SupportResource CenterH3C VG 10-40[41] Voice GatewayCommand
Chapters Download(371 KB)
Table of Contents
Chapter 1 System Management Configuration Commands
1.1 System Management Configuration Commands
1.1.2 display current-configuration
1.1.4 display saved-configuration
1.1.9 reset saved-configuration
1.1.12 ftp-server bootrom-name
1.1.13 ftp-server bootromfull-name
1.2 FTP Configuration Commands
1.3 TFTP Configuration Commands
Chapter 2 User Management Configuration Commands
2.1 User Management Configuration Commands
2.1.1 aaa authentication-scheme login
2.1.4 login-method authentication-mode
Chapter 3 HTTP Server Configuration Commands
3.1 HTTP Server Configuration Commands
Chapter 4 SNMP Configuration Commands
4.1 SNMP Configuration Commands
4.1.2 display snmp-agent community
4.1.3 display snmp-agent group
4.1.4 display snmp-agent local-engineid
4.1.5 display snmp-agent mib-view
4.1.6 display snmp-agent statistics
4.1.7 display snmp-agent sys-info contact
4.1.8 display snmp-agent sys-info location
4.1.9 display snmp-agent usm-user
4.1.13 snmp-agent local-engineid
4.1.15 snmp-agent packet max-size
4.1.16 snmp-agent sys-info contact
4.1.17 snmp-agent sys-info location
4.1.18 snmp-agent sys-info version
4.1.22 snmp-agent trap queue-size
4.3 IAD Configuration Commands
Chapter 5 Display and Debugging Commands
5.2 Network Diagnostic Tool Commands
5.3 Information Center Commands
Syntax
delete
View
System view
Parameter
None
Description
Use the delete command to delete the configuration file saved in Flash memory.
Take caution in executing this command. You are recommended to execute it under the guidance of a technical support engineer.
This command is normally used in the following situations:
l When the VG software has been upgraded, the configuration file in Flash memory may not match the new version. You can delete the old configuration file with the delete command.
l An old VG is applied in a new environment, and the existing configuration file does not meet the requirements of the new environment. It is then necessary to reconfigure the VG after deleting the original configuration file.
When the VG is powered on and is initializing, if the system detects no configuration file in Flash memory, it will initialize the VG with the default parameters.
Related command: save, download config, display current-configuration, display saved-configuration.
Example
# Delete the VG configuration file in Flash memory.
[VG] delete
This will erase the configuration in the flash memory.
The VG configurations will be erased to reconfigure!
Are you sure? (Y/N)
Syntax
display current-configuration
display current-configuration global
display current-configuration interface type [ number ]
display current-configuration ip route
display current-configuration voice [ aaa | access-number | acct-method | cdr ]
View
Any view
Parameter
global: Displays the current system configurations of the VG.
interface type [ number ]: Displays all of the current interface configurations of the VG.
ip route: Displays the current IP route.
voice: Display all the H.323 voice configurations.
aaa: Display the AAA configurations.
access-number: Display the configuration of access-service number.
acct-method: Display the accounting configuration of AAA.
cdr: Display the rules for retaining call records.
Description
Use the display current-configuration command to view the currently valid configuration parameters of the VG.
When a set of configurations has been completed, it is necessary to check if they are correct. You can execute the display current-configuration command to check the currently valid parameters. The parameters which are already configured but are not yet valid will not be shown.
Some currently valid configuration parameters that are the same as the default running parameters will not be shown.
Related command: save, delete, download config, display saved-configuration.
Example
# Display the current configuration parameters of the interface ethernet0.
[VG] display current-configuration interface ethernet 0
Now create configuration...
Current configuration
!
interface Ethernet0
ip address 10.110.24.1 255.255.0.0
!
return
Syntax
display client
View
Any view
Parameter
None
Description
Use the display client command to display information of the Telnet users that are logging in to the system.
Example
# Display information of the Telnet users that are logging in to the system
[VG] display client
Client ID: IP Address :
25 192.168.192.100
26 192.168.192.50
Syntax
display saved-configuration
View
Any view
Parameter
None
Description
Use the display saved-configuration command to view the configuration file saved in Flash memory, that is, the configuration file to be used when the VG is rebooted next time.
Related command: save, delete, download config, display current-configuration.
Example
# Display the configuration file saved in Flash memory.
[VG] display saved-configuration
Syntax
download config
View
System view
Parameter
None
Description
Use the download config command to download the configuration file via the Console port of the VG.
You are recommended to use the command under the guidance of a technical support engineer, and the configuration file of the VG should be edited off-line by technical personnel or senior maintenance personnel.
While editing the configuration file, please note:
l The configuration file of the VG is composed of multiple commands.
l Pressing the Enter key or adding a line feed indicates the end of a command. Do not press <Enter> or add a new line sign in the middle of a command line.
l An explanatory line can be inserted between two command lines and it begins with “!”.
l The word “return” is used as the terminator to terminate the configuration file.
You can load the configuration file via the Send Binary File function of the terminal simulator. Before sending a configuration file to the VG, please make sure that:
l The download config command is executed, and the VG is waiting for loading. Now in the window of the terminal simulator, you can see that the VG regularly sends the C character to the terminal simulator.
l Xmodem/CRC is set as the binary transmission protocol for the terminal simulator.
l The correct configuration file transfer mode has been selected.
After having been loaded successfully, the configuration file cannot take effect until the VG is rebooted. If you have downloaded the wrong configuration file, the system will initialize via the default parameters after system rebooting. You can erase the wrong configuration file with the delete command or just reload the file.
Related command: save, delete, display current-configuration, display saved-configuration.
Example
# Download the configuration file.
[VG] download config
Do you really want download the config.ini?(Y/N)y
Change protocol to Xmodem then send the selected file.
Downloading...CCCC
After successful loading, the system will prompt:
Writing to FLASH, Please wait...
DOWNLOAD SUCCESSFULLY
Syntax
idle-timeout
undo idle-timeout
View
System view
Parameter
None
Description
Use the idle-timeout command to enable the scheduled breakdown with the terminal user.
Use the undo idle-timeout command to disable this function.
By default, the scheduled breakdown with the terminal user is enabled on the VG.
For the terminal users connecting to the Console port, the scheduled breakdown time is five minutes. You can use the undo idle-timeout command to disable the function for the users to be always online.
Example
# Disable the scheduled breakdown with the terminal users.
[VG] undo idle-timeout
Syntax
kill telnet { all | user-id id }
View
System view
Parameter
all: Forces disconnection of all the current Telnet from a VG
user-id id: Forces disconnection of Telnet of a specified user ID.
Description
Use the kill telnet command to force disconnection of Telnet.
In some cases, such as malicious access of a Telnet user, the administrator can use the kill telnet command to force disconnection of all the Telnet login users, or use the display client command to find out its user ID and force disconnection of its Telnet connection. This command should be used with care.
Related command: display client.
Example
# Force disconnection of all Telnet processes from a VG.
[VG] kill telnet all
Syntax
logout
View
System view
Parameter
None
Description
Use the logout command to make a user exit from its login connection.
Example
# Make a user exit from its current login connection.
[VG] logout
Username:
Syntax
reset saved-configuration
View
Any view
Parameter
None
Description
Use the reset saved-configuration command to erase the configuration files loaded to the device during its start.
To erase all configurations from a device, use the reset save-configuration command, and the system will prompt whether to erase information of the configuration files. After choosing Yes, use the reboot command to restart the device directly without saving the configuration.
Example
# Erase the configuration files loaded to the device during its start.
[VG] reset saved-configuration
This will erase the configuration in the flash memory.
The voice gateway configurations will be erased to reconfigure
Are you sure?(Y/N).
Syntax
save
View
Any view
Parameter
None
Description
Use the save command to save the current configuration file into Flash memory.
When a set of configurations has been completed and the intended functions have been implemented, the current configuration files should be saved into Flash memory.
Related command: delete, download config, display current-configuration, display saved-configuration.
Example
# Save the current system configurations into the configuration file in Flash memory.
[VG] save
Now writing the running config to flash memory.
Please wait for a while......
write the running config to flash memory successfully.
Syntax
telnet { ip-address | host-name } [ service-port ]
View
System view
Parameter
ip-address: IP address of the remote device, in the dotted decimal format.
host-name: Host name. This must be the host name of the IP address set by the ip host command.
service-port: TCP port number used by the remote device to provide Telnet service. It ranges from 1 to 65535, and the default is 23.
Description
Use the telnet command to log in to other devices from the current VG.
The telnet command makes it easy for the users to log in from a VG to another device for remote management.
To exit Telnet, execute the logout command on the Telnet Client end or key in Ctrl+ ].
Related command: display client, display tcp status, logout.
& Note:
By default, the authentication mode in AAA of a VG is enabled. If you want to log in to a VG by Telnet. it is necessary to disable the AAA authentication of this VG or configure a local user.
