1.1 CLI Configuration Commands
Syntax
command-privilege level level view view command
undo command-privilege view view command
View
System view
Parameter
level:
Command Level. This argument ranges from 0 to 3.
view:
Command view. This argument can be any command view the switch supports.
command:
Command to be specified.
Description
Use the command-privilege level
command to set the level of the specified command in a specified view.
Use the undo command-privilege view
command to restore the level of the specified command in the specified view to
the default.
Commands fall into four command levels:
visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3
respectively. The administrator can change the level of a command to enable
users of the specific level to utilize the command.
By default, the ping, tracert,
and telnet commands are at the visit level (level 0); the display
and debugging commands are at the monitor level (level 1); all configuration
commands are at the system level (level 2); and FTP/TFTP/XModem and file system
related commands are at the manage level (level 3).
Example
# Specify the interface command in
system view to be of level 0.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] command-privilege level 0 view
system interface
Syntax
display history-command
View
Any view
Parameter
None
Description
Use the display history-command
command to display history commands. All the history commands are saved in the
history command cache. When the history command cache is full, the old
information in it will be overlaid.
Related command: history-command
max-size.
Example
# Display history commands.
<H3C> display history-command
system-view
quit
display history-command
Syntax
super [ level
]
View
User view
Parameter
level: User
level. This argument ranges from 0 to 3 and defaults to 3. If you execute this
command with the level argument not provided, this command switches the
current user level to level 3.
Description
Use the super command to switch the
current user level to the one identified by the level argument. If a
password is previously set by using the super password [ level level
] { simple | cipher } password command, you need to
provide the password as well to switch to the higher user level. You will
remain in the original user level if you fail to provide the correct password.
Note that:
l
Users logging into a switch also fall into four
levels, each of which corresponds to one of the command levels. Users at a
specific level can only use the commands at the same level and the commands at
the lower levels.
l
You can specify an AUX user to provide a
password when he switches from a lower user level to a higher user level and
specify the password by using the super password [ level level
] { simple | cipher } password command. With a
password configured, an AUX user remains in the original user level if the
password provided is incorrect when the AUX user attempts to switch to a higher
user level. If the password is not configured, an AUX user can switch to a
higher user level directly.
l
A password is necessary for a VTY user to switch
to a higher user level. You can use the super password [ level level
] { simple | cipher } password command to set the
password. With the password not configured, a VTY user is prompted the message
reading “Password is not set” and remains in the previous level.
l
An AUX user or a VTY user can switch to a lower
user level directly regardless of the password.
Related command: super password.
Example
# Switch to user level 3.
<H3C> super 3
Password:
Syntax
super password [ level level ] { simple | cipher
} password
undo super password [ level level ]
View
System view
Parameter
level: User
level. This argument ranges from 1 to 3 and defaults to 3. If you execute this
command with the level argument not provided, this command sets the
password for switching to level 3.
simple:
Specifies to provide the password in plain text.
cipher:
Specifies to provide the password in encrypted text.
password:
Password to be set. If you specify the simple keyword, you can provide
this argument in plain text. If you specify the cipher keyword, you can
provide this argument in either encrypted text or plain text. In this case, a
password containing no more than 16 characters (such as 123) is regarded to be
in plain text and is converted to the corresponding 24-character encrypted form
(such as 7-CZB#/YX]KQ=^Q`MAF4<1!!) automatically. You can also provide a
24-character encrypted password directly (such as 7-CZB#/YX]KQ=^Q`MAF4<1!!).
In this case, you must know its corresponding plain-text password is 123.
Description
Use the super password command to
set the password for users to switch to a higher user level. To prevent
unauthorized accesses, you can use this command to require users to provide the
password when they switch to a higher user level. For security purposes, the
password a user enters when switching to a higher user level is not displayed.
A user will remain at the original user level if the user has tried three times
to enter the correct password but fails to do this.
Use the undo super password command
to cancel the configuration.
Note that no matter what form of the
password (plain text or encrypted text) is in, the password entered for
verification must be in plain text.
Example
# Set the password for switching from the
current user level to user level 3 to “zbr”.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] super password level 3 simple
zbr
