02-Basic System Configuration
Chapters Download (150.83 KB)
Table of Contents
Enabling/Disabling the Display of Copyright Information
Configuring User Privilege Levels and Command Levels
Displaying and Maintaining Basic Configurations
Online Help with Command Lines
Synchronous Information Output
Saving Commands in the History Buffer
Command Line Error Information
While performing basic configurations of the system, go to these sections for information you are interested in:
To avoid duplicate configuration, you can use the display commands to view the current configuration of the device before configuring the device. The configurations of a device fall into the following categories:
l Factory defaults: When devices are shipped, they are installed with some basic configurations, which are called factory defaults. These default configurations ensure that a device can start up and run normally when it has no configuration file or the configuration file is damaged.
l Current configuration: The currently running configuration on the device.
l Saved configuration: Configurations saved in the startup configuration file.
Follow these steps to display device configurations:
|
To do… |
Use the command… |
Remarks |
|
Display the factory defaults of the device |
display default-configuration |
Available in any view. |
|
Display the current validated configurations of the device |
display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] [ interface-number ] ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ] |
|
|
Display the configuration saved on the storage media of the device |
display saved-configuration [ by-linenum ] |
For details of the display saved-configuration command, refer to File System Management Commands in the System Volume.
This section covers the following topics:
l Configuring the System Clock
l Enabling/Disabling the Display of Copyright Information
l Configuring User Privilege Levels and Command Levels
l Displaying and Maintaining Basic Configurations
After you log in to the device, you will automatically enter user view. At this time, the system displays <Device name>. You can perform limited operations in user view, such as display operations, file operations, and Telnet operations. To perform further configurations of the device, enter system view.
Follow the step below to enter system view:
|
To do… |
Use the command… |
Remarks |
|
Enter system view from user view |
system-view |
Required Available in user view |
The system divides the command line interface into multiple command views, which adopts a hierarchical structure. For example, there is system view under user view, and interface view and VLAN view under system view. After you have configured the functions under the current view, you can perform the following operations to exit the current view.
Follow the step below to exit the current view:
|
To do… |
Use the command… |
Remarks |
|
Return to an upper level view from the current view |
quit |
Required If the current view is user view, the command terminates the connection between the user terminal and the device. Available in any view. |
This feature allows you to return to user view easily from any non user view, without the need to execute the quit command repeatedly. You can also use the hot key Ctrl+Z to return to user view from the current view.
Follow the step below to exit to user view:
|
To do… |
Use the command… |
Remarks |
|
Exit to user view |
return |
Required Available in any view except user view |
The device name is used to identify a device in a network. Inside the system, the device name corresponds to the prompt of the CLI. For example, if the device name is Sysname, the prompt of user view is <Sysname>.
Follow these steps to configure the device name:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the device name |
sysname sysname |
Optional The device name is H3C by default. |
The system clock, displayed by system time stamp, is decided by the configured relative time, time zone, and daylight saving time. You can view the system clock by using the display clock command.
Follow these steps to configure the system clock:
|
To do… |
Use the command… |
Remarks |
|
Set time and date |
clock datetime time date |
Optional Available in user view. |
|
Enter system view |
system-view |
— |
|
Set the time zone |
clock timezone zone-name { add | minus } zone-offset |
Optional |
|
Set a daylight saving time scheme |
clock summer-time zone-name one-off start-time start-date end-time end-date add-time |
Optional Use either command |
|
clock summer-time zone-name repeating start-time start-date end-time end-date add-time |
The system clock is decided by the commands clock datetime, clock timezone and clock summer-time. If these three commands are not configured, the display clock command displays the original system clock. If you combine these three commands in different ways, the system clock is displayed in the ways shown in Table 1-1. The meanings of the parameters in the configuration column are as follows:
l 1 indicates date-time has been configured with the clock datetime.
l 2 indicates time-zone has been configured with the clock timezone command and the offset time is zone-offset.
l 3 indicates daylight saving time has been configured with the clock summer-time command and the offset time is summer-offset.
l [1] indicates the clock datetime command is an optional configuration.
l The default system clock is 2005/1/1 1:00:00 in the example.
