Table of Contents

1 Basic Configurations· 1-1

Configuration Display· 1-1

Basic Configurations· 1-1

Entering/Exiting System View· 1-2

Configuring the Device Name· 1-2

Configuring the System Clock· 1-2

Enabling/Disabling the Display of Copyright Information· 1-5

Configuring a Banner 1-6

Configuring CLI Hotkeys· 1-7

Configuring User Privilege Levels and Command Levels· 1-9

Configuring the Number of Concurrent Users· 1-15

Displaying and Maintaining Basic Configurations· 1-15

CLI Features· 1-16

Introduction to CLI 1-16

Online Help with Command Lines· 1-17

Synchronous Information Output 1-18

Undo Form of a Command· 1-18

Editing Features· 1-18

CLI Display· 1-19

Saving History Commands· 1-22

Command Line Error Information· 1-23

2 Device Management 2-1

Device Management Overview· 2-1

Device Management Configuration Task List 2-1

Configuring Exception Handling Method· 2-2

Rebooting a Device· 2-2

Rebooting a OLT device· 2-2

Rebooting a ONU device· 2-3

Configuring the Scheduled Automatic Execution Function· 2-3

Specifying a File for the Next Device Boot 2-4

Upgrading Boot ROM·· 2-4

Updating ONUs· 2-5

Introduction to ONU update· 2-5

ONU update configuration· 2-6

Configuring a Detection Interval 2-8

Clearing the 16-bit Interface Indexes Not Used in the Current System·· 2-8

Displaying and Maintaining Device Management Configuration· 2-9

Device Management Configuration Examples· 2-10

Remote Scheduled Automatic Upgrade Configuration Example· 2-10

ONU Update Configuration Example· 2-11

3 System Maintaining and Debugging· 3-1

System Maintaining and Debugging Overview· 3-1

Introduction to System Maintaining· 3-1

Introduction to System Debugging· 3-2

System Maintaining and Debugging· 3-3

System Maintaining· 3-3

System Debugging· 3-3

System Maintaining Example· 3-4

4 Hotfix Configuration· 4-1

Hotfix Overview· 4-1

Basic Concepts in Hotfix· 4-1

Patch Status· 4-1

Hotfix Configuration Task List 4-4

Configuration Prerequisites· 4-5

One-Step Patch Installation· 4-5

Step-by-Step Patch Installation· 4-6

Step-by-Step Patch Installation Task List 4-6

Configuring the Patch File Location· 4-6

Loading a Patch File· 4-6

Activating Patches· 4-7

Confirming Running Patches· 4-7

One-Step Patch Uninstallation· 4-7

Step-by-Step Patch Uninstallation· 4-8

Step-by-Step Patch Uninstallation Task List 4-8

Stop Running Patches· 4-8

Deleting Patches· 4-8

Displaying and Maintaining Hotfix· 4-8

Hotfix Configuration Example· 4-8

 

While performing basic configurations of the system, go to these sections for information you are interested in:

l          Configuration Display

l          Basic Configurations

l          CLI Features

Configuration Display

To avoid duplicate configuration, you can use the display commands to view the current configuration of the device before configuring the device. The configurations of a device fall into the following categories:

l          Factory defaults: When devices are shipped, they are installed with some basic configurations, which are called factory defaults. These default configurations ensure that a device can start up and run normally when it has no configuration file or the configuration file is damaged.

l          Current configuration: The currently running configuration on the device.

l          Saved configuration: Configurations saved in the startup configuration file.

Follow these steps to display device configurations:

To do…	Use the command…	Remarks
Display the current validated configurations of the device	display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] [ interface-number ] ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ]	Available in any view.
Display the configuration saved on the storage media of the device	display saved-configuration [ by-linenum ]

 

 

Basic Configurations

This section covers the following topics:

l          Entering/Exiting System View

l          Configuring the Device Name

l          Configuring the System Clock

l          Enabling/Disabling the Display of Copyright Information

l          Configuring a Banner

l          Configuring CLI Hotkeys

l          Configuring User Privilege Levels and Command Levels

l          Configuring the Number of Concurrent Users

l          Displaying and Maintaining Basic Configurations

Entering/Exiting System View

Follow these steps to enter/exit system view:

To do…	Use the command…	Remarks
Enter system view from user view	system-view	—
Return to user view from system view	quit	—

 

 

Configuring the Device Name

The device name is used to identify a device in a network. Inside the system, the device name corresponds to the prompt of the CLI. For example, if the device name is Sysname, the prompt of user view is <Sysname>.

Follow these steps to configure the device name:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the device name	sysname sysname	Optional The device name is H3C.

 

Configuring the System Clock

Configuring the system clock

The system clock, displayed by system time stamp, is decided by the configured relative time, time zone, and daylight saving time. You can view the system clock by using the display clock command.

Follow these steps to configure the system clock:

To do…	Use the command…	Remarks
Set time and date	clock datetime time date	Optional Available in user view.
Enter system view	system-view	—
Set the time zone	clock timezone zone-name { add | minus } zone-offset	Optional
Set a daylight saving time scheme	clock summer-time zone-name one-off start-time start-date end-time end-date add-time	Optional Use either command
	clock summer-time zone-name repeating start-time start-date end-time end-date add-time

 

Displaying the system clock

The system clock is decided by the commands clock datetime, clock timezone and clock summer-time. If these three commands are not configured, the display clock command displays the original system clock. If you combine these three commands in different ways, the system clock is displayed in the ways shown in Table 1-1. The meanings of the parameters in the configuration column are as follows:

l          1 indicates date-time has been configured with the clock datetime.

l          2 indicates time-zone has been configured with the clock timezone command and the offset time is zone-offset.

l          3 indicates daylight saving time has been configured with the clock summer-time command and the offset time is summer-offset.

l          [1] indicates the clock datetime command is an optional configuration.

l          The default system clock is 2005/1/1 1:00:00 in the example.

Table 1-1 Relationship between the configuration and display of the system clock

Configuration	System clock displayed by the display clock command	Example
1	date-time	Configure: clock datetime 1:00 2007/1/1 Display: 01:00:00 UTC Mon 01/01/2007
2	The original system clock ± zone-offset	Configure: clock timezone zone-time add 1 Display: 02:00:00 zone-time Sat 01/01/2005
1 and 2	date-time ± zone-offset	Configure: clock datetime 2:00 2007/2/2 and clock timezone zone-time add 1 Display: 03:00:00 zone-time Fri 02/02/2007
[1], 2 and 1	date-time	Configure: clock timezone zone-time add 1 and clock datetime 3:00 2007/3/3 Display: 03:00:00 zone-time Sat 03/03/2007
3	If the original system clock is not in the daylight saving time range, the original system clock is displayed.	Configure: clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Sat 01/01/2005
	If the original system clock is in the daylight saving time range, the original system clock + summer-offset is displayed.	Configure: clock summer-time ss one-off 00:30 2005/1/1 1:00 2005/8/8 2 Display: 03:00:00 ss Sat 01/01/2005
1 and 3	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock datetime 1:00 2007/1/1 and clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Mon 01/01/2007
	If date-time is in the daylight saving time range, “date-time” + “summer-offset” is displayed.	Configure: clock datetime 8:00 2007/1/1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 10:00:00 ss Mon 01/01/2007
[1], 3 and 1	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:00 2008/1/1 Display: 01:00:00 UTC Tue 01/01/2008
	date-time is in the daylight saving time range: If the value of “date-time” - “summer-offset” is not in the summer-time range, “date-time” - “summer-offset”  is displayed; If the value of “date-time” - “summer-offset” is in the summer-time range, date-time is displayed.	Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:30 2007/1/1 Display: 23:30:00 UTC Sun 12/31/2006
		Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 3:00 2007/1/1 Display: 03:00:00 ss Mon 01/01/2007
2 and 3 or  3 and 2	If the value of the original system clock ± “zone-offset” is not in the summer-time range, the original system clock ± “zone-offset” is displayed.	Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 02:00:00 zone-time Sat 01/01/2005
		Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2005/1/1 1:00 2005/8/8 2 Display: 04:00:00 ss Sat 01/01/2005
	If the value of the original system clock ± “zone-offset” is in the summer-time range, the original system clock ± “zone-offset” + ”summer-offset” is displayed.	Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 Display: 02:00:00 zone-time Mon 01/01/2007
1, 2 and 3 or 1, 3 and 2	If the value of "date-time"±"zone-offset" is not in the summer-time range, "date-time"±"zone-offset" is displayed.	Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 04:00:00 ss Mon 01/01/2007
	If the value of "date-time"±"zone-offset" is in the summer-time range, "date-time"±"zone-offset"+”summer-offset” is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:00 2007/1/1 Display: 01:00:00 zone-time Mon 01/01/2007
[1], 2, 3 and 1 or [1], 3, 2 and 1	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:30 2008/1/1 Display: 23:30:00 zone-time Mon 12/31/2007
	date-time is in the daylight saving time range: If the value of “date-time”-“summer-offset” is not in the summer-time range, “date-time”-“summer-offset”  is displayed; If the value of “date-time”-“summer-offset” is in the summer-time range, date-time is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 3:00 2008/1/1 Display: 03:00:00 ss Tue 01/01/2008

