Table of Contents

1 CLI Configuration· 1-1

Introduction to the CLI 1-1

Command Hierarchy· 1-1

Switching User Levels· 1-2

Setting the Level of a Command in a Specific View· 1-3

CLI Views· 1-4

CLI Features· 1-6

Online Help· 1-6

Terminal Display· 1-7

Command History· 1-8

Error Prompts· 1-8

Command Edit 1-9

 

 

 

Introduction to the CLI

A command line interface (CLI) is a user interface to interact with a device. Through the CLI on a device, a user can enter commands to configure the device and check output information to verify the configuration. Each device provides an easy-to-use CLI and a set of configuration commands for the convenience of the user to configure and manage.

The CLI on the devices provide the following features, and so has good manageability and operability.

l          Hierarchical command protection: After users of different levels log in, they can only use commands at their own, or lower, levels. This prevents users from using unauthorized commands to configure devices.

l          Online help: Users can gain online help at any time by entering a question mark (?).

l          Debugging: Abundant and detailed debugging information is provided to help users diagnose and locate network problems.

l          Command history function: This enables users to check the commands that they have lately executed and re-execute the commands.

l          Partial matching of commands: The system will use partially matching method to search for commands. This allows users to execute a command by entering partially-spelled command keywords as long as the keywords entered can be uniquely identified by the system.

Command Hierarchy

The device uses hierarchical command protection for command lines, so as to inhibit users at lower levels from using higher-level commands to configure the device.

Based on user privilege, commands are classified into four levels:

l          Visit level (level 0): Commands at this level are mainly used to diagnose network, and they cannot be saved in configuration file. For example, ping, tracert and telnet are level 0 commands.

l          Monitor level (level 1): Commands at this level are mainly used to maintain the system and diagnose service faults, and they cannot be saved in configuration file. Such commands include debugging and terminal.

l          System level (level 2): Commands at this level are mainly used to configure services. Commands concerning routing and network layers are at this level. These commands can be used to provide network services directly.

l          Manage level (level 3): Commands at this level are associated with the basic operation modules and support modules of the system. These commands provide support for services. Commands concerning file system, FTP/TFTP/XModem downloading, user management, and level setting are at this level.

Users logged into the device fall into four user levels, which correspond to the four command levels respectively. Users at a specific level can only use the commands at the same level or lower levels.

By default, the Console user (a user who logs into the device through the Console port) is a level-3 user, and Telnet users are level-0 users.

Switching User Levels

After logging into the device, users can change their current user levels through a command. Note that:

l          If a switching password is set for a specific user level by the super password command, all users must enter the password correctly when they switch from lower user levels to this level (if a wrong password is entered, they will remain at their original levels).

l          If no switching password is set for a specific user level, the Console user can directly switch to the level, while the Telnet users at lower levels will fail to switch to the level (they will remain at their original levels) and the information like the following will be displayed: % Password is not set.

Setting a user level switching password

Follow these steps to set a password for use level switching:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Set the super password for user level switching	super password [ level level ] { cipher | simple } password	Required By default, the super password is not set.

 

Switching to a specific user level

Follow these steps to switch to a specific user level:

To do…	Use the command…	Remarks
Switch to a specified user level	super [ level ]	Required Execute this command in user view.

 

 

Configuration example

After a general user telnets to the device, his/her user level is 0. Now, the network administrator wants to allow general users to switch to level 3, so that they are able to configure the device.

# A level 3 user sets a switching password for user level 3.

<device> system-view

[device] super password level 3 simple 123

# A general user telnets to the device, and then uses the set password to switch to user level 3.

<device> super 3

 Password:

User privilege level is 3, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

# After configuring the device, the general user switches back to user level 0.

<device> super 0

User privilege level is 0, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

Setting the Level of a Command in a Specific View

Setting the level of a command in a specific view

Commands fall into four levels: visit (level 0), monitor (level 1), system (level 2), and manage (level 3). By using the following command, the administrator can change the level of a command in a specific view as required.

Follow these steps to set the level of a command output description in a specific view:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the level of a command in a specific view	command-privilege level level view view command	Required

 

 

Configuration example

The network administrator (a level 3 user) wants to change some TFTP commands (such as tftp get) from level 3 to level 0, so that general Telnet users (level 0 users) are able to download files through TFTP.

# Change the tftp get command in user view (shell) from level 3 to level 0. (Originally, only level 3 users can change the level of a command.)

<device> system-view

[device] command-privilege level 0 view shell tftp

[device] command-privilege level 0 view shell tftp 192.168.0.1

[device] command-privilege level 0 view shell tftp 192.168.0.1 get

[device] command-privilege level 0 view shell tftp 192.168.0.1 get bootrom.btm

After the above configuration, general Telnet users can use the tftp get command to download file bootrom.btm and other files from TFTP server 192.168.0.1 and other TFTP servers.