Table 1-1 Relationship between the configuration and display of the system clock
|
Configuration |
System clock displayed by the display clock command |
Example |
|
1 |
date-time |
Configure: clock datetime 1:00 2007/1/1 Display: 01:00:00 UTC Mon 01/01/2007 |
|
2 |
The original system clock ± zone-offset |
Configure: clock timezone zone-time add 1 Display: 02:00:00 zone-time Sat 01/01/2005 |
|
1 and 2 |
date-time ± zone-offset |
Configure: clock datetime 2:00 2007/2/2 and clock timezone zone-time add 1 Display: 03:00:00 zone-time Fri 02/02/2007 |
|
[1], 2 and 1 |
date-time |
Configure: clock timezone zone-time add 1 and clock datetime 3:00 2007/3/3 Display: 03:00:00 zone-time Sat 03/03/2007 |
|
3 |
If the original system clock is not in the daylight saving time range, the original system clock is displayed. |
Configure: clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Sat 01/01/2005 |
|
If the original system clock is in the daylight saving time range, the original system clock + summer-offset is displayed. |
Configure: clock summer-time ss one-off 00:30 2005/1/1 1:00 2005/8/8 2 Display: 03:00:00 ss Sat 01/01/2005 |
|
|
1 and 3 |
If date-time is not in the daylight saving time range, date-time is displayed. |
Configure: clock datetime 1:00 2007/1/1 and clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Mon 01/01/2007 |
|
If date-time is in the daylight saving time range, “date-time” + “summer-offset” is displayed. |
Configure: clock datetime 8:00 2007/1/1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 10:00:00 ss Mon 01/01/2007 |
|
|
[1], 3 and 1
|
If date-time is not in the daylight saving time range, date-time is displayed. |
Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:00 2008/1/1 Display: 01:00:00 UTC Tue 01/01/2008 |
|
date-time is in the daylight saving time range: If the value of “date-time”
- “summer-offset” is not in the summer-time range, “date-time”
- “summer-offset” is displayed; |
Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:30 2007/1/1 Display: 23:30:00 UTC Sun 12/31/2006 |
|
|
Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 3:00 2007/1/1 Display: 03:00:00 ss Mon 01/01/2007 |
||
|
2 and 3 or 3 and 2 |
If the value of the original system clock ± “zone-offset” is not in the summer-time range, the original system clock ± “zone-offset” is displayed. |
Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 02:00:00 zone-time Sat 01/01/2005 |
|
Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2005/1/1 1:00 2005/8/8 2 Display: 04:00:00 ss Sat 01/01/2005 |
||
|
If the value of the original system clock ± “zone-offset” is in the summer-time range, the original system clock ± “zone-offset” + ”summer-offset” is displayed. |
Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 Display: 02:00:00 zone-time Mon 01/01/2007 |
|
|
1, 2 and 3 or 1, 3 and 2 |
If the value of "date-time"±"zone-offset" is not in the summer-time range, "date-time"±"zone-offset" is displayed. |
Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 04:00:00 ss Mon 01/01/2007 |
|
If the value of "date-time"±"zone-offset" is in the summer-time range, "date-time"±"zone-offset"+”summer-offset” is displayed. |
Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:00 2007/1/1 Display: 01:00:00 zone-time Mon 01/01/2007 |
|
|
[1], 2, 3 and 1 or [1], 3, 2 and 1 |
If date-time is not in the daylight saving time range, date-time is displayed. |
Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:30 2008/1/1 Display: 23:30:00 zone-time Mon 12/31/2007 |
|
date-time is in the daylight saving time range: If the value of “date-time”-“summer-offset”
is not in the summer-time range, “date-time”-“summer-offset”
is displayed; |
Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 3:00 2008/1/1 Display: 03:00:00 ss Tue 01/01/2008 |
l With the display of copyright information enabled, the copyright information is displayed when a user logs in through Telnet or SSH, or when a user quits user view after logging in to the device through the AUX port. The copyright information will not be displayed under other circumstances. The display format of copyright information is as shown below:
****************************************************************************
* Copyright (c) 2004-2009 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
****************************************************************************
l With the display of copyright information disabled, under no circumstances will the copyright information be displayed.
Follow these steps to enable/disable the display of copyright information:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the display of copyright information |
copyright-info enable |
Optional Enabled by default. |
|
Disable the display of copyright information |
undo copyright-info enable |
Required Enabled by default. |
Banners are prompt information displayed by the system when users are connected to the device, perform login authentication, and start interactive configuration. The administrator can set corresponding banners as needed.
At present, the system supports the following five kinds of welcome information.
l shell banner, also called session banner, displayed when a non TTY Modem user enters user view.
l incoming banner, also called user interface banner, displayed when a user interface is activated by a Modem user.
l login banner, welcome information at login authentications, displayed when password and scheme authentications are configured.
l motd (Message of the Day) banner, welcome information displayed before authentication.
l legal banner, also called authorization information. The system displays some copyright or authorization information, and then displays the legal banner before a user logs in, waiting for the user to confirm whether to continue the authentication or login. If entering Y or pressing the Enter key, the user enters the authentication or login process; if entering N, the user quits the authentication or login process. Y and N are case insensitive.