Example
# Log in from the local voice gateway VG1 to another one VG2 with IP address 192.168.80.30.
[VG1] telnet 192.168.80.30
Trying hostaddress...
Service port is 23
Connected to hostaddress
[VG2]
Syntax
ftp-server bootrom-name bootrom-name
View
System view
Parameter
None
Description
Use the ftp-server bootrom-name command to configure an extended segment filename of BootROM. By default, the extended segment filename of BootROM is “bootrom”.
The extended segment filename of BootROM is set to upload the extended segment file of BootROM. To upload the extended segment file of BootROM, its name must be the same as the extended segment filename of BootROM set in the VG.
Example
# Set the extended segment filename of BootROM as “bootapp”.
[VG] ftp-server bootrom-name bootapp
Syntax
ftp-server bootromfull-name bootromfull-name
View
System view
Parameter
None
Description
Use the ftp-server bootromfull-name command to configure a filename for the whole BootROM program. By default, the filename of the BootROM program is “bootromfull”.
The filename of the BootROM program is set to upload the BootROM program file. To upload the BootROM program file, its name must be the same as the BootROM program filename set in the VG.
Example
# Set the filename of the BootROM program as “bootfullapp”.
[VG] ftp-server bootromfull-name bootfullapp
Syntax
update slot slot-number ftpserver { host-name | ip-address } filename file-name [ port port-number | user user-name | password password ]
View
System view
Parameter
slot-number : Number of the slot where the update board locates.
host-name : Name of the FTP server where upgrade files are located. If you have not configured the server name before upgrading, use the sysname command to configure the voice gateway name as the FTP server name in system view first.
ip-address : IP address of the host where the update file locates.
file-name : Upgrade file name.
port-number : Number of the service port on the specified FTP server.
user-name : Name of the legal login user registering with the FTP server.
password: Password of the legal login user registering with the FTP server.
Description
Use the update command to upgrade online the board software.
The command is used to upgrade online some boards. You can only upgrade online some versions of boards. The command can upgrade online E1VI card. The name of online upgrade file is “*.BIN”.
Because of the different upgrade results, the system will display the different information as follows:
In the case of successful online upgrade, the following prompt information displays on the console:
End of programming successfull! Total 131072 bytes written.
In the case of online upgrade failure, the following prompt information periodically displays on the console:
Please enter the update request command for slot 1!
After you execute the display version command, the following information appears:
(Board name) Driver need to be updated
If the upgrade applications for other boards are used for the online upgrade, you will fail to upgrade the board, and the following prompt information displays on the console:
%Error: File ID error!
If the online upgrade file is damaged, you will fail to upgrade the board, and the following prompt information displays on the console:
%Error: File CRC error!
If the other user is executing the update command when you enter the command, you will fail to execute the command, and the following prompt information displays on the console:
The indicated board is at updating status.
Example
Upgrade the E1VI board in the slot 1 online. The IP address of FTP server is 169.254.1.1. The name of the online upgrade file for the board is E1VI.BIN. The user name and user password of the FTP host are abc and 123456 respectively.
[VG] sysname abc
[abc] update slot 1 ftpserver 169.254.1.1 filename e1vi.bin user abc password 123456
Syntax
debugging ftp-server
undo debugging ftp-server
View
Any view
Parameter
None
Description
Use the debugging ftp-server command to enable FTP server debugging.
Use the undo debugging ftp-server command to disable FTP server debugging.
Example
Enable the FTP server debugging, and download a system application from a VG using the FTP client.
[VG] debugging ftp-server
[VG] FTP : Create Ftp client Task success
FTP : Ftp client task is start
FTP : USER
FTP : USER lijian
FTP : PASS
FTP : PORT
FTP : RETR
Syntax
display ftp-server
View
Any view
Parameter
None
Description
Use the display ftp-server command to view the parameters of the current FTP server.
After setting the FTP server parameters, you can use the command to view the configuration parameters.
Example
# Display the FTP server parameters you have configured.
[VG] display ftp-server
Ftp Server has been Running
config file config
system file system
3rd part bootrom file bootrom
full bootrom file bootromfull
time out 60
The above information shows that the FTP server is successfully started, the configuration filename is “config”, the program filename is “system”, and the FTP user’s access time limit is 60 seconds.
Syntax
ftp-server enable
undo ftp-server enable
View
System view
Parameter
None
Description
Use the ftp-server enable command to enable the FTP server.
Use the undo ftp-server enable command to disable the FTP server.
By default, FTP server is disabled.
This command can be used to safeguard the VG against attacks from any illegal user.
Example
# Disable the FTP server.
[VG] undo ftp-server enable
Syntax
ftp-server timeout seconds
View
System view
Parameter
seconds: Timeout value in seconds, in range of 0 ~ 4294967295 seconds. The default value is 600 seconds.
Description
Use the ftp-server timeout command to configure the connection timeout value.
When you log into the FTP server, a connection is set up. If the connection is terminated abnormally or you disconnect it abnormally, the FTP server will not be able to know this, so it will still maintain the connection. Therefore the connection timeout is set to avoid such a case. If no information exchange occurs in a certain period of time, the FTP server will regard the connection has failed, and will then clear the connection.
Example
# Set the connection timeout to 500 seconds.
[VG] ftp-server timeout 500
Syntax
ftp-server update { fast | normal }
View
System view
Parameter
fast: Fast update mode.
normal: Normal update mode.
Description
Use the ftp-server update command to set the FTP update mode.
By default, FTP Server adopts fast update mode.
When logging onto the FTP Server from a PC, you can use the put command to upload the file. FTP Server adopts two update modes: fast update mode and normal update mode.
l Fast update mode: In this mode, after the FTP Server has received the files uploaded, it will write the files into Flash memory. Even when the system is powered off during the transmission of the file, the existing file in the VG will not be destroyed.
l Normal update mode: In this mode, the FTP Server writes the files uploaded into Flash memory as it receives the files. The existing files in the VG may be destroyed due to system power-down. Compared with fast update mode, the system demands less memory space in the VG in the normal update mode.
Example
# Set FTP Server in normal update mode.
[VG] ftp-server update normal
Syntax
kill ftp
View
System view
Parameter
None
Description
Use the kill ftp command to disconnect the FTP server.
In some cases, for example FTP users’ malicious intrusion, the administrator logging in from the Console port can use the kill ftp command to disconnect the link between the FTP user and the VG. Take caution in executing this command.
Example
# Disconnect all the links between the FTP users and the VG.
[VG] kill ftp
Syntax
copy { ip-addr | host-name } file-name { system | config }
View
System view
Parameter
ip-addr: IP address of TFTP server.
host-name: TFTP server name. The name must be the host name of the IP address set by the ip host command.
file-name: File name, a maximum of 63 characters in length.
system: File type, indicating that the uploaded file is a system file.
config: File type, indicating that the uploaded file is a configuration file.
Description
Use the copy command to upload a configuration file or system file on the local VG to a TFTP server, and name it as file-name.
Caution:
When you use the command to back up the main program software or configuration file, the VG possibly cannot establish new calls and the conversation quality is also affected due to the high system load. Take caution in using the command.
Related command: get.
Example
# Upload the configuration file of the local VG to the TFTP server with IP address 10.110.1.1, and name the file as config.txt.
[VG] copy 10.110.1.1 config.txt config
start uploading config file...
........
2465 bytes copied in 0.749 seconds.
end uploading config file.
If the upload operation is successful, the output information will display the uploaded bytes and duration. If failed, the error code (errno) will be displayed. The meaning of each errno is explained in the following table:
Table 1-1 Meaning of errno sequence number
|
Error code |
Description |
|
0x01 |
Inadequate memory |
|
0x02 |
Failed to create a request packet |
|
0x03 |
Failed to create a socket |
|
0x04 |
Failed to bind the socket |
|
0x05 |
Invalid transmission mode |
|
0x06 |
Fail to transmit the file |
|
0x07 |
Unable to transmit data to the server. |
|
0x0b |
Failed to receive data |
|
0x0c |
Failed to read the file |
|
0x0d |
Failed to resolve the host name |
|
0x0e |
Failed to open the local file |
|
0x0f |
Invalid parameter |
|
0x10 |
Received error packets |
|
0x11 |
Failed to synchronize |
|
0x12 |
Failed to write the configuration file |
|
0x13 |
Failed to read the configuration file |
|
0x14 |
Multiple users write the configuration file concurrently |
|
0x15 |
Failed to allocate the memory |
|
0x16 |
The file was too long |
|
0x18 |
Failed to write the file |
|
0x19 |
Error occurred when writing the system file. |
|
0x1a |
Error occurred when reading the system file. |
|
0x1b |
Succeeded to read the system file but selected not to write the file. |
Syntax
get { ip-addr | host-name } file-name { system | config }
View
System view
Parameter
ip-addr: IP address of TFTP server, in the dotted decimal format X.X.X.X.
host-name: TFTP server name. The name must be the host name of the IP address set by the ip host command.
file-name: File name, a maximum of 63 characters in length.
system: File type, indicating that the downloaded file is a system file.
config: File type, indicating that the downloaded file is a configuration file.
