Table of Contents

1 Basic Configurations· 1-1

Displaying Configuration· 1-1

Basic System Configuration· 1-2

Entering System View· 1-2

Exiting the Current View· 1-2

Exiting to User View· 1-2

Configuring the AP Name· 1-3

Configuring the System Clock· 1-3

Configuring the System Clock· 1-3

Displaying the System Clock· 1-3

Enabling/Disabling the Display of Copyright Information· 1-5

Configuring a Banner 1-6

Configuring CLI Hotkeys· 1-7

Configuring Command Aliases· 1-9

Configuring User Privilege Levels and Command Levels· 1-10

Configuring the Number of Concurrent Users· 1-15

Displaying and Maintaining Basic Configurations· 1-15

CLI Features· 1-16

Introduction to CLI 1-16

Online Help with Command Lines· 1-17

Synchronous Information Output 1-18

Undo Form of a Command· 1-18

Editing Features· 1-18

CLI Display· 1-19

Saving Commands in the History Buffer 1-22

Command Line Error Information· 1-22

 

 

This chapter includes these sections:

l          Displaying Configuration

l          Basic System Configuration

l          CLI Features

l          Introduction to CLI

Displaying Configuration

You can use the display commands to view the configurations of an AP, which fall into the following categories:

l          Current configuration – The currently running configuration on the AP. The current configuration is stored in a temporary storage medium. You must save a setting you have made so it can survive a reboot.

l          Saved configuration – Configuration saved in a configuration file, which can survive a reboot.

Follow these steps to display AP configurations:

To do…	Use the command…	Remarks
Display the current configuration of the AP	display current-configuration [ [ configuration [ configuration ] | interface [ interface-type ] [ interface-number ] ] [ by-linenum ] [ | { begin | exclude | include } regular-expression ] ]	Available in any view.
Display a configuration file	more file-url If the file is the configuration file for the next startup of the AP, you can use this command: display saved-configuration [ by-linenum ]	The more command is available in user view. The display saved-configuration command is available in any view.

 

 

Basic System Configuration

Entering System View

The CLI is divided into different command views. Each view has a set of specific commands and limits the effective scope of the commands. The commands available to you at any given time depend on the view you are in.

When you log in to the AP, you are placed in user view. The system displays the <Device name> prompt. You can perform a limited set of operations in this view, such as displaying system running status and various statistics, handling files, and Telneting to a server. To configure features on the AP, you must first enter system view.

Follow the step below to enter system view:

To do…	Use the command…	Remarks
Enter system view from user view	system-view	Required Available in user view

 

Exiting the Current View

The system divides the command line interface into multiple command views, which adopts a hierarchical structure. For example, there is system view under user view, and interface view and VLAN view under system view. After you have configured the functions under the current view, you can perform the following operations to exit the current view.

Follow the step below to exit the current view:

To do…	Use the command…	Remarks
Return to an upper level view from the current view	quit	Required If the current view is user view, the command terminates the connection between the user terminal and the AP. Available in any view.

 

Exiting to User View

This feature allows you to return to user view easily from any non user view, without the need to execute the quit command repeatedly. You can also use the hot key Ctrl+Z to return to user view from the current view.

Follow the step below to exit to user view:

To do…	Use the command…	Remarks
Exit to user view	return	Required Available in any view except user view

 

Configuring the AP Name

The AP name is used to identify an AP in a network. Inside the system, the AP name corresponds to the prompt of the CLI. For example, if the AP name is Sysname, the prompt of user view is <Sysname>.

Follow these steps to configure the AP name:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the AP name	sysname sysname	Optional The default AP name is AP model.

 

Configuring the System Clock

Configuring the System Clock

The system clock, displayed by system time stamp, is decided by the configured relative time, time zone, and daylight saving time. You can view the system clock by using the display clock command.

