the feature is supported, 0 indicates that is it not supported
Mtu/CELLS MTU of the L2VPN
N Bit Whether Notification packet is supported, value 1 indicates that the packet is supported, 0 indicates that is it not supported
S Bit Status code, the value 0 indicates forwarding status, and 1 indicates non-forwarding status
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-69
8.5.11 display mpls l2vpn
Syntax display mpls l2vpn [ vpn-instance-name [ local-ce | remote-ce ] ]
View All views
Parameter vpn-instance-name: specifies the VPN name. It is a string of 1 to 31 characters. If the VPN name is not specified, then all the VPN information is displayed.
local-ce: displays the configuration and states of all the local CEs on the specified VPN.
remote-ce: displays the configuration and states of all the remote CEs on the specified VPN.
Description Using the display mpls l2vpn command, you can view all the L2VPN information on the PE.
Example # Display all the VPNs configured on the PE.
<Quidway> display mpls l2vpn
VPN number: 1
vpn-name encap-type route-distinguisher mtu ce(L) ce(R)
vpn1 ppp 100:1 128 1 1
Table 8-12 Description of the output the display mpls l2vpn command
Item Description
VPN number Number of crated L2VPN instances
vpn-name Name of the created VPN instance
encap-type Encapsulation type of the L2VPN
route-distinguisher RD of the L2VPN
mtu MTU of the L2VPN
ce(L) Number of local CE connections, "L" indicates "local"
ce(R) Number of remote CE connections, "R" indicates "remote"
# Display the information about L2VPN vpn1.
< Quidway> display mpls l2vpn vpn1
VPN name: vpn1, encap type: interworking, local ce number(s): 1, remote ce number
r(s): 1
8 VPN Commands Quidway MA5200GCommand Reference
8-70 Huawei Technologies Proprietary Issue 02 (2007-06-30)
route distinguisher: 100:1, MTU: 128
import vpn target: 1:1,
export vpn target: 1:1,
remote vpn site(s) :
no. remote-pe-id route-distinguisher
1 3.3.3.9 100:1
Table 8-13 Description of the output the display mpls l2vpn vpn-instance-name command
Item Description
VPN number Number of crated L2VPN instances
encap-type Encapsulation type of the L2VPN
local ce number(s) Number of local CE connections
remote ce number(s) Number of remote CE connections
route-distinguisher RD of the L2VPN
import vpn target VPN target attribute received
export vpn target VPN target attribute sent
# Display the information about the local CE on L2VPN vpn1.
<Quidway> display mpls l2vpn vpn1 local-ce
ce-name ce-id range conn-num LB
ce1 1 10 0 19456/0/10
Table 8-14 Description of the output the display mpls l2vpn vpn-instance-name local-ce command
Item Description
ce-name Name of the CE
ce-id Defined CE ID, which uniquely identifies a CE
range Range of the local CE, which indicates the number of CEs that the local CE can be connected to
conn-num Number of crated connections, namely, number of CEs the local CE connected to
LB Label block distributed for a connection
# Display the information about the remote CE on L2VPN vpn1.
<Quidway> display mpls l2vpn vpn1 remote-ce
no. ce-id peer-id route-distinguisher LB
1 2 3.3.3.9 100:1 19456/0/10
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-71
Table 8-15 Description of the output the display mpls l2vpn vpn—instance name remote-ce command
Item Description
no Index number of the CE
ce-id Defined CE ID, which uniquely identifies a CE
route-distinguisher RD of L2VPN
Label block
8.5.12 display mpls l2vpn { export-route-target-list | import-route-target-list }
Syntax display mpls l2vpn { export-route-target-list | import-route-target-list }
View All views
Parameter export-route-target-list: indicates the list of export route targets.
import-route-target-list: indicates the list of import route targets.
Description Using the display mpls l2vpn command, you can view the BGP VPN route target list.
Example # Display BGP VPN target list.
<Quidway> display mpls l2vpn import-route-target-list
import vpn target list: 744:7 745:7 746:7 888:8
<Quidway> display mpls l2vpn export-route-target-list
export vpn target list: 755:7 888:8
8.5.13 display mpls l2vpn connection
Syntax display mpls l2vpn connection vpn-name [ remote-ce ce-id | down | up | verbose ]
display mpls l2vpn connection [ summary | interface interface-type interface-number ]
8 VPN Commands Quidway MA5200GCommand Reference
8-72 Huawei Technologies Proprietary Issue 02 (2007-06-30)
View All views
Parameter vpn-name: specifies the VPN name. It is a string of 1 to 31 characters.
remote-ce ce-id: specifies CE with remote connection information to be displayed. ce-id is an integer in the range of 0–249.
down: displays the connections that are Down. If down or up is not specified, the verbose information about these two connections is displayed.
up: displays the connections that are Up. If down or up is not specified, the verbose information about these two connections is displayed.
verbose: displays detailed information of a connection. It is valid only when all the connections of VPN are displayed.
summary: displays summarized information about the connections.
interface interface-type interface-number: displays the type and number of the specified interface.
Description Using the display mpls l2vpn connection command, you can view L2VPN connections in Kompella mode.
Example # Display all L2VPN connections in Kompella mode.
<Quidway> display mpls l2vpn connection
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher intf
2 rmt up 3.3.3.9 100:1 Pos3/0/0
# Display L2VPN connections in Kompella mode on the VPN named vpn1.
<Quidway> display mpls l2vpn connection vpn1
VPN name: vpn1,
1 total connections,
connections: 1 up, 0 down, 0 local, 1 remote, 0 unknown
CE name: ce1, id: 1,
Rid type status peer-id route-distinguisher intf
2 rmt up 3.3.3.9 100:1 Pos3/0/0
# Display L2VPN connections in Kompella mode on POS3/0/0.
<Quidway> display mpls l2vpn connection interface pos 3/0/0
conn-type: remote, local vc state: up, remote vc state: up,
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-73
local ce-id: 1, local ce name: ce1, remote ce-id: 2,
intf(state,encap): Pos3/0/0(up,ppp),
peer id: 3.3.3.9, route-distinguisher: 100:1,
local vc label: 19456, remote vc label: 19456,
tunnel policy: policy1
tunnel type: lsp , id: 0x6002018
# Display the summarized information of L2VPN connections in Kompella mode.
<Quidway> display mpls l2vpn connection summary
1 total connections,
connections: 1 up, 0 down , 0 local, 1 remote, 0 unknown
No. vpn-name local-num remote-num unknown-num up-num total-num
1 vpn1 0 1 0 1 1
8.5.14 display mpls l2vpn forwarding-info
Syntax display mpls l2vpn forwarding-info [ vc-label ] interface interface-type interface-number [ | { begin | exclude | include } text ]
View All views
Parameter vc-label: specifies the VC label of L2VPN. The value is an integer ranging from 16 to 1,048,575.
interface interface-type interface-number: specifies the type and number of the interface.
| : matches the output through the regular expression.
begin: displays all the lines beginning with the regular expression text.
exclude: displays the lines not containing l the regular expression text.
include: displays the lines containing the regular expression text.
text: specifies the regular expression.
Description Using the display mpls l2vpn forwarding-info command, you can view MPLS L2VPN forwarding information.
Example # Display forwarding information of MPLS L2VPN.
<Quidway> display mpls l2vpn forwarding-info interface pos 3/0/0
VCLABEL TUNNELTYPE ENTRYTYPE CTLWORD CC CV TUNNELID
--------------------------------------------------------
19457 LSP SEND FALSE 0 0 0x6002018
1 Record(s) Found.
8 VPN Commands Quidway MA5200GCommand Reference
8-74 Huawei Technologies Proprietary Issue 02 (2007-06-30)
<Quidway> display mpls l2vpn forwarding-info 19457 interface pos 3/0/0
VCLABEL TUNNELTYPE ENTRYTYPE CTLWORD CC CV TUNNELID
--------------------------------------------------------
19457 LSP SEND FALSE 0 0 0x6002018
1 Record(s) Found.
8.5.15 display mpls static-l2vc
Syntax display mpls static-l2vc [ interface interface-type interface-number | vc-id | state { up | down}]
View All views
Parameter interface interface-type interface-number: specifies the type and number of the interface.
vc-id: specifies the ID of a layer 2 virtual circuit. It is an integer in the range of 1–4,294,967,295.
state{ up | down }: displays the information of a Up or Down VC.
Description Using the display mpls static-l2vc command, you can display all the static VCs configured on the router. If the interface name is specified, the static VC on the specified CE interface (the one connected to CE) is displayed.
Example # Display the static VC configured on the router.
<Quidway> display mpls static-l2vc
total connections: 1, 1 up, 0 down
ce-intf state destination tr-label rcv-label tnl-policy
Pos3/0/0 up 3.3.3.9 100 200 policy1
# Display the static VC configured on the interface POS 3/0/0.
<Quidway> display mpls static-l2vc interface pos 3/0/0
CE-interface: Pos3/0/0 is up, VC State: up, Destination: 3.3.3.9,
Transmit-vpn-label: 100, Receive-vpn-label: 200, Tunnel Policy: policy1
Tunnel Type: lsp , ID: 0x226013
8.5.16 l2vpn-family
Syntax l2vpn-family
undo l2vpn-family
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-75
View BGP view
Parameter None
Description Using the l2vpn-family command, you can enter extended address family view of BGP L2VPN.
Using the undo l2vpn-family command, you can delete the configuration of the extended address family.
Example # Enter L2VPN extended address family view.
<Quidway> system-view
[Quidway] bgp 100
[Quidway-bgp] l2vpn-family
[Quidway-bgp-af-l2vpn]
8.5.17 local-ce ip
Syntax local-ce ip ip-address
undo local-ce ip
View Ethernet interface view
Parameter ip-address: specifies the IP address of the GE primary interface or sub-interface of the CE that connected to the local interface.
Description Using the local-ce ip command, you can configure the PE with the IP address of the GE interface on the CE connecting the PE.
Using the undo local-ce ip command, you can delete the configuration.
If there is neither static MAC address configured by the local-ce mac command, nor dynamic MAC address learnt from CE, when PC sends to CE the IP messages which are received through the L2VPN channel, the PC takes the static IP address as its destination IP address to send the ARP request messages.
8 VPN Commands Quidway MA5200GCommand Reference
8-76 Huawei Technologies Proprietary Issue 02 (2007-06-30)
By default, 20 minutes later, the learnt dynamic MAC address determines whether to delete the ARP entry by detecting whether the EC still exists.
For the related command, see display local-ce mac.
Example # Configure the IP address of the CE primary interface connected to GE 1/0/0 to 197.1.1.1.
<Quidway> system-view
[Quidway] interface GigabitEthernet1/0/0
[Quidway-GigabitEthernet1/0/0] local-ce ip 197.1.1.1
8.5.18 local-ce mac
Syntax local-ce mac mac-address
undo local-ce mac
View Ethernet interface view
Parameter mac-address: specifies the MAC address of the Ethernet primary interface or sub-interface connected to the local interface.
Description Using the local-ce mac command, you can configure the PE with the MAC address of the Ethernet primary interface or sub-interface on the CE connecting the PE.
Using the undo local-ce mac command, you can delete the configuration.
The MAC address is used when the PE sends messages to the CE. After the configuration, all the IP packets received from L2VPN channel are encapsulated in such configured static MAC to send to CE.
For the sub-interface, the VLAN ID being encapsulated is the minimum local VLAN ID.
For the related command, see display local-ce mac.
Example # Configure MAC address of the CE primary interface connected to GE1/0/0 to 00e0-fc20-b3a8.
<Quidway> system-view
[Quidway] interface GigabitEthernet1/0/0
[Quidway-GigabitEthernet1/0/0] local-ce mac 00e0-fc20-b3a8
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-77
8.5.19 local-ce mac broadcast
Syntax local-ce mac broadcast
undo local-ce mac broadcast
View Ethernet interface view
Parameter None
Description Using the local-ce mac broadcast command, you can enable broadcast on the Ethernet primary interface or sub-interface connected to CE on PE.