Description
Use the get command to download the configuration file or system file named as file-name from a TFTP server into Flash memory of the local VG.
The system file is saved in the Flash memory of the VG.
Caution:
When you use the command to back up the main program software or configuration file, the VG possibly cannot establish new calls and the conversation quality is also affected due to the high system load. Take caution in using the command.
Related command: copy.
Example
# Download the configuration file from the TFTP server with the IP address 10.110.1.1 into Flash memory of the local VG.
[VG] get 10.110.1.1 sys.cfg config
start downloading config file...
written: 3131 bytes
l end downloading config file.
Refer to Table 1-1 for the meaning of each errno.
Syntax
aaa authentication-scheme login { default | scheme-name } { method [ method ] ... }
undo aaa authentication-scheme login { default | scheme-name }
View
System view
Parameter
default: Default login authentication scheme list is selected
scheme-name: Name string (excluding space bar) of login authentication scheme list, in range of 1 to 20 characters.
method: Specifies 1 to 2 schemes in the login authentication list. If local or none is selected, no other parameter is allowed.
Table 2-1 Login authentication scheme
|
Keyword |
Description |
|
local |
Local username database is used in authentication. |
|
none |
All users will log in successfully without authentication. |
|
radius |
RADIUS server is used in authentication. |
Description
Use the aaa authentication-scheme login command to create a login authentication scheme list.
Use the undo aaa authentication-scheme login command to delete a specified login authentication scheme list.
By default, using the default list is equivalent to using the aaa authentication-scheme login default local command.
With the aaa authentication-scheme login command, you can create a login authentication scheme list, which will be used after you execute the login-method authentication-mode command. If you do not specify any authentication scheme list for a login type, the default list will be used.
Up to 9 scheme list including the default one can be configured for the login authentication.
If you specify none as the last authentication scheme, it is applied if the other authentication schemes fail to function.
If you configure the login authentication schemes more than the permitted number, the system prompts you:
Warning: reach the max limited of aaa authentication scheme list.
When you delete a nonexistent login authentication scheme list, the system prompts the following information:
Warning: no such authentication scheme list .
Related command: login-method authentication-mode.
Example
# Create a login authentication scheme list to allow all user log in the system without authentication.
[VG] aaa authentication-scheme login test none
Syntax
aaa-enable
undo aaa-enable
View
System view
Parameter
None
Description
Use the aaa-enable command to enable AAA function.
Use the undo aaa-enable command to disable AAA function.
By default, AAA function is disabled.
Only after AAA function is enabled can you proceed with AAA configuration.
Related command: aaa accounting-scheme, authentication-scheme and authorization-scheme.
Example
# Enable AAA function.
[VG] aaa-enable
Syntax
local-user username service-type { administrator | guest | operator | ftp }
undo local-user user
View
System view
Parameter
username: Authorized username, in the range of 1 to 32 characters. Up to 15 users can be configured.
administrator: Authorize a user as an administrator.
guest: Authorize a user as a guest.
operator: Authorize a user as an operator.
ftp: FTP is available to authorized users.
Description
Use the local-user service-type command to configure the type of the user authentication and authorization.
Use the undo local-user service-type command to cancel the type of the authentication and authorization.
By default, guest authorization is used.
The commands can be used together with the local-user password command.
When a single type of service is authorized in the operation, configure after service-type one parameter from administrator, guest, operator and ftp. But configuring multiple service types requires two or more parameters. When using the command to a user repeatedly, new service will overwrite the old one.
Example
# Authorize the administrator (username “h3c” and password “h3c”) to log into the VG.
[VG] local-user h3c password cipher h3c service-type exec-administrator
Syntax
login-method authentication-mode login-type { default | scheme-name }
undo login-method authentication-mode login-type
View
System view
Parameter
default: Default authentication scheme list is selected.
scheme-name: Specified authentication scheme list, which is defined with the aaa authentication-scheme login command.
login-type: One of the login modes available.
|
Keyword |
Description |
|
con |
Log into the system from Console port. |
|
telnet |
Log into the system using Telnet. |
|
ftp |
Log into the system using FTP. |
|
http |
Log into the system using HTTP. |
Description
Use the login-method authentication-mode command to specify a login authentication scheme list.
Use the undo login-method authentication-mode command to reset authentication scheme list to the default one.
By default, the default authentication scheme list is used.
This command is used to specify a login authentication scheme list. If nothing is assigned, the default one will be selected in authentication. The command undo login-method authentication-mode is equivalent to the login-method authentication-mode login-type default command in effect.
The authentication scheme list should be defined with the aaa authentication-scheme login command before executing this command. Otherwise, the system will prompt the following information, and the user configuration will not be saved.
Warning: the list is not configured for login authentication.
Related command: aaa authentication-scheme login.
Example
# Specify authentication scheme list “test” in Telnet login mode.
[VG] login-method authentication-mode telnet test
Syntax
debugging web { error | info | memory | warning }
undo debugging web { error | info | memory | warning }
View
Any view
Parameter
error: Enable WEB error debugging.
info: Enable WEB information debugging.
memory: Enable WEB memory debugging.
warning: Enable WEB warning debugging.
Description
Use the debugging web command to enable Web debugging.
Use the undo debugging web command to disable Web debugging.
Example
# Enable Web memory debugging.
[VG] debugging web memory
10:54:26 mem: WEB_String_Malloc: address 31364104, count=1
10:54:26 mem: WEB_String_Malloc: address 31355860, count=2
10:54:26 mem: WEB_String_Malloc: address 22337540, count=3
10:54:26 mem: WEB_String_Malloc: address 22339412, count=4
10:54:26 mem: WEB_String_Malloc: address 22338452, count=5
10:54:26 mem: WEB_String_Malloc: address 22338068, count=6
10:54:26 mem: WEB_String_Malloc: address 22340084, count=7
10:54:26 mem: WEB_String_Malloc: address 22340228, count=8
10:54:26 mem: WEB_String_Malloc: address 22337588, count=9
10:54:26 mem: WEB_String_Malloc: address 22337396, count=10
Syntax
http-server disable
View
System view
Parameter
None
Description
Use the http-server disable command to disable HTTP server function.
By default, the system enables HTTP server function.
Example
# Disable HTTP server function.
[VG] http-server disable
Syntax
http-server enable
View
System view
Parameter
None
Description
Use the http-server enable command to enable HTTP server function.
By default, the system enables HTTP server function.
Example
# Enable HTTP server function.
[VG] http-server enable
Syntax
http-server language { chinese | english }
undo http-server language
View
System view
Parameter
chinese: Configure Chinese as the default language for the web login page.
english: Configure English as the default language for the web login page.
Description
Use the http-server language command to configure the default language for the web login page.
Use the undo http-server language command to restore the default language for the web login page.
The factory language for the web login page is english.
Example
# Configure english as the default language for the web login page.
[VG] http-server language english
Syntax
http-server port number
undo http-server port
View
System view
Parameter
number: Port number of the HTTP server, which can be set as 80 or in the range of 5000 to 50000. By default, it is 80.
Description
Use the http-server port command to configure the port number of the HTTP server.
Use the undo http-server port command to restore the default port number of the HTTP server.
Example
# Configure the port number of the HTTP server as 6000.
[VG] http-server port 6000
Syntax
http-server sleeptime { busy | idle } time
undo http-server sleeptime { busy | idle }
View
System view
Parameter
busy time: Sleeptime for the HTTP server in the case of connection, in the range of 3 to 200 (seconds). By default, it is 5 seconds.
Idle time: Sleeptime for the HTTP server in the case of disconnection, in the range of 3 to 1,000 (seconds). By default, it is 80 seconds.
Description
Use the http-server sleeptime command to configure sleeptime for the HTTP server.
Use the undo http-server sleeptime command to restore the default sleeptime for the HTTP server.
Example
# Configure sleeptime for the HTTP server as 50 seconds in the case of connection.
[VG] http-server sleeptime busy 50
Syntax
http-server timeout { authen | recv | send } time
undo http-server timeout { authen | recv | send }
View
System view
Parameter
authen time: Configure authentication timeout time for the HTTP server, in the range of 5 to 5,000 (seconds). By default, it is 30 seconds.
recv time: Configure receiving timeout time for the HTTP server, in the range of 5 to 5,000 (seconds). By default, it is 30 seconds.
send time: Configure sending timeout time for the HTTP server, in the range of 5 to 5,000 (seconds). By default, it is 30 seconds.
