1.1.1 authentication super hwtacacs-scheme
Syntax
authentication super hwtacacs-scheme hwtacacs-scheme-name
undo authentication super
hwtacacs-scheme
View
ISP domain view
Parameter
hwtacacs-scheme-name: Name of the HWTACACS scheme configured on the router.
Description
Use the authentication super
hwtacacs-scheme command to configure super authentication scheme for a
domain.
Use the undo authentication super
command to delete super authentication scheme for a domain.
Example
# Configure the super authentication scheme
for system domain to sup.
<H3C> system-view
[H3C] domain system
[H3C-isp-system] authentication super
hwtacacs-scheme sup
Syntax
cchk enable
undo cchk enable
View
System view
Parameter
None
Description
Use the cchk enable command to enable
the running of CCHK (Config Change Check).
Use the undo cchk enable command to
disable the running of CCHK.
By default, the running of CCHK is enabled.
Example
# Disable the running of CCHK
[H3C] undo cchk enable
Syntax
clock datetime time date
View
User view
Parameter
time:
Current time in the format of HH:MM:SS, where HH is hours in the
range 0 to 23, MM is minutes in the range 0 to 59, and SS is
seconds in the range 0 to 59.
date:
Current date in the format of MM/DD/YYYY or YYYY/MM/DD. MM
is the month of the year in the range 1 to 12, DD is the day of the
month in the range 1 to 31, and YYYY is a year in the range 2000 to
2099.
Description
Use the clock datetime command to set
the current time and date of the router.
The current time and date of the router
must be set in an environment that requires the acquisition of absolute time.
You may choose not to provide seconds when
inputting the time parameters.
Related command: display clock.
Example
# Set the current system time to 00:00:00 01/01/2006.
<H3C> clock datetime 0:0:0 01/01/2006
Syntax
clock summer-time zone_name { one-off | repeating } start-time
start-date end-time end-date add-time
clock summer-time zone_name { one-off | repeating } start-time
start-year start-month sequence start-day end-year end-month sequence end-day
add-time
undo clock
summer-time
View
System view
Parameter
zone_name:
Name of the daylight saving time, a character string of 1 to 32 characters.
one-off:
Only sets the daylight saving time of some year.
repeating:
Sets the daylight saving time of every year starting from some year.
start-time:
In the format of HH:MM:SS (hours/minutes/seconds).
start-date:
In the format of MM/DD/YYYY (months/days/years), YYYY/MM/DD, or YYYY
MM week-of-month day-of-week, where YYYY ranges from 2000 to 2099.
start-year:
Start year, in the range 2000 to 2099.
start-month:
Start month, taking the value of January, February, March,
April, May, June, July, August, September,
October, November and December.
sequence: Sequence
number, taking the value of first, second,
third, fourth, fifth and last.
start-day: Start day, taking the value of Sunday, Monday, Tuesday, Wednesday,
Thursday, Friday and Saturday.
end-year: End
year, in the range 2000 to 2999. It must be bigger than start year.
end-month: End
month, taking the same value as start-month.
end-day: End
day, taking the same value as start-day.
end-time: In
the format of HH:MM:SS (hours/minutes/seconds).
end-date: In
the format of MM/DD/YYYY (months/days/years), YYYY/MM/DD, or YYYY
MM week-of-month day-of-week, where YYYY ranges from 2000 to 2099.
start-year:
Ranges from 2000 to 2099.
start-month:
It can be January, February, March, April, May, June, July, August, September,
October, November, or December.
sequence: It
can be first, second, third, fourth, fifth, or last.
start-day: It can be Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or
Saturday.
end-year: Ranges from 2000 to 2099, and must be greater than the value of
start year.
end-month: It can be January, February, March, April, May, June, July,
August, September, October, November, or December.
end-day: It can be Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or
Saturday.
add-time: The
daylight saving time, in the format of HH:MM:SS (hours/minutes/seconds).
