< Home

display hrp configuration check

Function

The display hrp configuration check command displays the configurations of the two FWs for consistency.

Format

display hrp configuration check { all | acl | acl6 | address-set | audit-policy | auth-policy | bgp | hash | hrp | interface | license | nat-policy | ospf | security-policy | service-set | static-route | traffic-policy | zone }

Parameters

Parameter Description Value
all Displays the configuration consistency on both sides. -
acl Displays the configuration consistency of the IPv4 ACLs on both sides. -
acl6 Displays the configuration consistency of the IPv6 ACLs on both sides. -
address-set Displays the configuration consistency of the address set on both sides. -
audit-policy Displays the configuration consistency of the audit policy on both sides. -
auth-policy Displays the configuration consistency of the authentication policy on both sides. -
bgp Displays the configuration consistency of the BGP on both sides. -
hash Displays the configuration consistency of the hash mode and hash gene next startup on both sides. Only the USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter. -
hrp Displays the configuration consistency of the HRP on both sides. -
interface Displays the configuration consistency of the interface on both sides. -
license Displays the configuration consistency of the license on both sides. -
nat-policy Displays the configuration consistency of the nat policy on both sides. -
ospf Displays the configuration consistency of the OSPF on both sides. -
security-policy Displays the configuration consistency of the security policy on both sides. -
service-set Displays the configuration consistency of the service set on both sides. -
static-route Displays the configuration consistency of the static route on both sides. -
traffic-policy Displays the configuration consistency of the traffic policy on both sides. -
zone Displays the configuration consistency of the security zone on both sides. -

Views

All views

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After running the hrp configuration check command check the active and standby node configuration consistency, you can use the display hrp configuration check command to check the results of consistency check for HRP configurations on the active and standby devices.

Example

# Display the results of consistency check for HRP configurations on the active and standby FWs after the HRP function is started on the FW.

HRP_M<sysname> system-view
HRP_M[sysname] hrp configuration check hrp
HRP_M[sysname] display hrp configuration check hrp
 Module           State  Start-time          End-time            Result         
 hrp              finish 2018/02/08 14:21:56 2018/02/08 14:21:56 Same Configuration

# Display the results of consistency check for security policy configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check security-policy
HRP_M[sysname] display hrp configuration check security-policy
 Module           State  Start-time          End-time            Result 
 security-policy  finish 2018/01/31 16:06:46 2018/01/31 16:06:46 Different Configuration  
 
 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.
 Verbose Information:
  public:
   [01]Rule 0 "default" on the active device differs from "default" on the standby device.
   [02]Rule 1 "c" on the active device differs from "a" on the standby device. 
   [03]Rule 2 "d" on the active device differs from "b" on the standby device.  
   [04]Rule 3 "c" on the standby device is missing or misplaced on the active device. 
   [05]Rule 4 "d" on the standby device is missing or misplaced on the active device. 
  Vsys vsys1:
   [06]Rule 0 "default" on the active device differs from "default" on the standby device.
   [07]Rule 1 "abc" on the active device differs from "aaa" on the standby device.

# Display the results of consistency check for address set configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check address-set
HRP_M[sysname] display hrp configuration check address-set
 Module           State  Start-time          End-time            Result         
 address-set      finish 2018/01/30 20:45:00 2018/01/30 20:45:00 Different Configuration

 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.
 Verbose Information:        
  public:                     
   [01]The address set "c" on the active device is missing on the standby device.
   [02]The address set "a" on the standby device is missing on the active device.
   [03]The address set "d" is different.

# Display the results of consistency check for service set configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check service-set
HRP_M[sysname] display hrp configuration check service-set
 Module           State  Start-time          End-time            Result         
 service-set      finish 2018/01/28 20:45:00 2018/01/28 20:45:00 Different Configuration

 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.
 Verbose Information:        
  public:                     
   [01]The service set "c" on the active device is missing on the standby device.
   [02]The service set "a" on the standby device is missing on the active device.  
   [03]The service set "d" is different.