 

Enabling/Disabling the Display of Copyright Information

l          With the display of copyright information enabled, the copyright information is displayed when a user logs in through Telnet or SSH, or when a user quits user view after logging in to the device through the console port, AUX port, or asynchronous serial interface. The copyright information will not be displayed under other circumstances. The display format of copyright information is as shown below:

****************************************************************************

* Copyright (c) 2004-2008 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                               *

* no decompiling or reverse-engineering shall be allowed.                  * ****************************************************************************

l          With the display of copyright information disabled, under no circumstances will the copyright information be displayed.

Follow these steps to enable/disable the display of copyright information:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the display of copyright information	copyright-info enable	Optional Enabled by default.
Disable the display of copyright information	undo copyright-info enable	Required Enabled by default.

 

Configuring a Banner

Introduction to banners

Banners are prompt information displayed by the system when users are connected to the device, perform login authentication, and start interactive configuration. The administrator can set corresponding banners as needed.

At present, the system supports the following five kinds of welcome information.

l          shell banner, also called session banner, displayed when a non TTY Modem user enters user view.

l          incoming banner, also called user interface banner, displayed when a user interface is activated by a Modem user.

l          login banner, welcome information at login authentications, displayed when password and scheme authentications are configured.

l          motd (Message of the Day) banner, welcome information displayed before authentication.

l          legal banner, also called authorization information. The system displays some copyright or authorization information, and then displays the legal banner before a user logs in, waiting for the user to confirm whether to continue the authentication or login. If entering Y or pressing the Enter key, the user enters the authentication or login process; if entering N, the user quits the authentication or login process. Y and N are case insensitive.

Configuring a banner

When you configure a banner, the system supports two input modes. One is to input all the banner information right after the command keywords. The start and end characters of the input text must be the same but are not part of the banner information. In this case, the input text, together with the command keywords, cannot exceed 510 characters. The other is to input all the banner information in multiple lines by pressing the Enter key. In this case, up to 2000 characters can be input.

The latter input mode can be achieved in the following three ways:

l          Press the Enter key directly after the command keywords, and end the setting with the % character. The Enter and % characters are not part of the banner information.

l          Input a character after the command keywords at the first line, and then press the Enter key. End the setting with the character input at the first line. The character at the first line and the end character are not part of the banner information.

l          Input multiple characters after the command keywords at the first line (with the first and last characters being different), then press the Enter key. End the setting with the first character at the first line. The first character at the first line and the end character are not part of the banner information.

Follow these steps to configure a banner:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the banner to be displayed at login (available for Modem login users)	header incoming text	Optional
Configure the banner to be displayed at login authentication	header login text	Optional
Configure the authorization information before login	header legal text	Optional
Configure the banner to be displayed when a user enters user view (non Modem login users)	header shell text	Optional
Configure the banner to be displayed before login	header motd text	Optional

 

Configuring CLI Hotkeys

Follow these steps to configure CLI hotkeys:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure CLI hotkeys	hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command	Optional The Ctrl+G, Ctrl+L and Ctrl+O hotkeys are specified with command lines by default.
Display hotkeys	display hotkey	Available in any view. Refer to Table 1-2 for hotkeys reserved by the system.

 

 

Table 1-2 Hotkeys reserved by the system

Hotkey	Function
Ctrl+A	Moves the cursor to the beginning of the current line.
Ctrl+B	Moves the cursor one character to the left.
Ctrl+C	Stops performing a command.
Ctrl+D	Deletes the character at the current cursor position.
Ctrl+E	Moves the cursor to the end of the current line.
Ctrl+F	Moves the cursor one character to the right.
Ctrl+H	Deletes the character to the left of the cursor.
Ctrl+K	Terminates an outgoing connection.
Ctrl+N	Displays the next command in the history command buffer.
Ctrl+P	Displays the previous command in the history command buffer.
Ctrl+R	Redisplays the current line information.
Ctrl+V	Pastes the content in the clipboard.
Ctrl+W	Deletes all the characters in a continuous string to the left of the cursor.
Ctrl+X	Deletes all the characters to the left of the cursor.
Ctrl+Y	Deletes all the characters to the right of the cursor.
Ctrl+Z	Exits to user view.
Ctrl+]	Terminates an incoming connection or a redirect connection.
Esc+B	Moves the cursor to the leading character of the continuous string to the left.
Esc+D	Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor.
Esc+F	Moves the cursor to the front of the next continuous string to the right.
Esc+N	Moves the cursor down by one line (available before you press Enter)
Esc+P	Moves the cursor up by one line (available before you press Enter)
Esc+<	Specifies the cursor as the beginning of the clipboard.
Esc+>	Specifies the cursor as the ending of the clipboard.

 

 

Configuring User Privilege Levels and Command Levels

Introduction

To restrict the different users’ access to the device, the system manages the users by their privilege levels. User privilege levels correspond to command levels. After users at different privilege levels log in, they can only use commands at their own, or lower, levels. All the commands are categorized into four levels, which are visit, monitor, system, and manage from low to high, and identified respectively by 0 through 3. Table 1-3 describes the levels of the commands.

Table 1-3 Default command levels

Level	Privilege	Description
0	Visit	Involves commands for network diagnosis and commands for accessing an external device. Commands at this level are not allowed to be saved after being configured. After the device is restarted, the commands at this level will be restored to the default settings. Commands at this level include ping, tracert, telnet and ssh2.
1	Monitor	Includes commands for system maintenance and service fault diagnosis. Commands at this level are not allowed to be saved after being configured. After the device is restarted, the commands at this level will be restored to the default settings. Commands at this level include debugging, terminal, refresh, reset, and send.
2	System	Provides service configuration commands, including routing and commands at each level of the network for providing services. By default, commands at this level include all configuration commands except for those at manage level.
3	Manage	Influences the basic operation of the system and the system support modules for service support. By default, commands at this level involve file system, FTP, TFTP, Xmodem command download, user management, level setting, as well as parameter setting within a system (the last case involves those non-protocol or non RFC provisioned commands).

 

Configuring user privilege level

User privilege level can be configured by using AAA authentication parameters or under a user interface.

1)        Configure user privilege level by using AAA authentication parameters

If the user interface authentication mode is scheme when a user logs in, and username and password are needed at login, then the user privilege level is specified in the configuration of AAA authentication.

