1.1 CLI Configuration Commands
Syntax
command-privilege level level view view command
undo command-privilege view view command
View
System view
Parameters
level
level: Command level to be set, in the range of 0
to 3.
view view: CLI view. It can be any CLI view that the Ethernet switch supports.
The S5600 series support only the CLI views listed in Table 1-1:
Table 1-1 Available CLI views for the view
argument
|
CLI view
|
Description
|
|
acl-adv
|
Advanced ACL view
|
|
acl-basic
|
Basic ACL view
|
|
acl-ethernetframe
|
Layer 2 ACL view
|
|
acl-user
|
User-defined ACL view
|
|
aux
|
Aux 1/0/0 port view, that is, console
port view
|
|
bgp
|
BGP view
|
|
bgp-af-mul
|
BGP IPv4 multicast address family view
|
|
cascade
|
Cascade interface view
|
|
cluster
|
Cluster view
|
|
detect-group
|
Detected group view
|
|
dhcp-pool
|
DHCP address pool view
|
|
ftp-client
|
FTP client view
|
|
gigabitethernet
|
GigabitEthernet port view
|
|
hwping
|
HWPing test group view
|
|
hwtacacs
|
HWTACACS view
|
|
isp
|
ISP domain view
|
|
loopback
|
Loopback interface view
|
|
luser
|
Local user view
|
|
manage-vlan
|
Management VLAN view
|
|
msdp
|
MSDP view
|
|
mst-region
|
MST region view
|
|
mtlk-group
|
Monitor link group view
|
|
null
|
NULL interface view
|
|
ospf
|
OSPF view
|
|
ospf-area
|
OSPF area view
|
|
peer-key-code
|
Public key editing view
|
|
peer-public-key
|
Public key view
|
|
pim
|
PIM view
|
|
poe-profile
|
PoE profile view
|
|
qinq
|
QinQ view
|
|
qos-profile
|
QoS profile view
|
|
radius-template
|
RADIUS scheme view
|
|
rip
|
RIP view
|
|
route-policy
|
Routing policy view
|
|
shell
|
User view
|
|
smlk-group
|
Smart link group view
|
|
system
|
System view
|
|
user-interface
|
User interface view
|
|
vlan
|
VLAN view
|
|
vlan-interface
|
VLAN interface view
|
command:
Command for which the level is to be set.
Description
Use the command-privilege
level command to set the level of a specified command in a specified view.
Use the undo command-privilege view
command to restore the default.
Commands fall into four levels: visit
(level 0), monitor (level 1), system (level 2), and manage (level 3). The
administrator can change the level of a command as required. For example, the
administrator can change a command from a higher level to a lower level so that
the lower level users can use the command.
The default levels of commands are
described in the following table:
Table 1-2
Default levels of commands
|
Level
|
Name
|
Command
|
|
0
|
Visit level
|
Commands used to diagnose network, such
as ping, tracert, and telnet commands.
|
|
1
|
Monitor level
|
Commands used to maintain the system and
diagnose service fault, such as debugging, terminal and reset
commands.
|
|
2
|
System level
|
All configuration commands except for
those at the manage level.
|
|
3
|
Manage level
|
Commands associated with the basic
operation modules and support modules of the system, such as file system,
FTP/TFTP/XMODEM downloading, user management, and level setting commands.
|
Examples
# Set the level of the system-view
command in user view (shell) to 0.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] command-privilege level 0
view shell system-view
Syntax
display history-command
View
Any view
Parameters
None
Description
Use the display history-command
command to display the history commands of the current user, so that the user
can check the configurations performed formerly.
History commands are those commands that
was successfully executed recently and saved in the history command buffer. You
can set the size of the buffer by the history-command max-size command.
When the history command buffer is full, the earlier commands will be
overwritten by the new ones.
By default, the CLI can save 10 history
commands for each user.
Related commands: history-command
max-size in login module.
Examples
# Display the history commands of the
current user.
<Sysname> display
history-command
system-view
quit
display history-command
Syntax
super [ level
]
View
User view
Parameters
level: User
level, in the range of 0 to 3.