Follow these steps to configure the system clock:

To do…		Use the command…	Remarks
Set time and date		clock datetime time date	Optional Available in user view.
Enter system view		system-view	—
Set the time zone		clock timezone zone-name { add | minus } zone-offset	Optional Universal time coordinated (UTC) time zone by default.
Set a daylight saving time scheme	Adopt daylight saving time from the start-time on the start-date to the end-time on the end-date. Daylight saving time adds the add-time to the current time of the AP.	clock summer-time zone-name one-off start-time start-date end-time end-date add-time	Optional Use either command By default, daylight saving time is configured on the AP, and the UTC time zone is applied.
	Adopt daylight saving time repeatedly	clock summer-time zone-name repeating start-time start-date end-time end-date add-time

 

Displaying the System Clock

The system clock is decided by the commands clock datetime, clock timezone and clock summer-time. If these three commands are not configured, the display clock command displays the original system clock. If you combine these three commands in different ways, the system clock is displayed in the ways shown in Table 1-1. The meanings of the parameters in the configuration column are as follows:

l          1 indicates date-time has been configured with the clock datetime.

l          2 indicates time-zone has been configured with the clock timezone command and the offset time is zone-offset.

l          3 indicates daylight saving time has been configured with the clock summer-time command and the offset time is summer-offset.

l          [1] indicates the clock datetime command is an optional configuration.

l          The default system clock is 2005/1/1 1:00:00 in the example.

Table 1-1 Relationship between the configuration and display of the system clock

Configuration	System clock displayed by the display clock command	Example
1	date-time	Configure: clock datetime 1:00 2007/1/1 Display: 01:00:00 UTC Mon 01/01/2007
2	The original system clock ± zone-offset	Configure: clock timezone zone-time add 1 Display: 02:00:00 zone-time Sat 01/01/2005
1 and 2	date-time ± zone-offset	Configure: clock datetime 2:00 2007/2/2 and clock timezone zone-time add 1 Display: 03:00:00 zone-time Fri 02/02/2007
[1], 2 and 1	date-time	Configure: clock timezone zone-time add 1 and clock datetime 3:00 2007/3/3 Display: 03:00:00 zone-time Sat 03/03/2007
3	If the original system clock is not in the daylight saving time range, the original system clock is displayed.	Configure: clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Sat 01/01/2005
	If the original system clock is in the daylight saving time range, the original system clock + summer-offset is displayed.	Configure: clock summer-time ss one-off 00:30 2005/1/1 1:00 2005/8/8 2 Display: 03:00:00 ss Sat 01/01/2005
1 and 3	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock datetime 1:00 2007/1/1 and clock summer-time ss one-off 1:00 2006/1/1 1:00 2006/8/8 2 Display: 01:00:00 UTC Mon 01/01/2007
	If date-time is in the daylight saving time range, “date-time” + “summer-offset” is displayed.	Configure: clock datetime 8:00 2007/1/1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 10:00:00 ss Mon 01/01/2007
[1], 3 and 1	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:00 2008/1/1 Display: 01:00:00 UTC Tue 01/01/2008
	date-time is in the daylight saving time range: If the value of “date-time” - “summer-offset” is not in the summer-time range, “date-time” - “summer-offset”  is displayed; If the value of “date-time” - “summer-offset” is in the summer-time range, date-time is displayed.	Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 1:30 2007/1/1 Display: 23:30:00 UTC Sun 12/31/2006
		Configure: clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 and clock datetime 3:00 2007/1/1 Display: 03:00:00 ss Mon 01/01/2007
2 and 3 or  3 and 2	If the value of the original system clock ± “zone-offset” is not in the summer-time range, the original system clock ± “zone-offset” is displayed.	Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 02:00:00 zone-time Sat 01/01/2005
		Configure: clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2005/1/1 1:00 2005/8/8 2 Display: 04:00:00 ss Sat 01/01/2005
	If the value of the original system clock ± “zone-offset” is in the summer-time range, the original system clock ± “zone-offset” + ”summer-offset” is displayed.	Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 Display: 02:00:00 zone-time Mon 01/01/2007
1, 2 and 3 or 1, 3 and 2	If the value of "date-time"±"zone-offset" is not in the summer-time range, "date-time"±"zone-offset" is displayed.	Configure: clock datetime 1:00 2007/1/1, clock timezone zone-time add 1 and clock summer-time ss one-off 1:00 2007/1/1 1:00 2007/8/8 2 Display: 04:00:00 ss Mon 01/01/2007
	If the value of "date-time"±"zone-offset" is in the summer-time range, "date-time"±"zone-offset"+”summer-offset” is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:00 2007/1/1 Display: 01:00:00 zone-time Mon 01/01/2007
[1], 2, 3 and 1 or [1], 3, 2 and 1	If date-time is not in the daylight saving time range, date-time is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 1:30 2008/1/1 Display: 23:30:00 zone-time Mon 12/31/2007
	date-time is in the daylight saving time range: If the value of “date-time”-“summer-offset” is not in the summer-time range, “date-time”-“summer-offset”  is displayed; If the value of “date-time”-“summer-offset” is in the summer-time range, date-time is displayed.	Configure: clock timezone zone-time add 1, clock summer-time ss one-off 1:00 2008/1/1 1:00 2008/8/8 2 and clock datetime 3:00 2008/1/1 Display: 03:00:00 ss Tue 01/01/2008

 

Enabling/Disabling the Display of Copyright Information

l          With the display of copyright information enabled, the copyright information is displayed when a user logs in through Telnet, or when a user quits user view after logging in to the AP through the console port or AUX port. The copyright information will not be displayed under other circumstances. The display format of copyright information is as shown below:

**************************************************************************

Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved.

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    * **************************************************************************

l          With the display of copyright information disabled, under no circumstances will the copyright information be displayed.

Follow these steps to enable/disable the display of copyright information:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the display of copyright information	copyright-info enable	Optional Enabled by default.
Disable the display of copyright information	undo copyright-info enable	Required Enabled by default.

 

Configuring a Banner

Introduction to banners

Banners are prompt information displayed by the system when users are connected to the AP, perform login authentication, and start interactive configuration. The administrator can set corresponding banners as needed.

At present, the system supports the following five kinds of welcome information.

l          shell banner, also called session banner, displayed when a non TTY Modem user enters user view.

l          incoming banner, also called user interface banner, displayed when a user interface is activated by a Modem user.

l          login banner, welcome information at login authentications, displayed when password and scheme authentications are configured.

l          motd (Message of the Day) banner, welcome information displayed before authentication.

l          legal banner, also called authorization information. The system displays some copyright or authorization information, and then displays the legal banner before a user logs in, waiting for the user to confirm whether to continue the authentication or login. If entering Y or pressing the Enter key, the user enters the authentication or login process; if entering N, the user quits the authentication or login process. Y and N are case insensitive.

Configuring a banner

When you configure a banner, the system supports two input modes:

1)        Single-line input

In this mode, all the banner information and the command keywords are input in the same line. The start and end characters of the input text must be the same but are not part of the banner information. In this case, the input text, together with the command keywords, cannot exceed 510 characters. Do not insert the line feed character into the banner information.

2)        Multiple-line input

In this mode, all the banner information is input in multiple lines by pressing the Enter key. In this case, up to 2000 characters can be input.

The latter input mode can be achieved in the following three methods:

l          Method I: Press the Enter key directly after the command keywords, and end the setting with the % character. The Enter and % characters are not part of the banner information.

l          Method II: Input a character after the command keywords at the first line, and then press the Enter key. End the setting with the character input at the first line. The character at the first line and the end character are not part of the banner information.

l          Method III: Input multiple characters after the command keywords at the first line (with the first and last characters being different), then press the Enter key. End the setting with the first character input at the first line. The first input character at the first line and the end character are not part of the banner information. The line feed character inserted in the information is part of the banner information.

Follow these steps to configure a banner:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the banner to be displayed at login (available for Modem login users)	header incoming text	Optional
Configure the banner to be displayed at login authentication	header login text	Optional
Configure the authorization information before login	header legal text	Optional
Configure the banner to be displayed when a user enters user view (non Modem login users)	header shell text	Optional
Configure the banner to be displayed before login	header motd text	Optional

 

Banner configuration example

# Configure the banner to be displayed when a user enters user view as Welcome to H3C!.

l          Single-line input mode:

<System> system-view

[System] header shell %Welcome to H3C!%

l          Multiple-line input mode (method I):

<System> system-view

[System] header shell

Please input banner content, and quit with the character '%'.

Welcome to H3C!

               %

l          Multiple-line input mode (method II):

<System> system-view

[System] header shell W

Please input banner content, and quit with the character 'W'.

Welcome to H3C!

               W

Configuring CLI Hotkeys

Follow these steps to configure CLI hotkeys:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure CLI hotkeys	hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command	Optional The Ctrl+G, Ctrl+L and Ctrl+O hotkeys are specified with command lines by default.
Display hotkeys	display hotkey	Available in any view. See Table 1-2 for hotkeys reserved by the system.

 

 

Table 1-2 Hotkeys reserved by the system

Hotkey	Function
Ctrl+A	Moves the cursor to the beginning of the current line.
Ctrl+B	Moves the cursor one character to the left.
Ctrl+C	Stops performing a command.
Ctrl+D	Deletes the character at the current cursor position.
Ctrl+E	Moves the cursor to the end of the current line.
Ctrl+F	Moves the cursor one character to the right.
Ctrl+H	Deletes the character to the left of the cursor.
Ctrl+K	Terminates an outgoing connection.
Ctrl+N	Displays the next command in the history command buffer.
Ctrl+P	Displays the previous command in the history command buffer.
Ctrl+R	Redisplays the current line information.
Ctrl+V	Pastes the content in the clipboard.
Ctrl+W	Deletes all the characters in a continuous string to the left of the cursor.
Ctrl+X	Deletes all the characters to the left of the cursor.
Ctrl+Y	Deletes all the characters to the right of the cursor.
Ctrl+Z	Exits to user view.
Ctrl+]	Terminates an incoming connection or a redirect connection.
Esc+B	Moves the cursor to the leading character of the continuous string to the left.
Esc+D	Deletes all the characters of the continuous string at the current cursor position and to the right of the cursor.
Esc+F	Moves the cursor to the front of the next continuous string to the right.
Esc+N	Moves the cursor down by one line (available before you press Enter)
Esc+P	Moves the cursor up by one line (available before you press Enter)
Esc+<	Specifies the cursor as the beginning of the clipboard.
Esc+>	Specifies the cursor as the ending of the clipboard.

 

 

Configuring Command Aliases

You can replace the first keyword of a command supported by the AP with your preferred keyword by configuring the command alias function. For example, if you configure show as the replacement of the display keyword for each display command, you can input the command alias show xx to execute the display xx command.

Note the following when you configure command aliases:

l          When you input a command alias, the system displays and saves the command in its original format instead of its alias. That is, you can define and use a command alias but the command is not saved and restored in its alias.

l          When you define a command alias, the cmdkey and alias arguments must be in complete form.

l          With the command alias function enabled, when you input an incomplete keyword, which partially matches both a defined alias and the keyword of a command, the alias wins; to execute the command whose keyword partially matches your input, you need to input the complete keyword. When you input a character string that matches multiple aliases partially, the system prompts you for various matched information.

l          If you press Tab after you input the keyword of an alias, the original format of the keyword will be displayed.

l          You can replace only the first keyword of a non-undo command instead of the complete command; and you can replace only the second keyword of undo commands.

Follow these steps to configure command aliases:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable the command alias function	command-alias enable	Required Disabled by default, that is, you cannot configure command aliases.
Configure command aliases	command-alias mapping cmdkey alias	Required Not configured by default.

 

Configuring User Privilege Levels and Command Levels

Introduction

To restrict different users’ access to the AP, the system manages the users by their privilege levels. User privilege levels correspond to command levels. After users at different privilege levels log in, they can only use commands at their own, or lower, levels. All the commands are categorized into four levels, which are visit, monitor, system, and manage from low to high, and identified respectively by 0 through 3. Table 1-3 describes the levels of the commands.

Table 1-3 Default command levels

Level	Privilege	Description
0	Visit	Involves commands for network diagnosis and commands for accessing an external AP. Commands at this level are not allowed to be saved after being configured. After the AP is restarted, the commands at this level will be restored to the default settings. Commands at this level include ping, tracert, and telnet.
1	Monitor	Includes commands for system maintenance and service fault diagnosis. Commands at this level are not allowed to be saved after being configured. After the AP is restarted, the commands at this level will be restored to the default settings. Commands at this level include debugging, terminal, refresh, reset, and send.
2	System	Provides service configuration commands, including routing and commands at each level of the network for providing services. By default, commands at this level include all configuration commands except for those at manage level.
3	Manage	Influences the basic operation of the system and the system support modules for service support. By default, commands at this level involve file system, FTP, TFTP, Xmodem command download, user management, level setting, as well as parameter setting within a system (the last case involves those non-protocol or non RFC provisioned commands).

 

Configuring user privilege level

User privilege level can be configured by using AAA authentication parameters or under a user interface.

1)        Configure user privilege level by using AAA authentication parameters

If the user interface authentication mode is scheme when a user logs in, and username and password are needed at login, then the user privilege level is specified in the configuration of AAA authentication.

Follow these steps to configure user privilege level by using AAA authentication parameters:

To do…		Use the command…	Remarks
Enter system view		system-view	—
Enter user interface view		user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] }	—
Configure the authentication mode for logging in to the user interface as scheme		authentication-mode scheme	Required By default, the authentication mode for VTY users is password, and no authentication is needed for console users.
Exit to system view		quit	—
Configure the user privilege level by using AAA authentication parameters	Using local authentication	l      Use the local-user command to create a local user and enter local user view. l      Use the level keyword in the authorization-attribute command to configure the user level.	User either approach l      For local authentication, if you do not configure the user level, the user level is 0, that is, users of this level can use commands with level 0 only. l      For remote authentication, if you do not configure the user level, the user level depends on the default configuration of the authentication server.
	Using remote authentication (RADIUS, HWTACACS, and LDAP authentications)	Configure user level on the authentication server

 

 

2)        Example of configuring user privilege level by using AAA authentication parameters

# Authenticate the users telnetting to the AP through VTY 1, verify their usernames and passwords locally, and specify the user privilege level as 3.

<Sysname> system-view

[Sysname] user-interface vty 1

[Sysname-ui-vty1] authentication-mode scheme

[Sysname-ui-vty1] quit

[Sysname] local-user test

[Sysname-luser-test] password cipher 123

[Sysname-luser-test] service-type telnet

After the above configuration, when users telnet to the AP through VTY 1, they need to input username test and password 123. After passing the authentication, users can only use the commands of level 0. If the users need to use commands of levels 0, 1, 2 and 3, the following configuration is required:

[Sysname-luser-test] authorization-attribute level 3

3)        Configure the user privilege level under a user interface

If a user logs in using the none or password mode (namely, no username is needed), the user privilege level is the user interface level.

Follow these steps to configure the user privilege level under a user interface:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter user interface view	user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] }	—
Configure the authentication mode when a user uses the current user interface to log in to the AP	authentication-mode { none | password }	Optional By default, the authentication mode for VTY user interface is password, and console user interface does not need authentication.
Configure the privilege level of the user logging in from the current user interface	user privilege level level	Optional By default, the user privilege level for users logging in from the console user interface is 3, and that for users logging from the other user interfaces is 0.

 

4)        Example of configuring user privilege level under a user interface

l          Perform no authentication to the users telnetting to the AP, and specify the user privilege level as 1. (No authentication to users brings potential security problem. Therefore, you are recommended to use it in a secure network environment.)

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] authentication-mode none

[Sysname-ui-vty0-4] user privilege level 1

By default, when users telnet to the AP, they can only use the following commands after passing the authentication:

<Sysname> ?

User view commands:

  display  Display current system information

  ping     Ping function

  quit     Exit from current command view

  super    Set the current user priority level

  telnet   Establish one TELNET connection

  tftp     Open TFTP connection

  tracert  Trace route function

After you set the user privilege level under the user interface, users can log in to the AP through Telnet without any authentication and use the following commands:

<Sysname> ?

User view commands:

  debugging      Enable system debugging functions

  dialer         Dialer disconnect

  display        Display current system information

  ping           Ping function

  quit           Exit from current command view

  refresh        Do soft reset

  reset          Reset operation

  screen-length  Specify the lines displayed on one screen

  send           Send information to other user terminal interface

  super          Set the current user priority level

  telnet         Establish one TELNET connection

  terminal       Set the terminal line characteristics

  tftp           Open TFTP connection

  tracert        Trace route function

  undo           Cancel current setting

l          Authenticate the users logging in to the AP through Telnet, verify their passwords, and specify the user privilege levels as 2.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-ui-vty1] authentication-mode password

[Sysname-ui-vty0-4] set authentication password cipher 123

[Sysname-ui-vty0-4] user privilege level 2

By default, when users log in to the AP through Telnet, they can use the commands of level 0 after passing the authentication. After you set the user privilege level under the user interface, when users log in to the AP through Telnet, they need to input password 123, and then they can use commands of levels 0, 1, and 2.