Follow these steps to configure user privilege level by using AAA authentication parameters:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter user interface view		user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] }	—
Configure the authentication mode for logging in to the user interface as scheme		authentication-mode scheme [ command-authorization ]	Required By default, the authentication mode for VTY is password, and no authentication is needed for AUX login users.
Exit to system view		quit	—
Configure the authentication mode for SSH users as password		For the details, refer to SSH2.0 Configuration in the Security Volume.	Required if users use SSH to log in, and username and password are needed at authentication
Configure the user privilege level by using AAA authentication parameters	Using local authentication	l      Use the local-user command to create a local user and enter local user view. l      Use the level keyword in the authorization-attribute command to configure the user level.	User either approach l      For local authentication, if you do not configure the user level, the user level is 0, that is, users of this level can use commands with level 0 only. l      For remote authentication, if you do not configure the user level, the user level depends on the default configuration of the authentication server.
	Using remote authentication (RADIUS, HWTACACS, and LDAP authentications)	Configure user level on the authentication server

 

 

2)        Example of configuring user privilege level by using AAA authentication parameters

# Authenticate the users telnetting to the device through VTY 1, verify their usernames and passwords locally, and specify the user privilege level as 3.

<Sysname> system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password cipher 123

[Sysname-luser-test] service-type telnet

After the above configuration, when users telnet to the device through VTY 1, they need to input username test and password 123. After passing the authentication, users can only use the commands of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following configuration is required:

[Sysname-luser-test] authorization-attribute level 3

3)        Configure the user privilege level under a user interface

If the user interface authentication mode is scheme when a user logs in, and SSH publickey authentication type (only username is needed for this authentication type) is adopted, then the user privilege level is the user interface level; if a user logs in using the none or password mode (namely, no username is needed), the user privilege level is the user interface level.

Follow these steps to configure the user privilege level under a user interface (SSH publickey authentication type):

To do…	Use the command…	Remarks
Configure the authentication type for SSH users as publickey	For the details, refer to SSH2.0 Configuration in the Security Volume.	Required if users adopt the SSH login mode, and only username, instead of password is needed at authentication. After the configuration, the authentication mode of the corresponding user interface must be set to scheme.
Enter system view	system-view	—
Enter user interface view	user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] }	—
Configure the authentication mode when a user uses the current user interface to log in to the device	authentication-mode scheme [ command-authorization ]	Optional By default, the authentication mode for VTY interfaces is password, and AUX user interfaces do not need authentication.
Configure the privilege level of the user logging in from the current user interface	user privilege level level	Optional By default, the user privilege level for users logging in from the console user interface is 3, and that for users logging from the other user interfaces is 0.

 

Follow these steps to configure the user privilege level under a user interface (none or password authentication mode):

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] }	—
Configure the authentication mode when a user uses the current user interface to log in to the device	authentication-mode { none | password }	Optional By default, the authentication mode for VTY interfaces is password, and AUX user interfaces do not need authentication.
Configure the privilege level of the user logging in from the current user interface	user privilege level level	Optional By default, the user privilege level for users logging in from the console user interface is 3, and that for users logging from the other user interfaces is 0.

 

4)        Example of configuring user privilege level under a user interface

l          Perform no authentication to the users telnetting to the device, and specify the user privilege level as 1. (This configuration brings potential security problem. Therefore, you are recommended to use it only in a lab environment.)

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] authentication-mode none

[Sysname-ui-vty0-4] user privilege level 1

By default, when users telnet to the device, they can only use the following commands after passing the authentication:

<Sysname> ?

User view commands:

  display  Display current system information

  ping     Ping function

  quit     Exit from current command view

  rsh      Establish one RSH connection

  ssh2     Establish a secure shell client connection

  super    Set the current user priority level

  telnet   Establish one TELNET connection

  tftp     Open TFTP connection

  tracert  Trace route function

After you set the user privilege level under the user interface, users can log in to the device through Telnet without any authentication and use the following commands:

<Sysname> ?

User view commands:

  debugging      Enable system debugging functions

  dialer         Dialer disconnect

  display        Display current system information

  ping           Ping function

  quit           Exit from current command view

  refresh        Do soft reset

  reset          Reset operation

  rsh            Establish one RSH connection

  screen-length  Specify the lines displayed on one screen

  send           Send information to other user terminal interface

  ssh2           Establish a secure shell client connection

  super          Set the current user priority level

  telnet         Establish one TELNET connection

  terminal       Set the terminal line characteristics

  tftp           Open TFTP connection

  tracert        Trace route function

undo           Cancel current setting

l          Authenticate the usesr logging in to the device through Telnet, verify their passwords, and specify the user privilege levels as 2.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty1] authentication-mode password

[Sysname-ui-vty0-4] set authentication password cipher 123

[Sysname-ui-vty0-4] user privilege level 2

By default, when users log in to the device through Telnet, they can use the commands of level 0 after passing the authentication. After you set the user privilege level under the user interface, when users log in to the device through Telnet, they need to input password 123, and then they can use commands of levels 0, 1, and 2.

Switching user privilege level

Users can switch their user privilege level temporarily without logging out and disconnecting the current connection; after the switch, users can continue to configure the device without the need of relogin and reauthentication, but the commands that they can execute have changed. For example, if the current user privilege level is 3, the user can configure system parameters; after switching the user privilege level to 0, the user can only execute some simple commands, like ping and tracert, and only a few display commands. The switching of user privilege level is temporary, and effective for the current login; after the user relogs in, the user privilege restores to the original level.

To avoid misoperations, the administrators are recommended to log in to the device by using a lower privilege level and view device operating parameters, and when they have to maintain the device, they can switch to a higher level temporarily; when the administrators need to leave for a while or ask someone else to manage the device temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others.

Users can switch from a high user privilege level to a low user privilege level without entering a password; when switching from a low user privilege level to a high user privilege level, only the AUX login users do not have to enter the password, and users that log in from VTY user interfaces need to enter the password for security’s sake. This password is for level switching only and is different from the login password. If the entered password is incorrect or no password is configured, the switching fails. Therefore, before switching a user to a higher user privilege level, you should configure the password needed.

Follow these steps to switch user privilege level:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the password for switching the user privilege level	super password [ level user-level ] { simple | cipher } password	Required By default, no password is configured.
Exit to user view	quit	—
Switch the user privilege level	super [ level ]	Required When logging in to the device, a user has a user privilege level, which is decided by user interface or authentication user level.

 

 

Modifying command level

All the commands in a view are defaulted to different levels, as shown in Table 1-3. The administrator can modify the command level based on users’ needs to make users of a lower level use commands with a higher level or improve device security.

Follow these steps to modify the command level:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the command level in a specified view	command-privilege level level view view command	Required Refer to Table 1-3 for the default settings.

 

 

Configuring the Number of Concurrent Users

Follow these steps to configure the number of concurrent users:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the number of concurrent users	configure-user count number	Optional Two users are allowed to perform the operation in system view.

 

 

Displaying and Maintaining Basic Configurations

To do…	Use the command…	Remarks
Display information on system version	display version	Available in any view
Display information on the system clock	display clock
Display information on terminal users	display users [ all ]
Display the users entering system view at the same time	display configure-user
Display the valid configuration under current view	display this [ by-linenum ]
Display clipboard information	display clipboard
Display and save statistics of each module’s running status	display diagnostic-information

 

During daily maintenance or when the system is operating abnormally, you need to view each module’s running status to find the problem. Therefore, you are required to execute the corresponding display commands one by one. To collect more information one time, you can execute the display diagnostic-information command in any view to display or save statistics of each module’s running status. The execution of the display diagnostic-information command has the same effect as that of the commands display clock, display version, display device, and display current-configuration.

 

 

CLI Features

This section covers the following topics:

l          Introduction to CLI

l          Online Help with Command Lines

l          Synchronous Information Output

l          Undo Form of a Command

l          Editing Features

l          CLI Display

l          Saving History Command

l          Command Line Error Information

Introduction to CLI

CLI is an interaction interface between devices and users. Through CLI, you can configure your devices by entering commands and view the output information and verify your configurations, thus facilitating your configuration and management of your devices.