Description
Use the super command to switch from
the current user level to a specified level.
Executing this command without the level
argument will switch the current user level to level 3 by default.
Note that:
l
Users logged into the switch fall into four user
levels, which correspond to the four command levels respectively. Users at a
specific level can only use the commands at the same level or lower levels.
l
You can switch between user levels after logging
into a switch successfully. The high-to-low user level switching is unlimited.
However, the low-to-high user level switching requires the corresponding
authentication. The authentication mode can be set through the super authentication-mode
command.
l
For security purpose, the password entered is
not displayed when you switch to another user level. You will remain at the
original user level if you have tried three times but failed to enter the
correct authentication information.
Related commands: super authentication-mode,
super password.
Examples
# Switch from the current user level to
user level 3, using super password authentication.
<Sysname> super 3
Password:
User privilege level is 3, and only
those commands can be used
whose level is equal or less than
this.
Privilege note: 0-VISIT, 1-MONITOR,
2-SYSTEM, 3-MANAGE
# Switch from the current user level to
level 3, using HWTACACS authentication.
<Sysname> super 3
Username: user@system
Password:
User privilege level is 3, and only
those commands can be used
whose level is equal or less than
this.
Privilege note: 0-VISIT, 1-MONITOR,
2-SYSTEM, 3-MANAGE
Syntax
super authentication-mode { super-password | scheme }*
undo super authentication-mode
View
User interface view
Parameters
super-password: Adopts super password authentication for low-to-high user level
switching.
scheme:
Adopts Huawei terminal access controller access control system (HWTACACS)
authentication for low-to-high user level switching.
Description
Use the super authentication-mode
command to specify the authentication mode used for low-to-high user level
switching.
Use the undo super authentication-mode
command to restore the default.
By default, super password authentication
is adopted for low-to-high user level switching.
Note that the two authentication modes are
available at the same time to provide authentication redundancy. When both the
two authentication modes are specified, the order to perform the two types of authentication
is determined by the order in which they are specified, as described below.
l
If the super authentication-mode
super-password scheme command is executed to specify the authentication
mode for user level switching, the super password authentication is preferred
and the HWTACACS authentication mode is the backup.
l
If the super authentication-mode scheme
super-password command is executed to specify the authentication mode for
low-to-high user level switching, the HWTACACS authentication is preferred and
the super password authentication mode is the backup.
l
When both the super password authentication and
the HWTACACS authentication are specified, the device adopts the preferred authentication
mode first. If the preferred authentication mode cannot be implemented (for
example, the super password is not configured or the HWTACACS authentication
server is unreachable), the backup authentication mode is adopted.
Examples
# Specify HWTACACS authentication as the preferred
authentication mode when a VTY 0 user switches from the current level to a
higher level, with the super password authentication as the backup authentication
mode.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] super
authentication-mode scheme super-password
Syntax
super password [ level level ] { cipher | simple }
password
undo super password [ level level ]
View
System view
Parameters
level
level: User level, in the range of 1 to 3. It is 3
by default.
cipher: Stores
the password in the configuration file in ciphered text.
simple: Stores
the password in the configuration file in plain text.
password:
Password to be set. If the simple keyword is used, you must provide a
plain-text password, that is, a string of 1 to 16 characters. If the cipher
keyword is used, you can provide a password in either of the two ways:
l
Input a plain-text password, that is, a string
of 1 to 16 characters, which will be automatically converted into a 24-character
cipher-text password.
l
Directly input a cipher-text password, that is,
a string of 1 to 24 characters, which must correspond to a plain-text password.
For example, The cipher-text password “_(TT8F]Y\5SQ=^Q`MAF4<1!!”
corresponds to the plain-text password 1234567.
Description
Use the super password command to
set a switching password for a specified user level, which will be used when
users switch from a lower user level to the specified user level.
Use the undo super password command
to restore the default configuration.
By default, no such password is set.
Note that, no matter whether a plain-text
or cipher-text password is set, users must enter the plain-text password during
authentication.
Examples
# Set the switching password for level 3 to
0123456789 in plain text.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] super password level 3
simple 0123456789