Description
Use the http-server timeout command to configure timeout time for the HTTP server.
Use the undo http-server timeout command to restore the default timeout time for the HTTP server.
Example
# Configure authentication timeout time for the HTTP server as 60 seconds.
[VG] http-server timeout authen 60
Syntax
debugging snmp-agent { headers | packets | process | trap | all }
undo debugging snmp-agent { headers | packets | process | trap | all }
View
Any view
Parameter
headers: Displays the headers of received simple network management protocol (SNMP) messages
packets: Displays the contents of SNMP messages received/sent.
process: Displays debugging information in agent operations.
trap: Displays information on the agent when it sends traps.
all: Displays all SNMP information.
Description
Use the debugging snmp-agent command to enable debugging for transceived SNMP messages and their processing process on the agent. Using the undo debugging snmp command, you can disable the debugging.
Example
# Enable debugging for transceived SNMP messages.
[VG] debugging snmp-agent packets
Syntax
display snmp-agent community
View
Any view
Parameter
None
Description
Use the display snmp-agent community command to view information on the communities that have been configured.
Related command: snmp-agent community.
Example
# Display information on the names of the communities that have been configured.
[VG] display snmp-agent community
Community name:public
Access Attribute:read
Group name: public
Storage-type: nonVolatile
Access-list:2000
Table 4-1 Description on the fields of the display snmp-agent community command
|
Field |
Description |
|
community name |
Community name |
|
Access Attribute |
Access attribute |
|
Group name |
Group name |
|
storage-type |
Storage method |
|
Access-list |
Access control list |
& Note:
There are five storage methods: other, volatile, nonVolatile, permanent and read-only.
Syntax
display snmp-agent group [ name ]
View
Any view
Parameter
name: Group name.
Description
Use the display snmp-agent group command to view the group name, security model, statuses of various views, and the type of storage.
Related command: snmp-agent group.
Example
# Display the SNMP group name and security model.
[VG] display snmp-agent group
Group name: usergroup
Security model: v3 authentication
Readview: ViewDefault
Writeview: <none>
Notifyview: <none>
Storage-type: nonVolatile
& Note:
There are five storage methods: other, volatile, nonVolatile, permanent and read-only.
Syntax
display snmp-agent local-engineid
View
Any view
Parameter
None
Description
Use the display snmp-agent local-engineid command to view the engineID of the current equipment.
SNMP engine is the core of the SNMP entity. It transceives and authenticates SNMP messages, extracts PDU, reassembles messages, and communicates with the SNMP applications.
Related commands: snmp-agent local-engineid.
Example
# Display the engineID of the current equipment
[VG] display snmp-agent local-engineid
SNMP local-engineID: 800007DB0300E0FC048153
SNMP Local-engineID indicates local SNMP engineID.
Syntax
display snmp-agent mib-view
View
Any view
Parameter
None
Description
Use the display snmp-agent mib-view command to view information about the MIB views that have been configured.
Related command: snmp-agent mib-view.
Example
# Display the MIB views that have been configured.
View name:ViewDefault
MIB Subtree:internet
Storage-type: nonVolatile -included
UserStatus:active
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Storage-type: nonVolatile -excluded
UserStatus:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Storage-type: nonVolatile -excluded
UserStatus:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Storage-type: nonVolatile -excluded
UserStatus:active
Table 4-2 Description on the fields of the display snmp-agent mib-view command
|
Field |
Description |
|
View name |
View name |
|
MIB Subtree |
MIB Subtree |
|
storage-type |
Storage method |
|
included/excluded |
Accessing an MIB object is allowed or prohibited. |
|
UserStatus |
User status |
& Note:
There are five storage types: other, volatile, nonVolatile, permanent and read-only.
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Use the display snmp-agent statistics command to view the communication status statistics of SNMP NMS and Agent.
Example
# Examine the current communication status of SNMP.
[VG] display snmp-agent statistics
0 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a unknown community name
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
0 MIB objects retrieved successfully
0 MIB objects altered successfully
0 Get-Request PDUs accepted and processed
0 Get-Next PDUs accepted and processed
0 Set-Request PDUs accepted and processed
0 Messages passed from the SNMP entity
0 SNMP PDUs which had a tooBig error (Maximum packet size is 1500)
0 SNMP PDUs which had a noSuchName error
0 SNMP PDUs which had a badValue error
0 SNMP PDUs which had a general error
0 Get-Response PDUs accepted and processed
0 Trap PDUs accepted and processed
Syntax
display snmp-agent sys-info contact
View
Any view
Parameter
None
Description
Use the display snmp-agent sys-info contact command to view the current system maintenance contact string.
This command can be used to search information on the contact person of the system.
Related command: snmp-agent sys-info contact.
Example
# Display the current system maintenance contact string.
[VG] display snmp-agent sys-info contact
The contact person for this managed node: H3C Technology Co., Ltd. Hangzhou China
Syntax
display snmp-agent sys-info location
View
Any view
Parameter
None
Description
Use the display snmp-agent sys-info location command to view the system location string.
This command can be used for searching the system location.
Related command: snmp-agent sys-info location.
Example
# Display the system location string.
[VG] display snmp-agent sys-info location
The physical location of this node: Hangzhou China
Syntax
display snmp-agent usm-user [ name ]
View
Any view
Parameter
Name: Username.
Description
Use the display snmp-agent usm-user command to view information on all SNMP users that have been configured.
Related command: snmp-agent usm-user.
Example
# Display information about all the current users.
[VG] display snmp-agent usm-user
User name: user1
Engine ID: 800007DB0300E0FC121314
UserStatus:active
Access-list:2000
Table 4-3 Description on the fields of the display snmp-agent usm-user command
|
Field |
Description |
|
User name |
SNMP user name |
|
Engine ID |
SNMP engine ID |
|
UserStatus |
User state |
|
Access-list |
Access control list |
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Use the snmp-agent command to enable the simple network management protocol (SNMP) service.
Use the undo snmp-agent command to disable the SNMP service.
By default, the SNMP service is disabled.
The SNMP service is enabled whenever the snmp-agent command or any configuration command of SNMP is used.
If the SNMP service is disabled by the undo snmp-agent command, no SNMP configuration information will take effect, but the information will not be deleted unless the VG is restarted. The configuration information can take effect again if the SNMP service is re-enabled (you can use the display current-configuration command to view this information). However, if the VG is restarted after the SNMP service is disabled, the configuration information will be lost.
If the warm-start trap is enabled, the system will send a warm-start trap packet whenever the SNMP service is enabled.
Example
# Disable the SNMP service.
Syntax
snmp-agent community { read | write } community_name [ mib-view view-name ] [ acl number ]
undo snmp-agent community community_name
View
System view
Parameter
community_name: The community name, whose string ranges from 1 to 32 bytes.
mib-view view-name: Predefined name of MIB view, whose string ranges from 1 to 32 bytes. The view specifies the objects the community name can access.
read: Specify read-only access to MIB objects, which is the default value.
write: Specify read-write access to MIB objects.
acl number: The number of ACL (an integer from 2,000 to 2,098). The ACL permits the network management stations (NMSes) of the IP addresses to use the community_name to access the SNMP agent.
Description
Use the snmp-agent community command to configure SNMP community name and its access authority.
Use the undo snmp-agent community command to cancel SNMP community names which are already set.
By default, no community name is set.
Community name is only useful when either SNMPv1 or SNMPv2c is used. If neither of the versions is used, you need to configure at least a community name or a SNMPv1 (or SNMPv2c) user.
Related command: snmp-agent, snmp-agent sys-info version, snmp-agent mib-view, display snmp-agent community.
Example
# Set the community name to “public”, which can be used for accessing those objects with read-only authority.
[VG] snmp-agent community read public
# Set the community name to “private”, which can be used to access those objects with read-write authority, and it also specifies the accessible MIB view to view1 and access list to 2,000.
[VG] snmp-agent community write private mib-view view1 acl 2000
# Delete the read-only community name “public”.
[VG] undo snmp-agent community public
Syntax
snmp-agent group { v1 groupname | v2c groupname | v3 groupname { authentication | noauthentication | privacy } } groupname [ read-view readview ] [ write view writeview ] [ notify view notifyview ] [ acl acl-number ]
undo snmp-agent group { v1 groupname | v2c groupname | v3 groupname { authentication | noauthentication | privacy } }
View
System view
Parameter
v1: Uses version SNMPv1.
v2c: Uses version SNMPv2c.
v3: Uses version SNMPv3.
authentication: Authenticates packets but does not encrypt them.
noauthentication: Does not authenticate or encrypt packets.
privacy: Authenticates and encrypts packets.
groupname: SNMP group name, in the range of 1 to 32 bytes.
read-view readview Sets the read-only view.
write view writeview: Sets the read-write view.
notify view notifyview : Sets the notification view.
acl acl: Specifies a crypto access list, which must be a standard access list ranging from 2,000 to 2,098, for the group.