CLI provides the following features for you to configure and manage your devices:

l          Hierarchical command protection where you can only execute the commands at your own or lower levels. Refer to Configuring User Privilege Levels and Command Levels for details.

l          Easy access to on-line help by entering “?”

l          Abundant debugging information for fault diagnosis

l          Saving and executing commands that have been executed

l          Fuzzy match for convenience of input. When you execute a command, you can input part of the characters in a keyword. However, to enable you to confirm your operation, the command can be executed only when you input enough characters to make the command unique. Take the commands save, startup saved-configuration, and system-view which start with s as an example. To save the current configuration, you need to input sa at least; to set the configuration file for next startup, you need to input st s at least; to enter system view, you need to input sy at least. You can press Tab to complement the command, or you can input the complete command.

Online Help with Command Lines

The following are the types of online help available with the CLI:

l          Full help

l          Fuzzy help

To obtain the desired help information, you can:

1)        Enter ? in any view to access all the commands in this view and brief description about them as well.

<Sysname> ?

User view commands:

  backup             Backup next startup-configuration file to TFTP server

  boot-loader        Set boot loader

  bootrom            Update/read/backup/restore bootrom

  cd                 Change current directory

  clock              Specify the system clock

  cluster            Run cluster command

  copy               Copy from one file to another

  debugging          Enable system debugging functions

  delete             Delete a file

  dir                List files on a file system

  display            Show running system information

......omitted......

2)        Enter a command and a ? separated by a space. If ? is at the position of a keyword, all the keywords are given with a brief description.

<Sysname> terminal ?

  debugging  Send debug information to terminal

  logging    Send log information to terminal

  monitor    Send information output to current terminal

  trapping   Send trap information to terminal

3)        Enter a command and a ? separated by a space. If ? is at the position of a parameter, the description about this parameter is given.

<Sysname> system-view

[Sysname] interface vlan-interface ?

  <1-4094>  VLAN interface number

[Sysname] interface vlan-interface 1 ?

  <cr>

[Sysname] interface vlan-interface 1

Where, <cr> indicates that there is no parameter at this position. The command is then repeated in the next command line and executed if you press Enter.

4)        Enter a character string followed by a ?. All the commands starting with this string are displayed.

<Sysname> c?

   cd

   clock

   copy

5)        Enter a command followed by a character string and a ?. All the keywords starting with this string are listed.

<Sysname> display ver?

   version

6)        Press Tab after entering the first several letters of a keyword to display the complete keyword, provided these letters can uniquely identify the keyword in this command. If several matches are found, the complete keyword which is matched first is displayed (the matching rule is: the letters next to the input letters are arranged in alphabetic order, and the letter in the first place is matched first.). If you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles.

Synchronous Information Output

Synchronous information output refers to the feature that if the user’s input is interrupted by system output, then after the completion of system output the system will display a command line prompt and your input so far, and you can continue your operations from where you were stopped.

You can use the info-center synchronous command to enable synchronous information output. For the detailed description of this function, refer to Information Center Configuration in the System Volume.

Undo Form of a Command

Adding the keyword undo can form an undo command. Almost every configuration command has an undo form. undo commands are generally used to restore the system default, disable a function or cancel a configuration. For example, the info-center enable command is used to enable the information center, while the undo info-center enable command is used to disable the information center. (By default, the information center is enabled.)

Editing Features

The CLI provides the basic command editing functions and supports multi-line editing. When you execute a command, the system automatically goes to the next line if the maximum length of the command is reached. You cannot press Enter to go to the next line; otherwise, the system will automatically execute the command. The maximum length of each command is 510 characters. Table 1-4 lists these functions.

Table 1-4 Edit functions

Key	Function
Common keys	If the editing buffer is not full, insert the character at the position of the cursor and move the cursor to the right.
Backspace	Deletes the character to the left of the cursor and move the cursor back one character.
Left-arrow key or Ctrl+B	The cursor moves one character space to the left.
Right-arrow key or Ctrl+F	The cursor moves one character space to the right.
Up-arrow key or Ctrl+P	Displays history commands
Down-arrow key or Ctrl+N
Tab	Pressing Tab after entering part of a keyword enables the fuzzy help function. If finding a unique match, the system substitutes the complete keyword for the incomplete one and displays it in the next line; when there are several matches, if you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles. If there is no match at all, the system does not modify the incomplete keyword and displays it again in the next line.

 

 

CLI Display

Filtering the output information

The device provides the function to filter the output information. You can specify a regular expression to search information you need.

The regular expression is a string of 1 to 256 characters, case sensitive. It supports multiple mapping rules:

l          begin: Displays the line that matches the regular expression and all the subsequent lines.

l          exclude: Displays the lines that do not match the regular expression.

l          include: Displays only the lines that match the regular expression.

The regular expression also supports special characters as shown in Table 1-5.

Table 1-5 Special characters in a regular expression

Character	Meaning	Remarks
^string	Starting sign, string appears only at the beginning of a line.	For example, regular expression “^user” only matches a string beginning with “user”, not “Auser”.
string$	Ending sign, string appears only at the end of a line.	For example, regular expression "user$” only matches a string ending with “user”, not “userA”.
.	Full stop, a wildcard used in place of any character, including single character, special character and blank.	For example, “.l” can match “vlan” or “mpls”.
*	Asterisk, used to match a character or character group before it zero or multiple times.	For example, “zo*” can match “z” and “zoo”; (zo)* can match “zo” and “zozo”.
+	Addition, used to match a character or character group one or multiple times before it	For example, “zo+” can match “zo” and “zoo”, but not “z”.
|	Vertical bar, used to match the whole string on the left or right of it	For example, “def|int” can only match a character string containing “def” or “int”.
_	Underline. If it is at the beginning or the end of a regular expression, it equals ^ or $; in other cases, it equals comma, space, round bracket, or curly bracket.	For example, “a_b” can match “a b” or “a(b”; “_ab” can only match a line starting with “ab”; “ab_” can only match a line ending with “ab”.
-	Hyphen. It connects two values (the smaller one before it and the bigger one after it) to indicate a range together with [ ].	For example, “1-9” means numbers from 1 to 9 (inclusive); “a-h” means from a to h (inclusive).
[ ]	A range of characters, Matches any character in the specified range.	For example, [16A] can match a string containing any character among 1, 6, and A; [1-36A] can match a string containing any character among 1, 2, 3, 6, and A (with - being a hyphen). “]” can be matched only when it is put at the beginning of [ ] if it is used as a common character in [ ], for example [ ]string]. There is no such limit on “[”.
( )	A character group. It is usually used with “+” or “*”.	For example, (123A) means a character group “123A”; “408(12)+” can match 40812 or 408121212. But it cannot match 408.
\index	Repeats a specified character group for once. A character group refers to the string in () before \. index refers to the sequence number (starting from 1 from left to right) of the character group before \: if only one character group appears before \, then index can only be 1; if n character groups appear before index, then index can be any integer from 1 to n.	For example, (string)\1 means to repeat string for once, and (string)\1 must match a string containing stringstring; (string1)(string2)\2 means to repeat string2 for once, and (string1)(string2)\2 must match a string containing string1string2string2; (string1)(string2)\1\2 means to repeat string1 for once first, and then repeat string2 for once, and (string1)(string2)\1\2 must match a string containing string1string2string1string2.
[^]	Used to match any character not in a specified range.	For example, [^16A] means to match a string containing any character except 1, 6 or A, and the string can also contain 1, 6 or A, but cannot contain these three characters only. For example, [^16A] can match “abc” and “m16”, but not 1, 16, or 16A.
\<string	Used to match a character string starting with string.	For example, “\<do” can match word “domain” or string “doa”.
string\>	Used to match a character string ending with string.	For example, “do\>” can match word “undo” or string “abcdo”.
\bcharacter2	Used to match character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_].	For example, \ba can match -a, with - represents character1, and a represents character2; while \ba cannot match “2a” or “ba”.
\Bcharacter	It must match a string containing character, and there can no spaces before character.	For example, “\Bt” can match “t” in “install”, but not “t” in “big top”.
character1\w	Used to match character1character2. character2 must be a number, letter or underline, and \w equals [^A-Za-z0-9_].	For example, “v\w” can match “vlan”, with “v” being character1, and “l” being character2. v\w can also match “service”, with “i” being character2.
\W	Equals \b.	For example, “\Wa” can match “-a”, with “-” representing character1, and “a” representing character2; while “\ba” cannot match “2a” or “ba”.
\	Escape character. If single special characters listed in this table follow \, the specific meanings of the characters will be removed.	For example, “\\” can match a string containing “\”, “\^” can match a string containing “^”, and “\\b” can match a string containing “\b”.