# Display the results of consistency check for IPv4 ACL configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check acl
HRP_M[sysname] display hrp configuration check acl
 Module           State  Start-time          End-time            Result         
 acl              finish 2018/09/21 23:40:35 2018/09/21 23:40:36 Different Configuration
     
 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.                            
 Verbose Information:                                                           
   [01]The IPv4 ACL 2100 on the standby device is missing on the active device.
   [02]The IPv4 ACL 2101 on the active device is missing on the standby device.
   [03]The IPv4 ACL 2102 is different.

# Display the results of consistency check for OSPF configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check ospf
HRP_M[sysname] display hrp configuration check ospf
 Module           State  Start-time          End-time            Result         
 ospf             finish 2018/01/30 20:45:00 2018/01/30 20:45:00 Different Configuration

 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.
 Verbose Information:        
   [01]OSPF 1 is missing on peer device.
   [02]OSPF 4 is missing on local device.
   [03]OSPF 6 on local device  differs from the one on peer device.

# Display the results of consistency check for security zone configurations on the active and standby FWs.

HRP_M[sysname] hrp configuration check zone
HRP_M[sysname] display hrp configuration check zone
 Module           State  Start-time          End-time            Result         
 zone             finish 2018/09/22 00:24:57 2018/09/22 00:24:57 Different Configuration
  
 Note: The system compares only the first 20 differences between the active and 
standby devices. Resolve the differences and check other differences again until
 the configurations on the two devices are the same.                            
 Verbose Information:                                                           
  public                                                                        
   [01]The configuration of zone "trust" with ID 1 on the active device is different from that on the standby device.
   [02]Zone "test1" with ID 4 on the active device does not exist.
Table 1 Description of the display hrp configuration check command output
Item Description
Module The module to be checked.
State The checking status:
  • If the checking ends normally, the status is finish.
  • If the checking times out, the status is timeout.
  • If the checking is canceled, the status is cancel.
  • If the checking is taking place, the status is init.
Start-time The start time of the checking.
End-time The end time of the checking.
Result
  • When the configurations on both sides are the same, the result is Same Configuration.
  • When the configurations on both sides are different, the result is Different Configuration.

Verbose Information

Configuration differences between the two FWs. The system can display a maximum of 20 differences for both the public system and all virtual systems. Differences are as follows:

  • Policy:
    • [difference-id]Rule configuration-sequence-number "rule-name1" on the active device differs from "rule-name2" on the standby device.

      The active and standby devices compare rule configuration sequence numbers one by one. The message indicates that rule configuration-sequence-number on the active device is different from that on the standby device. The rule names are rule-name1 (active device) and rule-name2 (standby device). If the names of rule-name1 and rule-name2 are different, the rule sequence on the active and standby devices may be different or the rules on one device may be missing. If the names of rule-name1 and rule-name2 are the same, the rule configurations are inconsistent.

    • [difference-id]Rule configuration-sequence-number "rule-name3" on the active device is missing or misplaced on the standby device.

      This message indicates that rule configuration-sequence-number named rule-name3 on the active device does not exist on the standby device. This indicates that the number of rules on the active device is different from that on the standby device. The number of rules on the active device is greater than that on the standby device. As a result, rule-name3 on the active device does not find the matching item on the standby device. To solve this problem, confirm that rule-name3 does not exist on the standby device or rule-name3 is mismatched because other rules are missing.

    • [difference-id]Rule configuration-sequence-number "rule-name4" on the standby device is missing or misplaced on the active device.

      This message indicates that rule configuration-sequence-number named rule-name4 on the standby device does not exist on the active device. This indicates that the number of rules on the active device is different from that on the standby device. The number of rules on the standby device is greater than that on the active device. As a result, rule-name4 on the standby device does not find the matching item on the active device. To solve this problem, confirm that rule-name4 does not exist on the active device or rule-name4 is mismatched because other rules are missing.

  • Address set
    • [difference-id]The address set "address-set-name1" is different.

      This message indicates that the configurations in the address set named address-set-name1 on the active and standby devices are different.

    • [difference-id]The address set "address-set-name2" on the active device is missing on the standby device.

      This message indicates that address set named address-set-name2 on the active device does not exist on the standby device.

    • [difference-id]The address set "address-set-name3" on the standby device is missing on the active device.

      This message indicates that address set named address-set-name3 on the standby device does not exist on the active device.

  • Service set
    • [difference-id]The service set "service-set-name1" is different.