Description
Use the clock summer-time command to
set the name, starting and ending time of the daylight saving time.
Use the undo clock summer-time
command to cancel the configuration of the daylight saving time.
After the configuration takes effect, you
can use the display clock command to view it. Besides, the time of the
log or debug information is the local time of which the time zone and daylight
saving time has been adjusted.
Related command: clock timezone.
Example
# For daylight saving time in z2 between 06:00:00
on 2002/06/08 and 06:00:00 on 2002/09/01, set the system clock ahead one hour.
[H3C] clock summer-time z2 one-off
06:00:00 06/08/2002 06:00:00 09/01/2002 01:00:00
# For daylight saving time in z2 between 06:00:00
on 06/08 and 06:00:00 on 09/01 every year since 2002, set the system clock
ahead one hour.
[H3C] clock summer-time z2 repeating 06:00:00
06/08/2002 06:00:00 09/01/2002 01:00:00
# Set the system clock ahead one hour for
daylight saving time starting at zero o’clock on Sunday of the first week
of January in 2002 and ended at zero o’clock on Sunday of the first week
of January in 2003.
[H3C] clock summer-time z2 repeating
00:00:00 2001 January first Sunday 07:00:00 2002 January first Sunday 1
# For daylight saving time in z2 between 01:00:00
on the last Sunday in March and 01:00:00 on the last Sunday in October every year
since 2006, set the system clock ahead one hour.
[H3C] clock summer-time z2 repeating
01:00:00 2006 March last Sunday 07:00:00 2006 October last Sunday 01:00:00
Syntax
clock timezone zone_name { add | minus } time
undo clock timezone
View
System view
Parameter
zone_name:
Time zone name, a string of 1 to 32 characters.
add: Positive
offset to universal time coordinated (UTC) time.
minus: Negative
offset to UTC time.
time: In the
format of HH/MM/SS (hours/minutes/seconds).
Description
Use the clock timezone command to
set the local time zone.
Use the undo clock timezone command
to restore the local time zone to the default UTC time zone.
After the configuration takes effect, you
can view it by executing the display clock command. The time applied to
the log and debug information is the local time with time zone and daylight
saving time adjustment.
Related command: clock summer-time.
Example
# Set the name of the local time zone to
Z5, five hours ahead of UTC time.
[H3C] clock timezone z5 add 05:00:00
Syntax
command record accounting exclude command-key
undo command record accounting exclude [command-key]
View
System view
Parameter
command-key:
String of 1 to 32 characters (spaces are allowed). Note that this argument is
case-sensitive.
Description
Use the command record accounting
exclude command to disable the commands with their command words containing
a specific string from being logged on the TACACS server.
Use the undo command record accounting
exclude command to restore the default.
By default, all the commands executed are
logged on the TACACS server.
l
All the commands are transformed to their original
forms for match. All the keywords and case-insensitive arguments in the
original forms are transformed into lower-case letters.
l
The spaces in commands are also matched by regular
expressions.
Example
# Disable the commands with their command
words containing the string display from being logged on the TACACS
server.
[H3C] command record accounting
exclude display
Syntax
command record accounting level level
undo command record accounting level
View
System view
Parameter
level: Command
level, in the range 0 to 3. The commands with their levels equal to or higher
than the command level are counted on the TACACS server after being executed.
Description
Use the command record accounting level command
to set a command level. The commands with their levels equal to or higher than
the command level are counted on the TACACS server after being executed.
Use the undo
command record accounting level to restore the default.
By default,
all the executed commands are counted on the TACACS server, meaning the command
level is 0.
Example
# Specify to count the commands that are of
level 2 (or higher) on the TACACS server after they are executed.
[H3C] command record accounting level
2
Syntax
command record log level level
undo command record log level
View
System view
Parameter
level: Level
of the commands to be logged, in the range 0 to 3.
Description
Use the command record log level
command to set a command level. The commands with their levels equal to or higher
than the command level are logged after being executed.
Use the undo command record log level
command to restore the default.
When this command is configured, only the
commands with their levels equal to or higher than the specified level can be
logged.
By default, all commands are logged,
meaning the command level is 0.
Example
# Set to log commands with a level higher
than 2.
[H3C] command record log level 2
Syntax
command-privilege level
level view view command-key
undo command-privilege view view command-key
View
System view
Parameter
level level: Command level ranging from 0 to
3.
view view: Specifies a view.
commandkey:
Command to be set in the specified view.
Description
Use the command-privilege command to
assign a command level to the commands in the specified view.
Use the undo command-privilege view
command to restore the default.
Command privilege falls into four levels:
visit, monitor, system, and manage, which are identified by 0 through 3.
For a user logs onto the router from a user
interface, the command level that the user can access can be the one
administratively assigned to the user or the one assigned to the user
interface, whichever is smaller. For more information on how to assign command
level to a user interface, refer to “Chapter 4 User Interface Configuration
Commands” in Comware V3 Command Manual – System
Management.
The following table describes the default
level of the commands.
Table 1-1 Default
level of the commands
|
Command level
|
Commands
|
|
Visit (0)
|
ping, tracert,
telnet
|
|
Monitor (1)
|
display, debugging
|
|
System (2)
|
Configuration commands
|
|
Manage (3)
|
Key settings, FTP, Xmodem, user
authentication mode and privilege level, TFTP, file system operation commands
|
Example
# Set the command level of the interface
command to 0.
[H3C] command-privilege level 0 view
system interface
1.1.10 console switch-to aux
Syntax
console switch-to aux
undo console switch-to
View
Console user interface view
Parameter
None
Description
Use the console switch-to aux
command to switch the Console port of the device to the Aux port.
Use the undo console switch-to
command to switch the Aux port to the Console port.
This function is
available only on the AR 18 series, in which AR 18-30E, AR 18-31E, AR 18-32E,
AR 18-35E, AR 18-21A, AR 18-21B and AR 18-1X series do not support the
function.
Example
# Switch the Console port of the device to
the Aux port.
<H3C> system-view
[H3C] user-interface console 0
[H3C-ui-console0] console switch-to
aux
Do you wish to save the configuration
to the device? [Y/N]
Syntax
cpu-usage cycle { 5sec | 1min | 5min | 72min } [ slave
| slot slot-num ]
View
System view
Parameter
5sec: Sets
the statistic interval to five seconds.
1min: Sets
the CPU usage statistic interval to one minute.
5min: Sets
the CPU usage statistic interval to five minutes.
72min: Sets
the CPU usage statistic interval to 72 minutes.
slave: Given
a dual-RPU/ERPU supported device, sets the usage statistic interval of the CPU
on the slave RPU/ERPU.
slot slot-num: Given a distributed device, sets the usage statistic interval of
the CPU on the interface board specified by its slot number.
Description
Use the cpu-usage cycle command to
set the CPU usage statistic interval.
Depending on the specified interval, the
statistical period displayed by executing the display cpu-usage history
command is different.
The default CPU usage statistic interval is
60 seconds.
Example
# Set the CPU usage statistic interval to
five seconds.
[H3C] cpu-usage
cycle 5Sec
Syntax
display clipboard
View
Any view
Parameter
None
Description
Use the display clipboard command to
view the contents of the clipboard.
Example
# Display the contents of the clipboard.
<H3C> display clipboard
-----------------clipboard
-----------------
ip route 10.1.0.0 255.0.0.0
eth 0
Syntax
display clock
View
Any view
Parameter
None
Description
Use the display clock command to
view the current system time and date.
If the displayed system time and date are
incorrect, use the clock datetime command to adjust them.
Example
# Display the current time and date.
<H3C> display clock
15:50:45 UTC Mon 02/12/2005
Syntax
display cpu-usage [ configuration | number [ offset ] [ verbose
] [ from-device ] ]
View
Any view
Parameter
configuration: Displays the configuration about CPU usage statistics, such as
whether CPU usage statistics is enabled, statistic interval, and CPU usage
alarm thresholds.
number:
Number of CPU usage statistics queries.
offset:
Offset of the starting entry to be displayed to the last statistic entry.
verbose:
Displays the detailed information.
from-device:
Displays information stored on an external storage device such as a Flash
memory or hard disk. (Not available yet.)
Description
Use the display cpu-usage command to
view statistics about CPU usage.
The function of both display cpu-usage
and display cpu-usage 1 0 verbose is to display detailed information on
the last CPU usage statistics.
Example
# Display detailed information on CPU usage
statistics.
[H3C] display cpu-usage
===== Current CPU usage info =====
CPU Usage Stat. Cycle: 1 (Second)
CPU Usage : 1%
CPU Usage Stat. Time
: 2006-01-15 15:51:48
CPU Usage Stat. Tick : 0x27(CPU Tick
High) 0x88cf18e4(CPU Tick Low)
Actual Stat. Cycle : 0x0(CPU Tick High)
0x2264cc2(CPU Tick Low)
TaskName CPU
Runtime(CPU Tick High/CPU Tick Low)
VIDL 99% 0/
222de39
TICK 0%
0/ 88d8
co0 0%
0/ 6e5
SRM
0% 0/ 1da
ROUT 0% 0/
1d6c
SOCK 0% 0/
3c65
VTYD 0% 0/
1074
IPSP 0% 0/
28b
TAC 0% 0/
15ac
SC 0% 0/
10de
RDS
0% 0/ e71
ACM 0%
0/ 180a
LSSO 0%
0/ 3a2
TRAP 0%
0/ 2d0
NTPT 0%
0/ 1082a
PIMT 0%
0/ 2f8
LSPM 0%
0/ 90c
L2V 0%
0/ 1066
IPS 0%
0/ 7575
SIP 0%
0/ 6b87
DHCP 0% 0/
33d
HOT 0%
0/ fca
DHCC 0%
0/ 414
Syntax
display cpu-usage history [ task task-id ] [ slave | slot slot-num
]
View
Any view
Parameter
task task-id: Specifies a task ID.
slave: Given a dual-RPU/ERPU supported device, sets the usage statistic
interval of the CPU on the slave RPU/ERPU.
slot slot-num: Given a distributed device,
sets the usage statistic interval of the CPU on the interface board specified
by its slot number.
Description
Use the display cpu-usage history
command to view in graphics the CPU usage statistic history of the entire
system, the specified task, or the interface board in the specified slot.
Example
# Display the CPU usage statistic history of
the entire system.
[H3C] display cpu-usage history
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|
15%|
10%|
5%|
------------------------------------------------------------
10 20
30 40 50 60 (minutes)
cpu-usage last
60 minutes(SYSTEM)
# Display the CPU usage statistic history
of task 6.
[H3C] display cpu-usage history task
6
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|
15%|
10%|
5%|
------------------------------------------------------------
10 20
30 40 50 60 (minutes)
cpu-usage last
60 minutes(T03M)
Syntax
display device manuinfo
View
Any view
Parameter
None
Description
Use the display device manuinfo
command to display the manufacturing information about the current device.
Example
# Display the manufacturing information
about the current device.
<H3C> display device manuinfo
DEVICE_NAME : AR28-30
DEVICE_SERIAL_NUMBER : 210231A1300047000005
MAC_ADDRESS : NULL
MANUFACTURING_DATE : 2006-04-13
VENDOR_NAME : H3C
Table 1-2
Description on the fields of the display device
manuinfo command
|
Field
|
Description
|
|
DEVICE_NAME
|
Name of the device
|
|
DEVICE_SERIAL_NUMBER
|
Serial number of the device
|
|
MAC_ADDRESS
|
MAC address of the device
|
|
MANUFACTURING_DATE
|
Manufacturing data of the device
|
|
VENDOR_NAME
|
Vendor name of the device
|
Syntax
display history-command
View
Any view
Parameter
None
Description
Use the display history-command
command to view the history commands.
The terminal automatically saves the
commands that are input and each ended with a carriage return.
Example
# Display history commands.
<H3C> display history-command
display interface
displayinterface e 1/0/0
interface e 1/0/0
1.1.18 display
log startup
Syntax
display log
startup
View
Any view
Parameter
None
Description
Use the display log startup command
to display the state of the configuration restoration log switch.
Example
# Display the state of the configuration
restoration log switch.
<H3C> log startup
<H3C> display log startup
Log startup switch is on.
<H3C> undo log startup
<H3C> display log startup
Log startup switch is off.
Syntax
display memory
View
Any view
Parameter
None
Description
Use the display memory command to
view information on system memory load.
Example
# Display information on the current system
memory load.
[H3C] display memory
System
Total Memory(bytes): 41918976
Total
Used Memory(bytes): 15949136
Used
Rate: 38%
Syntax
display version
View
Any view
Parameter
None
Description
Use the display version command to
view system version information.
By viewing system version information, you
can learn about the current software version, rack type and the information
related to the main control board and interface boards.
Example
# Display system version information of the
AR 18-31E.
<H3C> display version
H3C Comware Software
Comware software, Version 3.40,
Feature 0117
Copyright(c) 2004-2007 Hangzhou H3C
Technologies Co., Ltd. All rights reserved.
Without the owner's prior written
consent, no decompiling
nor reverse-engineering shall be
allowed.
H3C AR18-31E uptime is 1 week, 3 day,
4 hour, 32 minute
Last reboot 2006/12/31 12:00:00
CPU type: Mips 6348 256MHz
64M bytes SDRAM Memory
16M bytes Flash Memory
0K bytes NvRAM Memory
Pcb Version:3.0
Logic Version:1.0
BootROM Version:8.62
[SLOT 1] 4LS (Hardware)3.0,
(Driver)1.0, (Cpld)1.0
[SLOT 2] ADSL2P (Hardware)3.0,
(Driver)1.0, (Cpld)1.0
[SLOT 3] BRI (Hardware)3.0,
(Driver)1.0, (Cpld)1.0
Syntax
free unused porttag
View
System view
Parameter
None
Description
Use the free unused porttag command
to release the port tag resources used by removed interfaces for creating new
interfaces.
The port tag resources currently available
only support up to 65,535 interfaces. If all port tag resources are depleted,
no interface can be created any longer. To do that, use the free unused
porttag command to release the port tag resources assigned to the removed
interfaces first.
Example
# Release the port tag resources used by
removed interfaces.
[H3C] free unused porttag
Syntax
header [
incoming | login | motd | shell ] text
undo header {
incoming | login | motd | shell }
View
System view
Parameter
motd: Banner
displayed before the login interface.
incoming:
Banner displayed when a user logs onto a terminal user interface.
login: Login
banner at authentication.
shell:
Banner displayed for entering user view.
text: Banner message, with the first character being the start and
ending delimiters. After the ending delimiter is input, the system quits
automatically.
Description
Use the header command to create a
banner.
Use the undo header command to clear
a banner.
The motd banner is displayed when a user
just logs in from a user interface. If password or scheme authentication is
set, the banner is displayed before login authentication.
The login banner is displayed only when
login authentication is set to password or scheme. It is displayed after the
motd banner is displayed and before login authentication.
The shell banner is displayed after a user
session is established.
Two ways are available for inputting a
banner message:
1)
Input the message in one line. This allows 255
characters including the command keyword.
2)
Input the message in separate lines each ended
with a carriage return. This allows 1024 characters (including those invisible)
in addition to the command keyword.