Using the undo local-ce mac broadcast command, you can cancel the configuration.
After the local-ce mac broadcast command is configured, when the PE sends IP packets to the CE, if there is no static or dynamic MAC address of the local CE, and there is no Ethernet interface address of the CE connected with the PE, the PE takes the broadcast address as destination MAC address.
For the sub-interface, the VLAN ID being encapsulated is the minimum local VLAN ID.
For the related command, see display local-ce mac.
Example # Enable broadcast on GE 1/0/0.1.
<Quidway> system-view
[Quidway] interface GigabitEthernet1/0/0.1
[Quidway-GigabitEthernet1/0/0.1] local-ce mac broadcast
8.5.20 mpls l2vc
Syntax mpls l2vc dest-ip-addr vc-id [ [ control-word | no-control-word ] | [ ip-interworking | raw | tagged ] | tunnel-policy policy-name | ip-layer2 ] *
undo mpls l2vc
View Interface view
8 VPN Commands Quidway MA5200GCommand Reference
8-78 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Parameter Dest-ip-address: specifies the IP address of the peer PE.
vc-id: specifies the VC ID of the L2VPN connection. The value is an integer ranging from 1 to 4,294,967,295.
policy-name: specifies the tunneling policy for a VC. It is a string of 1 to 19 characters.
control-word: enables the control word option.
no-control-word: disables the control word option.
raw: removes the VLAN tag.
tagged: adds the VLAN tag.
ip-interworking: enables MPLS L2VPN IP interworking.
ip-layer2: it is selected when the MA5200G interworks with the devices from other vendors.
Description Using the mpls l2vc command, you can create a Martini L2VPN connection.
Using the undo mpls l2vc command, you can delete the Martini L2VPN connection.
To create a Martini connection, you must specify the IP address of the destination PE and VC ID. The command has to be configured in the PE routers with the same VC ID.
If the tunnel policy name is not specified, the default policy is used. The default policy adopts LSP, and the number of tunnel sharing the load is 1. If tunnel policy name is specified, but the policy is not configured, the default policy is used.
By default, control word is enabled for ATM and Frame Relay encapsulation. For all other encapsulations, it is disabled.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
For the related command, see display mpls l2vc.
Example # Create a Martini connection.
<Quidway> system-view
[Quidway] interface pos 2/0/0
[Quidway1-Pos2/0/0] mpls l2vc 2.2.2.9 999
# Delete the Martini connection.
<Quidway> system-view
[Quidway] interface pos 2/0/0
[Quidway1-Pos2/0/0] undo mpls l2vc
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-79
8.5.21 mpls l2vpn
Syntax mpls l2vpn
undo mpls l2vpn
View System view
Parameter None
Description Using the mpls l2vpn command, you can enable L2VPN. All other L2VPN commands can be configured only after L2VPN is enabled through this command.
Using the undo mpls l2vpn command, you can disable L2VPN and delete all the L2VPN configurations.
Example # Enable L2VPN.
<Quidway> system-view
[Quidway] mpls l2vpn
8.5.22 mpls l2vpn vpn-name
Syntax mpls l2vpn vpn-name [ encapsulation { ethernet | hdlc | ppp | vlan | ip-interworking | atm-aal5-sdu } [ control-word | no-control-word ] ]
undo mpls l2vpn [ vpn-name ]
View System view
Parameter vpn-name: specifies a unique VPN name on PE. It is a string of 1 to 31 characters.
encapsulation: indicates the encapsulation types. The value can be Ethernet, hdlc, ppp, vlan, ip-interworking, or atm-aal5-sdu.
control-word: enables the feature of control word.
no-control-word: disables the feature of control word.
8 VPN Commands Quidway MA5200GCommand Reference
8-80 Huawei Technologies Proprietary Issue 02 (2007-06-30)
ip-interworking: enables interworking of Kompella L2VPN.
Description Using the mpls l2vpn command, you can create a Kompella VPN. The name must be specified and used to identify the VPN on the PE router. You must specify the encapsulation mode; otherwise, the VPN cannot be set up. The encapsulation mode must match the encapsulation type of the CE Interfaces.
Using the undo mpls l2vpn command, you can delete the corresponding VPN.
Example # Create a VPN in Kompella mode.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1 encapsulation ppp
[Quidway-mpls-l2vpn-vpn1]
# Enter MPLS-L2VPN view.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1
[Quidway-mpls-l2vpn-vpn1]
# Delete the related VPN.
<Quidway> system-view
[Quidway] undo mpls l2vpn vpn1
8.5.23 mpls static-l2vc
Syntax mpls static-l2vc destination dest-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking ]
undo mpls static-l2vc
View Interface view
Parameter dest-router-id: specifies the ID of the destination router.
transmit-label-value: specifies the label value for transmitting VPN. The label is a static layer 2 outgoing label. The value is an integer ranging from 16 to 1023.
receive-label-value: specifies the label value for receiving VPN. The label is a static layer 2 incoming label. The value is an integer ranging from 16 to 1023.
policy-name: specifies the tunneling policy name. it is a string of 1 to 19 characters.
control-word: enables the feature of control word.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-81
no-control-word: disables the feature of control word
raw: removes the VLAN label.
tagged: adds the VLAN label.
ip-interworking: enables interworking of Martini L2VPN IP.
Description Using the mpls static-l2vc destination command, you can create a static VC connection between CEs connected to different PE routers.
Using the undo mpls static-l2vc command, you can delete the static connection.
The default policy specifies the tunneling sequence as LSP, and the number of tunnel sharing the load is 1. If the name of the tunneling policy is not specified, the default policy is taken. If the name of the tunnel policy is specified but the policy is not configured, the default policy is used.
You must create static VC connections on PEs on both ends. The destination address is the IP address of the peer PE. The outgoing label of the local PE is the incoming label of the peer, and the incoming label of the local PE is the outgoing label of the peer.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
Example # Create a static VC connection between CEs connected to different PE routers.
<Quidway> system-view
[Quidway] interface GigabitEthernet1/0/0
[Quidway-GigabitEthernet1/0/0] mpls static-l2vc destination 1.1.1.1 transmit-vpn-label
111 receive-vpn-label 222 tunnel-policy pol1
[Quidway-GigabitEthernet1/0/0] mpls static-l2vc destination 2.2.2.2 transmit-vpn-label
222 receive-vpn-label 111 tunnel-policy pol1
8.5.24 mtu
Syntax mtu mtu-value
View MPLS-L2VPN view
Parameter mtu-value: specifies the MTU value of L2VPN. The value is an integer ranging from 46 to 16,352, and the default value is 128.
8 VPN Commands Quidway MA5200GCommand Reference
8-82 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the mtu command, you can set the MTU of the MPLS L2VPN.
By default, MTU of L2VPN is 128.
Example # Set the maximum transmission value.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1
[Quidway-mpls-l2vpn-vpn1] mtu 1000
8.5.25 reset bgp 12vpn
Syntax reset bgp l2vpn { as-number | peer-ip-address | all | internal | external }
View User view
Parameter as-number: specifies the AS where the peer of L2VPN is located. It is an integer in the range of 1 to 65535.
peer-ip-address: specifies the IP address of the peer of L2VPN.
all: resets all L2VPN BGP connections.
internal: resets IBGP sessions of L2VPN in the same AS.
external: resets EBGP sessions of inter-AS L2VPN.
Description Using the reset bgp l2vpn command, you can reset the BGP connection of L2VPN.
Example # Reset all L2VPN BGP connections.
<Quidway> reset bgp l2vpn all
8.5.26 reset local-ce mac
Syntax reset local-ce mac [ interface-type interface-number ]
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-83
View User view
Parameter interface-type: specifies the interface type. It must be an Ethernet, GE, or Eth-trunk interface.
interface-number: specifies the interface number.
Description Using the reset local-ce mac command, you can reset the MAC address and VLAN ID of the local CE, which are dynamically learned by the ip-interworking Ethernet interface in L2VPN mode.
If an interface name is specified, the information of the interface will be deleted. Otherwise, the information of all interfaces will be deleted.
For the related command, see display local-ce mac.
Example # Reset the MAC address and VLAN ID of the local CE, which are dynamically learned by the Ethernet interface in ip-interworking L2VPN mode.
<Quidway> reset local-ce mac
8.5.27 route-distinguisher
Syntax route-distinguisher route-distinguisher
View MPLS-L2VPN view
Parameter route-distinguisher: specifies the RD. The value can be ASN:nn or IP-address:nn. It is a string of 3 to 21 characters.
Description Using the route-distinguisher command, you can configure RD. On the same PE, different VPNs have different RDs. For the same VPN on multiple PEs, the RD can be the same or different. There are two formats of RD: a two-byte ASN plus a 4-byte random number; or a 4-byte IP address plus a two-byte random number.
16-bit ASN: 32-bit customized number, such as 101:3. 32-bit IP address: 16-bit customized number, such as 192.168.122.15:1.
The value of RD cannot be changed directly. To change it, VPN must be deleted and recreated in new RD value.
8 VPN Commands Quidway MA5200GCommand Reference
8-84 Huawei Technologies Proprietary Issue 02 (2007-06-30)
There is no default value for RD. It must be configured as soon as the VPN is created.
A VPN will not become effective until RD is configured. It must be noted that once an RD has been configured, it cannot be dissociated from the VPN.
Example # Configure the RD.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1
[Quidway-mpls-l2vpn-vpn1] route-distinguisher 300:1
8.5.28 vpn-target
Syntax vpn-target vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ]
undo vpn-target { all | vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ] }
View MPLS-L2VPN view
Parameter export-extcommunity: adds export VPN extended community.
import-extcommunity: adds import VPN extended community.
both: adds both the import and export VPN extended communities to the current VPN.
all: ands all VPN extended communities.
vpn-target: specifies the VPN target extended community to be added to the import or export VPN. It is a string of 3 to 21 characters.
Description Using the vpn-target command, you can specify the VPN-target attributes for L2VPN.
Using the undo vpn-target command, you can delete the VPN-target associated with L2VPN.
There is no default value for VT.
VPN-target has two formats as follows:
16-bit ASN: 32-bit customized number, such as: 101:3 32-bit ASN: 16-bit customized number, such as 192.168.122.15:1
Without a specific keyword both or export or import, both is taken by default.
Example # Configure VPN-target attributes for L2VPN named VPN1.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-85
<Quidway> system-view
[Quidway] mpls l2vpn vpn1
[Quidway-mpls-l2vpn-vpn1] vpn-target 100:1
[Quidway-mpls-l2vpn-vpn1] vpn-target 1:1 2:2 export-extcommunity
[Quidway-mpls-l2vpn-vpn1] vpn-target 1.2.3.4:11 12:12 import-extcommunity
# Delete the VPN-target attributes of VPN1.
<Quidway> system-view
[Quidway] mpls l2vpn vpn1
[Quidway-mpls-l2vpn-vpn1] undo vpn-target 12:12 import-extcommunity
[Quidway-mpls-l2vpn-vpn1] undo vpn-target all
8.6 VPLS Configuration Commands 8.6.1 debugging mpls l2vpn vpls_fib
Syntax debugging mpls l2vpn vpls_fib
undo debugging mpls l2vpn vpls_fib
View User view
Parameter None
Description Using the debugging mpls l2vpn vpls_fib command, you can enable the debugging of VPLS FIB.
Using the undo debugging mpls l2vpn vpls_fib command, you can disable the debugging of VPLS FIB.
By default, the debugging of VPLS FIB is disabled.
Example # Enable the debugging of VPLS FIB.
<Quidway> debugging mpls l2vpn vpls_fib
8.6.2 debugging mpls l2vpn vpls_mid
Syntax debugging mpls l2vpn vpls_mid
8 VPN Commands Quidway MA5200GCommand Reference
8-86 Huawei Technologies Proprietary Issue 02 (2007-06-30)
undo debugging mpls l2vpn vpls_mid
View User view
Parameter None
Description Using the debugging mpls l2vpn vpls_mid command, you can enable the debugging of VPLS multicast information description (MID).
