Checking packet statistics on S series switches

14

For S series fixed switches (except S1700 switches), if rate limiting has been configured in the inbound direction of an interface using the qos lr inbound cir cir-value [ cbs cbs-value ] command, you can run the display qos statistics interface interface-type interface-number inbound command to check packet statistics.
Note: For some S series fixed switches that do not support this command, you can capture packets on interfaces to check packet loss.
If a QoS CAR profile has been applied to a specified VLAN or the inbound direction of an interface on an S series modular switch, you can run the display qos car statistics interface interface-type interface-number inbound or display qos car statistics vlan vlan-id { broadcast-suppression | multicast-suppression | unicast-suppression } command to check statistics on forwarded and discarded packets.
If traffic shaping has been configured on an S series switch using the qos queue queue-index shaping cir cir-value pir pir-value [ cbs cbs-value pbs pbs-value ] command, you can run the display qos queue statistics interface interface-type interface-number [ queue queue-index ] command to check queue-based traffic statistics on an interface.
If rate limiting has been configured through MQC on an S series switch, you can run the display traffic policy statistics command to check packet statistics in the system, or on a specified card, interface, or VLAN to which a traffic policy has been applied.

Other related questions:
DHCP packet checksum check on S series switch
After the dhcp enable command is executed in the system view of S series switches, the switch checks the checksum of all passing DHCP packets as well as IP and UDP checksums.

Duplicate option check in DHCP packets on S series switch
As specified in RFC, duplicate Options are not recommended in a DHCP packet if the length of the Option field in the DHCP packet does not exceed 255 bytes. However, different vendors process the Option field differently. DHCP response packets sent from some servers may contain duplicate options, such as Option 3 and Option 51. In some versions, after DHCP is enabled using the dhcp enable command, the switch drops received DHCP packets with duplicate options. In V100R003 and earlier versions, the switch checks for duplicate options in DHCP packets by default. In V100R006 and later versions, the switch does not check for duplicate options in DHCP packets by default. You can run the dhcp anti-attack check duplicate option command in the system view to enable the switch to check for duplicate options in DHCP packets.

Types of packets checked by S series switches with IPSG enabled
For S series switches (except S1700 switches), IPSG takes effect only for IP packets (except DHCP packets) but not for packets of other types such as ARP or PPPoE. With IPSG enabled, an S series switch checks only IPv4 packets in versions earlier than V200R001 and checks all IPv4 and IPv6 packets in V200R001 and later versions.

ARP packet checking against the binding table on S series switches
On S series switches (except S1700 switches), run the arp anti-attack check user-bind enable command in an interface view or the VLAN view to enable ARP packet checking against the binding table. After the preceding configuration, the device checks whether the ARP packets passing through an interface or a VLAN match the binding table. Only the ARP packets match the binding table are forwarded. This function prevents ARP packets from unauthorized users from entering the external network through the switch and protects authorized users against interference or spoofing.

Traffic statistics collection on S series switch
On S series switches (except S1700 switches), the statistic enable command in the traffic behavior view can be used to enable traffic statistics collection in the traffic behavior. To view the statistics about packets matching a traffic policy, enable the traffic statistics collection function. After the traffic statistics collection function is enabled, you can run the display traffic policy statistics command to view packet statistics. For the example for configuring traffic statistics, see "Example for Configuring Traffic Statistics" in Typical QoS Configuration.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top