Description
Use the snmp-agent group command to configure a SNMP group.
Use the undo snmp-agent group command to cancel a specific SNMP group.
By default, no SNMP group is configured.
By default, SNMP group has only the real-only authority. The read-only view name is "ViewDefault", that is, the default configuration is read-view "ViewDefault".
Configuring a SNMP group is to map a SNMP group to a MIB view and the user to the SNMP group. Use the snmp-agent usm-user command to configure the user name.
A maximum of 20 groups can be configured, and the groups with different security models or security levels can have the same names.
Related command: snmp-agent, snmp-agent usm-user, snmp-agent mib-view, display snmp-agent group.
Example
# Create a SNMP group named group 1
[VG] snmp-agent group v1 group1
# Delete the SNMP group group1.
[VG] undo snmp-agent group v1 group1
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Parameter
engineid: SNMPv3 engineID string in hexadecimal format, which is 5 to 32 bytes in length. By default, it is “Enterprise number of H3C Technology Co., Ltd + device information”. Device information is determined by the product, so it may be an IP address, MAC address of self-defined hexadecimal figure string.
Description
Use the snmp-agent local-engineid command to configure a unique ID for the VG.
Use the undo snmp-agent local-engineid command to restore the default SNMPv3 engineID.
Changing engineID will deactivate the configured SNMPv3 user, and the user name should be re-configured.
Normally, the default engineID is unique. If you want to set a familiar ID, make sure that it is unique in the overall network.
Related command: snmp-agent, display snmp-agent local-engineid.
Example
# Configure a unique engineID for the VG.
[VG] snmp-agent local-engineid 12345678
Syntax
snmp-agent mib-view { included | excluded } viewname subtree subtree
undo snmp-agent mib-view viewname
View
System view
Parameter
included: MIB sub-tree is included.
excluded: MIB sub-tree is excluded.
view-name: View name, 1 to 32 bytes in length.
subtree subtree: Sub-tree name for a MIB object. It can be OID or a variable name, which is valued in the range of 1 to 50 bytes. For example, it can be a string like “1.3.6.2.4” or “system”. In addition, it can use “*” as the wildcard, for example, “1.3.6.*.*.1”.
Description
Use the snmp-agent mib-view command to configure a new view or update the information in a specified view.
Use the undo snmp-agent mib-view command to cancel a view.
By default, a view is named as ViewDefault, and OID is 1.3.6.1. View information includes 1.3.6.1MIB sub-tree, but excludes the MIB sub-trees 1.3.6.1.6.3.15, 1.3.6.1.6.3.16 and 1.3.6.1.6.3.18.
ViewDefault included 1.3.6.1 excluded 1.3.6.1.6.3.15, 1.3.6.1.6.3.16 and 1.3.6.1.6.3.18
Be sure to distinguish view information and view name. Different pieces of information may be under the same view name. Deleting a view name will delete all view information under the same view name.
The system can configure up to 16 pieces of view information.
Related command: snmp-agent, snmp-agent group, snmp-agent community, display snmp-agent mib-view.
Example
# Create a view containing all the MIB-II objects.
[VG] snmp-agent mib-view included mib2 subtree 1.3.6.1
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count: SNMP packet size in bytes, ranging from 484 to 17,940. By default, the byte-count is 1,500 bytes.
Description
Use the snmp-agent packet max-size command to configure the maximum size of SNMP packets that the agent can receive and send.
Use the undo snmp-agent packet max-size command to restore the default maximum size of SNMP packets that the agent can receive and send.
When congestion occurs in the network, this command can be used to restrict the maximum size of SNMP packets that the agent may receive/send. Once a maximum size is set, the agent will not process the request packets greater than the maximum size.
Related command: snmp-agent, snmp-agent trap enable.
Example
# Set the agent to receive/send the SNMP packets that are not greater than 1,042 bytes.
[VG] snmp-agent packet max-size 1042
Syntax
snmp-agent sys-info contact string
undo snmp-agent sys-info contact
View
System view
Parameter
string: Describes system maintenance contact information, which comprises printable characters of 1 to 50 bytes (ASCII code is 32 to 127 in length).
Description
Use the snmp-agent sys-info contact command to configure system maintenance administrators’ contact information for network administrators’ inquiry.
Use the undo snmp-agent sys-info contact command to delete the system maintenance administrators’ contact information.
You must correctly configure system maintenance contact information, so that the network administrators can be in contact with the equipment administrator.
One or multiple spaces are allowed in the system maintenance contact string. If multiple, continuous spaces are input, the system will regard them as one space.
The character “?” is not allowed to appear in the system maintenance contact string.
Related command: snmp-agent, snmp-agent sys-info location, display snmp-agent sys-info contact.
Example
# Set the system contact information to “Dial System Operator at beeper # 27345”.
[VG] snmp-agent sys-info contact Dial System Operator at beeper # 27345
# Delete the system maintenance administrators’ contact information.
[VG] undo snmp-agent sys-info contact
Syntax
snmp-agent sys-info location string
undo snmp-agent sys-info location
View
System view
Parameter
string: Describes the system location, which comprises printable characters of 1 to 50 bytes (ASCII code is in the range of 32 to 127 bytes).
Description
Use the snmp-agent sys-info location command to configure the system information about the location of the device.
Use the undo snmp-agent sys-info location command to delete the system information about the location of the device.
You should correctly configure the system location, so that it can be used to locate the failed equipment in case that faults occur on the network.
One and more spaces are allowed in the system location string. If multiple, continuous spaces are input, the system will regard it as one space.
”?” is not allowed in the system location string.
Related command: snmp-agent, snmp-agent sys-info contact, display snmp-agent sys-info location.
Example
# Set “Shenzhen China” as system location information.
[VG] snmp-agent sys-info location Shenzhen China
# Delete the system information about the location of the device.
[VG] undo snmp-agent sys-info location
Syntax
snmp-agent sys-info version { v1 | v2c | v3 | all }
undo snmp-agent sys-info version { v1 | v2c | v3 | all }
View
System view
Parameter
v1: Enables SNMPv1 operations.
v2c: Enables SNMPv2c operations.
v3: Enables SNMPv3 operations.
all: Enables operations of SNMP of all versions.
Description
Use the snmp-agent sys-info version command to configure the version that a NMS can use to manage the SNMP agent.
Use the undo snmp-agent sys-info version command to restore the NMS to use the default version to manage the agent.
By default, SNMPv3 operations are enabled.
Since SNMPv3 provides higher security, the system only enables the NMS to perform SNMPv3 operations on the SNMP agent by default. You can use this command to enable the NMS to perform SNMPv1 or SNMPv2.
Related command: snmp-agent, snmp-agent community, snmp-agent group, snmp-agent mib-view.
Example
# Enable the NMS to perform SNMPv1 operations on the SNMP agent.
[VG] snmp-agent sys-info version v1
Syntax
snmp-agent target-host trap address host_address securityname name [ port port ] [ parameters { v1 | v2c | v3 { authentication | noauthentication | privacy } } ]
undo snmp-agent target-host trap address host_address securityname name [ port port ]
View
System view
Parameter
address host_address: IP address of the host receiving SNMP Trap messages.
port port: UDP port number of the host receiving SNMP Trap messages, ranging form 1 to 65,535. By default, the port number is 162.
parameters: Sets the version of SNMP used in Trap messages.
v1: Uses SNMPv1. It is the default version.
v2c: Uses SNMPv2c.
v3: Uses SNMPv3.
authentication: Authenticates but does not encrypt packets when SNMPv3 is used.
noauthentication: Neither authentication nor encryption is done on packets when SNMPv3 is used.
privacy: Authenticates and encrypts packets when SNMPv3 is used.
securityname name: SNMPv1/v2c community name and user name or SNMPv3 user name, which is 1 to 32 bytes in length.
Description
Use the snmp-agent target-host command to configure the address of the host which receives SNMP Trap packets, the SNMP version and authentication/encryption mode. Use the undo snmp-agent target-host command to delete the host receiving SNMP Trap packets.
When configuring the snmp-agent trap enables command, you must use the snmp-agent target-host command to configure at least one host that receives Trap message. The former command is used to specify which SNMP notification is to be sent to the host that receives the SNMP Trap packets. If the NMS wants to receive most of the notification messages, you should configure at least one snmp-agent trap enable command and one snmp-agent target-host command on the VG.
Related command: snmp-agent, snmp-agent trap enable.
Example
# Permit the VG to send traps to 10.110.30.253, and the community name “public” is used.
[VG] snmp-agent trap enable
[VG] snmp-agent target-host trap address 10.110.30.253 securityname public
Syntax
snmp-agent trap enable [ trap-type ]
undo snmp-agent trap enable [ trap-type ]
View
System view
Parameter
trap-type: Type of the trap that will be sent, which can be:
entity: Enables the VG to send physical entity table Trap packets.
iad: Enables the VG to send IAD Trap packets.