If no keyword, incoming, login,
motd, or shell, is specified, the configured banner is taken as a
login banner by default. Therefore, if no text is provided after you input one
of these keywords, incoming, for example, it will be taken as the text for a
login banner rather than a keyword.
You may do the following to have the start
delimiter as part of the banner message or not:
l
To have the start delimiter excluded from the
banner message, input a carriage return immediately after it or make sure that
the start and ending delimiters are in the same line.
l
To have the start delimiter being part of the
banner message, make sure that the start and ending delimiters are in different
lines and the start delimiter is not immediately followed by a carriage return.
Example
# Configure banner information.
[H3C] header login %login text%
[H3C] header shell %shell text%
[H3C] header motd %motd text%
<H3C> quit
*********************************************************
* All rights reserved (2004-2006)
*
* Without the owner's prior
written consent, *
*no decompiling or
reverse-engineering shall be allowed.*
*********************************************************
User interface aux0 is available.
Please press ENTER.
motd text
login text
Login authentication
Username:admin
Password:
shell text
<H3C>
1.1.23 hotkey
Syntax
hotkey { CTRL_G
| CTRL_L | CTRL_O | CTRL_T | CTRL_U } command_text
undo hotkey {
CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }
View
System view
Parameter
CTRL_G:
Assigns the hot key <CTRL+G> to a command.
CTRL_L:
Assigns the hot key <CTRL+L> to a command.
CTRL_O:
Assigns the hot key <CTRL+O> to a command.
CTRL_T:
Assigns the hot key <CTRL+T> to a command.
CTRL_U:
Assigns the hot key <CTRL+U> to a command.
command_text:
The command line associated with the hot key.
Description
Use the hotkey command to assign a
hot key to a command line.
Use the undo
hotkey command to restore the default assignment scheme of the system:
<CTRL_G> to display current-configuration, <CTRL_L> to display
ip routing-table, <CTRL_O> to undo debugging all, and null to
other two hot keys.
You can customize this scheme however.
Example
# Assign the hot key < CTRL_T> to the
display tcp status command.
[H3C] hotkey ctrl_t display tcp
status
[H3C] display hotkey
----------------- HOTKEY
-----------------
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debug all
CTRL_T display tcp status
=Undefined hotkeys=
Hotkeys Command
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the
beginning of the current line.
CTRL_B Move the cursor one character
left.
CTRL_C Stop current command
function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of
the current line.
CTRL_F Move the cursor one character
right.
CTRL_H Erase the character left of
the cursor.
CTRL_K Kill outgoing connection.
CTRL_N Display the next command from
the history buffer.
CTRL_P Display the previous command
from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the
clipboard.
CTRL_W Delete the word left of the
cursor.
CTRL_X Delete all characters up to
the cursor.
CTRL_Y Delete all characters after
the cursor.
CTRL_Z Return to the user view.
CTRL_] Kill incoming connection or
redirect connection.
ESC_B Move the cursor one word
back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one
word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of
clipboard.
ESC_> Specify the end of
clipboard.
1.1.24 language-mode
Syntax
language-mode { chinese | english }
View
User view
Parameter
None
Description
Use the language-mode command to
toggle the display language of the command line interface (CLI) between English
and Chinese.
The default language is English.
Example
# Toggle the language from English to
Chinese.
<H3C> language-mode chinese
Change language mode, confirm? [Y/N]y
%Switch to Chinese mode.
Syntax
lock
View
User view
Parameter
None
Description
Use the lock command to lock the
illegitimate users out of the active user interface, which can be console, AUX,
or VTY.
After
entering the lock command, you are prompted to enter and confirm the
screensaver's password. If you enter the same password twice, the interface is
locked. To unlock and access the system after that, you must press
<Enter> first and enter the password you just set.
Example
# Log in through the console port and lock
the active user interface.
<H3C> lock
Password:
Again:
Syntax
log startup
undo log startup
View
User view
Parameter
None
Description
Use the log startup command to turn
on the configuration restoration log switch.