When you configure a banner, the system supports two input modes. One is to input all the banner information right after the command keywords. The start and end characters of the input text must be the same but are not part of the banner information. In this case, the input text, together with the command keywords, cannot exceed 510 characters. The other is to input all the banner information in multiple lines by pressing the Enter key. In this case, up to 2000 characters can be input.
The latter input mode can be achieved in the following three ways:
l Press the Enter key directly after the command keywords, and end the setting with the % character. The Enter and % characters are not part of the banner information.
l Input a character after the command keywords at the first line, and then press the Enter key. End the setting with the character input at the first line. The character at the first line and the end character are not part of the banner information.
l Input multiple characters after the command keywords at the first line (with the first and last characters being different), then press the Enter key. End the setting with the first character at the first line. The first character at the first line and the end character are not part of the banner information.
Follow these steps to configure a banner:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the banner to be displayed at login (available for Modem login users) |
header incoming text |
Optional |
|
Configure the banner to be displayed at login authentication |
header login text |
Optional |
|
Configure the authorization information before login |
header legal text |
Optional |
|
Configure the banner to be displayed when a user enters user view (non Modem login users) |
header shell text |
Optional |
|
Configure the banner to be displayed before login |
header motd text |
Optional |
Follow these steps to configure CLI hotkeys:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure CLI hotkeys |
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command |
Optional The Ctrl+G, Ctrl+L and Ctrl+O hotkeys are specified with command lines by default. |
|
Display hotkeys |
display hotkey |
Available in any view. Refer to Table 1-2 for hotkeys reserved by the system. |
By default, the Ctrl+G, Ctrl+L and Ctrl+O hotkeys are configured with command line and the Ctrl+T and Ctrl+U commands are NULL.
l Ctrl+G corresponds to the display current-configuration command.
l Ctrl+L corresponds to the display ip routing-table command.
l Ctrl+O corresponds to the undo debugging all command.
Table 1-2 Hotkeys reserved by the system
|
Hotkey |
Function |
|
Ctrl+A |
Moves the cursor to the beginning of the current line. |
|
Ctrl+B |
Moves the cursor one character to the left. |
|
Ctrl+C |
Stops performing a command. |
|
Ctrl+D |
Deletes the character at the current cursor position. |
|
Ctrl+E |
Moves the cursor to the end of the current line. |
|
Ctrl+F |
Moves the cursor one character to the right. |
|
Ctrl+H |
Deletes the character to the left of the cursor. |
|
Ctrl+K |
Terminates an outgoing connection. |
|
Ctrl+N |
Displays the next command in the history command buffer. |
|
Ctrl+P |
Displays the previous command in the history command buffer. |
|
Ctrl+R |
Redisplays the current line information. |
|
Ctrl+V |
Pastes the content in the clipboard. |
|
Ctrl+W |
Deletes all the characters in a continuous string to the left of the cursor. |
|
Ctrl+X |
Deletes all the characters to the left of the cursor. |
|
Ctrl+Y |
Deletes all the characters to the right of the cursor. |
|
Ctrl+Z |
Exits to user view. |
|
Ctrl+] |
Terminates an incoming connection or a redirect connection. |
|
Esc+B |
Moves the cursor to the leading character of the continuous string to the left. |
|
Esc+D |
Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor. |
|
Esc+F |
Moves the cursor to the front of the next continuous string to the right. |
|
Esc+N |
Moves the cursor down by one line (available before you press Enter) |
|
Esc+P |
Moves the cursor up by one line (available before you press Enter) |
|
Esc+< |
Specifies the cursor as the beginning of the clipboard. |
|
Esc+> |
Specifies the cursor as the ending of the clipboard. |
These hotkeys are defined by the device. When you interact with the device from terminal software, these keys may be defined to perform other operations. If so, the definition of the terminal software will dominate.
To restrict the different users’ access to the device, the system manages the users by their privilege levels. User privilege levels correspond to command levels. After users at different privilege levels log in, they can only use commands at their own, or lower, levels. All the commands are categorized into four levels, which are visit, monitor, system, and manage from low to high, and identified respectively by 0 through 3. Table 1-3 describes the levels of the commands.