CLI Views

CLI views are designed for different configuration tasks. They are both correlated and distinguishing. For example, once a user logs into a device successfully, the user enters user view, where the user can perform some simple operations such as checking the operation status and statistics information of the device. After executing the system-view command, the user enters system view, where the user can go to other views by entering corresponding commands.

Table 1-1 lists the CLI views provided by the device, operations that can be performed in different CLI views and the commands used to enter specific CLI views.

Table 1-1 CLI views

View	Available operation	Prompt example	Enter method	Quit method
User view	Display operation status and statistical information of the device	<device>	Enter user view once logging into the device.	Execute the quit command to log out of the device.
System view	Configure system parameters	[device]	Execute the system-view command in user view.	Execute the quit or return command to return to user view.
Ethernet port view	Configure Ethernet port parameters	1000 Mbps Ethernet port view: [device-GigabitEthernet1/0/1]	Execute the interface gigabitethernet command in system view.	Execute the quit command to return to system view. Execute the return command to return to user view.
		10 Gigabit Ethernet port view: [device-TenGigabitEthernet1/1/1]	Execute the interface tengigabitethernet command in system view.
VLAN view	Configure VLAN parameters	[device-vlan1]	Execute the vlan command in system view.
VLAN interface view	Configure VLAN interface parameters	[device-Vlan-interface1]	Execute the interface Vlan-interface command in system view.
Loopback interface view	Configure loopback interface parameters	[device-LoopBack0]	Execute the interface loopback command in system view.
NULL interface view	Configure NULL interface parameters	[device-NULL0]	Execute the interface null command in system view.
Local user view	Configure local user parameters	[device-luser-user1]	Execute the local-user command in system view.
User interface view	Configure user interface parameters	[device-ui-aux0]	Execute the user-interface aux command in system view.
FTP client view	Configure FTP client parameters	[ftp]	Execute the ftp command in user view.
SFTP client view	Configure SFTP client parameters	sftp-client>	Execute the sftp command in system view.
MST region view	Configure MST region parameters	[device-mst-region]	Execute the stp region-configuration command in system view.
Cluster view	Configure cluster parameters	[device-cluster]	Execute the cluster command in system view.
Public key view	Configure the RSA public key for SSH users	[device-rsa-public-key]	Execute the rsa peer-public-key command in system view.	Execute the peer-public-key end command to return to system view.
	Configure the RSA or DSA public key for SSH users	[device-peer-public-key]	Execute the public-key peer command in system view.
Public key editing view	Edit the RSA public key for SSH users	[device-rsa-key-code]	Execute the public-key-code begin command in public key view.	Execute the public-key-code end command to return to public key view.
	Edit the RSA or DSA public key for SSH users	[device-peer-key-code]
Basic ACL view	Define rules for a basic ACL (with ID ranging from 2000 to 2999)	[device-acl-basic-2000]	Execute the acl number command in system view.	Execute the quit command to return to system view. Execute the return command to return to user view.
Advanced ACL view	Define rules for an advanced ACL (with ID ranging from 3000 to 3999)	[device-acl-adv-3000]	Execute the acl number command in system view.
Layer 2 ACL view	Define rules for an layer 2 ACL (with ID ranging from 4000 to 4999)	[device-acl-ethernetframe-4000]	Execute the acl number command in system view.
QoS profile view	Define QoS profile	[device-qos-profile-a123]	Execute the qos-profile command in system view.
RADIUS scheme view	Configure RADIUS scheme parameters	[device-radius-1]	Execute the radius scheme command in system view.
ISP domain view	Configure ISP domain parameters	[device-isp-aaa123.net]	Execute the domain command in system view.
HWPing view	Configure HWPing parameters	[device-hwping-a123-a123]	Execute the hwping command in system view.
HWTACACS view	Configure HWTACACS parameters	[device-hwtacacs-a123]	Execute the hwtacacs scheme command in system view.
PoE profile view	Configure PoE profile parameters	[device-poe-profile-a123]	Execute the poe-profile command in system view.
Smart-link group view	Configure smart-link group parameters	[device-smlk-group1]	Execute the smart-link group command in system view.
Monitor-link group view	Configure monitor-link group parameters	[device-mtlk-group1]	Execute the monitor-link group command in system view.
Port-group view	Configure port-group parameters	[device-port-group-1]	Execute the port-group command in system view.
QinQ view	Configure QinQ parameters	[device-GigabitEthernet1/0/1-vid-20]	Execute the vlan-vpn vid command in Ethernet port view. The vlan-vpn enable command should be first executed.	Execute the quit command to return to Ethernet port view. Execute the return command to return to user view.