Mmib: Enables the VG to send smallest MIB Trap packets.
system: Enables the VG to send system Trap packet.
standard [ trap-option ]: SNMP traps to be sent. When configuring the VG for sending standard trap, you can also configure the parameter of trap notification-option.
trap-option: Trap notification option. You can configure the option as follows when configuring the standard traps:
authentication: Enables the VG to send authentication traps.
coldstart: Enables the VG to send cold-start traps.
warmstart: Enables the VG to send warm-start traps.
linkup: Enables the VG to send traps when the line protocol on the interface is up.
linkdown: Enables the VG to send traps when the line protocol on the interface is down.
Description
Use the snmp-agent trap enable command to enable the VG to send Trap messages or specify the type of the transmitting Trap packet.
Use the undo snmp-agent trap enable command to disable the VG to send traps.
By default, the VG is disabled to send traps.
If the type of traps is not specified, by default, executing this command will transmit all types of traps, i.e. authentication, cold start, warm-start, link status (up or down), will be sent.
If you use this command but do not specify the type of traps, the VG transmits all types of traps by default. If you specify the type of trap to be sent but do not select the notification option, the VG transmits traps of all options (authentication, cool-start, warm-start, up interface and down interface) by default.
Before configuring snmp-agent trap enable command, you should use snmp-agent target-host command to configure the host which can receive Trap messages.
Related command: snmp-agent target-host.
Example
# Enable the VG to send traps to 10.110.30.253, and the community name “public” is used.
[VG] snmp-agent trap enable
[VG] snmp-agent target-host trap address 10.110.30.253 securityname public
Syntax
snmp-agent trap life timeout
undo snmp-agent trap life
View
System view
Parameter
timeout: Timeout values are in seconds, ranging from 1 to 1,000. By default, traps time out after 120 seconds.
Description
Use the snmp-agent trap life command to configure the timeout time that traps can be held.
Use the undo snmp-agent trap life command to restore the default timeout time that traps can be held.
Suppose that the system is set to hold traps for some time, if a trap times out, it will be discarded and the system will not transmit it or hold it any longer.
Related command: snmp-agent, snmp-agent trap enable.
Example
# Set the traps to time out after 60 seconds.
[VG] snmp-agent trap life 60
Syntax
snmp-agent trap queue-size length
undo snmp-agent trap queue-size
View
System view
Parameter
length: Length of message queue, ranging from 1 to 1,000. By default, the length is 100.
Description
Use the snmp-agent trap queue-size command to configure the length of the message queue of the traps sent to destination host.
Use the undo snmp-agent trap queue-size command to restore the default length of the message queue.
The length of the trap queue is set for the purpose of effectively controlling the system resources. A too long queue consumes too many system resources, but a too short queue probably causes loss of traps. You should set the length of the trap queue according to the number of traps generated and sent per unit time in the actual application.
Related command: snmp-agent, snmp-agent trap enable.
Example
# Set the length of the message queue of traps to be sent by a host to 200.
[VG] snmp-agent trap queue-size 200
Syntax
snmp-agent trap source interface-type interface-number
undo snmp-agent trap source
View
System view
Parameter
interface-type: Interface type.
interface-number: Interface number.
Description
Use the snmp-agent trap source command to configure the interface of the source IP address in the traps.
Use the undo snmp-agent trap source command to cancel the source IP address bound in the traps.
By default, the source IP address is not configured, the VG IP serves as the source IP address. If you have not configured the VG IP, the source IP address is 127.0.0.1. This command is applicable to SNMPv1 and v2c, but not to SNMPv3.
The source IP address contained in a SNMP trap message sent by the VG should be the IP address of an interface, which can be specified by this command.
Related command: snmp-agent, snmp-agent trap enable.
Example
# Take the IP address of the Ethernet interface 0 as the source address of the trap.
[VG] snmp-agent trap source ethernet 0
Syntax
snmp-agent usm-user { v1 username groupname | v2c username groupname | v3 username groupname [ authentication-mode { md5 | sha } auth-password [ privacy-mod des56 priv-password ] ] } username groupname [ acl acl ]
undo snmp-agent usm-user username groupname
View
System view
Parameter
v1: SNMPv1 security mode.
v2c: SNMPv2c security mode.
v3: SNMPv3 security mode.
username: User name, 1 to 32 bytes.
groupname: SNMP group name corresponding to the user, 1 to 32 bytes.
authentication-mod: Authentication is the required security level.
md5: Sets HMAC-MD5-96 to be the security authentication algorithm.
sha: Sets HMAC-SHA-96 to be the security authentication algorithm.
auth-password: Authentication password string of 1 to 64 bytes.
privacy-mod: Encryption is the required security level.
des56: Specifies DES as the encryption protocol.
priv-password: Encryption password string of 1 to 64 bytes.
acl acl: Number of ACL of IP addresses. The ACL permits the NMS of the IP addresses to use the user name to access the SNMP agent.
acl acl-number: Specifies a security access list for a community/user. It is only allowed to specify a standard access list ranging from 2000 to 2098.
Description
Use the snmp-agent usm-user command to add a new community/user (a new community for SNMPv1 and SNMPv2 and a new user for SNMPv3) to an SNMP group and specify the SNMP version and authentication/encryption mode.
Use the undo snmp-agent usm-user command to cancel specified community/user in the SNMP group.
By default, no user is configured, and a user is neither encrypted nor authenticated.
The change of engineID causes the invalidation of the configured SNMPv3 user, so the username needs to be reconfigured.
Three combinations of encryption and authentication are available: both encryption and authentication, authentication without encryption, and neither authentication nor encryption. If authentication is not configured, it is impossible to configure encryption. By default, neither authentication nor encryption is implemented.
The system can configure a maximum of 20 users.
Related command: snmp-agent, snmp-agent group, display snmp-agent usm-user.
Example
# Add a user named “John” into the SNMP group “Johngroup”, and specify authentication as the security level, HMAC-MD5-96 as the authentication protocol and “hello” as the authentication password.
[VG] snmp-agent usm-user v3 john johngroup authentication-mode md5 hello
Syntax
mmib-set-threshold { cpu-threshold | memory-threshold } value
View
System view
Parameter
cpu-threshold value: Configures a threshold of CPU occupancy, in the range of 0 to 100. The default value is 80.
memory-threshold value: Configures a threshold of memory occupancy, in the range of 0 to 100. The default value is 80.
Description
Use the mmib-set-threshold command to configure a threshold of CPU and memory occupancy. When the CPU and memory threshold exceeds the preset value, whether to send packets or not depends on whether it is allowed to send the Trap alarm packet to the network management station. For whether to allow sending the Trap alarm packet to the network management station, refer to the snmp trap enable mmib command.
Example
# Configure the CPU threshold as 85.
[VG] mmib-set-threshold cpu-threshold 85
Syntax
snmp trap enable mmib
undo snmp trap enable mmib
View
System view
Parameter
None
Description
Use the snmp trap enable mmib command to enable sending of the VG minimum MIB Trap packet.
Use the undo snmp trap enable mmib command to disable sending of the VG minimum MIB Trap packet.
By default, sending of the VG minimum MIB Trap packet is disabled.
Related command: mmib-set-thread.
Example
# Enable sending of the minimum MIB Trap.
[VG] snmp trap enable mmib
Syntax
handshake { interval number | send { enable | disable } }
View
IAD view
Parameter
interval number: Sets the interval in seconds for the VG to send hand-shaking packets to IADMS. The number argument ranges from 1 to 65,535.
send enable: Enables the VG to send handshaking packets to IADMS regularly.
send disable: Disables the VG from sending handshaking packets to IADMS.
Description
Use the handshake command to enable/disable sending of handshaking packets and to set the interval to send handshaking packets.
By default, A VG sends handshaking packets regularly to IADMS with a default interval of 60 seconds.
Example
# Disable the VG from sending handshaking packets.
[VG-iad] handshake enable
# Set the interval for the VG to send handshaking packets to IADMS to 120 seconds.
[VG-iad] handshake interval 120
Syntax
iad
View
System view
Parameter
None
Description
Use the iad command to enter IAD view to configure IAD related functions for the IAD device.
Example
# Enter IAD view.
[VG] iad
Syntax
iadmode-on
undo iadmode-on
View
IAD view
Parameter
None
Description
Use the iadmode-on command to enable IAD mode, through which a VG can be under the management of IADMS.
Use the undo iadmode-on command to disable IAD mode.
IAD mode is disabled by default.
& Note:
Before enable IAD mode, you need to assign an IP address to the primary IADMS device by using the iadms-address command.