 

Multiple-screen output

When there is a lot of information to be output, the system displays the information in multiple screens. Generally, 24 lines are displayed on one screen, and you can also use the screen-length command to set the number of lines displayed on the next screen. (For the details of this command, refer to User Interface Commands in the System Volume.) You can follow the step below to disable the multiple-screen output function of the current user.

To do…	Use the command…	Remarks
Disable the multiple-screen output function of the current user	screen-length disable	Required By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen output is enabled and 24 lines are displayed on the next screen. This command is executed in user view, and therefore is applicable to the current user only. When a user re-logs in, the settings restore to the system default.

 

Display functions

CLI offers the following feature:

When the information displayed exceeds one screen, you can pause using one of the methods shown in Table 1-6.

Table 1-6 Display functions

Action	Function
Press Space when information display pauses	Continues to display information of the next screen page.
Press Enter when information display pauses	Continues to display information of the next line.
Press Ctrl+C when information display pauses	Stops the display and the command execution.
Ctrl+E	Moves the cursor to the end of the current line.
PageUp	Displays information on the previous page.
PageDown	Displays information on the next page.

 

Saving History Commands

The CLI can automatically save the commands that have been used lately to the history buffer. You can know the operations that have been executed successfully, invoke and repeatedly execute them as needed. By default, the CLI can save up to ten commands for each user. You can use the history-command max-size command to set the capacity of the history commands buffer for the current user interface (For the detailed description of the history-command max-size command, refer to User Interface Commands in the System Volume). The following table lists the operations that you can perform.

Follow these steps to access history commands:

To do…	Use the key/command…	Result
View the history commands	display history-command	Displays the commands that you have entered
Access the previous history command	Up-arrow key or Ctrl+P	Displays the earlier history command, if there is any.
Access the next history command	Down-arrow key or Ctrl+N	Displays the next history command, if there is any.

 

 

Command Line Error Information

The commands are executed only if they have no syntax error. Otherwise, error information is reported. Table 1-7 lists some common errors.

Table 1-7 Common command line errors

Error information	Cause
% Unrecognized command found at '^' position.	The command was not found.
	The keyword was not found.
	Parameter type error
	The parameter value is beyond the allowed range.
% Incomplete command found at '^' position.	Incomplete command
% Ambiguous command found at '^' position.	Ambiguous command,
Too many parameters	Too many parameters
% Wrong parameter found at '^' position.	Wrong parameter

 

When configuring device management, go to these sections for information you are interested in:

l          Device Management Overview

l          Device Management Configuration Task List

l          Configuring Exception Handling Method

l          Rebooting a Device

l          Configuring the Scheduled Automatic Execution Function

l          Specifying a File for the Next Device Boot

l          Updating ONUs

l          Configuring a Detection Interval

l          Clearing the 16-bit Interface Indexes Not Used in the Current System

l          Displaying and Maintaining Device Management Configuration

l          Device Management Configuration Examples

 

 

Device Management Overview

Through the device management function, you can view the current working state of a device, configure running parameters, and perform daily device maintenance and management.

Device Management Configuration Task List

Complete these tasks to configure device management:

Task	Remarks
Configuring Exception Handling Method	Optional
Rebooting a Device	Optional
Configuring the Scheduled Automatic Execution Function	Optional
Specifying a File for the Next Device Boot	Optional
Upgrading Boot ROM	Optional
Updating ONUs
Configuring a Detection Interval	Optional
Clearing the 16-bit Interface Indexes Not Used in the Current System	Optional

 

Configuring Exception Handling Method

When the system detects any software abnormality, it handles the situation with one of the following two methods:

l          reboot: The system recovers itself through automatic reboot.

l          maintain: The system maintains the current situation, and does not take any measure to recover itself. Therefore, you need to recover the system manually, such as reboot the system. Sometimes, it is difficult for the system to recover, or some prompts that are printed during the failure are lost after the reboot. In this case, you can use this method to maintain the abnormal state to locate problems and recover the system.

Follow these steps to configure exception handling method:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure exception handling method	system-failure { maintain | reboot }	Optional By default, the system adopts the reboot method to handle exceptions.

 

Rebooting a Device

Rebooting a OLT device

When a fault occurs to a running device, you can remove the fault by rebooting the device, depending on the actual situation. This operation equals to powering on the device after powering it off. It is mainly used to reboot a device in remote maintenance, without performing hardware reboot of the device. You can set a time at which the device can automatically reboot. You can also set a delay so that the device can automatically reboot in the delay.

Follow these steps to reboot a device:

To do…	Use the command…	Remarks
Reboot the whole system	reboot	Optional Execute the command in user view.
Enable the scheduled reboot function and specify a specific reboot time and date	schedule reboot at hh:mm [ date ]	Optional The scheduled reboot function is disabled by default. Available in user view
Enable the scheduled reboot function and specify a reboot waiting time	schedule reboot delay { hh:mm | mm }

 

 

Rebooting a ONU device

Follow these steps to rebooting a ONU device:

To do…	Use the command…	Remarks
Enter system view	system-view	-
Enter ONU port view	interface interface-type interface-number	-
Reboot the ONU	reboot onu	Required

 

Configuring the Scheduled Automatic Execution Function

The scheduled automatic execution function means that the system automatically executes a specified command at a specified time in a specified view. This function is used for scheduled system upgrade or configuration.

Follow these steps to configure the scheduled automatic execution function:

To do…	Use the command…	Remarks
Automatically execute the specified command at the specified time	schedule job at time [ date ] view view command	Optional If you configure the function, use either command Available in user view
Automatically execute the specified command after the specified delay	schedule job delay time view view command

 

Note that:

l          At present, you can specify user view and system view only. To automatically execute the specified command in another view or automatically execute multiple commands at a time, you can configure the system to automatically execute a batch file at the specified time (note that you must provide a complete file path for the system to execute the batch file.).

l          The system does not check the values of the view and command arguments. Therefore, ensure the correctness of the command argument (including the correct format of command and the correct relationship between the command and view arguments).

l          After the specified automatic execution time is reached, the system executes the specified command in the background without displaying any information except system information such as log, trap and debug.

l          The system does not require any interactive information when it is executing the specified command. If there is information for you to confirm, the system automatically inputs Y or Yes; if characters need to be input, the system automatically inputs a default character string, or inputs an empty character string when there is no default character string.

l          For the commands used to switch user interfaces, such as telnet, ftp, and ssh2, the commands used to switch views, such as system-view, quit and interface ethernet, and the commands used to modify status of a user that is executing commands, such as super, the operation interface, command view and status of the current user are not changed after the automatic execution function is performed.

l          If the system time is modified after the automatic execution function is configured, the scheduled automatic execution configuration turns invalid automatically.

l          Only the last configuration takes effect if you execute the schedule job command repeatedly.

Specifying a File for the Next Device Boot

A Boot ROM file, also known as the system software or device software, is an application file used to boot the device. When multiple Boot ROM files are available on the storage device, you can specify a file for the next device boot by executing the following command.

Follow these steps to specify a file for the next device boot:

To do…	Use the command…	Remarks
Specify a file for the next boot	boot-loader file file-url { main | backup }	Required Available in user view.