Table 1-3 Default command levels
|
Level |
Privilege |
Description |
|
0 |
Visit |
Involves commands for network diagnosis and commands for accessing an external device. Commands at this level are not allowed to be saved after being configured. After the device is restarted, the commands at this level will be restored to the default settings. Commands at this level include ping, tracert, telnet and ssh2. |
|
1 |
Monitor |
Includes commands for system maintenance and service fault diagnosis. Commands at this level are not allowed to be saved after being configured. After the device is restarted, the commands at this level will be restored to the default settings. Commands at this level include debugging, terminal, refresh, reset, and send. |
|
2 |
System |
Provides service configuration commands, including routing and commands at each level of the network for providing services. By default, commands at this level include all configuration commands except for those at manage level. |
|
3 |
Manage |
Influences the basic operation of the system and the system support modules for service support. By default, commands at this level involve file system, FTP, TFTP command download, user management, level setting, as well as parameter setting within a system (the last case involves those non-protocol or non RFC provisioned commands). |
User privilege level can be configured by using AAA authentication parameters or under a user interface.
1) Configure user privilege level by using AAA authentication parameters
If the user interface authentication mode is scheme when a user logs in, and username and password are needed at login, then the user privilege level is specified in the configuration of AAA authentication.
Follow these steps to configure user privilege level by using AAA authentication parameters:
|
To do… |
Use the command… |
Remarks |
|
|
Enter system view |
system-view |
— |
|
|
Enter user interface view |
user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] } |
— |
|
|
Configure the authentication mode for logging in to the user interface as scheme |
authentication-mode scheme [ command-authorization ] |
Required By default, the authentication mode for VTY users is password, and no authentication is needed for AUX login users. |
|
|
Exit to system view |
quit |
— |
|
|
Configure the authentication mode for SSH users as password |
For the details, refer to SSH2.0 Configuration in the Security Volume. |
Required if users use SSH to log in, and username and password are needed at authentication |
|
|
Configure the user privilege level by using AAA authentication parameters |
Using local authentication |
l Use the local-user command to create a local user and enter local user view. l Use the level keyword in the authorization-attribute command to configure the user level. |
User either approach l For local authentication, if you do not configure the user level, the user level is 0, that is, users of this level can use commands with level 0 only. l For remote authentication, if you do not configure the user level, the user level depends on the default configuration of the authentication server. |
|
Using remote authentication (RADIUS, HWTACACS, and LDAP authentications) |
Configure user level on the authentication server |
||
l For the description of user interface, refer to User Interface Configuration in the System Volume; for the description of the user-interface, authentication-mode and user privilege level commands, refer to Login Commands in the System Volume.
l For the introduction to AAA authentication, refer to AAA Configuration in the Security Volume; for the description of the local-user and authorization-attribute commands, refer to AAA Commands in the Security Volume.
l For the introduction to SSH, refer to SSH 2.0 Configuration in the Security Volume.
2) Example of configuring user privilege level by using AAA authentication parameters
# Authenticate the users telnetting to the device through VTY 1, verify their usernames and passwords locally, and specify the user privilege level as 3.
<Sysname> system-view
[Sysname] user-interface vty 1
[Sysname-ui-vty1] authentication-mode scheme
[Sysname-ui-vty1] quit
[Sysname] local-user test
[Sysname-luser-test] password cipher 123
[Sysname-luser-test] service-type telnet
After the above configuration, when users telnet to the device through VTY 1, they need to input username test and password 123. After passing the authentication, users can only use the commands of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following configuration is required:
[Sysname-luser-test] authorization-attribute level 3
3) Configure the user privilege level under a user interface
If the user interface authentication mode is scheme when a user logs in, and SSH publickey authentication type (only username is needed for this authentication type) is adopted, then the user privilege level is the user interface level; if a user logs in using the none or password mode (namely, no username is needed), the user privilege level is the user interface level.