      This message indicates that the configurations in the service set named service-set-name1 on the active and standby devices are different.

    • [difference-id]The service set "service-set-name2" on the active device is missing on the standby device.

      This message indicates that service set named service-set-name2 on the active device does not exist on the standby device.

    • [difference-id]The service set "service-set-name3" on the standby device is missing on the active device.

      This message indicates that service set named service-set-name3 on the standby device does not exist on the active device.

  • IPv4 ACL
    • [difference-id]The IPv4 ACL acl-number1 is different.

      This message indicates that the configurations in the IPv4 ACL acl-number1 on the active and standby devices are different.

    • [difference-id]The IPv4 ACL acl-number2 on the active device is missing on the standby device.

      This message indicates that IPv4 ACL acl-number2 on the active device does not exist on the standby device.

    • [difference-id]The IPv4 ACL acl-number3 on the standby device is missing on the active device.

      This message indicates that IPv4 ACL acl-number3 on the standby device does not exist on the active device.

  • IPv6 ACL
    • [difference-id]The IPv6 ACL ipv6-acl-number1 is different.

      This message indicates that the configurations in the IPv6 ACL ipv6-acl-number1 on the active and standby devices are different.

    • [difference-id]The IPv6 ACL ipv6-acl-number2 on the active device is missing on the standby device.

      This message indicates that IPv6 ACL ipv6-acl-number2 on the active device does not exist on the standby device.

    • [difference-id]The IPv6 ACL ipv6-acl-number3 on the standby device is missing on the active device.

      This message indicates that IPv6 ACL ipv6-acl-number3 on the standby device does not exist on the active device.

  • Interface
    • [difference-id]interface-name1: This interface does not exist on the local device.

      This message indicates that the interface-name1 on the peer device does not exist on the local device.

    • [difference-id]interface-name2: This interface does not exist on the peer device.

      This message indicates that the interface-name2 on the local device does not exist on the peer device.

    • [difference-id]interface-name3: The number of VRRP groups configured on the local interface is consistent with that on the peer interface.

      This message indicates that the number of VRRP groups configured on the same interfaces interface-name3 is consistent.

    • [difference-id]interface-name4: The number of IPv4 addresses configured on the local interface is consistent with that on the peer interface.

      This message indicates that the number of IPv4 addresses configured on the same interfaces interface-name4 is consistent.

    • [difference-id]interface-name5: The OSPF network type configuration on the local interface is consistent with that on the peer interface.

      This message indicates that the ospf network-type configuration on the same interfaces interface-name5 is consistent.

    • [difference-id]interface-name6: An IPSec policy is applied on one interface but not on the other interface.

      This message indicates that the IPSec policy configuration on the same interfaces interface-name6 is consistent. The system only check whether the IPSec policy is applied to the interfaces. The contents of the IPSec policy are not checked.

  • Security zone
    • [difference-id]The configuration of zone "zone-name1" with ID zone-id1 on the active device is different from that on the standby device.

      This message indicates that the configuration of the security zone zone-name1 with the zone ID zone-id1 on the active device is different from that on the standby device.

    • [difference-id]The configuration of zone "zone-name2" with ID zone-id2 on the standby device is different from that on the active device.

      This message indicates that the configuration of the security zone zone-name2 with the zone ID zone-id2 on the standby device is different from that on the active device.

    • [difference-id]Zone "zone-name3" with ID zone-id3 on the active device does not exist.

      This message indicates that the security zone zone-name3 with the zone ID zone-id3 does not exist on the active device.

    • [difference-id]Zone "zone-name4" with ID zone-id4 on the standby device does not exist.

      This message indicates that the security zone zone-name4 with the zone ID zone-id4 does not exist on the standby device.

  • OSPF
    • [difference-id]OSPF process-id1 is missing on peer device.

      This message indicates that OSPF process-id1 on the local device does not exist on the peer device.

    • [difference-id]OSPF process-id2 is missing on local device.

      This message indicates that OSPF process-id2 on the peer device does not exist on the local device.

    • [difference-id]OSPF process-id3 on local device differs from the one on peer device.

      This message indicates that the configurations in the OSPF process-id3 on the active and standby devices are different.

This part of information is displayed only when Result is Different Configuration.
Parent Topic: Hot Standby Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >