- Table of Contents
-
- H3C S3100-52P Command Manual-Release 1602(V1.01)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-MSTP Command
- 15-Static Route Command
- 16-Multicast Command
- 17-802.1x and System Guard Command
- 18-AAA Command
- 19-Web Authentication Command
- 20-MAC Address Authentication Command
- 21-ARP Command
- 22-DHCP Command
- 23-ACL Command
- 24-QoS-QoS Profile Command
- 25-Mirroring Command
- 26-Stack-Cluster Command
- 27-SNMP-RMON Command
- 28-NTP Command
- 29-SSH Command
- 30-File System Management Command
- 31-FTP-SFTP-TFTP Command
- 32-Information Center Command
- 33-System Maintenance and Debugging Command
- 34-VLAN-VPN Command
- 35-HWPing Command
- 36-IPv6 Management Command
- 37-DNS Command
- 38-Smart Link-Monitor Link Command
- 39-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
01-CLI Command | 42.18 KB |
Table of Contents
Chapter 1 CLI Configuration Commands. 1-1
1.1 CLI Configuration Commands. 1-1
1.1.1 command-privilege level 1-1
1.1.2 display history-command. 1-3
1.1.4 super authentication-mode. 1-5
Chapter 1 CLI Configuration Commands
& Note:
The super authentication-mode command is added. For details, see super authentication-mode.
1.1 CLI Configuration Commands
1.1.1 command-privilege level
Syntax
command-privilege level level view view command
undo command-privilege view view command
View
System view
Parameters
level level: Command level to be set, in the range of 0 to 3.
view view: CLI view. It can be any CLI view that the Ethernet switch supports. The S3100-52P switches support only the CLI views listed in Table 1-1:
Table 1-1 Available CLI views for the view argument
CLI view | Description |
acl-adv | Advanced ACL view |
acl-basic | Basic ACL view |
acl-ethernetframe | Layer 2 ACL view |
acl-user | User-defined ACL view |
aux | Aux 1/0/0 port view, that is, console port view |
cluster | Cluster view |
ethernet | 100M Ethernet port view |
ftp-client | FTP client view |
gigabitethernet | GigabitEthernet port view |
hwping | HWPing test group view |
hwtacacs | HWTACACS view |
isp | ISP domain view |
loopback | Loopback interface view |
luser | Local user view |
manage-vlan | Management VLAN view |
mst-region | MST region view |
mtlk-group | Monitor link group view |
null | NULL interface view |
peer-key-code | Public key editing view |
peer-public-key | Public key view |
qinq | QinQ view |
qos-profile | QoS profile view |
radius-template | RADIUS scheme view |
shell | User view |
smlk-group | Smart link group view |
system | System view |
user-interface | User interface view |
vlan | VLAN view |
vlan-interface | VLAN interface view |
command: Command for which the level is to be set.
Description
Use the command-privilege level command to set the level of a specified command in a specified view.
Use the undo command-privilege view command to restore the default.
Commands fall into four levels: visit (level 0), monitor (level 1), system (level 2), and manage (level 3). The administrator can change the level of a command as required. For example, the administrator can change a command from a higher level to a lower level so that the lower level users can use the command.
The default levels of commands are described in the following table:
Table 1-2 Default levels of commands
Level | Name | Command |
0 | Visit level | Commands used to diagnose network, such as ping, tracert, and telnet commands. |
1 | Monitor level | Commands used to maintain the system and diagnose service fault, such as debugging, terminal and reset commands. |
2 | System level | All configuration commands except for those at the manage level. |
3 | Manage level | Commands associated with the basic operation modules and support modules of the system, such as file system, FTP/TFTP/XMODEM downloading, user management, and level setting commands. |
Examples
# Set the level of the system-view command in user view (shell) to 0.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] command-privilege level 0 view shell system-view
1.1.2 display history-command
Syntax
display history-command
View
Any view
Parameters
None
Description
Use the display history-command command to display the history commands of the current user, so that the user can check the configurations performed formerly.