Follow these steps to configure the user privilege level under a user interface (SSH publickey authentication type):
|
To do… |
Use the command… |
Remarks |
|
Configure the authentication type for SSH users as publickey |
For the details, refer to SSH2.0 Configuration in the Security Volume. |
Required if users adopt the SSH login mode, and only username, instead of password is needed at authentication. After the configuration, the authentication mode of the corresponding user interface must be set to scheme. |
|
Enter system view |
system-view |
— |
|
Enter user interface view |
user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] } |
— |
|
Configure the authentication mode when a user uses the current user interface to log in to the device |
authentication-mode scheme [ command-authorization ] |
Optional By default, the authentication mode for VTY user interfaces is password, and AUX user interfaces do not need authentication. |
|
Configure the privilege level of the user logging in from the current user interface |
user privilege level level |
Optional By default, the user privilege level for users logging in from the console user interface is 3, and that for users logging from the other user interfaces is 0. |
Follow these steps to configure the user privilege level under a user interface (none or password authentication mode):
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter user interface view |
user-interface { first-num1 [ last-num1 ] | { aux | vty } first-num2 [ last-num2 ] } |
— |
|
Configure the authentication mode when a user uses the current user interface to log in to the device |
authentication-mode { none | password } |
Optional By default, the authentication mode for VTY user interfaces is password, and AUX user interfaces do not need authentication. |
|
Configure the privilege level of the user logging in from the current user interface |
user privilege level level |
Optional By default, the user privilege level for users logging in from the console user interface is 3, and that for users logging from the other user interfaces is 0. |
4) Example of configuring user privilege level under a user interface
l Perform no authentication to the users telnetting to the device, and specify the user privilege level as 1. (This configuration brings potential security problem. Therefore, you are recommended to use it only in a lab environment.)
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode none
[Sysname-ui-vty0-4] user privilege level 1
By default, when users telnet to the device, they can only use the following commands after passing the authentication:
<Sysname> ?
User view commands:
cluster Run cluster command
display Display current system information
ping Ping function
quit Exit from current command view
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
tracert Trace route function After you set the user privilege level under the user interface, users can log in to the device through Telnet without any authentication and use the following commands:
<Sysname> ?
User view commands:
cluster Run cluster command
debugging Enable system debugging functions
display Display current system information
ping Ping function
quit Exit from current command view
reset Reset operation
screen-length Specify the lines displayed on one screen
send Send information to other user terminal interface
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
terminal Set the terminal line characteristics
tracert Trace route function
undo Cancel current setting
l Authenticate the users logging in to the device through Telnet, verify their passwords, and specify the user privilege levels as 2.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] user privilege level 2
By default, when users log in to the device through Telnet, they can use the commands of level 0 after passing the authentication. After you set the user privilege level under the user interface, when users log in to the device through Telnet, they need to input password 123, and then they can use commands of levels 0, 1, and 2.
Users can switch their user privilege level temporarily without logging out and disconnecting the current connection; after the switch, users can continue to configure the device without the need of relogin and reauthentication, but the commands that they can execute have changed. For example, if the current user privilege level is 3, the user can configure system parameters; after switching the user privilege level to 0, the user can only execute some simple commands, like ping and tracert, and only a few display commands. The switching of user privilege level is temporary, and effective for the current login; after the user relogs in, the user privilege restores to the original level.
To avoid misoperations, the administrators are recommended to log in to the device by using a lower privilege level and view device operating parameters, and when they have to maintain the device, they can switch to a higher level temporarily; when the administrators need to leave for a while or ask someone else to manage the device temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others.
Users can switch from a high user privilege level to a low user privilege level without entering a password; when switching from a low user privilege level to a high user privilege level, only the AUX login users do not have to enter the password, and users that log in from, VTY user interfaces need to enter the password for security’s sake. This password is for level switching only and is different from the login password. If the entered password is incorrect or no password is configured, the switching fails. Therefore, before switching a user to a higher user privilege level, you should configure the password needed.
Follow these steps to switch user privilege level:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the password for switching the user privilege level |
super password [ level user-level ] { simple | cipher } password |
Required By default, no password is configured. |
|
Exit to user view |
quit |
— |
|
Switch the user privilege level |
super [ level ] |
Required When logging in to the device, a user has a user privilege level, which is decided by user interface or authentication user level. |
l When you configure the password for switching user privilege level with the super password command, the user privilege level is 3 if no user privilege level is specified.
l The password for switching user privilege level can be displayed in both cipher text and simple text. You are recommended to adopt the former as the latter is easily cracked.
All the commands in a view are defaulted to different levels, as shown in Table 1-3. The administrator can modify the command level based on users’ needs to make users of a lower level use commands with a higher level or improve device security.