 

 

Upgrading Boot ROM

During the operation of the device, you can use Boot ROM in the storage device to upgrade those that are running on the device.

After the validity check function is enabled, the device will strictly check the Boot ROM upgrade files for correctness and version configuration information to ensure a successful upgrade. You are recommended to enable the validity check function before upgrading Boot ROM.

Follow these steps to upgrade Boot ROM:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the validity check function when upgrading Boot ROM	bootrom-update security-check enable	Optional By default, the validity check function is enabled at the time of upgrading Boot ROM.
Return to user view	quit	—
Upgrade the Boot ROM program	bootrom update file file-url	Required All contents of the Boot ROM file are operated by default. Available in user view

 

 

Updating ONUs

Introduction to ONU update

Updating ONUs means updating ONU software versions remotely through OLTs.

Updating ONU devices requires a large amount of work because, in an EPON system, there are different types of ONU devices, which use different update files. To improve the ONU update efficiency and reduce resources consumed by issuing commands to each ONU, the S3600 Series EPON OLT Switches support batch updating of ONUs by type and OLT port, besides updating of a single ONU. Updating ONUs by type is recommended because it is efficient and easy-to-use. For the descriptions on the three ONU update methods, refer to Table 2-1.

Table 2-1 ONU update methods

To do…	Use the method…	Remarks
Update multiple ONUs by type	In FTTH view, update all the ONUs of the specified type attached to the switch (you can update different types of ONUs by specifying multiple update files).	l      If an ONU is online and matches the specified update file, the ONU is updated directly. l      If the ONU is online but does not match the update file, the update will fail. l      If the ONU is not online (because the ONU port is not bound with any ONU or the extended OAM connection fails on the bound ONU), the OLT waits and automatically starts to update the ONU when the ONU goes online and matches the specified update file. If the update file is wrong, the update will fail.
Update one ONU	In ONU port view, use the ONU update command for an ONU port.
Update multiple ONUs by OLT port	In OLT port view, use the ONU update command for the created ONU ports under the specified OLT port.

 

 

ONU update configuration

Follow these steps to update all the ONUs of the specified type:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter FTTH view	ftth	—
Update all the ONUs of the specified type under the switch	update onu onu-type onu-type filename file-url	Required

 

 

Follow these steps to update one ONU:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter ONU port view	interface onu interface-number	—
Use the update command on the ONU port	update onu filename file-url	Required

 

Follow these steps to update all the ONUs under the specified OLT port:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter OLT port view	interface olt interface-number	—
Use the update command on all the created ONU ports under the OLT port	update onu filename file-url	Required

 

 

Configuring a Detection Interval

When detecting an exception on a port, the operation, administration and maintenance (OAM) module will automatically shut down the port. The device will detect the status of the port when a detection interval elapses. If the port is still shut down, the device will recover it.

Follow these steps to configure a detection interval:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure a detection interval	shutdown-interval time	Optional (for the distributed device only) The detection interval is 30 seconds by default.

 

Clearing the 16-bit Interface Indexes Not Used in the Current System

In practical networks, the network management software requires the device to provide a uniform, stable 16-bit interface index. That is, a one-to-one relationship should be kept between the interface name and the interface index in the same device.

For the purpose of the stability of an interface index, the system will save the 16-bit interface index when a board or logical interface is removed.

If you repeatedly insert and remove different subboards or interface boards to create or delete a large number of logical interfaces, the interface indexes will be used up, which will result in interface creation failures. To avoid such a case, you can clear all 16-bit interface indexes saved but not used in the current system in user view.

After the above operation,

l          For a re-created interface, the new interface index may not be consistent with the original one.

l          For existing interfaces, their interface indexes remain unchanged.

Follow the step below to clear the 16-bit interface indexes not used in the current system:

To do…	Use the command…	Remarks
Clear the 16-bit interface indexes saved but not used in the current system	reset unused porttag	Required Available in user view

 

 

Displaying and Maintaining Device Management Configuration

Follow these steps to display and maintain device management configuration (for a centralized device):

To do…	Use the command…	Remarks
Display information of the boot file	display boot-loader	Available in any view
Display the statistics of the CPU usage	display cpu-usage [ number [ offset ] [ verbose ] [ from-device ] | task ]	Available in any view
Display history statistics of the CPU usage in a chart	display cpu-usage history [ task task-id ]	Available in any view
Display information about a board, subboard, CF board, USB or hardware on the device	display device  [ subslot subslot-number | verbose ]	Available in any view
Display electrical label information of the device	display device manuinfo	Available in any view
Display the operating state of fans in a device	display fan fan-id	Available in any view
Display the usage of the memory of a device	display memory	Available in any view
Display the power state of a device	display power [ power-id ]	Available in any view
Display the reboot type of a device	display reboot-type	Available in any view
Display the reboot time of a device	display schedule reboot	Available in any view
Display detailed configurations of the scheduled automatic execution function	display schedule job	Available in any view
Display the exception handling method	display system-failure	Available in any view

 

Device Management Configuration Examples

Remote Scheduled Automatic Upgrade Configuration Example

Network requirement

l          The current software version is soft-version1 for Device. Upgrade the software version of Device to soft-version2 and configuration file to new-config at a time when few services are processed (for example, at 3 am) through remote operations.

l          The newest application soft-version2.app and the newest configuration file new-config.cfg are both saved under the aaa directory of the FTP Server.

l          The IP address of Device is 1.1.1.1/24, the IP address of the FTP Server is 2.2.2.2/24, and FTP Server is reachable.

l          User can log in to Device via Telnet and a route exists between User and Device.

Figure 2-1 Network diagram for remote scheduled automatic upgrade

 

Configuration procedure

1)        Configuration on FTP Server (Note that configurations may vary with different types of servers)

l          Set the access parameters for the FTP client (including enabling the FTP server function, setting the FTP username to aaa and password to hello, and setting the user to have access to the flash:/aaa directory).

l          Use text editor on the FTP server to edit batch file auto-update.txt. The following is the content of the batch file:

return

startup saved-configuration new-config.cfg

boot-loader file soft-version2.app main

reboot

2)        Configuration on Device

# Log in to FTP Server (note that the prompt may vary with servers.)

<Device> ftp 2.2.2.2

Trying 2.2.2.2 ...

Press CTRL+K to abort

Connected to 2.2.2.2.

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User(2.2.2.2:(none)):aaa

331 Give me your password, please

Password:

230 Logged in successfully

[ftp]

# Download file auto-update.txt on the FTP server.

[ftp] get auto-update.txt

# Download file new-config.cfg on the FTP server.

[ftp]get new-config.cfg

# Download file soft-version2.app on the FTP server.

[ftp] binary

[ftp] get soft-version2.app

[ftp] bye

<Device>

# Modify the extension of file auto-update.txt as .bat.

<Device> rename auto-update.txt auto-update.bat

To ensure correctness of the file, you can use the more command to view the content of the file.

# Execute the scheduled automatic execution function to enable the device to be automatically upgraded at 3 am.

<Device> schedule job at 03:00 view system execute auto-update.bat

Info: Command execute auto-update.bat in system view will be executed at 03:00 12/11/2007(in 12 hours and  0 minutes).

ONU Update Configuration Example

Network requirements

l          An S3600 OLT switch at the city TV & broadcasting central office (CO) has 2 OLT ports connected to 30 type-A ONUs.

l          The type-A ONU vendor recently released an enhanced software version 110 for type-A ONUs. This version solves some software bugs found in the previous version 109 and provides some new functions.

l          The city office wants to update all the ONUs. District C branch office (connected to OLT 1/0/1) has 20 type-A ONUs under it. The network administrator believes version 109 can meet the current requirements and has worked normally. Thus, the network administrator asks to use version 110 on a trial basis in the branch office building (ONU 1/0/1:1 is bound with type-A ONUs for FTTB access to the building) and use version 109 for other ONUs.