Using the undo debugging mpls l2vpn vpls_mid command, you can disable the debugging of VPLS MID.
By default the debugging of VPLS MID is disabled.
For the related command, see display vpls mid.
Example # Enable the debugging of VPLS MID.
<Quidway> debugging mpls l2vpn vpls_mid
8.6.3 description
Syntax description description
undo description
View VSI view
Parameter description: specifies the description of the VSI. It is a string of 1 to 64 characters.
Description Using the description command, you can set the description of the current VSI. The description helps you to identify VSI instances.
Using the undo description command, you can delete the description of the current VSI.
By default, the description of VSI is null.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-87
Example # Set the description of the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] description vsi-company1
8.6.4 display vpls connection
Syntax display vpls connection [ ldp | bgp | vsi vsi-name ] [ down | up ] [ verbose ]
View All views
Parameter ldp: displays LDP signaling connections.
bgp: displays BGP signaling connections.
vsi vsi-name: displays connections of the specified Virtual Switch Instance (VSI). The vsi-name parameter is a string of 1 to 31 characters.
down: displays connections in down state.
up: displays connections in up state.
verbose: displays connections in detail.
Description Using the display vpls connection command, you can display VPLS connection. By specifying different keywords or parameters, you can display the connection at your will.
If no keyword or parameter is specified, all connections in up state is displayed.
Example # Display the connections of all VSIs.
<Quidway> display vpls connection
2 total connections,
connections: 2 up, 0 down, 1 ldp, 1 bgp
VSI Name: a2 Signaling: ldp
VsiID EncapType PeerAddr InLabel OutLabel VCState
2 vlan 1.1.1.1 17408 17409 up
VSI Name: bgp1 Signaling: bgp
SiteID RD PeerAddr InLabel OutLabel VCState
1 168.1.1.1:1 1.1.1.1 19457 19458 up
8 VPN Commands Quidway MA5200GCommand Reference
8-88 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Table 8-16 Description of the output the display vpls connection command
Item Description
VSI Name The name of VSI
Signaling Signaling mode, LDP or BGP
VsiID VSI ID
EncapType VPLS encapsulation type, that is, the encapsulation type of packets on VC
PeerAddr IP address of the peer
InLabel Local VC labels
OutLabel Remote VC labels
VCState The state of VC
SiteID ID of the site where the VSI is located
RD Router distinguisher, which identifies a VSI instance on a PE in the VPLS using BGP as the signaling protocol
# Display the detailed connection information of all VSIs.
<Quidway> display vpls connection verbose
VSI Name: a2 Signaling: ldp
**Remote Vsi ID : 2
VC State : up
Encapsulation : vlan
Group ID : 0
MTU : 1500
Peer Ip Address : 1.1.1.1
PW Type : label
Local VC Label : 17408
Remote VC Label : 17409
Tunnel Policy : --
Tunnel ID : 0x6002011,
VSI Name: bgp1 Signaling: bgp
**Remote Site ID : 1
VC State : up
RD : 168.1.1.1:1
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 1.1.1.1
PW Type : label
Local VC Label : 19457
Remote VC Label : 19458
Tunnel Policy : --
Tunnel ID : 0x6002011,
Remote Label Block : 19456/5/0
Export vpn target : 100:1,
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-89
Table 8-17 Description of the output the display vpls connection verbose command
Item Description
VSI Name Name of the VSI
Signaling Signaling mode, which can be LDP or BGP
Remote Vsi ID ID of the remote VSI, which is the same as that of the local VSI
VC State State of the VS, namely, Up or Down
Encapsulation VPLS encapsulation mode of the VSI, that is, packet encapsulation mode (VLAN or Ethernet) on the VD
Group ID Group ID, which is a protocol field not used currently, the default value is 0
MTU MTU of the VSI
Peer Ip Address IP address of the peer PE
PW Type The type of PW, Label indicates MPLS tunnel
Local VC Label Local VC label
Remote VC Label Remote VC label
Tunnel Policy Tunneling policy for the L2VPN
Tunnel ID Tunnel ID
Remote Label Block Remote label block
Export vpn target Export extended community to the destination VPN
# Display the detailed information about connection with BGP signaling of the VSI company1.
<Quidway> display vpls connection vsi company1 verbose
VSI Name: company1 Signaling: bgp
**Remote Site ID : 1
VC State : up
RD : 168.1.1.1:1
Encapsulation : vlan
MTU : 1500
Peer Ip Address : 1.1.1.9
PW Type : label
Local VC Label : 19457
Remote VC Label : 19458
Tunnel Policy : --
Tunnel ID : 0x6002000,
Remote Label Block : 19456/5/0
8 VPN Commands Quidway MA5200GCommand Reference
8-90 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Table 8-18 Description of the output the display vpls connection command
Item Description
VSI Name The name of VSI
Signaling Signaling mode, LDP or BGP
Remote Site ID VC labels distributed by peers
VCState The state of VC
RD The local router ID
Encapsulation VPLS encapsulation type of VSI, that is, the encapsulation type of the packets transmitted on VC
Group ID Group ID, which is a protocol field not used currently, the default value is 0
MTU MTU of the VSI
Peer Ip Address IP address of the peer PE
PW Type The type of PW, Label indicates MPLS tunnel
Local VC Label Local VC labels
Remote VC Label Remote VC labels
Tunnel Policy Tunneling policy
Tunnel ID Tunnel ID
Remote Label Block Remote label block
8.6.5 display vpls fib
Syntax display vpls fib [ vsi vsi-name | link link-id ] [ verbose ]
View All views
Parameter vsi vsi-name: displays FIB of the specified VSI. The vsi-name parameter is a string of 1 to 31 characters.
link link-id: displays FIB of the specified connection. The value of link-id ranges from 1 to 40,960.
verbose: displays FIB in detail.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-91
Description Using the display vpls fib command, you can display VPLS FIB information. By specifying different keywords or parameters in the command lines, you can display FIB at your will.
If no keyword or parameter is specified, all forwarding entries are displayed.
Example # Display forwarding tables of all VPLSs.
<Quidway> display vpls fib
Total Number : 1, 1 up, 0 down
Vsi-Name Link-ID Link-Type Link-State
a 1 VPLS Remote Link up
# Display forwarding tables of the VSI named company1 in detail.
<Quidway> display vpls fib vsi company1 verbose
**Vsi-Name : company1
Vsi Index: 0
Link-ID : 1 Link-Type : VPLS Remote-link
Tunnel ID : 0x6002001 Link-State : up
Enable CtrWord: Disabled L2 MTU : 1500
Link VCLabel : 19458 Tunnel Label: 1024
Out Interface : Pos2/0/0 Next Hop : 168.1.1.2
Out VCLabel : 19457 Lsp token : 0x7
SendCounter : 0 Recv Counter: 0
Op type : add Down Status : OK
Table 8-19 Description of the output the display vpls fib command
Item Description
VSI Name Name of the VSI
Link-ID ID of a link
Link-Type Type of link
Link-State State of link
Vsi Index VSI index
Tunnel ID Tunnel ID
Enable CtrWord Whether to enable Control Word
L2 MTU MTU of the Layer 2 packets
Link VCLabel Inbound label of virtual circuit
Tunnel Label Value of the Tunnel label
Out Interface Outbound interface
Next Hop Next hop address
Out VCLabel Outbound label of virtual circuit
8 VPN Commands Quidway MA5200GCommand Reference
8-92 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Item Description
Lsp token LSP token
Send Counter Sending counter
Recv Counter Receiving counter
Op type Operation type
Down Status Down status of the FIB
8.6.6 display vpls mid
Syntax display vpls mid token vsi vsi-name
display vpls mid interface vsi vsi-name [ vlan vlan-id ]
View All views
Parameter token: displays MID of a token, that is, the multicast table on the network side.
interface: displays the MID of an interface, that is the MID on the AC side.
vsi vsi-name: displays MID of the specified VSI. It is a string of 1 to 31 characters.
vlan vlan-id: displays MID on the VC side with the specified VLAN ID. vlan-id is an integer in the range of 1–4094.
Description Using the display vpls mid command, you can display MID.
The MID information contains token information and interface information. By specifying different keywords or parameters in the command lines, you can display MID at your will.
Example # Display token MID of the VSI named company1 on the public network side.
<Quidway> display vpls mid token vsi company1
VSI Name : company1, Total PW Number : 1
SLOT ID LspToken(s)
2 0x2
# Display MID of the VSI named company1 on the AC side in VLAN 100.
<Quidway> display vpls mid interface vsi company1
VSI Name : company1, Total AC Number : 1
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-93
VLAN ID SLOT ID Interface(s)
100 2 Ethernet2/0/1.1
Table 8-20 Description of the output the display vpls mid command
Item Description
VSI Name The name of the Virtual Switch Instance (VSI)
Total PW Number The total number of PWs
SLOT ID The slot ID
LspToken LSP token
Total AC Number The total number of ACs
VLAN ID VLAN ID
Interface Interface number
8.6.7 display vpls statistics
Syntax display vpls statistics [ vsi vsi-name ]
View All views
Parameter vsi vsi-name: displays statistics of the specified VSI. The vsi-name parameter is a string of 1 to 31 characters.
Description Using the display vpls statistics command, you can display statistics of VSI.
When specifying vsi vsi-name, you can display statistics of the specified VSI.
Example # Display the statistics of VSI.
<Quidway> display vpls statistics
*VsiName :company1
In Frames : 42949672971
Out Frames : 85899345941
In Bytes : 64424509456
Out Bytes : 107374182426
In Discard : 21474836485
8 VPN Commands Quidway MA5200GCommand Reference
8-94 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Table 8-21 Description of the output the display vpls statistics command
Item Description
VsiName The name of the Virtual Switch Instance (VSI)
In Frames Received frames
Out Frames Sent frames
In Bytes Received bytes
Out Bytes Sent bytes
In Discard Discarded frames
8.6.8 display vsi
Syntax display vsi [ vsi-name ] [ verbose ]
View All views
Parameter vsi-name: indicates the name of the VSI. It is a string of 1 to 31 characters.
verbose: displays the information of the VSI in detail.
Description Using the display vsi command, you can view the information about the specified VSI.
By default, the information of all VSIs is displayed.
Example # Display VSI named company1.
<Quidway> display vsi company1
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
company1 auto bgp unqualify vlan 1500 up
Table 8-22 Description of the output the display vsi command
Item Description
Vsi Name The name of VSI
Mem Disc Member discovery mode
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-95
Item Description
PW Type The type of PW
Mac Learn Learning mode of the MAC address
Encap Type Encapsulation type
Mtu Value The value of the MTU
Vsi State The state of VSI
8.6.9 display vsi remote
Syntax display vsi remote { ldp [ route-id ip-address ] [ pw-id pw-id ] | bgp [ nexthop nexthop-ip-address [ export-vpn-target vpn-target ] | route-distinguisher route-distinguisher ] }
View All views
Parameter ldp: displays the information about the remote VSI which is in LDP signaling mode.
bgp: displays the information about the remote VSI which is in BGP signaling mode.
route-id ip-address: displays the information about the remote VSI of the specified peer. ip-address specifies the IPv4 address of the peer.
pw-id pw-id: displays the information about the remote VSI with the specified PW. pw-id specifies ID of the PW, which uniquely identifies a PW. The value of pw-id is an integer ranging from 1 to 4,294,967,295.
nexthop nexthop-ip-address: displays the information about the remote VSI with the specified next hop address. nexthop-ip-address specifies the IPv4 address of the next hop.
export-vpn-target vpn-target: displays the information about the remote VSI instance with the specified outbound VPN target. The vpn-target parameter specifies the outbound VPN target. It is a string of 3 to 21 characters, which is represented in the following two formats:
16-bit AS number : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number
route-distinguisher route-distinguisher: displays the information about the remote VSI with the specified RD. The route-distinguisher parameter specifies the RD. It is a string of 3 to 21 characters, which is represented in the following two formats:
16-bit AS number : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number
8 VPN Commands Quidway MA5200GCommand Reference
8-96 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the display vsi remote command, you can display the information about the remote VSI.