Example
# Assign an IP address of 192.168.80.100 to the primary IADMS device.
[VG-iad] iadms-address master 192.168.80.100
# Enable IAD mode.
[VG-iad] iadmode-on
Syntax
iadms-address master ip-address
undo iadms-address master
View
IAD view
Parameter
master ip-address: Assigns an IP address to the primary IADMS device.
Description
Use the iadms-address command to assign an IP address to the primary IADMS device.
Use the undo iadms-address command to remove the IP address of the primary IADMS device.
By default, no IP address is assigned to a primary IADMS device.
Example
# Assign an IP address to the primary IADMS device.
[VG-iad] iadms-address master 192.168.0.104
Syntax
operatorKey { cipher | simple } word
undo operatorKey
View
IAD view
Parameter
cipher: Specifies to store the IADMS operator key in ciphered format.
simple: Specifies to store the IADMS operator key in simple format.
word: Operator key to be set. This argument can be 1 to 16 alphanumeric characters in length.
Description
Use the operatorKey command to set an IADMS operator key.
Use the undo operatorKey command to remove a configured IADMS operator key.
By default, an IAD device is not configured with an IADMS operator key.
Example
# Configure an IADMS operator key and store it in simple format.
[VG-iad] operatorKey simple vg2032
Syntax
registering { enable | disable }
View
IAD view
Parameter
enable: Enables a VG to send registering packets to IADMS regularly.
disable: Disables a VG from sending registering packets to IADMS.
Description
Use the registering command to specify whether or not a VG sends registering packets regularly to IADMS.
By default, a VG sends registering packets regularly to IADMS.
Example
# Disable the VG from sending registering packets to IADMS.
[VG-iad] registering disable
Syntax
registerKey { cipher | simple } word
undo registerKey
View
IAD view
Parameter
cipher: Specifies to store the register key in ciphered format.
simple: Specifies to store the register key in simple format.
word: Register key to be set. This argument can be 1 to 16 alphanumeric characters in length.
Description
Use the registerKey command to set the IADMS register key.
Use the undo registerKey command to remove a configured IADMS register key.
By default, an IAD device is not configured with an IADMS register key.
Example
# Set an IADMS register key and store it in simple format.
[VG-iad] registerKey simple vg2032
Syntax
debugging { all | { protocol-name | function-name } [ debug-option ] }
undo debugging { all | { protocol-name | function-name } [ debug-option ] }
View
Any view
Parameter
all: Enables/disables all the debugging.
protocol-name: Enables or disables the debugging of the specified protocol.
function-name: Enables or disables the debugging of the specified function.
debug-option: Enables or disables the debugging of the specified operation.
Description
Use the debugging command to enable the system debugging.
Use the undo debugging command to disable this debugging.
By default, all the debugging is disabled.
Comware provides shortcut <Ctrl+D> to close the enormous debugging information output by the terminal. It functions equivalent to the undo debugging all command.
Comware provides a vast array of debug functions, which are generally intended for technical support engineers and senior maintenance personnel.
Related command: display debugging, info-center enable, info-center console, info-center monitor.
Example
# Enable the IP Packet debugging
[VG] debugging ip packet
IP packet debugging switch is on.
Syntax
display debugging
View
Any view
Parameter
None
Description
Use the display debugging command to view the debug switches that have already been turned on.
To check which debug switches have been turned on, you can execute the display debugging command. Debug switches are shown in two parts: a) link-layer debug switches already turned on are shown in the order of the interfaces, which are valid only to interfaces; b) global debug switches.
Related command: debugging.
Example
# Display the debug switches already enabled.
[VG] display debugging
Global debugging switch:
Enable TCP packet debugging functions
Enable RAS event debugging functions
Syntax
ping [ -a ip-address ] [ -c count ] [ -d ] [ -f ] [ -n ] [ -o IP-TOS ] [ -p pattern ] [ -q ] [ -R ] [ -r ] [ -s packetsize ] [ -t timeout ] [ -v ] [ -i TTL ] { ip-address | host }
View
Any view
Parameter
-a ip-address: Source IP address
-c count: Times that the ICMP ECHO-REQUEST packets is sent, ranging from 1 to 4294967294. By default, it is 5.
-d: Sets socket to DEBUG mode. By default, it is non-DEBUG mode.
-i TTL: Life time of IP packets, ranging from 1 to 255. By default, it is 255.
-n: Uses the parameter host as the IP address without domain name resolution. By default, host is taken as IP address and then perform domain name resolution if it is not an IP address.
-p pattern: Padding bits for ICMP ECHO-REQUEST packet, in hexadecimal digit format. For example, -p ff fills all packets with ff. By default, padding method is starting from 0x01, and gradually increases to 0x09; then this process repeats.
-q: No other detailed information but statistics is shown. By default, display all information including statistics.
-R: Records routes. By default, not route is recorded.
-r: Transmits ECHO-REQUEST packet directly to the connected network without routing. By default, with routing.
-s: Size of the ECHO-REQUEST packet (exclusive of the IP and ICMP headers), in bytes. By default, it is 56 bytes.
-t timeout: Time limit waiting for ECHO-RESPONSE packet after ECHO-REQUEST packets are sent, in ms. By default, it is 2000ms.
-v: Displays non-ECHO-RESPONSE ICMP packets. By default, only display ECHO-RESPONSE ICMP packets.
-o: Sets the TOS field of IP header, in the range of 0 to 255. By default, not TOS field is set in the IP header.
-f: Set the DF (don’t fragment) flag of IP header to 1. By default, the DF flag is 0.
ip-address: Specifies IP address.
host: Hostname.
Description
Use the ping command to check if the IP network connection and host are reachable.
While ping is being executed, the ICMP ECHO-REQUEST packet is sent to the destination. If the network connection to the destination works normally, it will acknowledge receipt of the ICMP ECHO-REPLY packet in the source host after the destination host receives the ICMP ECHO-REQUEST.
The ping command is used to test if network connection is faulty or if the network has line quality trouble. Its output includes:
l Reply from the destination host to every ECHO-REQUEST packet. If no reply packet is received within the time limit, “Request timeout” will be displayed. Otherwise the system will show the count of bytes, sequence number, TTL reply time, etc. of the reply packet.
l Final statistics, including the number of packets sent, number of reply packet received, percentage of packets unanswered, and the minimum, the maximum and the average value of the reply time.
If the network transmits at a low speed, the reply packet timeout value can be increased accordingly.
Related command: tracert.
Example
# Check if the host with IP address 202.38.160.244 is reachable.
[VG] ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2ms
Reply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3ms
Reply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms
--202.38.160.244 ping statistics--
5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms
Syntax
tracert [ -a ipaddress | -f first_TTL | -m max_TTL | -p port | -q number | -w timeout ]* { ipaddress | host }
View
Any view
Parameter
-a ip-address: Specifies a source address for the tracert packets to be the one specified by the ip-address argument, which must be the IP address of a local interface.
-f first_TTL: Sets the first TTL, which is an integer ranging from 0 to 30.
-m max_TTL: Sets the maximum TTL, which is an integer ranging from 2 to 255.
-p port: Sets UDP port number. The port argument specifies the port number of the destination and is unnecessary to be modified. It is an integer ranging from 1 to 65535.
-q nqueries: Sets the number of detecting packets to be sent. The number argument is an integer ranging from 1 to 65535, and indicates the number of detecting packets sent each time..
-w timeout: Sets the timeout time in milliseconds of the IP packets. The timeout argument is an integer ranging from 1 to 65535.
ip-address: Specifies the IP address of the destination.
host Destination host name.
Description
Use the tracert command to view the path from the source address to the destination address.
By default, the parameters are set as follows:
l first_TTL: 1.
l max_TTL: 30.
l port: 33,434.
l number: 3.
l timeout: 5,000 milliseconds.
The tracert command can be used to test the gateways through which the data packets travel from the source host to the destination host. It can be used to check if the network connection is reachable and to analyze where the fault occurs.
The procedure of executing the tracert command is like this:
First, send a data packet with TTL 1, so that the first hop feeds back an ICMP error message indicating that this data packet cannot be sent because of TTL timeout. Then this data packet is retransmitted with TTL 2. Again, the second hop feeds back a TTL timeout message. This process continues until the packet reaches the destination. The purpose is to record the source address for each ICMP TTL timeout message, and to provide the path through which an IP packet travels before reaching the destination.
After identifying a fault in the network using the ping command, you can locate the fault by using the tracert command.
The output for the tracert command includes the IP addresses of all the gateways through which an IP packet travels before reaching the destination. If a gateway is timed out, then “***” is output.
Example
# Display the path from the source address to the destination address.
[VG] tracert 35.1.1.48
traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
3 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms
4 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms
5 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms
6 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms
7 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms
8 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms
9 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms
10 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms
From the above results you can learn the gateways through which the data packets go from the source address to the destination address (1~9).
traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
From the above results you can learn the gateways through which the data packets go from the source host to the destination host (1~17), and the gateways to which the faults occur (12, 14, 15, 16, 17).