Switching user privilege level

Users can switch their user privilege level temporarily without logging out and disconnecting the current connection; after the switch, users can continue to configure the AP without the need of relogin, but the commands that they can execute have changed. For example, if the current user privilege level is 3, the user can configure system parameters; after switching the user privilege level to 0, the user can only execute some simple commands, like ping and tracert, and only a few display commands. The switching of user privilege level is effective for the current login; after the user relogs in, the user privilege restores to the original level.

l          To avoid misoperations, the administrators are recommended to log in to the AP by using a lower privilege level and view AP operating parameters, and when they have to maintain the AP, they can switch to a higher level temporarily

l          When the administrators need to leave for a while or ask someone else to manage the AP temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others.

1)        A user can switch to a privilege level equal to or lower than the current one unconditionally and is not required to input the password (if any).

2)        A user is required to input the password (if any) to switch to a higher privilege level for security sake.

l          local: Authenticates a user by using the local password set with the super password command. In this case, when no password is set with the super password command, privilege level switch succeeds if the user is logged in from the console port (here indicates the console port or the AUX port used as the console port), and the switch fails if the user is logged in from any of the AUX, TTY, or VTY user interfaces or inputs an incorrect switch password.

l          scheme: AAA authentication. For information about AAA, see AAA in the Security Configuration Guide.

l          local scheme: First local and then scheme, that is, authenticates a user by using the local password first, and if no password is set, for the user logged in from the console port, the privilege level switch succeeds; for the user logged in from any of the AUX, TTY, or VTY user interfaces, the AAA authentication is performed.

l          scheme local: First scheme and then local, that is, AAA authentication is performed first, and if the AAA configuration is invalid (domain parameters or authentication scheme are not configured) or the server does not respond, the authentication requiring the local password is performed.

If the authentication mode for login users of the current user interface is set to none or password with the authentication-mode none or authentication-mode password command, the user does not need to input the username when logging in; therefore, if scheme authentication is required for the privilege level switch, the system prompts for the username and password (the username and the password must be the same with those configured on the AAA server); in other cases, no username is required.

Follow these steps to switch the user privilege level:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Set the authentication mode for user privilege level switch	super authentication-mode { local | scheme } *	Optional local by default.
Configure the password (used for the local authentication mode) for user privilege level switch	super password [ level user-level ] { simple | cipher } password	Required By default, no password is configured.
Exit to user view	quit	—
Switch the user privilege level	super [ level ]	Required When logging in to the AP, a user has a user privilege level, which is decided by user interface or authentication user level.

 

 

Modifying command level

All the commands in a view are defaulted to different levels, as shown in Table 1-3. The administrator can modify the command level based on users’ needs to make users of a lower level use commands with a higher level or improve AP security.

Follow these steps to modify the command level:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the command level in a specified view	command-privilege level level view view command	Required See Table 1-3 for the default settings.

 

 

Configuring the Number of Concurrent Users

Follow these steps to configure the number of concurrent users:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the number of concurrent users	configure-user count number	Optional Two users are allowed to perform the operation in system view.

 

 

Displaying and Maintaining Basic Configurations

To do…	Use the command…	Remarks
Display information on system version	display version	Available in any view
Display information on the system clock	display clock
Display defined command aliases and the corresponding commands	display command-alias
Display information on terminal users	display users [ all ]
Display the users that have logged in to the AP and that are not in user view	display configure-user
Display the valid configuration under current view	display this [ by-linenum ]
Display clipboard information	display clipboard
Display and save statistics of the running status of multiple modules	display diagnostic-information

 

During daily maintenance or when the system is operating abnormally, you need to display the running status of each functional module to locate the problem. Generally, you need to execute the corresponding display commands for each module, because each module has independent running information. To collect more information at one time, you can execute the display diagnostic-information command to display or save the statistics of the running status of multiple modules in the system. Execution of the display diagnostic-information command equals execution of the commands display clock, display version, display device, and display current-configuration one by one. These commands depend on the AP model.

 

 

CLI Features

This section covers the following topics:

l          Introduction to CLI

l          Online Help with Command Lines

l          Synchronous Information Output

l          Undo Form of a Command

l          Editing Features

l          CLI Display

l          Saving Commands in the History Buffer

l          Command Line Error Information

Introduction to CLI

CLI is an interaction interface between APs and users. Through CLI, you can configure your APs by entering commands and view the output information and verify your configurations, thus facilitating your configuration and management of your APs.