By specifying keywords in the command lines, you can display information about the remote VSI with different signaling modes.
By default, information about all remote VSIs is displayed.
Example # Display remote VSI with LDP signaling.
<Quidway> display vsi remote ldp
Vsi Peer VC Group Encap MTU Vsi
ID RouterID Label ID Type Value Index
123 3.3.3.9 17408 0 vlan 1500 1
# Display remote VSI with BGP signaling.
[Quidway] display vsi remote bgp
**BGP RD : 169.1.1.2:1
NextHop : 3.3.3.9
EncapType : vlan
MTU : 1500
MHoming Preference : 0
Remote Label Block : 19456/5/0,
Table 8-23 Description of the output the display vsi remote command
Item Description
Vsi ID VSI ID
Peer RouterID The peer IP address
VC Label VC label
Group ID Group ID
Encap Type The encapsulation type of PW
MTU Value MTU value
Vsi Index VSI index
BGP RD Route-Distinguisher of local VSI
NextHop Next hop of the VIS connection
EncapType The encapsulation type
MTU The MTU of the VSI data
MHoming Preference Multi-home preference of VSI
Remote Label Block Remote label block
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-97
8.6.10 encapsulation
Syntax encapsulation { ethernet | vlan }
View VSI view
Parameter ethernet: sets the encapsulation mode to Ethernet.
vlan: sets the encapsulation mode to VLAN conformed to 802.1Q standard.
Description Using the encapsulation command, you can set and enable the encapsulation capability of the interface in VSI view.
By default, the encapsulation type is set to VLAN.
Example # Set the encapsulation type of the current VSI to Ethernet.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] encapsulation ethernet
8.6.11 l2 binding
Syntax l2 binding vsi vsi-name
undo l2 binding vsi vsi-name
View Gigabit Ethernet interface view, Gigabit Ethernet sub-interface view, Eth-trunk interface view, Eth-trunk sub-interface view
Parameter vsi vsi-name: specifies the name for the VSI bound with the interface. The vsi-name parameter is a string of 1 to 31 characters.
Description Using the l2 binding command, you can bind an interface to a VSI.
Using the undo l2 binding command, you can cancel the binding.
8 VPN Commands Quidway MA5200GCommand Reference
8-98 Huawei Technologies Proprietary Issue 02 (2007-06-30)
By default, interfaces are not bound to VSI.
Example # Bind an Ethernet sub-interface to the VSI.
<Quidway> system-view
[Quidway] interface gigabitethernet 2/0/1.1
[Quidway-GigabitEthernet2/0/1.1] l2 binding vsi company1
8.6.12 mac-learn-style
Syntax mac-learn-style { qualify | unqualify }
View VSI view
Parameter qualify: indicates the qualified mode of MAC addresses learning.
unqualify: indicates the unqualified mode of MAC addresses learning.
Description Using the mac-learn-style command, you can set the MAC address learning mode of VSI. If you choose qualified mode, MAC address learning is based on VLAN. Each VLAN has its own MAC address space, which can overlap with each other. If you choose unqualified style, MAC address learning is based on VSI. Each VSI has a MAC address space.
By default, MAC address learning mode is unqualified.
The MA5200G supports the unqualified MAC address learning only.
Example # Set the MAC address learning mode of the VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] mac-learn-style unqualify
8.6.13 mac-learning
Syntax mac-learning { enable | disable }
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-99
View VSI view
Parameter enable: enables MAC address learning of VSI.
disable: disables MAC address learning of VSI.
Description Using the mac-learning enable command, you can enable MAC address learning of VSI.
Using the mac-learning disable command, you can disable MAC address learning of VSI.
By default, MAC address learning of VSI is enabled.
Example # Enable MAC address learning of the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] mac-learning enable
8.6.14 mtu
Syntax mtu mtu-value
undo mtu
View VSI view
Parameter mtu-value: indicates the MTU value of VSI. It is an integer in the range of 328 to 65535. By default, it is 1500.
Description Using the mtu command, you can set MTU for VSI.
Example # Set MTU for the VSI named company1.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] mtu 1600
8 VPN Commands Quidway MA5200GCommand Reference
8-100 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.6.15 multi-homing-preference
Syntax
multi-homing-preference preference
undo multi-homing-preference
View
VSI view
Parameter
preference: specifies the multi-homing preference of VSI. It is an integer in range of 1 to 65535.
Description
Using the multi-homing-preference command, you can specify the value of the multi-homing preference of VSI.
Using the undo multi-homing-preference command, you can cancel the configuration of the multi-homing preference.
Example
# Set the value of the multi-homing preference of VSI named company1 to 1500.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] multi-homing-preference 1500
8.6.16 peer
Syntax peer peer-address [ negotiation-vc-id vc-id ] [ tunnel-policy policy-name ] [ upe ]
undo peer peer-address [ negotiation-vc-id vc-id ]
View VSI-LDP view
Parameter peer-address: specifies the IPv4 address of the peer. It is usually a loopback address.
negotiation-vc-id vc-id: indicates the unique ID of a virtual circuit. The VC ID is used when VSI IDs on two ends are different but IP interworking is required. The parameter vc-id cannot be identical to IDs configured for other VSIs on the local end or other IDs configured by negotiation-vc-id for the VSI. That is, vc-id must be a VC ID not used before. The value is an integer ranging from 1 to 4,294,967,295.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-101
policy-name: specifies the tunnel policy name for peers. It is a string of 1 to 19 characters.
upe: identifies whether the peer is the PE on the user end. This parameter is applicable to Hierarchical Virtual Private LAN Service (HVPLS).
Description Using the peer command, you can set the VSI peer. Before configuring the VSI peer, set an ID for the VSI.
In the peer command, if upe is selected, the peers are on user side rather than in the range of split horizon.
By default, VSI has no peer.
Example # Set the peer for the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] pwsignal ldp
[Quidway-vsi-company1-ldp] peer 3.3.3.3 negotiation-vc-id 10 upe
# Delete the peer of VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] pwsignal ldp
[Quidway-vsi-company1-ldp] undo peer 3.3.3.3
8.6.17 pwsignal
Syntax pwsignal { bgp | ldp }
View VSI view
Parameter bgp: uses BGP signaling.
ldp: uses LDP signaling.
Description Using the pwsignal command, you can set the signaling of VSI. You are recommended to configure the signaling mode for a VSI right after it is created.
If member discovery mode of VSI is set to be static, the signaling must be LDP. If it is set as automatic, the signaling protocol must be BGP.
Once the signaling of VSI is set successfully, it cannot be changed. To change it, you must delete this VSI and then re-create another one.
8 VPN Commands Quidway MA5200GCommand Reference
8-102 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Example # Set the signaling of the current VSI to LDP.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] pwsignal ldp
[Quidway-vsi-company1-ldp]
# Set the signaling of the current VSI to BGP.
<Quidway> system-view
[Quidway] vsi company2
[Quidway-vsi-company2] pwsignal bgp
[Quidway-vsi-company2-bgp]
8.6.18 qos car
Syntax qos car { broadcast | multicast | unicast } { inbound | outbound } car-name
undo qos car { broadcast | multicast | unicast } { inbound | outbound }
View VSI view
Parameter car-name: specifies the name of CAR. It is a string of 1 to 32 characters.
inbound: enables CAR for the upstream packet of the VSI.
outbound: enables CAR for the downstream packet of the VSI.
Description Using the qos car command, you can enable CAR on the VSI to limit the traffic of broadcast, multicast, and unicast packets.
Using the undo qos car command, you can disable CAR.
Example # Enable CAR for the upstream unicast packet of VSI1.
<Quidway> system-view
[Quidway] vsi vsi1
[Quidway-vsi-vsi1] qos car unicast inbound car1
8.6.19 remote-vpn-target refresh
Syntax
remote-vpn-target refresh
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-103
View
VSI-BGP view
Parameter
None
Description
Using the remote-vpn-target refresh command, you can refresh the VPN target from the remote PE.
Example
# Enable the VSI company2 to refresh the VPN target from the remote PE.
<Quidway> system-view
[Quidway] vsi company2
[Quidway-vsi-company2] pwsignal bgp
[Quidway-vsi-company2-bgp] remote-vpn-target refresh
8.6.20 reset traffic-statistics
Syntax reset traffic-statistics
View VSI view
Parameter None
Description Using the reset traffic-statistics command, you can reset traffic statistics of VSI. To get the traffic statistics in a certain period, you can use this command to clear statistics, and after a while you can view the statistics.
Example # Reset traffic statistics of the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] reset traffic-statistics
8 VPN Commands Quidway MA5200GCommand Reference
8-104 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.6.21 route-distinguisher
Syntax route-distinguisher route-distinguisher
View VSI-BGP view
Parameter route-distinguisher: identifies a VSI on a PE and is shortened as RD. On a PE, different VSIs have different RDs. Same VSIs on different PEs have same or different RDs. RD has two formats as follows:
16-bit ASN : 32-bit user-defined number 32-bit IP address : 16-bit user-defined number
Description Using the route-distinguisher command, you can configure RD for VSI. After RD is configured successfully, it cannot be changed directly. To change the RD, you must delete this VSI at first and then re-configure RD after creating a VSI.
Example # Configure RD with the format of 16-bit ASN plus 32-bit user-define number for VSI.
<Quidway> system-view
[Quidway] vsi company2
[Quidway-vsi-company2] pwsignal bgp
[Quidway-vsi-company2-bgp] route-distinguisher 101:3
# Configure RD with the format of 32-bit IP address plus 16-bit user-defined number for VSI.
[Quidway-vsi-company2-bgp] route-distinguisher 2.2.2.2:1
8.6.22 shutdown
Syntax shutdown
undo shutdown
View VSI view
Parameter None
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-105
Description Using the shutdown command, you can disable the VSI.
Using the undo shutdown command, you can enable the VSI.
Example # Disable the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] shutdown
# Enable the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] undo shutdown
8.6.23 site
Syntax site site-id [ range site-range ] [ default-offset { 0 | 1 } ]
undo site site-id
View VSI-BGP view
Parameter site-id: identifies a site for VSI. It is an integer in the range of 0 to 65534.
range site-range: indicates the site range of VSI number. It is an integer in the range of 1 to 65534. Its default value is 10.
default-offset: indicates the initial site ID offset, whose value is 1 or 0 and the default value is 0.
Description Using the site command, you can specify a site ID for a site.
Before setting the site ID of a VSI, you must set the route-distinguisher for the VSI. Different sites in the same VPLS must have different site ID.
Example # Set the site ID of the current VSI to 1 and the number of sites which can be connected with this VSI to 100.
<Quidway> system-view
[Quidway] vsi company2
[Quidway-vsi-company2] pwsignal bgp
8 VPN Commands Quidway MA5200GCommand Reference
8-106 Huawei Technologies Proprietary Issue 02 (2007-06-30)
[Quidway-vsi-company2-bgp] site 1 range 100
8.6.24 tnl-policy
Syntax tnl-policy policy-name
undo tnl-policy
View VSI view
Parameter policy-name: specifies the tunneling policy name. It is a string of 1 to 19 characters without space.
Description Using the tnl-policy command you can specify the tunneling policy.
Using the undo tnl-policy command, you can delete the tunneling policy.
When an application selects tunnels in the tunnel management module of VPN, it uses the tunneling policy. When creating a tunneling policy, you must set the order for tunnel selection. If no tunnel policy is configured, the default order is used, that is, only LSP tunnel is selected.
For the related command, see tunnel select-seq and tunnel-policy.