 

 

CLI Features

Online Help

When configuring the device, you can use the online help to get related help information. The CLI provides two types of online help: complete and partial.

Complete online help

1)        Enter a question mark (?) in any view on your terminal to display all the commands available in the view and their brief descriptions. The following takes user view as an example.

<device> ?

User view commands:

  boot           Set boot option

  cd             Change current directory

  clock          Specify the system clock

  cluster        Run cluster command

  copy           Copy from one file to another

  debugging      Enable system debugging functions

  delete         Delete a file

  dir            List files on a file system

  display        Display current system information

<Other information is omitted>

2)        Enter a command, a space, and a question mark (?).

If the question mark “?” is at a keyword position in the command, all available keywords at the position and their descriptions will be displayed on your terminal.

<device> clock ?

  datetime     Specify the time and date

  summer-time  Configure summer time

  timezone     Configure time zone

If the question mark (?) is at an argument position in the command, the description of the argument will be displayed on your terminal.

[device] interface vlan-interface ?

  <1-4094>  VLAN interface number

If only <cr> is displayed after you enter a question mark (?), it means no parameter is available at the ? position, and you can enter and execute the command directly.

[device] interface vlan-interface 1 ?

  <cr>

Partial online help

1)        Enter a character/string, and then a question mark (?) next to it. All the commands beginning with the character/string will be displayed on your terminal. For example:

<device> p?

   ping

   pwd

2)        Enter a command, a space, a character/string and a question mark (?) next to it. All the keywords beginning with the character/string (if available) are displayed on your terminal. For example:

<device> display v?

   version

   vlan

   voice

3)        Enter the first several characters of a keyword of a command and then press Tab. If there is a unique keyword beginning with the characters just typed, the unique keyword is displayed in its complete form. If there are multiple keywords beginning with the characters, you can have them displayed one by one (in complete form) by pressing Tab repeatedly.

Terminal Display

The CLI provides the screen splitting feature to have display output suspended when the screen is full. When display output pauses, you can perform the following operations as needed (see Table 1-2).

Table 1-2 Display-related operations

Press	To
Ctrl+C	Stop the display output and execution of the command.
Any character except the space, Enter, the forward slash (/), plus sign (+), and minus sign (-) when the display output pauses	Stop the display output.
The space key	Go to the next page.
Enter	Go to the next line.

 

Command History

The CLI provides the command history function. You can use the display history-command command to view a specific number of latest executed commands and execute them again in a convenient way. By default, the CLI can store up to 10 latest executed commands for each user. You can view the command history by performing the operations listed in Table 1-3.

Table 1-3 View history commands

Purpose	Operation	Remarks
Display the latest executed history commands	Execute the display history-command command	This command displays the command history.
Recall the previous history command	Press the up arrow key or Ctrl+P	This operation recalls the previous history command (if available).
Recall the next history command	Pressing the down arrow key or Ctrl+N	This operation recalls the next history command (if available).

 

 

Error Prompts

If a command passes the syntax check, it will be successfully executed; otherwise, an error message will be displayed. Table 1-4 lists the common error messages.

Table 1-4 Common error messages

Error message	Description
Unrecognized command	The command does not exist.
	The keyword does not exist.
	The parameter type is wrong.
	The parameter value is out of range.
Incomplete command	The command entered is incomplete.
Too many parameters	The parameters entered are too many.
Ambiguous command	The parameters entered are ambiguous.
Wrong parameter	A parameter entered is wrong.
found at '^' position	An error is found at the '^' position.

 

Command Edit

The CLI provides basic command edit functions and supports multi-line editing. The maximum number of characters a command can contain is 254. Table 1-5 lists the CLI edit operations.

Table 1-5 Edit operations

Press…	To…
A common key	Insert the corresponding character at the cursor position and move the cursor one character to the right if the command is shorter than 254 characters.
Backspace key	Delete the character on the left of the cursor and move the cursor one character to the left.
Left arrow key or Ctrl+B	Move the cursor one character to the left.
Right arrow key or Ctrl+F	Move the cursor one character to the right.
Up arrow key or Ctrl+P Down arrow key or Ctrl+N	Display history commands.
Tab	Use the partial online help. That is, when you input an incomplete keyword and press Tab, if the input parameter uniquely identifies a complete keyword, the system substitutes the complete keyword for the input parameter; if more than one keywords match the input parameter, you can display them one by one (in complete form) by pressing Tab repeatedly; if no keyword matches the input parameter, the system displays your original input on a new line without any change.