Network diagram

Figure 2-2 Network diagram for ONU update

 

 

Configuration procedure

# Upload update files a110.app and a109.app to the switch.

# Update all the attached type-A ONUs to version 109 in OLT 1/0/1 port view.

[Sysname] interface olt 1/0/1

[Sysname-Olt1/0/1] update onu filename a109.app

Update flash:/a109.app?[Y/N]:y

 Info: Download file to onu may take a long time, please wait...

 Please wait while the firmware is being burnt, and check the software version after re-registration!

[Sysname-Olt1/0/1] qui t

# Update the type-A ONUs corresponding to ONU 1/0/1:1 in District C branch office building to version 110.

[Sysname] interface onu 1/0/1:1

[Sysname-Onu1/0/1:1] update onu filename a110.app

Update flash:/a110.app?[Y/N]:y

 Info: Download file to onu may take a long time, please wait...

 Please wait while the firmware is being burnt, and check the software version after re-registration!

[Sysname-Onu1/0/1:1] qui t

# Update all the type-A ONUs attached to the S3600 OLT series switch to version 110.

<Sysname> system-view

[Sysname] ftth

[Sysname-ftth] update onu onu-type a filename a110.app

When maintaining and debugging the system, go to these sections for information you are interested in:

l          System Maintaining and Debugging Overview

l          System Maintaining and Debugging

l          System Maintaining Example

System Maintaining and Debugging Overview

Introduction to System Maintaining

You can use the ping command and the tracert command to verify the current network connectivity.

The ping command

You can use the ping command to verify whether a device with a specified address is reachable, and to examine network connectivity.

The ping command involves the following steps in its execution:

1)        The source device sends an ICMP echo request to the destination device.

2)        If the network is functioning properly, the destination device responds by sending an ICMP echo reply to the source device after receiving the ICMP echo request.

3)        If there is network failure, the source device displays timeout or destination unreachable.

4)        The source device displays related statistics.

Output of the ping command falls into the following:

l          The ping command can be applied to the destination’s name or IP address. If the destination’s name is unknown, the prompt information is displayed.

l          Information on the destination’s responses towards each ICMP echo request. If the source device does not receive an ICMP echo reply within the timeout time, it displays the prompt information. If the source device receives an ICMP echo reply within the timeout time, it displays the number of bytes of the echo reply, the message sequence number, Time to Live (TTL), the response time, and the statistics during the ping operation. The statistics include number of packets sent, number of echo reply messages received, percentage of packets not responded to the total packets sent, and the minimum, average, and maximum response time.

The tracert command

By using the tracert command, you can trace the Layer 3 devices involved in delivering a packet from source to destination. This is useful for identification of failed node(s) in the event of network failure.

The tracert command involves the following steps in its execution:

1)        The source device sends a packet with a TTL value of 1 to the destination device.

2)        The first hop (the Layer 3 device that first receives the packet) responds by sending a TTL-expired ICMP message to the source, with its IP address encapsulated. In this way, the source device can get the address of the first Layer 3 device.

3)        The source device sends a packet with a TTL value of 2 to the destination device.

4)        The second hop responds with a TTL-expired ICMP message, which gives the source device the address of the second Layer 3 device.

5)        The above process continues until the ultimate destination device is reached. In this way, the source device can trace the addresses of all the Layer 3 devices involved to get to the destination device.

Introduction to System Debugging

The device provides various debugging functions. For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors.

The following two switches control the display of debugging information:

l          Protocol debugging switch, which controls protocol-specific debugging information.

l          Screen output switch, which controls whether to display the debugging information on a certain screen.

As Figure 3-1 illustrates, suppose the device can provide debugging for the three modules 1, 2, and 3. Only when both the protocol debugging switch and the screen output switch are turned on can debugging information be output on a terminal.

Figure 3-1 The relationship between the protocol and screen debugging switch

 

 

System Maintaining and Debugging

System Maintaining

To do…	Use the command…	Remarks
Check whether a specified IP address can be reached	ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v ] * remote-system	Optional Available in any view
View the route from the source to the destination	tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -w timeout ] * remote-system	Optional Available in any view

 

 

System Debugging

To do…	Use the command…	Remarks
Enable the terminal monitoring of system information	terminal monitor	Optional The terminal monitoring on the console is enabled by default and that on the monitoring terminal is disabled by default. Available in user view
Enable the terminal display of debugging information	terminal debugging	Required Disabled by default Available in user view
Enable debugging for a specified module	debugging { all [ timeout time ] | module-name [ option ] }	Required Disabled by default Available in user view
Display the enabled debugging functions	display debugging [ interface interface-type interface-number ] [ module-name ]	Optional Available in any view

 

 

System Maintaining Example

Network requirements

l          The IP address of the destination device is 10.1.1.4.

l          Display the Layer 3 devices involved while packets are forwarded from the source device to the destination device.

Configuration procedure

<Sysname> tracert 10.1.1.4

traceroute to 10.1.1.4 (10.1.1.4) 30 hops max, 40 bytes packet

1  128.3.112.1  19 ms  19 ms  0 ms

2  128.32.216.1  39 ms  39 ms  19 ms

3  128.32.136.23  39 ms  40 ms  39 ms

4  128.32.168.22  39 ms  39 ms  39 ms

5  128.32.197.4  40 ms  59 ms  59 ms

6  131.119.2.5  59 ms  59 ms  59 ms

7  129.140.70.13  99 ms  99 ms  80 ms

8  129.140.71.6  139 ms  239 ms  319 ms

9  129.140.81.7  220 ms  199 ms  199 ms

10  10.1.1.4  239 ms  239 ms  239 ms

The above output shows that nine Layer 3 devices are used from the source to the destination device.

 

When configuring hotfix, go to these sections for information you are interested in:

l          Hotfix Overview

l          Hotfix Configuration Task List

l          Displaying and Maintaining Hotfix

l          Hotfix Configuration Example

Hotfix Overview

Hotfix is a fast and cost-effective method to repair software defects of a device. Compared with another method, software version upgrade, hotfix can upgrade the software without interrupting the running services of the device, that is, it can repair the software defects of the current version without rebooting the device.

Basic Concepts in Hotfix

Patch and patch file

A patch, also called patch unit, is a package to fix software defects. Generally, patches are released as patch files. A patch file may contain one or more patches for different defects. After loaded from the Flash to the memory patch area, each patch is assigned a unique number, which starts from 1, for identification, management and operation. For example, if a patch file has three patch units, they will be numbered as 1, 2, and 3 respectively.

Incremental patch

Patches in a patch file are all incremental patches. An incremental patch means that the patch is dependent on the previous patch units. For example, if a patch file has three patch units, patch 3 can be running only after patch 1 and 2 take effect. You cannot run patch 3 separately.

Common patch and temporary patch

Patches fall into two types, common patches and temporary patches.

l          Common patches are those formally released through the version release flow.

l          Temporary patches are those not formally released through the version release flow, but temporarily provided to solve the emergent problems.

The common patches always include the functions of the previous temporary patches, so as to replace them. The patch type affects the patch loading process only: the system will delete all the temporary patches before it loads the common patch.

Patch Status

Each patch has its status, which can be switched by command lines. The relationship between patch state changes and command actions is shown in Figure 4-1. The patch can be in the state of IDLE, DEACTIVE, ACTIVE, and RUNNING. Load, run temporarily, confirm running, stop running, delete, install, and uninstall represent operations, corresponding to commands of patch load, patch active, patch run, patch deactive, patch delete, patch install, and undo patch install. For example, if you execute the patch active command for the patches in the DEACTIVE state, the patches turn to the ACTIVE state.

Figure 4-1 Relationship between patch state changes and command actions

 

 

IDLE state

Patches in the IDLE state are not loaded. You cannot install or run the patches, as shown in Figure 4-2 (suppose the memory patch area can load up to eight patches).

The patches that are in the IDLE state will be still in the IDLE state after system reboot.