Example # Specify the tunnel policy name for the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] tnl-policy tnlpolicyofcompany1
8.6.25 traffic-statistics
Syntax traffic-statistics { enable | disable }
View VSI view
Parameter enable: enables traffic statistics of VSI.
disable: disables traffic statistics of VSI.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-107
Description Using the traffic-statistics enable command, you can enable VSI traffic statistics.
Using the traffic-statistics disable command, you can disable VSI traffic statistics.
By default, traffic statistics of VSI is enabled.
Example # Enable traffic statistics of the current VSI.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] traffic-statistics enable
8.6.26 unknown-frame
Syntax unknown-frame { unicast | mulcast } { drop | local-handle | broadcast }
View VSI view
Parameter unicast: specifies the type of unknown frames as unicast.
mulcast: specifies the type of unknown frames as multicast.
drop: drops received unknown frames.
local-handle: locally processes received unknown frames.
broadcast: broadcasts received unknown frames.
Description Using the unknown-frame command, you can specify the processing mode for received unknown frames. Unknown frames consist of unicast unknown frames and multicast unknown frames. The processing modes consist of drop, local processing and broadcast.
Example # Set processing mode for unicast unknown frames to drop.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] unknown-frame unicast drop
8 VPN Commands Quidway MA5200GCommand Reference
8-108 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.6.27 vpls bgp encapsulation
Syntax vpls bgp encapsulation { ethernet | vlan }
View System view
Parameter ethernet: sets the encapsulation mode of VPLS packets on the AC link to Ethernet.
vlan: sets the encapsulation mode of VPLS packets on the AC link to VLAN.
Description Using the vpls bgp encapsulation command, you can specify the encapsulation mode of VPLS packets received by the local PE.
The encapsulation mode of VPLS packets can be Ethernet or VLAN.
By default, encapsulation mode of VPLS packets on the VC link is VLAN.
The vpls bgp encapsulation command is used only for communicate between devices. The latest draft for VPLS BGP specifies that the encapsulation mode of VPLS packets can be Ethernet or VLAN. This command can change the encapsulation mode of packets exchanged between the two devices to VLAN or Ethernet.
For example, if the PE receives a VPLS packet encapsulated in VLAN tag from the peer, it considers the encapsulation mode of all VPLS packets from the peer to be VLAN. If the encapsulation mode of VLSP packets from the peer is changed to Ethernet, the PE cannot communicate with the peer.
The encapsulation mode of VPLS packets on the AC link is determined by the access mode. The access mode falls into VLAN access and Ethernet access.
VLAN access The Ethernet frame header of the packet transmitted between the CE and PE contains a VLAN tag. The VLAN tag is a service delimiter tagged by the ISP to differentiate users. Such a tag is called a provider tag (P-tag).
Ethernet access The Ethernet frame header of the packet transmitted between the CE and PE does not contain a service delimiter. The VLAN tag in the frame header is only an internal VLAN tag of the user packet. Such a tag is called a user tag (U-tag).
Example # Configure the encapsulation mode of VPLS packets on the AC link to Ethernet.
[Quidway] mpls lsr-id 1.1.1.1
[Quidway] mpls
[Quidway-mpls] quit
[Quidway] mpls l2vpn
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-109
[Quidway] vpls bgp encapsulation ethernet
8.6.28 vpls-mac-limit
Syntax
vpls-mac-limit { action { discard | forward } | alarm { disable | enable } | maximum max rate interval } *
undo vpls-mac-limit
View
VSI view
Parameter
action: indicates the action performed by the system when the number of MAC entries reaches the limit.
discard: discards the packet using the MAC address that is learnt after the number of MAC entries reaches the limit.
forward: forwards the packet using the MAC address that is learnt after the number of MAC entries reaches the limit. But the unlearned MAC addresses are not added in MAC address table.
alarm: determines whether to raise an alarm when the number of the MAC entries reaches the limit.
disable: does not raise an alarm when the number of the MAC entries reaches the limit.
enable: raises an alarm in system log when the number of the MAC entries reaches the limit.
maximum max: specifies the maximum of MAC entries that can be learned. It is an integer in the range of 0 to 64512. When max is set to 0, the number of MAC addresses that can be learned is not limited.
rate interval: specifies the MAC learning interval. It is an integer in the range of 0 to 1000 (ms). When the value is set to 0, the learning interval is not limited. This parameter is invalid currently.
Description
Using the vpls-mac-limit command, you can set the rule for MAC address learning of the VSI.
Using the undo vpls-mac-limit command, you can cancel the configuration of the rule of the MAC address learning.
If the VSI has learned some MAC addresses, use the undo mac-address dynamic command to clear the learned MAC. Or the limit of MAC addresses can be learned is inaccurate.
8 VPN Commands Quidway MA5200GCommand Reference
8-110 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Example
# Set the maximum of MAC entries that VSI company1 can learn to 1000. The learning interval is 100ms. If the learnt MAC entries reach 1000, the packets with MAC addresses learned later are forwarded.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] vpls-mac-limit action forward alarm enable maximum 100 rate 600
8.6.29 vpls-qos car
Syntax vpls-qos car vpls-car-name { cir cir-value [ pir pir-value ] } [ cbs cbs-value pbs pbs-value ] [ green { discard | forward } ] [ yellow { discard | forward } ] [ red { discard | forward } ]
undo vpls-qos car vpls-var-name
View System view
Parameter vpls-car-name: specifies the name of a VPLS CAR. It is a string of 1 to 32 characters.
cir: indicates the committed information rate (CIR).
cir-value: specifies the average rate of the traffic. It is in the range of 100–10000000 kbit/s.
pir: indicates the peak information rate (PIR).
pir-value: specifies the value of the PIR. It is in the range of 100–10000000 kbit/s.
cbs: indicates the committed burst size (CBS), that is, the depth of the token bucket.
cbs-value: specifies the value of the CBS. It is in the range of 10000–33554432 bytes.
pbs: indicates the peak burst size (PBS).
pbs-value: specifies the value of the PBS. It is in the range of 0–33554432 bytes.
green: indicates the action performed when the packet traffic is within the CIR value range.
yellow: indicates the action performed when the packet traffic is within the CIR value range.
red: indicates the action performed when the packet traffic is out of the CIR value range.
pass: allows the packet with the specified color to pass.
forward: forwards the packet with the specified color to pass.
Description Using the vpls-qos car command, you can configure a VPLS CAR.
Using the vpls-qos car command, you can delete a VPLS CAR.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-111
Example # Configure a VPLS CAR car1.
<Quidway> system-view
[Quidway] vpls-qos car car1 cir 2000 cbs 30000 green forward
8.6.30 vpn-target
Syntax vpn-target vpn-target &<1-16> [ both | export-extcommunity | import-extcommunity ]
undo vpn-target { all | vpn-target &<1-16> } [ both | export-extcommunity | import-extcommunity ]
View VSI-BGP view
Parameter vpn-target: adds VPN target extended community attributes to VPN target extended community list of VSI and specifies the RT value. It is a string of 3 to 21 characters. You can denote the RT value in either format as follows:
16-bit AS number: 32-bit user-defined number 32-bit address: 16-bit user-defined number
export-extcommunity: indicates the outbound routes to the VPN target extended community.
import-extcommunity: indicates the inbound routes from the VPN target extended community.
both: indicates the inbound routes from the VPN target extended community and outbound routes to the VPN target extended community.
all: deletes all VPN targets.
Description Using the vpn-target command, you can associate the current VSI with one or more VPN targets.
Using the undo vpn-target command, you can delete a VPN target associated with the current VSI.
Without the default value, VT must be configured after VSI is created.
When a PE sends routes to other PEs according to VSI, it attaches export VPN target to the routes. When a PE receives routes from other PEs, it determines whether these routes should be added to VSI according to the import VPN target. Therefore, route advertisement between nodes is under the control of the VPN target.
Example # Associate the current VSI with a VPN target.
8 VPN Commands Quidway MA5200GCommand Reference
8-112 Huawei Technologies Proprietary Issue 02 (2007-06-30)
<Quidway> system-view
[Quidway] vsi company2
[Quidway-vsi-company2] pwsignal bgp
[Quidway-vsi-company2-bgp] vpn-target 3:3 export-extcommunity
[Quidway-vsi-company2-bgp] vpn-target 4:4 import-extcommunity
[Quidway-vsi-company2-bgp] vpn-target 5:5 both
8.6.31 vsi
Syntax vsi vsi-name [ auto | static ]
undo vsi vsi-name
View System view
Parameter vsi-name: specifies the name of a VSI. It is a string of 1 to 31 characters.
auto: uses automatic member discovery mode.
static: uses static member discovery mode.
Description Using the vsi command, you can create a VSI and enter VSI view.
After creating a VSI, you must specify the member discovery mode (also called signaling mode) for this VSI. After specified, the member discovery mode cannot be changed. To change it, you must delete the VSI, re-create a VSI, and then specify the member discovery mode.
If a VSI already exists in the system, you can use the vsi command to enter VSI view.
Using the undo vsi command, you can delete a VSI.
By default, no VSI is defined.
Example # Create a VSI aaa in static member discovery mode.
<Quidway> system-view
[Quidway] vsi aaa static
[Quidway-vsi-aaa]
# Delete the VSI named aaa.
<Quidway> system-view
[Quidway] undo vsi aaa
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-113
8.6.32 vsi-id
Syntax vsi-id vsi-id
View VSI-LDP view
Parameter vsi-id: identifies a VSI. It is an integer in the range of 1 to 4294967295.
Description Using the vsi-id command, you can set ID for a VSI. After ID is successfully set for a VSI, you cannot change the ID. Different VSIs cannot use the same ID.
By default, no VSI ID is set.
Example # Set the current VSI ID to 1.
<Quidway> system-view
[Quidway] vsi company1
[Quidway-vsi-company1] pwsignal ldp
[Quidway-vsi-company1-ldp] vsi-id 1
8.7 PWE3 Configuration Commands 8.7.1 atm cell transfer
Syntax atm cell transfer
undo atm cell transfer
View ATM interface view
Parameter None
Description Using the atm cell transfer command, you can enable port relay on an ATM interface.
8 VPN Commands Quidway MA5200GCommand Reference
8-114 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Using the undo atm cell transfer command, you can disable port relay on an ATM interface.
By default, ATM port relay is disabled.
If an ATM interface works in port relay mode, you can configure IPoA forwarding or cell relay in other modes on this ATM interface or its sub-interface only after you disable port relay.
Example # Configure interface ATM 1/0/1 to work in port relay mode.
<Quidway> system-view
[Quidway] interface atm 1/0/1
[Quidway-atm1/0/1] atm cell transfer
8.7.2 bandwidth
Syntax bandwidth bandwidth-value
undo bandwidth
View PW template view
Parameter bandwidth-value: indicates the bandwidth value of the PW template. It is an integer in the range of 1 to 32000000, in kbit/s. By default, the value is 0, that is, the bandwidth of PW is not guaranteed.
Description Using the bandwidth command, you can specify the bandwidth of the PW template.
Using the undo bandwidth command, you can cancel the setting of the PW template bandwidth.
In configuring RSVP-PW, to set the bandwidth, you need to use the TE tunnel.
Example # Set the bandwidth of the PW template as 2000000.
<Quidway> system-view
[Quidway] pw-template pwt1
[Quidway-pw-template-pwt1] bandwidth 2000000
# Set the bandwidth of the PW template unspecified.
<Quidway> system-view
[Quidway] pw-template pwt1
[Quidway-pw-template-pwt1] bandwidth 2000000
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-115
8.7.3 control-word
Syntax control-word
undo control-word
View PW template view
Parameter None
Description Using the control-word command, you can enable Control Word of the PW template.
Using the undo control-word command, you can disable Control Word of the PW template.
In the case of load balancing, packets may become disordered. At this moment, you can regroup them through Control Word.
Furthermore, when a PE is connected with other PEs by Ethernet link and connected with CE by PPP link, PPP fails to negotiate since the length of PPP control packet is less than the minimum length supported by Ethernet. At this moment, you can avoid this situation through adding Control Word.
By default, the PW template does not support Control Word.