Follow these steps to modify the command level:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the command level in a specified view |
command-privilege level level view view command |
Required Refer to Table 1-3 for the default settings. |
You are recommended to use the default command level or modify the command level under the guidance of professional staff; otherwise, the change of command level may bring inconvenience to your maintenance and operation, or even potential security problem.
|
To do… |
Use the command… |
Remarks |
|
Display information on system version |
display version |
Available in any view |
|
Display information on the system clock |
display clock |
|
|
Display information on terminal users |
display users [ all ] |
|
|
Display the valid configuration under current view |
display this [ by-linenum ] |
|
|
Display clipboard information |
display clipboard |
|
|
Display and save statistics the running status of multiple modules |
display diagnostic-information |
During daily maintenance or when the system is operating abnormally, you need to display the running status of each functional module to locate the problem. Generally, you need to execute the corresponding display commands for each module, because each module has independent running information. To collect more information at one time, you can execute the display diagnostic-information command to display or save the statistics of the running status of multiple modules in the system. Execution of the display diagnostic-information command equals execution of the commands display clock, display version, display device, and display current-configuration one by one.
l For the detailed description of the display users command, refer to Login Commands in the System Volume.
l The display commands discussed above are for the global configuration. Refer to the corresponding section for the display command for specific protocol and interface.
This section covers the following topics:
l Online Help with Command Lines
l Synchronous Information Output
l Saving Commands in the History Buffer
l Command Line Error Information
CLI is an interaction interface between devices and users. Through CLI, you can configure your devices by entering commands and view the output information and verify your configurations, thus facilitating your configuration and management of your devices.
CLI provides the following features for you to configure and manage your devices:
l Hierarchical command protection where you can only execute the commands at your own or lower levels. Refer to Configuring User Privilege Levels and Command Levels for details.
l Easy access to on-line help by entering “?”
l Abundant debugging information for fault diagnosis
l Saving and executing commands that have been executed
l Fuzzy match for convenience of input. When you execute a command, you can input part of the characters in a keyword. However, to enable you to confirm your operation, the command can be executed only when you input enough characters to make the command unique. Take the commands save, startup saved-configuration, and system-view which start with s as an example. To save the current configuration, you need to input sa at least; to set the configuration file for next startup, you need to input st s at least; to enter system view, you need to input sy at least. You can press Tab to complement the command, or you can input the complete command.
The following are the types of online help available with the CLI:
l Full help
l Fuzzy help
To obtain the desired help information, you can:
1) Enter ? in any view to access all the commands in this view and brief description about them as well.
User view commands:
backup Backup next startup-configuration file to TFTP server
boot-loader Set boot loader
bootrom Update/read/backup/restore bootrom
cd Change current directory
clock Specify the system clock
cluster Run cluster command
copy Copy from one file to another
debugging Enable system debugging functions
delete Delete a file
dir List files on a file system
display Show running system information
......omitted......
2) Enter a command and a ? separated by a space. If ? is at the position of a keyword, all the keywords are given with a brief description.
<Sysname> terminal ?
debugging Send debug information to terminal
logging Send log information to terminal
monitor Send information output to current terminal
trapping Send trap information to terminal
3) Enter a command and a ? separated by a space. If ? is at the position of a parameter, the description about this parameter is given.
<Sysname> system-view
[Sysname] interface vlan-interface ?
<1-4094> VLAN interface number
[Sysname] interface vlan-interface 1 ?
<cr>
[Sysname] interface vlan-interface 1
Where, <cr> indicates that there is no parameter at this position. The command is then repeated in the next command line and executed if you press Enter.
<Sysname> c?
cd
clock
copy
5) Enter a command followed by a character string and a ?. All the keywords starting with this string are listed.
<Sysname> display cl?
clipboard
clock
6) Press Tab after entering the first several letters of a keyword to display the complete keyword, provided these letters can uniquely identify the keyword in this command. If several matches are found, the complete keyword which is matched first is displayed (the matching rule is: the letters next to the input letters are arranged in alphabetic order, and the letter in the first place is matched first.). If you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles, and you can select the keywords needed.
Synchronous information output refers to the feature that if the user’s input is interrupted by system output, then after the completion of system output the system will display a command line prompt and your input so far, and you can continue your operations from where you were stopped.
You can use the info-center synchronous command to enable synchronous information output. For the detailed description of this function, refer to Information Center Configuration in the System Volume.
Adding the keyword undo can form an undo command. Almost every configuration command has an undo form. undo commands are generally used to restore the system default, disable a function or cancel a configuration. For example, the info-center enable command is used to enable the information center, while the undo info-center enable command is used to disable the information center. (By default, the information center is enabled.)