Use the undo log startup command to
turn off the configuration restoration log switch.
By default, the configuration restoration
log switch is turned on.
When the configuration restoration log
switch is turned on, the commands executed for the configuration file to be
recovered at startup are logged and the log information is output in the
following format:
%May 31 06:46:58:015 2005 5500G-EI
SHELL/5/CMD:- 1 -task:CFM ip:** user:** command:sysname 5500G-EI
As the log information may occupy a large
space, you are recommended to turn off the switch in normal cases.
Example
# Turn off the configuration restoration
log switch.
<H3C> undo log startup
Syntax
quit
View
Any view
Parameter
None
Description
Use the quit command to quit to a
lower-level view (if the current view is user view, you exit the system).
The views fall into three levels, in
ascending order:
l
User view (for user level 0)
l
System view (for user level 3)
l
Configuration view (such as routing protocol
view, interface view, and L2TP group view)
Related command: return.
Example
# Switch from Ethernet1/0/0 interface view
to system view, and then to user view.
[H3C-Ethernet1/0/0] quit
[H3C] quit
<H3C>
1.1.28 return
Syntax
return
View
Any view except for user view
Parameter
None
Description
Use the return command to return to
user view from any other view, as you would with the hot key <Ctrl+Z>.
Related
command: quit.
Example
# Return to user view from system view.
[H3C] return
<H3C>
Syntax
super [ level
]
View
User view
Parameter
level: User
level ranging from 0 to 3.
Description
Use the super command to switch from
current user level to a specified user level, or the command level that the
user can access.
If no level parameter is configured, switch
to the third level user by default.
There are four levels of commands:
l
Visit: involves commands for network diagnosis
(such as ping and tracert), commands for accessing an external
device (such as Telnet client, SSH client, RLOGIN). Saving the configuration
file is not allowed at this level.
l
Monitor: includes the display and debugging
commands for system maintenance, service fault diagnosis. Saving the
configuration file is not allowed at this level.
l
System: provides service configuration commands,
including routing and commands at each level of the network for providing
services.
l
Manage: influences the basic operation of the
system and the system support modules for service support. Commands at this
level involve file system, FTP, TFTP, Xmodem download and configuration file
switch, power control, standby board control, user management, level setting,
as well as parameter setting within a system (the last case involves those
non-protocol or non RFC provisioned commands).
Login users are also classified into four
levels that correspond to the four command levels. After users at different
levels log in, they can only use commands at their own, or lower, levels.
To fence off intrusion of illegitimate
users, users are required to provide the correct super password, if one has
been configured using the super password command, when they switch from
a lower level to a higher level. For privacy sake, the entered password is not
displayed on the screen. Users have three chances to provide the correct
password. Only after the correct password is entered can they switch to the
higher level. Otherwise, the original user level remains unchanged.
Related command: super password.
Example
<H3C> super 3
Password:
User privilege changes to 3 level,
just equal or less this level's
commands can be used.
Privilege note: 0-VISIT, 1-MONITOR,
2-SYSTEM, 3-MANAGE
Syntax
super authentication-mode { super-password | scheme }*
View
User interface view
Parameter
super-password: Adopts super-password authentication
scheme:
Adopts scheme configured by a user for authentication
Description
Use the super authentication-mode command
to configure authentication mode for the super command, which can be
configured to the following four modes:
l
super-password
l
scheme
l
super-password + scheme
l
scheme + super-password
By default, super-password authentication
is adopted.
Example
# Configure Console user to adopt scheme
authentication
<H3C> system-view
[H3C] user-interface console 0
[H3C-ui-con0] super authentication-mode
scheme
Syntax
super
password [ level user-level ]
{ { simple | cipher } password | sha-256 shapassword
}
undo super password [ level user-level ]
View
System view
Parameter
user-level:
User level in the range 1 to 3.
simple:
Plain text password, a string of 1 to 16 consecutive characters.
cipher