Example # Enable Control Word of the PW template named pwt.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] control-word
# Disable Control Word of the PW template named pwt.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] undo control-word
8.7.4 display mpls l2vc
Syntax display mpls l2vc [ vc-id | interface interface-type interface-number | remote-info [ vc-id ] ]
View All views
8 VPN Commands Quidway MA5200GCommand Reference
8-116 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Parameter interface: indicates the interface connected with CE.
interface-type interface-number: specifies the type and number of the interface connected with CE.
remote-info: displays the PW information of the next hop S-PE or U-PE on the PW.
vc-id: specifies the ID of a layer 2 virtual circuit. It is an integer in the range of 1 to 4294967295.
Description Using the display mpls l2vc command, you can display the information about the specified or all dynamic PWs. If you do not specify the vc-id, the router displays the PW information, which is established by the next hop PW S-PE or U-PE and the local end.
For the related command, see mpls l2vc.
Example # Display LDP PW on the specified interface.
<Quidway> display mpls l2vc interface atm 1/0/0
*Client Interface : Atm1/0/0 is up
Session State : up
AC State : up
VC State : up
VC ID : 100
VC Type : ip-interworking
Destination : 2.2.2.2
Local Group ID : 0
Remote Group ID : 0
Local VC Label : 17409
Remote VC Label : 17408
Local VC MTU : 1500
Romete VC MTU : 1500
Local VCCV : Disable
Remote VCCV : Disable
Local Frag : Disable
Remote Frag : Disable
Local Ctrl Word : Disable
Remote Ctrl Word : Disable
Tunnel Policy : --
Traffic Behavior : --
PW Template Name : --
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x6002000
Create time : 0 days, 8 hours, 31 minuts, 50 seconds
UP time : 0 days, 4 hours, 25 minuts, 54 seconds
Last change time : 0 days, 4 hours, 25 minuts, 54 seconds
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-117
Table 8-24 Description of the output the display mpls l2vc interface command
Item Description
Client interface Interfaces and their state
Session State The state of the session between the two endpoints of the PW
AC Status The state of the interface connected with CE, namely, the state of POS 1/0/0
VC State The state or PW, Up or Down
VC ID the ID of this displayed Virtual Circuit
VC Type The encapsulation type of L2VC
Destination The peer IP address
Local Group ID The ID of the local Group
Remote Group ID The ID of the remote Group
Local VC MTU The MTU of the local VC
Remote VC MTU The MTU of the remote VC
Local VCCV Whether to enable the local Virtual Circuit Connection Verification (VCCV) or not
Remote VCCV Whether to enable the remote VCCV or not
Local Frag Whether to enable the local fragmentation or not
Remote Frag Whether to enable the remote fragmentation or not
Local Ctrl Word Whether to enable the local Control Word or not
Remote Ctrl Word Whether to enable the remote Control Word or not
Tunnel Policy The tunnel policy name
Traffic Behavior The traffic behavior
PW Template Name The PW template name
VC Tunnel/token info VC Tunnel or token information
TNL Type The tunnel type
TNL ID The tunnel ID
Create Time How long this VC has been established
Up Time How long this VC keeps Up
Last Change Time Duration from the latest change-state to now
8 VPN Commands Quidway MA5200GCommand Reference
8-118 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.7.5 display mpls static-l2vc
Syntax display mpls static-l2vc [ interface interface-type interface-number | vc-id | state { up | down } ]
View All views
Parameter interface: indicates the interface connected with CE.
interface-type: specifies the interface type.
interface-number: specifies the interface number.
vc-id: specifies the ID of a VC. It is an integer ranging from 1 to 4,294,967,295.
interface: indicates the interface connected to CE.
state: displays the states of all VCs.
Description Using the display mpls static-l2vc command, you can display the specified or all static PWs.
If no interface is specified, all static PWs are displayed.
For the related command, see mpls static-l2vc.
Example # Display static-PW on the specified interface.
<Quidway> display mpls static-l2vc interface pos 1/0/0
*Client Interface : Pos1/0/0 is up
AC Status : up
VC State : up
VC ID : 100
VC Type : ppp
Destination : 3.3.3.9
Transmit VC Label : 100
Receive VC Label : 100
Control Word : Disable
VCCV Capability : Disable
Tunnel Policy : policy1
PW Template Name : pwt
Traffic Behavior : --
VC tunnel/token info : 1 tunnels/tokens
NO.0 TNL Type : lsp , TNL ID : 0x6002001
Create time : 0 days, 0 hours, 11 minuts, 27 seconds
UP time : 0 days, 0 hours, 11 minuts, 27 seconds
Last change time : 0 days, 0 hours, 11 minuts, 27 seconds
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-119
For description of output of the display mpls static-l2vc interface command, see Table 8-24.
8.7.6 display mpls switch-l2vc
Syntax display mpls switch-l2vc [ [ ingress ip-address egress ] ip-address vc-id encapsulation encapsulation-type | state { up | down } ]
View All views
Parameter ingress ip-address: indicates the IP address of the source interface.
egress ip-address: indicates the IP address of the destination interface.
vc-id: specifies VC ID. It is an integer in the range of 1 to 4294967295.
pw-type: specifies the encapsulation type of PW, including atm-1to1-vcc, atm-1to1-vpc, atm-aal5-pdu, atm-aal5-sdu, atm-nto1-vcc, atm-nto1-vpc, atm-trans-cell, ethernet, fr, hdlc, ppp or vlan.
state: displays the state of a VC.
Description Using the display mpls switch-l2vc command, you can display either the specified PW or all PWs switching, including static PW, dynamic PW or mixed PWs switching.
Example # Display a specified static PW.
<Quidway> display mpls switch-l2vc 1.1.1.9 100 encapsulation ppp
*Switch-l2vc type : SVC<---->SVC
Peer IP Address : 3.3.3.9, 1.1.1.9
VC ID : 100, 100
VC Type : ppp
VC State : up
Local/Remote Label : 1025/1024, 1024/1025
Local/Remote Control Word : Disable/Disable, Disable/Disable
Local/Remote VCCV Capality : Disable/Disable, Disable/Disable
Local/Remote Frag Capability : Disable/Disable, Disable/Disable
Switch-l2vc tunnel info :
1 tunnels for peer 3.3.3.9
NO.0 TNL Type : lsp , TNL ID : 0x22000
1 tunnels for peer 1.1.1.9
NO.0 TNL Type : lsp , TNL ID : 0x22002
Create time : 0 days, 0 hours, 0 minuts, 3 seconds
UP time : 0 days, 0 hours, 0 minuts, 3 seconds
Last change time : 0 days, 0 hours, 0 minuts, 3 seconds
8 VPN Commands Quidway MA5200GCommand Reference
8-120 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Table 8-25 Description of the output the display mpls switch-l2vc command
Item Description
Switch-l2vc Type Switch type, including LDP<-->LDP, LDP-SVC, SVC<-->SVC or RSVP<-->RSVP
Peer IP Address The peer IP address
VC ID IDs of two switched VCs
VC Type The type of encapsulated interfaces
VC State VC state
In/Out Label Inbound or outbound label on both sides
Local/Remote Control Word Enabling state of the local or remote Control Word on both sides
Local/Remote VCCV Capability Enabling state of the local or remote Virtual Circuit Connection Verification (VCCV) on both sides
Local/Remote Frag Capability The local or remote fragmentation capability on both sides
Switch-l2vc Tunnel Info Tunnel information on both ends of switch L2VC
Create Time How long this VC switching has been created
Up Time How long this VC switching is UP
Last Change Time Duration from the latest state change to now
8.7.7 display pw-template
Syntax display pw-template [ pw-template-name ]
View All views
Parameter pw-template-name: specifies the PW template name. It is a string of 1 to 19 characters.
Description Using the display pw-template command, you can view the information of the specified or all PW templates.
If pw-template-name is not specified, the information of all PW templates is displayed.
For the related command, see pw-template.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-121
Example
In the following display information, two PW templates are displayed. On the first template, some attributes are set in advance. On the second template, the default attributes are used.
# Display all PW templates configured on the router.
<Quidway> display pw-template
Total PW template number : 2
PW Template Name : pwt
PeerIP : 1.1.1.1
Tnl Policy Name : --
CtrlWord : Enable
MaxAtmCells : 1
VCCV Capability : cw lsp-ping
Fragmentation : Disable
Behavior Name : --
Total PW : 0, Static PW : 0, LDP PW : 0, Rsvp PW : 0
PW Template Name : PWT
PeerIP : 2.2.2.2
Tnl Policy Name : --
CtrlWord : Enable
MaxAtmCells : 1000
VCCV Capability : cw lsp-ping
Fragmentation : Disable
Behavior Name : --
Total PW : 0, Static PW : 0, LDP PW : 0, Rsvp PW : 0
Table 8-26 Description of the output the display pw-template command
Item Description
PeerIP The peer IP address
PW Template Name The name of the PW template
Tnl Policy Name The policy name of the external layer tunnel
PW Type The encapsulation type of PW
CtrlWord Whether to enable Control Word or not
MTU MTU of the interface
MaxAtmCells The maximum number of ATM cells
VCCV Capability Whether to enable the Virtual Circuit Connection Verification (VCCV), such as Control Word or Label Alert
Fragmentation Whether to enable fragmentation or not
Behavior Name The QoS behavior policy name
Total PW The total number of PWs using this PW template, including static PW, dynamic PW and RSVP PW
8 VPN Commands Quidway MA5200GCommand Reference
8-122 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.7.8 explicit-path
Syntax explicit-path path-name
View PW template view
Parameter path-name: specifies the path name. It is a string of 1 to 31 characters.
Description Using the explicit-path command, you can set explicit path for a PW template.
In the process of configuring RSVP-PW, the active end needs to set explicit path to establish the signaling. The displayed path is the one of TE. You need to enable TE before using the explicit-path.
By default, the explicit path of the PW template is not set.
Example # Create a explicit path of the PW template on the active end and name it path1.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] explicit-path path1
8.7.9 fragmentation
Syntax fragmentation
undo fragmentation
View PW interface
Parameter None
Description Using the fragmentation command, you can enable the PW template to fragmentize the packets larger than MTU.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-123
Using the undo fragmentation command, you can disable the packet fragmentation function of the PW template.
By default, packet fragmentation function of the PW template is disabled.
If the packet that reaches the PW is larger than the MTU, the packet is fragmentized and reassembled on the peer UFPE.
Example # Enable packet fragmentation function of PW template pwt.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] fragmentation
8.7.10 l2 bridge-interworking
Syntax l2 bridge-interworking
undo l2 bridge-interworking
View Interface view
Parameter None
Description Using the l2 bridge-interworking command, you can enable bridge interworking on an interface.
Using the undo l2 bridge-interworking command, you can disable bridge interworking on an interface.
By default, bridge interworking is disabled on the interface.
Example # Enable bridge interworking on interface ATM2/0/1.
<Quidway> system-view
[Quidway] interface atm 2/0/1
[Quidway-Atm2/0/1] pvc 20/20
[Quidway-atm-pvc-Atm2/0/1-20/20-0] l2 bridge-interworking
8 VPN Commands Quidway MA5200GCommand Reference
8-124 Huawei Technologies Proprietary Issue 02 (2007-06-30)
8.7.11 map pvc
Syntax map pvc vpi vpi vci vci
undo map pvc
View PVC view
Parameter vpi: specifies the VPI value to be mapped of the remote CE. The value is an integer ranging from 0 to 255.
vci: specifies the VCI value to be mapped of the remote CE. The value is an integer ranging from 0 to 255.
Description Using the map pvc command, you can configure the mapping between the local PVC and the remote PVC.
Using the undo map pvc command, you can cancel the mapping.
VPI/VCI mapping is optional. If the VPI/VCI values of the CE devices on two ends are the same, VPI/VCI mapping is not required.
Example # Configure the mapping between the PVC with VPI/VCI values 20/20 and that with VPI/VCI values 10/10 on ATM2/0/1.