History commands are those commands that was successfully executed recently and saved in the history command buffer. You can set the size of the buffer by the history-command max-size command. When the history command buffer is full, the earlier commands will be overwritten by the new ones.
By default, the CLI can save 10 history commands for each user.
Related commands: history-command max-size in login module.
Examples
# Display the history commands of the current user.
<Sysname> display history-command
system-view
quit
display history-command
1.1.3 super
Syntax
super [ level ]
View
User view
Parameters
level: User level, in the range of 0 to 3.
Description
Use the super command to switch from the current user level to a specified level.
Executing this command without the level argument will switch the current user level to level 3 by default.
Note that:
l Users logged into the switch fall into four user levels, which correspond to the four command levels respectively. Users at a specific level can only use the commands at the same level or lower levels.
l You can switch between user levels after logging into a switch successfully. The high-to-low user level switching is unlimited. However, the low-to-high user level switching requires the corresponding authentication. The authentication mode can be set through the super authentication-mode command.
l For security purpose, the password entered is not displayed when you switch to another user level. You will remain at the original user level if you have tried three times but failed to enter the correct authentication information.
Related commands: super authentication-mode, super password.
Examples
# Switch from the current user level to user level 3, using super password authentication.
<Sysname> super 3
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
# Switch from the current user level to level 3, using HWTACACS authentication.
<Sysname> super 3
Username: user@system
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
1.1.4 super authentication-mode
Syntax
super authentication-mode { super-password | scheme }*
undo super authentication-mode
View
User interface view
Parameters
super-password: Adopts super password authentication for low-to-high user level switching.
scheme: Adopts Huawei terminal access controller access control system (HWTACACS) authentication for low-to-high user level switching.
Description
Use the super authentication-mode command to specify the authentication mode used for low-to-high user level switching.
Use the undo super authentication-mode command to restore the default.
By default, super password authentication is adopted for low-to-high user level switching.
Note that the two authentication modes are available at the same time to provide authentication redundancy. When both the two authentication modes are specified, the order to perform the two types of authentication is determined by the order in which they are specified, as described below.
l If the super authentication-mode super-password scheme command is executed to specify the authentication mode for user level switching, the super password authentication is preferred and the HWTACACS authentication mode is the backup.
l If the super authentication-mode scheme super-password command is executed to specify the authentication mode for low-to-high user level switching, the HWTACACS authentication is preferred and the super password authentication mode is the backup.
l When both the super password authentication and the HWTACACS authentication are specified, the device adopts the preferred authentication mode first. If the preferred authentication mode cannot be implemented (for example, the super password is not configured or the HWTACACS authentication server is unreachable), the backup authentication mode is adopted.
Examples
# Specify HWTACACS authentication as the preferred authentication mode when a VTY 0 user switches from the current level to a higher level, with the super password authentication as the backup authentication mode.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] super authentication-mode scheme super-password
1.1.5 super password
Syntax
super password [ level level ] { cipher | simple } password
undo super password [ level level ]
View
System view
Parameters
level level: User level, in the range of 1 to 3. It is 3 by default.
cipher: Stores the password in the configuration file in ciphered text.
simple: Stores the password in the configuration file in plain text.
password: Password to be set. If the simple keyword is used, you must provide a plain-text password, that is, a string of 1 to 16 characters. If the cipher keyword is used, you can provide a password in either of the two ways:
l Input a plain-text password, that is, a string of 1 to 16 characters, which will be automatically converted into a 24-character cipher-text password.
l Directly input a cipher-text password, that is, a string of 1 to 24 characters, which must correspond to a plain-text password. For example, The cipher-text password “_(TT8F]Y\5SQ=^Q`MAF4<1!!” corresponds to the plain-text password 1234567.
Description
Use the super password command to set a switching password for a specified user level, which will be used when users switch from a lower user level to the specified user level.
Use the undo super password command to restore the default configuration.
By default, no such password is set.
Note that, no matter whether a plain-text or cipher-text password is set, users must enter the plain-text password during authentication.
Examples
# Set the switching password for level 3 to 0123456789 in plain text.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] super password level 3 simple 0123456789