The CLI provides the basic command editing functions and supports multi-line editing. When you execute a command, the system automatically goes to the next line if the maximum length of the command is reached. You cannot press Enter to go to the next line; otherwise, the system will automatically execute the command. The maximum length of each command is 510 characters. Table 1-4 lists these functions.
|
Key |
Function |
|
Common keys |
If the editing buffer is not full, insert the character at the position of the cursor and move the cursor to the right. |
|
Backspace |
Deletes the character to the left of the cursor and move the cursor back one character. |
|
Left-arrow key or Ctrl+B |
The cursor moves one character space to the left. |
|
Right-arrow key or Ctrl+F |
The cursor moves one character space to the right. |
|
Up-arrow key or Ctrl+P |
Displays history commands |
|
Down-arrow key or Ctrl+N |
|
|
Tab |
Pressing Tab after entering part of a keyword enables the fuzzy help function. l If finding a unique match, the system substitutes the complete keyword for the incomplete one and displays it in the next line. l When there are several matches, if you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles. l If there is no match at all, the system does not modify the incomplete keyword and displays it again in the next line. |
When editing the command line, you can use other shortcut keys (For details, see Table 1-2) besides the shortcut keys defined in Table 1-4, or you can define shortcut keys by yourself. (For details, see Configuring CLI Hotkeys.)
With the output information filtering function, you can quickly find the information you are interested in. When there is a lot of information to be output, the system displays the information in multiple screens.
The device provides the function to filter the output information. You can specify a regular expression to search the information you need.
You can use these two methods to filter the output information:
l Input the begin, exclude or include keyword plus a regular expression in the CLI to filter the output information.
l When the system displays the information in multiple screens, use /, - or + plus a regular expression. / equals the keyword begin, - equals the keyword exclude, and + equals the keyword include.
The description of the begin, exclude, and include keywords is as follows:
l begin: Displays the line that matches the regular expression and all the subsequent lines.
l exclude: Displays the lines that do not match the regular expression.
l include: Displays only the lines that match the regular expression.
A regular expression is a case sensitive string of 1 to 256 characters. It also supports special characters as shown in Table 1-5.
Table 1-5 Special characters in a regular expression
|
Character |
Meaning |
Remarks |
|
^string |
Starting sign, string appears only at the beginning of a line. |
For example, regular expression “^user” only matches a string beginning with “user”, not “Auser”. |
|
string$ |
Ending sign, string appears only at the end of a line. |
For example, regular expression "user$” only matches a string ending with “user”, not “userA”. |
|
. |
Full stop, a wildcard used in place of any character, including single character, special character and blank. |
For example, “.l” can match “vlan” or “mpls”. |
|
* |
Asterisk, used to match a character or character group before it zero or multiple times. |
For example, “zo*” can match “z” and “zoo”; (zo)* can match “zo” and “zozo”. |
|
+ |
Addition, used to match a character or character group one or multiple times before it |
For example, “zo+” can match “zo” and “zoo”, but not “z”. |
|
| |
Vertical bar, used to match the whole string on the left or right of it |
For example, “def|int” can only match a character string containing “def” or “int”. |
|
_ |
Underline. If it is at the beginning or the end of a regular expression, it equals ^ or $; in other cases, it equals comma, space, round bracket, or curly bracket. |
For example, “a_b” can match “a b” or “a(b”; “_ab” can only match a line starting with “ab”; “ab_” can only match a line ending with “ab”. |
|
- |
Hyphen. It connects two values (the smaller one before it and the bigger one after it) to indicate a range together with [ ]. |
For example, “1-9” means numbers from 1 to 9 (inclusive); “a-h” means from a to h (inclusive). |
|
[ ] |
A range of characters, Matches any character in the specified range. |
For example, [16A] can match a string containing any character among 1, 6, and A; [1-36A] can match a string containing any character among 1, 2, 3, 6, and A (with - being a hyphen). “]” can be matched only when it is put at the beginning of [ ] if it is used as a common character in [ ], for example [ ]string]. There is no such limit on “[”. |
|
( ) |
A character group. It is usually used with “+” or “*”. |
For example, (123A) means a character group “123A”; “408(12)+” can match 40812 or 408121212. But it cannot match 408. |
|
\index |
Repeats a specified character group for once. A character group refers to the string in () before \. index refers to the sequence number (starting from 1 from left to right) of the character group before \: if only one character group appears before \, then index can only be 1; if n character groups appear before index, then index can be any integer from 1 to n. |
For example, (string)\1 means to repeat string for once, and (string)\1 must match a string containing stringstring; (string1)(string2)\2 means to repeat string2 for once, and (string1)(string2)\2 must match a string containing string1string2string2; (string1)(string2)\1\2 means to repeat string1 for once first, and then repeat string2 for once, and (string1)(string2)\1\2 must match a string containing string1string2string1string2. |