<Quidway> system-view
[Quidway] interface atm 2/0/1
[Quidway-Atm2/0/1] pvc 20/20
[Quidway-atm-pvc-Atm2/0/1-20/20-0] map pvc vpi 10 vci 10
8.7.12 mpls l2vc
Syntax mpls l2vc { ip-address | pw-template pw-template-name } * vc-id [ tunnel-policy policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking | ip-layer2 ] ] *
undo mpls l2vc
View Interface view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-125
Parameter ip-address: indicates LSR-ID of PW peer routers.
pw-template-name: specifies the name of a PW template. It is a character string in the range of 1 to 19.
vc-id: indicates L2VC ID. It is an integer in the range of 1 to 4294967295.
policy-name: indicates the policy name of the tunnel. It is a character string in the range of 1 to 19.
behavior-name: specifies the QoS behavior name. It is a character string in the range of 1 to 31.
control-word: enables Control Word.
no-control-word: disables Control Word.
raw: specifies the encapsulation type is without VLAN tag. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged.
tagged: specifies the VLAN tag VLAN tag is attached. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged.
ip-layer2: to connect the MA5200G to a third party's device, you need to choose ip-layer2.
ip-interworking: if the internetworking devices are all Huawei's, you need to choose ip-interworking.
Description Using the mpls l2vc command, you can create the dynamic VC connection on such CEs connected with different PEs.
Using the undo mpls l2vc command, you can delete the dynamic VC connection on CE interfaces.
By default, only the L2VPN with the encapsulation type of ATM supports Control Word. Other types of L2VPN can enable Control Word only after explicitly specified.
PEs on both ends of a PW need to create dynamic VC connection, and the destination address is the IP address of the peer PE.
You can set template attributes for a PW template, such as peer, tunnel policy, Control Word (CW) and Virtual Circuit Connection Verification (VCCV). In configuring LDP-PW, you can directly import this PW template instead of explicitly specifying PW attributes. Once PW template attributes are specified, they can be updated at any time. The updated attributes take effect through the use of the reset pw command.
If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1. If the tunnel policy name has been specified but no policy is set, it still uses the default tunnel policy.
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
8 VPN Commands Quidway MA5200GCommand Reference
8-126 Huawei Technologies Proprietary Issue 02 (2007-06-30)
If the PW attribute is specified in the mpls l2v command line, the PW attribute configured in the PW template is invalid.
For the related command, see display mpls l2vc.
Example # Configure explicit LDP-PW, whose LSR-ID of the peer router is 2.2.2.9 and L2VC ID is 100.
<Quidway> system-view
[Quidway] interface pos1/0/0
[Quidway1-Serial 1/0/0] mpls l2vc 2.2.2.9 100
# Configure LDP-PW through importing the PW template named pwt, whose L2VC ID is 101.
<Quidway> system-view
[Quidway] interface pos1/0/0
[Quidway1-Serial 1/0/0] mpls l2vc pw-template pwt 101
# Delete LDP-PW.
<Quidway> system-view
[Quidway] interface pos1/0/0
[Quidway1-Serial 1/0/0] undo mpls l2vc
8.7.13 mpls l2vpn
Syntax mpls l2vpn
undo mpls l2vpn
View System view
Parameter None
Description Using the mpls l2vpn command, you can enable L2VPN. You can configure other commands relate to L2VPN only after enabling L2VPN.
Using the undo mpls l2vpn command, you can disable L2VPN and delete the configuration of all L2VPNs.
Example # Enable L2VPN on the router named Quidway.
<Quidway> system-view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-127
[Quidway] mpls l2vpn
# Disable L2VPN on the router named Quidway.
<Quidway> system-view
[Quidway] undo mpls l2vpn
8.7.14 mpls l2vpn default martini
Syntax mpls l2vpn default martini
undo mpls l2vpn default martini
View System view
Parameter None
Description Using the mpls l2vpn default martini command, you can set signaling behavior of dynamic PW as withdraw mode, namely, Martini mode.
Using the undo mpls l2vpn default martini command, you can restore signaling behavior of dynamic PW as notification mode.
Withdraw mode supports neither notification mode nor adaptive behavior based on the remote information. If the remote PW does not support notification mode, it can adapt to withdraw mode.
Example # Set signaling behavior of dynamic-PW as withdraw mode.
<Quidway> system-view
[Quidway] mpls l2vpn default martini
# Restore signaling behavior of dynamic PW to notification mode.
<Quidway> system-view
[Quidway] undo mpls l2vpn default martini
8.7.15 mpls static-l2vc
Syntax mpls static-l2vc { destination ip-address | pw-template pw-template-name vc-id } * transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tnl-policy-name ] [ control-word | no-control-word ] [ raw | tagged | ip-interworking | ip-layer2 ]
8 VPN Commands Quidway MA5200GCommand Reference
8-128 Huawei Technologies Proprietary Issue 02 (2007-06-30)
undo mpls static-l2vc
View Interface view
Parameter ip-address: indicates LSR-ID of the peer routers.
pw-template-name: specifies the PW template name.
vc-id: specifies PW ID. It is an integer in the range of 1 to 4294967295.
transmit-label-value: indicates outbound label value. It is an integer in the range of 16 to 1023.
receive-label-value: indicates inbound label value. It is an integer in the range of 16 to 1023.
policy-name: specifies the tunnel policy name. It is a character string in the range of 1 to 19.
behavior-name: specifies the QoS behavior name for the L2VC. It is a string of 1 to 31 characters.
control-word: enables Control Word.
no-control-word: disables Control Word.
raw: specifies the VLAN tag is stripped. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged.
tagged: specifies the VLAN tag VLAN tag is attached. If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or tagged.
ip-interworking: enables static PW IP interworking.
Description Using the mpls static-l2vc command, you can create static VC connection on CEs connected with different PEs.
Using the undo mpls static-l2vc command, you can delete the static VC connection on CE interfaces.
You can set template attributes for a static PW template, such as peer, tunnel policy, Control Word (CW) and Virtual Circuit Connection Verification (VCCV). In configuring LDP-PW, you can directly import this static PW template instead of explicitly specifying PW attributes. After the static PW template attributes are specified, they can be updated at any time. The update takes effect when the reset pw command is run.
To set up a PW, you need to create a static VC connection between PEs at both ends of the PW. The destination address is the IP address of the peer PE. Transmission labels of the PE on one end acts as receiving labels of the PE on the other end.
If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1. If the tunnel policy name has been specified but no policy is set, it still uses the default tunnel policy.
By default, only the L2VPN with the encapsulation type of ATM supports control word. Other types of L2VPN can enable control word only after explicitly specified.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-129
An interface cannot function as the AC interface of L2VPN and the AC interface of L3VPN at the same time. When an interface is bound to an L2VPN, layer 3 features such as the IP address and routing protocols configured on the interface become invalid. If an interface is bound to an L2VPN and an L3VPN at the same time, only the L2VPN is usable. The L3VPN configuration becomes usable after the interface is unbound from the L2VPN.
For the related command, see display mpls static-l2vc.
Example # Configure static PW. Its peer LSR-ID is 1.1.1.1, label value for sending packets is 100, label value for receiving packets is also 100 and the tunnel policy is named policy1.
[Quidway1-Pos1/0/0] mpls static-l2vc destination 1.1.1.1 transmit-vpn-label 100
receive-vpn-label 100 tunnel-policy policy1
# Import the PW template to configure static PW. L2VC ID is 100, label value for sending packets is 100, and label value for receiving packets is also 100.
<Quidway> system-view
[Quidway] interface pos1/0/0
[Quidway1-Pos1/0/0] mpls static-l2vc pw-template pwt 100 transmit-vpn-label 100
receive-vpn-label 100
# Delete static PW.
<Quidway> system-view
[Quidway] interface pos1/0/0
[Quidway1-Pos1/0/0] undo mpls static-l2vc
8.7.16 mpls switch-l2vc
Syntax mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation encapsulation-type
mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]
mpls switch-l2vc ip-address vc-id between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ mtu mtu-value ] [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert cv lsp-ping ] ]
undo mpls switch-l2vc { ip-address vc-id encapsulation encapsulation-type | all }
View System view
Parameter ip-address: indicates LSR-ID of PW peer routers.
vc-id: indicates L2VC ID. It is an integer in the range of 1 to 4294967295.
8 VPN Commands Quidway MA5200GCommand Reference
8-130 Huawei Technologies Proprietary Issue 02 (2007-06-30)
trans-label: indicates the static label used for sending packets. It is an integer in the range of 16 to 1023.
rcv-label: indicates the static label used for receiving packets. It is an integer in the range of 16 to 1023.
encapsulation-type: indicates the encapsulation type of static PW, including atm-1to1-vcc, atm-1to1-vpc, atm-aal5-pdu, atm-aal5-sdu, atm-nto1-vcc, atm-nto1-vpc, atm-trans-cell, ethernet, hdlc, ip-interworking, raw, tagged, ip-layer2, ppp and vlan.
If the AC types of both end of the PW are Ethernet or VLAN, you can choose the parameter raw or
tagged. When configure dynamic and dynamic (or static) PW switching, to interwork with the third party's
device, you need to choose ip-layer2. If the interworking devices are all huawei's, you need to choose ip-interworking.
mtu mtu-value: specifies the value of MTU during the dynamic PW signaling negotiation. It is an integer in the range of 46 to 1500.
control-word: enables control word.
no-control-word: disables control word.
all: deletes all PW switching.
Description Using the mpls switch-l2vc ip-address vc-id command, you can configure PW switching on S-PE to carry out MH-PW.
PW switching consists of one dynamic PW switched with another dynamic PW, one static PW switched with another static PW, and a dynamic PW switched with a static PW.
Using the mpls switch-l2vc ip-address vc-id between ip-address vc-id encapsulation { encapsulation-type | ip interworking } command, you can configure dynamic PW and dynamic PW switching.
When configuring mixed PW switching, ip-address vc-id before between is of dynamic PW, while that after between is of static PW. Both cannot be interchanged.
Using the mpls switch-l2vc ip-address vc-id trans trans-label recv received-label between ip-address vc-id trans trans-label recv received-label encapsulation encapsulation-type [ control-word [ cc { alert | cw } * cv lsp-ping ] | [ no-control-word ] [ cc alert | cw cv lsp-ping ] ] command, you can configure static PW and static PW switching.
Using the mpls switch-l2vc ip-address vc-id between ip-address vc-id trans trans-label recv received-label encapsulation { encapsulation-type | ip-interworking } [ mtu mtu-value ] [ control-word | no-control-word ] command, you can configure mixed PWs switching.
Using the undo mpls switch-l2vc command, you can delete the PW switching.
To switch one dynamic PW with another dynamic PW is simpler. Remote labels are sent from two neighboring end ports, U-PE or S-PE, to this S-PE through signaling. Control Word (CW) is sent from two U-PEs to this S-PE through signaling.
To switch one static PW with another static PW needs configuring PW labels. CW is enabled through the command.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-131
To switch a dynamic PW with a static PW, PW labels should be configured on static PW side. For Fixed Network products, no interface mode comes into being, so you need to set MTU manually. Otherwise, signaling negotiation on the dynamic side will fail. CW is enabled through the command.
The two VC-IDs of two PWs to switch can be different.
If no tunnel policy name is specified, you can use the default tunnel policy, which defines that LSP is selected first and the number of load balancing is 1.
By default, only such L2VPN with the encapsulation type of ATM supports control word. Other types of L2VPN can enable control word only after explicitly specified.
For the related command, see display mpls switch-l2vc.
On the same node, combination of PW ID and PW type must be unique, but PW IDs of the two PWs to switch can be identical.
Example # Configure dynamic PW and dynamic PW switching.
<Quidway> system-view
[Quidway] mpls switch-l2vc 1.1.1.9 100 between 3.3.3.9 100 encapsulation vlan
# Configure static PW and static PW switching.
<Quidway> system-view
[Quidway] mpls switch-l2vc 1.1.1.9 100 trans 100 recv 100 between 3.3.3.9 100 trans 200
recv 200 encapsulation vlan
# Configure mixed PWs switching.
<Quidway> system-view
[Quidway] mpls switch-l2vc 1.1.1.9 100 between 3.3.3.9 100 trans 200 recv 200
encapsulation vlan mtu 1500
# Delete PW switching.
<Quidway> system-view
[Quidway] undo mpls switch-l2vc 1.1.1.9 100 encapsulation vlan
8.7.17 peer-address
Syntax peer-address ip-address
View PW template view
Parameter ip-address: indicates the IP address of remote PW.
8 VPN Commands Quidway MA5200GCommand Reference
8-132 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Description Using the peer-address command, you can assign the peer IP address for a PW template.
ip-address is consistent with mpls l2vc. The IP address can be updated in real time. The updated IP address takes effect after the reset pw command is run.
Example # Assign remote IP address for the PW template.
<Quidway> system-view
[Quidway] pw-template pwt1
[Quidway-pw-template-pwt1] peer-address 1.1.1.1
8.7.18 ping vc
Syntax ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-value | -v ] * control-word [ remote peer-pw-id ]
ping vc pw-type pw-id [ -c echo-number | -m time-value | -s data-bytes | -t timeout-value | -v ] * label-alert [ remote remote-ip-address ]
View All views
Parameter pw-type: specifies the type of the local PW. Types of local PWs supporting the ping vc command are atm-aal5-sud, atm-aal5, Ethernet, hdlc, ip-interworking, ppp, vlan.
pw-id: specifies the ID of the local PW. It is an integer in the range of 1–4,294,967,295.
-c echo-number: specifies the number of echo request packets. The echo-number parameter is an integer in the range of 1 to 4294967295.
-m time-value: specifies the time for waiting for the next packet to be sent. The time-value parameter is an integer in the range of 1 to 10000, in milliseconds.
-s data-bytes: specifies the number of bytes in the echo request packet. The data-bytes parameter is an integer in the range of 65 to 8100.
-t timeout-value: specifies the timeout time for sending echo request packets. The timeout-value is an integer in the range of 0 to 65535.
-v: displays the detailed output.
control-word: indicates that the ping packet is not sent to the upper layer by the switch node in multi-hop PW mode. When control word mode is used, you can ping only the end node. Before pinging a VC, enable the control word of the PW.
label-alert: indicates that the switch node forcibly sends the ping packet to the upper layer in multi-hop PW mode. When MPLS router alert mode is used, you can ping any switch node of the PW. Before using the MPLS router alert mode, configure Virtual Circuit Connectivity Verification (VCCV) on the PW template.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-133
remote: indicates the information on the remote PW. The information on the remote PW is encoded to the ping packet so that the packet can reach the related PW. By default, the information in the ping packet is the local PW information, which applies to the single-hop PW.
pw-type: specifies the type of the remote PW. By default, the remote PW type is the same as that of the local PW.
peer-pw-id: specifies the ID of the remote PW. By default, the ID of the remote PW is the same as that of the local PW. It is an integer in the range of 1 to 4294967295.
remote-ip-address: specifies the IP address of the remote PW. By default, the system finds the next hop address according to the local PW. For multi-hop PW, if control-word is selected, you must specify the IP address of the end node. If MPLS router alert mode is used, you can specify the IP address of a switch node or the end mode. The echo request packet is sent to the peer and then returned. The peer does not forwards the ping packet.
Description Using the ping vc command, you can check the state of a PW. When a PW is Up, you can locate the fault of the PW, for example, lost or incorrect forwarding entries.
To check the whole PW, select control-word. The label-alert key word can also used to check the whole PW, but the forwarding entries are the same as those in actual application only when control-word is selected.
Example # Check the connectivity of an Ethernet PW by using the ping vc command with the control-word key word on the U-PE.
<U-PE> ping vc ethernet 100 control-word remote 100
Reply: bytes=100 Sequence=1 time = 11 ms
Reply: bytes=100 Sequence=2 time = 4 ms
Reply: bytes=100 Sequence=3 time = 4 ms
Reply: bytes=100 Sequence=4 time = 4 ms
Reply: bytes=100 Sequence=5 time = 4 ms
--- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ethernet, ID = 100 ping statistics---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 4/5/11 ms
# Check the connectivity of a PPP PW by using the ping vc command with the label-alert key word on the U-PE.
<U-PE> ping vc ppp 100 -c 10 -m 10 -s 65 -t 100 -v label-alert remote 2.2.2.2
Reply: bytes=65 Sequence=1 time = 31 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=2 time = 15 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=3 time = 32 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=4 time = 15 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=5 time = 32 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=6 time = 15 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=7 time = 15 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=8 time = 16 ms Return Code 3, Subcode 1
Reply: bytes=65 Sequence=9 time = 15 ms Return Code 3, Subcode 1
8 VPN Commands Quidway MA5200GCommand Reference
8-134 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Reply: bytes=65 Sequence=10 time = 32 ms Return Code 3, Subcode 1
--- FEC: FEC 128 PSEUDOWIRE (NEW). Type = ppp, ID = 100 ping statistics
10 packet(s) transmitted
10 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/21/32 ms
8.7.19 pw-template
Syntax pw-template pw-template-name
undo pw-template pw-template-name
View System view
Parameter pw-template-name: specifies the PW template name. It is string of 1 to 19 characters, without space.
Description Using the pw-template command, you can create the PW template and enter the PW view.
Using the undo pw-template command, you can delete a created PW template. Note that when a PW template is being imported by PW, it cannot be deleted at that moment.
For the related command, see display pw-template.
Example # Create a PW template named pwt1.
<Quidway> system-view
[Quidway] pw-template pwt1
# Delete the PW template named pwt1.
<Quidway> system-view
[Quidway] undo pw-template pwt1
8.7.20 reset pw
Syntax reset pw { pw-id { pw-type | ip-interworking } | pw-template pw-template-name }
View User view
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-135
Parameter pw-id: indicates VC ID connected with L2VPN. It is an integer in the range of 1 to 4,294,967,295.
pw-type: indicates the encapsulation type of PW. The types of the PW encapsulation, which support reset pw command, include atm-aal5-sdu, atm-trans-cell, ethernet, hdlc, ip-interworking, ip-layer2, ppp, vlan, and ip-layer2.
ip-interworking: enables IP interworking.
pw-template: resets all PWs on the PW template.
pw-template-name: specifies the PW template name. It is a character string in the range of 1 to19.
Description Using the reset pw command, you can reset the PW template.
If a PW template has been set, resetting of the PW template will lead to resetting of all PWs which are using the PW template. If a PW uses a PW template, its attributes change along with the PW template.
Example # Reset PW through VC-ID and VC-TYPE.
<Quidway> reset pw 100 ppp
# Reset all PWs which are using the PW template named pwt1.
<Quidway> reset pw pw-template pwt1
8.7.21 snmp-agent trap enable l2vc
Syntax snmp-agent trap enable l2vc [ delete | statechange ]
undo snmp-agent trap enable l2vc [ delete | statechange ]
View System view
Parameter delete: sets the type of the trap packet for an L2VC to delete.
statechange: sets the type of the trap packet for an L2VC to statechange.
Description Using the snmp-agent trap enable command, you can allow the device to send trap packets and set the parameters of trap or notification.
8 VPN Commands Quidway MA5200GCommand Reference
8-136 Huawei Technologies Proprietary Issue 02 (2007-06-30)
Using the undo snmp-agent trap enable command, you can cancel the current settings.
By default, trap packet sending is disabled.
Types of trap packets that can be sent by the PWE3 are delete and statechange.
Example # Allow the device to send L2VC trap packets to 10.1.1.1/24. The trap packet type is delete; security mode is V2C; the community name is public.
<Quidway> system-view
[Quidway] snmp-agent trap enable l2vc delete
[Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
public v2c
# Allow the device to send L2VC trap packets of both types to 10.1.1.1/24. The security mode is V3, that is, the trap packets are authenticated but not encrypted. The community name is super.
<Quidway> system-view
[Quidway] snmp-agent trap enable l2vc
[Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname
super v3 authentication
8.7.22 tnl-policy
Syntax tnl-policy policy-name
undo tnl-policy
View PW template view
Parameter policy-name: specifies the tunnel policy name of PW. It is a string of 1 to 19 characters.
Description Using the tnl-policy command, you can configure the tunnel policy for the PW template.
Using the undo tnl-policy command, you can disable the PW template to use any tunnel policy.
By default, the PW template is not configured with the tunnel policy.
Example # Specify the tunnel policy for the PW template pwt as policy1.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] tnl-policy policy1
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-137
# Cancel the tunnel policy applied for pwt.
<Quidway> system-view
[Quidway] pw-template pwt
[Quidway-pw-template-pwt] undo tnl-policy
8.7.23 Transport
Syntax transport [ aal0 | aal5 ]
undo transport
View ATM sub-interface view.
Parameter None
Description Using the transport command, you can configure the mode of ATM sub-interface relay. The relay mode of an ATM sub-interface can be cell relay, frame relay, and IPoA forwarding (non-relay). You can use the transport aal0 and transport aal5 to configure cell relay and frame relay. If you do not configure the transport command, the ATM sub-interface works in IPoA forwarding mode.
Using the undo transport command, you can cancel the ATM sub-interface relay mode.
Based on encapsulation mode, ATM relay falls into cell relay and frame rely. Cell relay applies to all AAL types (represented by AAL0), and frame relay applies to AAL5.
When a P2MP sub-interface works in cell relay mode, the relay mode is N-to-1 cell relay.
When a P2P sub-interface works in cell relay mode, the relay mode is 1-to-1 cell relay.
When a P2P sub-interface works in frame relay mode, the relay mode is AAL5 SDU relay.
Example # Configure the relay mode of ATM 1/0/1.1 sub-interface to cell relay.
<Quidway> system-view
[Quidway] interface atm 1/0/1.1
[Quidway-atm1/0/1.1] transport aal0
8.7.24 vccv
Syntax vccv cc { alert | cw } * cv lsp-ping
undo vccv
8 VPN Commands Quidway MA5200GCommand Reference
8-138 Huawei Technologies Proprietary Issue 02 (2007-06-30)
View PW template view
Parameter alert: enables the MPLS router alert channel.
cw: enables the control word channel.
Description Using the vccv cc command, you can enable connectivity check for a VC.
Using the undo vccv comamnd, you can disable connectivity check for a VC.
VC connectivity can be checked manually or automatically. Automatic check falls into BFD and OAM. Manual check falls into LSP ping and trace route. Channels used for the check can be control word channel or MPLS router alert channel.
Dynamic and static PWs support the VCCV ping function.
Example # Enable pwt1 template to use the control word channel to check the VC connectivity.
<Quidway> system-view
[Quidway] pw-template pwt1
[Quidway-pw-template-pwt1] vccv cc cw cv lsp-ping
8.7.25 vpls-mac-limit
Syntax vpls-mac-limit action { discard | forward } | alarm { disable | enable } maximum max
undo vpls-mac-limit
View Interface view, VSI view
Parameter max: specifies the maximum number of MAC addresses. It is an integer in the range of 0–32768.
Description Using the vpls-mac-limit command, you can set the limit of MAC addresses for an interface or a VSI. When the number of MAC addresses exceeds the limit, you can configure system to perform the action (discard or forward) or generate an alarm.
Using the undo vpls-mac-limit command, you can cancel the setting of MAC address limit.
Quidway MA5200G Command Reference 8 VPN Commands
Issue 02 (2007-06-30) Huawei Technologies Proprietary 8-139
Example # Set the maximum number of MAC addresses on VSI1 to 200 and configure the system to generate an alarm if the number of MAC addresses exceeds the limit.
<Quidway> system-view
[Quidway] vsi vsi1
[Quidway-vsi-vsi1] vpls-mac-limit action forward alarm enable maximum 200