Syntax
display info-center [ logbuffer ]
View
Any view
Parameter
logbuffer: Log information in the buffer
Description
Use the display info-center command to view the configuration information in the information center or the information recorded in the VG buffer (when logbuffer is selected).
Related command: display current-configuration.
Example
# Display the current configuration information in the information center.
[VG] display info-center
[Buffer logging]
size 200,level informational,language English,filter off,0 messages logged.
[Console logging]
disabled
[Host logging]
disabled
[Monitor logging]
disabled
[Syslog logging]
enable(0 messages logged,1 messages dropped).
# Displays log information in the VG buffer.
%2005/03/30 15:42:06-INTERFACE-6:
Interface Ethernet0 is DOWN
%2005/03/30 15:42:06-INTERFACE-6:
Line protocol ip on the interface Ethernet0 is DOWN
%2005/03/30 15:42:14-INTERFACE-6:
Interface Ethernet0 is UP
%2005/03/30 15:42:14-INTERFACE-6:
Line protocol ip on the interface Ethernet0 is UP
Syntax
info-center console [ emergencies | alerts | critical | errors | warnings | notifications | informational | debugging ] [ filter [ facility1 ] ]
undo info-center console [ filter] ]
View
System view
Parameter
The parameters and options are described as follows:
emergencies: Only the log information with severity level equal to or higher than “emergencies” can be output to the Console.
alerts: Only the log information with severity level equal to or higher than “alerts” can be output to the Console.
critical: Only the log information with severity level equal to or higher than “critical” can be output to the Console.
errors: Only the log information with severity level equal to or higher than “errors” can be output to the Console.
warnings: Only the log information with severity level equal to or higher than “warnings” can be output to the Console.
notifications: Only the log information with severity level equal to or higher than “notifications” can be output to the Console.
informational: Only the log information with severity level equal to or higher than “informational” can be output to the Console.
debugging: Only the log information with severity level equal to or higher than “debugging” can be output to the Console.
filter [ facility1 facility2 ... ]: Enables filtering function of the specified modules. By default, the log information is not output into the console in module-based filtering mode.
Description
Use the info-center console command to enable the log output switch in the Console. Use the undo info-center console command to terminate the log output in the Console.
By default, the severity level is informational.
This command is used to enable (or disable) log output in the Console and set the corresponding filtering parameter.
Related command: display info-center, display current-configuration.
Example
# Enable output of the log information from PPP module.
[VG] info-center console filter ppp
# Disable the module-based filter function, that is, enable output of log information from all modules.
[VG] undo info-center console filter
Syntax
info-center enable
undo info-center enable
View
System view
Parameter
None
Description
Use the info-center enable command to enable the log function.
Use the undo info-center enable command to disable the log function.
By default, log function is disabled.
Only after the log system is turned on via this command can log information be output to the Console, Telnet terminal, dummy terminal, buffer in the VG, or log host.
Related command: display info-center.
Example
# Disable the information center.
[VG] undo info-center enable
Syntax
info-center logbuffer [ size ] [ emergencies | alerts | critical | errors | warnings | notifications | informational | debugging ] [ filter [ facility1 ] ]
undo info-center logbuffer [ filter ]
View
System view
Parameter
size: Size of internal buffer. By default, it is 200.
emergencies: Only the log information with severity level equal to or higher than “emergencies” can be output to the buffer.
alerts: Only the log information with severity level equal to or higher than “alerts” can be output to the buffer.
critical: Only the log information with severity level equal to or higher than “critical” can be output to the buffer.
errors: Only the log information with severity level equal to or higher than “errors” can be output to the buffer.
warnings: Only the log information with severity level equal to or higher than “warnings” can be output to the buffer.
notifications: Only the log information with severity level equal to or higher than “notifications” can be output to the buffer.
informational: Only the log information with severity level equal to or higher than “informational” can be output to the buffer.
debugging: Only the log information with severity level equal to or higher than “debugging” can be output to the buffer.
filter [ facility1 ]: Enables filtering function of the specified modules. By default, the log information is not output into the buffer in module-based filtering mode.
Description
Use the info-center logbuffer command to enable the log output switch in the buffer. Use the undo info-center logbuffer command to disable log output in the buffer.
A buffer is allocated in the H3C VG to save certain amount of log information. When the number of logs exceeds the buffer size, the initial part of log information will be overwritten.
Related command: display info-center, display current-configuration.
Example
# Configure the log parameter to only save the log information with severity level equal to or higher than “errors” into the buffer.
[VG] info-center logbuffer errors
Syntax
info-center loghost loghost-number ip-address [ port [ emergencies | alerts | critical | errors | warnings | notifications | informational | debugging ] [ filter [ facility1 facility2 … ] ] ]
undo info-center loghost [ loghost-number [ port | filter ] ]
View
System view
Parameter
loghost-number: Specifies a log host. This value ranges from 0 to 9.
ip-address: Specifies the IP address of the UNIX host, in dotted decimal format.
port: Port number in range of 1~65535. The default is 514.
emergencies: Only the log information with severity level equal to or higher than “emergencies” can be output to the log host.
alerts: Only the log information with severity level equal to or higher than “alerts” can be output to the Console.
critical: Only the log information with severity level equal to or higher than “critical” can be output to the log host.
errors: Only the log information with severity level equal to or higher than “errors” can be output to the log host.
warnings: Only the log information with severity level equal to or higher than “warnings” can be output to the log host.
notifications: Only the log information with severity level equal to or higher than “notifications” can be output to the log host.
informational: Only the log information with severity level equal to or higher than “informational” can be output to the log host.
debugging: Only the log information with severity level equal to or higher than “debugging” can be output to the log host.
filter [ facility1 facility2 ... ]: Enables filtering function of the specified modules. By default, the log information is not output into the log host in module-based filtering mode.
Description
Use the info-center loghost command to enable the log output switch in the log host. Use the undo info-center loghost command to disable the log output switch in the log host.
The info-center loghost command is used to configure the log host. The log system can send log packets to hosts according to the configuration list, with a protocol number of 514. Try not to configure too many log hosts to avoid affecting the performance of the VG negatively.
Related command: display info-center, display current-configuration.
Example
# Use a PC with IP address 10.110.200.200 200 as the log host and the port number 620, and enable the switch to output log information.
[VG] info-center loghost 0 10.110.200.200 620
Syntax
info-center monitor [ emergencies | alerts | critical | errors | warnings | notifications | informational | debugging ] [ filter [ facility1 ] ]
undo info-center monitor [ all | filter ]
View
System view
Parameter
all: Disable all info-center information output towards telnet terminal.
emergencies: Only the log information with severity level equal to or higher than “emergencies” can be output to the telnet terminal.
alerts: Only the log information with severity level equal to or higher than “alerts” can be output to the telnet terminal.
critical: Only the log information with severity level equal to or higher than “critical” can be output to the telnet terminal.
errors: Only the log information with severity level equal to or higher than “errors” can be output to the telnet terminal.
warnings: Only the log information with severity level equal to or higher than “warnings” can be output to the telnet terminal.
notifications: Only the log information with severity level equal to or higher than “notifications” can be output to the telnet terminal.
informational: Only the log information with severity level equal to or higher than “informational” can be output to the telnet terminal.
debugging: Only the log information with severity level equal to or higher than “debugging” can be output to the telnet terminal.
filter [ facility1]: Enables filtering function of the specified modules. By default, the log information is not output into the telnet terminal in module-based filtering mode.
Description
Use the info-center monitor command to enable the log output to the telnet terminal.
Use the undo info-center monitor command to disable the log output to the telnet terminal.
By default, the severity level of log information output to telnet terminal is informational.
The info-center monitor command is used to configure log output to the remote Telnet terminal, which can be used for remote debugging. The parameter all is used in undo info-center monitor all only, indicating that the log system is disabled to send log information to any telnet terminal. undo info-center monitor indicates that the log system is disabled to send log information to the telnet terminal.
Related command: display info-center, display current-configuration.
Example
# Enable PPP module information to output to the current telnet terminal.
[VG] info-center monitor filter ppp
# Disable log output to all telnet terminals.
[VG] undo info-center monitor all
Syntax
info-center syslog
undo info-center syslog
View
System view
Parameter
None
Description
Use the info-center syslog command to enable all system logs.
Use the undo info-center syslog command to disable system logs.
By default, the system logs are disabled.
Example
# Enable the system logs.
[VG] info-center syslog
Syntax
reset syslog
View
Any view
Parameter
None
Description
Use the reset syslog command to erase the log statistics.
Example
# Erase the log statistics.
[VG] reset syslog