|
[^] |
Used to match any character not in a specified range. |
For example, [^16A] means to match a string containing any character except 1, 6 or A, and the string can also contain 1, 6 or A, but cannot contain these three characters only. For example, [^16A] can match “abc” and “m16”, but not 1, 16, or 16A. |
|
\<string |
Used to match a character string starting with string. |
For example, “\<do” can match word “domain” or string “doa”. |
|
string\> |
Used to match a character string ending with string. |
For example, “do\>” can match word “undo” or string “abcdo”. |
|
\bcharacter2 |
Used to match character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_]. |
For example, \ba can match -a, with - represents character1, and a represents character2; while \ba cannot match “2a” or “ba”. |
|
\Bcharacter |
It must match a string containing character, and there can no spaces before character. |
For example, “\Bt” can match “t” in “install”, but not “t” in “big top”. |
|
character1\w |
Used to match character1character2. character2 must be a number, letter or underline, and \w equals [^A-Za-z0-9_]. |
For example, “v\w” can match “vlan”, with “v” being character1, and “l” being character2. v\w can also match “service”, with “i” being character2. |
|
\W |
Equals \b. |
For example, “\Wa” can match “-a”, with “-” representing character1, and “a” representing character2; while “\ba” cannot match “2a” or “ba”. |
|
\ |
Escape character. If single special characters listed in this table follow \, the specific meanings of the characters will be removed. |
For example, “\\” can match a string containing “\”, “\^” can match a string containing “^”, and “\\b” can match a string containing “\b”. |
When there is a lot of information to be output, the system displays the information in multiple screens. Generally, 24 lines are displayed on one screen, and you can also use the screen-length command to set the number of lines displayed on the next screen. (For the details of this command, refer to Login Commands in the System Volume.) You can follow the step below to disable the multiple-screen output function of the current user.
|
To do… |
Use the command… |
Remarks |
|
Disable the multiple-screen output function of the current user |
screen-length disable |
Required By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen output is enabled and 24 lines are displayed on the next screen. This command is executed in user view, and therefore is applicable to the current user only. When a user re-logs in, the settings restore to the system default. |
CLI offers the following feature:
When the information displayed exceeds one screen, you can pause using one of the methods shown in Table 1-6.
|
Action |
Function |
|
Press Space when information display pauses |
Continues to display information of the next screen page. |
|
Press Enter when information display pauses |
Continues to display information of the next line. |
|
Press Ctrl+C when information display pauses |
Stops the display and the command execution. |
|
Ctrl+E |
Moves the cursor to the end of the current line. |
|
PageUp |
Displays information on the previous page. |
|
PageDown |
Displays information on the next page. |
The CLI can automatically save the commands that have been used lately to the history buffer. You can know the operations that have been executed successfully, invoke and repeatedly execute them as needed. By default, the CLI can save up to ten commands for each user. You can use the history-command max-size command to set the capacity of the history commands buffer for the current user interface (For the detailed description of the history-command max-size command, refer to Login Commands in the System Volume). The following table lists the operations that you can perform. In addition:
l The commands saved in the history buffer are in the same format with the commands you input. If you input an incomplete command, the command saved in the history buffer is also an incomplete command.
l If you execute the same command repeatedly, the device saves only the earliest command. However, if you execute the same command in different formats, the system considers them as different commands. For example, if you execute the display cu command repeatedly, the system saves only one command in the history buffer; if you execute the command in the format of display cu and display current-configuration respectively, the system saves them as two commands.
Follow these steps to access history commands:
|
To do… |
Use the key/command… |
Result |
|
View the history commands |
display history-command |
Displays the commands that you have entered |
|
Access the previous history command |
Up-arrow key or Ctrl+P |
Displays the earlier history command, if there is any. |
|
Access the next history command |
Down-arrow key or Ctrl+N |
Displays the next history command, if there is any. |
You may use arrow keys to access history commands in Windows 200X and XP Terminal or Telnet. However, the up-arrow and down-arrow keys are invalid in Windows 9X HyperTerminal, because they are defined in a different way. You can press Ctrl+P or Ctrl+N instead.
The commands are executed only if they have no syntax error. Otherwise, error information is reported. Table 1-7 lists some common errors.
Table 1-7 Common command line errors
|
Error information |
Cause |
|
% Unrecognized command found at '^' position. |
The command was not found. |
|
The keyword was not found. |
|
|
Parameter type error |
|
|
The parameter value is beyond the allowed range. |
|
|
% Incomplete command found at '^' position. |
Incomplete command |
|
% Ambiguous command found at '^' position. |
Ambiguous command, |
|
Too many parameters |
Too many parameters |
|
% Wrong parameter found at '^' position. |
Wrong parameter |