Figure 4-2 Patches are not loaded to the memory patch area

 

 

DEACTIVE state

Patches in the DEACTIVE state have been loaded to the memory patch area but have not run in the system yet. Suppose that there are seven patches in the patch file to be loaded. After the seven patches successfully pass the version check and CRC check, they will be loaded to the memory patch area and are in the DEACTIVE state. At this time, the patch states in the system are as shown in Figure 4-3.

The patches that are in the DEACTIVE state will be still in the DEACTIVE state after system reboot.

Figure 4-3 A patch file is loaded to the memory patch area

 

ACTIVE state

Patches in the ACTIVE state are those that have run temporarily in the system and will become DEACTIVE after system reboot. For the seven patches in Figure 4-3, if you activate the first five patches, the state of them will change from DEACTIVE to ACTIVE. At this time, the patch states in the system are as shown in Figure 4-4.

The patches that are in the ACTIVE state will be in the DEACTIVE state after system reboot.

Figure 4-4 Patches are activated

 

RUNNING state

After you confirm the running of the ACTIVE patches, the state of the patches will become RUNNING and will be in the RUNNING state after system reboot. For the five patches in Figure 4-4, if you confirm the running the first three patches, their states will change from ACTIVE to RUNNING. At this time, the patch states of the system are as shown in Figure 4-5.

Figure 4-5 Patches are running

 

The patches that are in the RUNNING state will be still in the RUNNING state after system reboot.

Hotfix Configuration Task List

Task		Remarks
Install patches	One-Step Patch Installation	Use either approach. The step-by-step patch installation allows you to control the patch status.
	Step-by-Step Patch Installation
Uninstall patches	One-Step Patch Uninstallation	Use either approach. The step-by-step patch uninstallation allows you to control the patch status.
	Step-by-Step Patch Uninstallation

 

Configuration Prerequisites

Patches are released per device model. Before patching the system, you need to save the appropriate patch files to the storage media of the device using FTP or TFTP. When saving the patch files, note that:

l          The patch files match the device model and software version. If they are not matched, the hotfixing operation will fail.

l          Name the patch file properly. Otherwise, the system cannot locate the patch file and the hotfixing operation will fail. The name is in the format of "patch_PATCH-FLAG suffix.bin". The PATCH-FLAG is pre-defined and support for the PATCH-FLAG depends on device model. The first three characters of the version item (using the display patch information command) represent the PATCH-FLAG suffix. The system searches the root directory of the storage medium (flash by default) for patch files based on the PATCH-FLAG. If there is a match, the system loads patches to or install them on the memory patch area.

Table 4-1 describes the default patch name for each board type.

Table 4-1 Default patch names for different board types

Product	Board type	PATCH-FLAG	Default patch name
S3600	—	PATCH-XXX	patch_xxx.bin

 

One-Step Patch Installation

You can use the patch install command to install patches in one step. After you execute the command, the system displays the message "Do you want to continue running patches after reboot? [Y/N]:".

l          Entering y or Y: All the specified patches are installed, and turn to the RUNNING state from IDLE. This equals execution of the commands patch location, patch load, patch active, and patch run. The patches remain RUNNING after system reboot.

l          Entering n or N: All the specified patches are installed and turn to the ACTIVE state from IDLE. This equals execution of the commands patch location, patch load and patch active. The patches turn to the DEACTIVE state after system reboot.

Follow these steps to install the patches in one step:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Install the patches in one step	patch install patch-location	Required

 

 

Step-by-Step Patch Installation

Step-by-Step Patch Installation Task List

Task	Remarks
Configuring the Patch File Location	Optional
Loading a Patch File	Required
Activating Patches	Required
Confirming Running Patches	Optional

 

Configuring the Patch File Location

If you save the patch files to other storage media except the flash on the device, you need to specify the directory where the patch files locate with the patch-location argument. Then the system loads the appropriate patch files from the specified directory. If the device has only one storage medium, you do not need to execute this command.

Follow these steps to configure the patch file location:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the patch file location	patch location patch-location	Optional flash: by default

 

Loading a Patch File

Loading the right patch files is the basis of other hotfixing operations. The system loads a patch file from the flash by default.

 

 

Follow the steps below to load a patch file:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Load the patch file from the flash to the memory patch area	patch load	Required

 

Activating Patches

After you activate a patch, the patch will take effect and is in the test-run stage. After the device is reset or rebooted, the patch becomes invalid.

If you find that an ACTIVE patch is of some problem, you can reboot the device to deactivate the patch, so as to avoid a series of running faults resulting from patch error.

Follow the steps below to activate patches:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Activate the specified patches	patch active patch-number	Required

 

Confirming Running Patches

After you confirm the running of a patch, the patch state becomes RUNNING, and the patch is in the normal running stage. After the device is reset or rebooted, the patch is still valid.

Follow the steps below to confirm the running of the patches:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Confirm the running of the specified patches	patch run patch-number	Required

 

 

One-Step Patch Uninstallation

You can use the undo patch install command to uninstall all patches. The patches then turn to the IDLE state. This equals execution of the commands patch deactive and patch delete.

Follow these steps to uninstall the patches in one step:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Uninstall the patches	undo patch install	Required

 

Step-by-Step Patch Uninstallation

Step-by-Step Patch Uninstallation Task List

Task	Remarks
Stop Running Patches	Required
Deleting Patches	Required

 

Stop Running Patches

After you stop running a patch, the patch state becomes DEACTIVE, and the system runs in the way before it is installed with the patch.

Follow the steps below to stop running patches:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Stop running the specified patches	patch deactive patch-number	Required

 

Deleting Patches

Deleting patches only removes the patches from the memory patch area, and does not delete them from the storage medium. The patches turn to IDLE state after this operation. After a patch is deleted, the system runs in the way before it is installed with the patch.

Follow the steps below to delete patches:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Delete the specified patches from the memory patch area	patch delete patch-number	Required

 

Displaying and Maintaining Hotfix

To do…	Use the command…	Remarks
Display the patch information	display patch information	Available in any view

 

Hotfix Configuration Example

Network requirements

l          Switch is a centralized device using the software soft-version1. The latest patches are released to fix the defects in version 1, and thus upgrading is needed.

l          The patch file patch_xxx.bin is saved under the directory aaa of the FTP server.

l          The IP address of Switch is 1.1.1.1/24, and IP address of FTP Server is 2.2.2.2/24. The route between Switch and FTP Server is reachable.

l          User is allowed to telnet to Switch. The route between User and Switch is reachable.

Figure 4-6 Network diagram of hotfix configuration

 

Configuration procedure

1)        Configure FTP Server. Note that the configuration varies depending on server type.

# Enable FTP server.

<FTP-Server> system-view

[FTP-Server] ftp server enable

# Configure an FTP user with the name aaa and password hello.

[FTP-Server] local-user aaa

[FTP-Server-luser-aaa] password cipher hello

# Assign read-write rights for the FTP user aaa.

[FTP-Server-luser-aaa] service-type ftp

[FTP-Server-luser-aaa] authorization-attribute work-directory flash:/aaa

2)        Configure Switch (FTP Client).

 

 

# Before upgrading the software, use the save command to save the current system configuration. The configuration procedure is omitted.

# Log in to FTP Server. Note that the command output varies depending on server type.

<Switch> ftp 2.2.2.2

Trying 2.2.2.2 ...

Press CTRL+K to abort

Connected to 2.2.2.2.

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User(2.2.2.2:(none)):aaa

331 Give me your password, please

Password:

230 Logged in successfully

[ftp]

# Download the file patch_xxx.bin from FTP Server.

[ftp] binary

[ftp] get patch_xxx.bin

[ftp] bye

<Switch>

# Install the patch.

<Switch> system-view

[Switch] patch install flash:

Patches will be installed. Continue? [Y/N]:y

Do you want to continue running patches after reboot? [Y/N]:y

Installing patches........

Installation completed, and patches will continue to run after reboot.