CLI provides the following features for you to configure and manage your APs:

l          Hierarchical command protection where you can only execute the commands at your own or lower levels. See Configuring Command Aliases for details.

l          Easy access to on-line help by entering “?”. See Online Help with Command Lines for details.

l          Abundant debugging information for fault diagnosis

l          Saving and executing commands that have been executed

l          Fuzzy match for convenience of input. When you execute a command, you can input part of the characters in a keyword. However, to enable you to confirm your operation, the command can be executed only when you input enough characters to make the command unique. Take the commands save, startup saved-configuration, and system-view which start with s as an example. To save the current configuration, you need to input sa at least; to set the configuration file for next startup, you need to input st s at least; to enter system view, you need to input sy at least. You can press Tab to complement the command, or you can input the complete command.

Online Help with Command Lines

The following are the types of online help available with the CLI:

l          Full help

l          Fuzzy help

To obtain the desired help information, you can:

1)        Enter ? in any view to access all the commands in this view and brief description about them as well.

<Sysname> ?

User view commands:

  backup             Backup next startup-configuration file to TFTP server

  boot-loader        Set boot loader

  bootrom            Update/read/backup/restore bootrom

  cd                 Change current directory

  clock              Specify the system clock

  cluster            Run cluster command

  copy               Copy from one file to another

  debugging          Enable system debugging functions

  delete             Delete a file

  dir                List files on a file system

  display            Show running system information

......omitted......

2)        Enter a command and a ? separated by a space. If ? is at the position of a keyword, all the keywords are given with a brief description.

<Sysname> terminal ?

  debugging  Send debug information to terminal

  logging    Send log information to terminal

  monitor    Send information output to current terminal

  trapping   Send trap information to terminal

3)        Enter a command and a ? separated by a space. If ? is at the position of a parameter, the description about this parameter is given.

<Sysname> system-view

[Sysname] interface vlan-interface ?

  <1-4094>  VLAN interface number

[Sysname] interface vlan-interface 1 ?

  <cr>

[Sysname] interface vlan-interface 1

Where, <cr> indicates that there is no parameter at this position. The command is then repeated in the next command line and executed if you press Enter.

4)        Enter a character string followed by a ?. All the commands starting with this string are displayed.

<Sysname> c?

   cd

   clock

   copy

5)        Enter a command followed by a character string and a ?. All the keywords starting with this string are listed.

<Sysname> display cl?

   clipboard

   clock

6)        Press Tab after entering the first several letters of a keyword to display the complete keyword, provided these letters can uniquely identify the keyword in this command. If several matches are found, the complete keyword which is matched first is displayed (the matching rule is: the letters next to the input letters are arranged in alphabetic order, and the letter in the first place is matched first.). If you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles, and you can select the keywords needed.

Synchronous Information Output

Synchronous information output refers to the feature that if the user’s input is interrupted by system output, then after the completion of system output the system will display a command line prompt and your input so far, and you can continue your operations from where you were stopped.

You can use the info-center synchronous command to enable synchronous information output. For more information about this function, see Information Center in the Network Managemnt and Monitoring Configuration Guide.

Undo Form of a Command

Adding the keyword undo can form an undo command. Almost every configuration command has an undo form. undo commands are generally used to restore the system default, disable a function or cancel a configuration. For example, the info-center enable command is used to enable the information center, while the undo info-center enable command is used to disable the information center. (By default, the information center is enabled.)

Editing Features

The CLI provides the basic command editing functions and supports multi-line editing. When you execute a command, the system automatically goes to the next line if the maximum length of the command is reached. You cannot press Enter to go to the next line; otherwise, the system will automatically execute the command. The maximum length of each command is 510 characters. Table 1-4 lists these functions.

Table 1-4 Edit functions

Key	Function
Common keys	If the editing buffer is not full, insert the character at the position of the cursor and move the cursor to the right.
Backspace	Deletes the character to the left of the cursor and move the cursor back one character.
Left-arrow key or Ctrl+B	The cursor moves one character space to the left.
Right-arrow key or Ctrl+F	The cursor moves one character space to the right.
Up-arrow key or Ctrl+P	Displays history commands
Down-arrow key or Ctrl+N
Tab	Pressing Tab after entering part of a keyword enables the fuzzy help function. l      If finding a unique match, the system substitutes the complete keyword for the incomplete one and displays it in the next line. l      When there are several matches, if you repeatedly press Tab, all the keywords starting with the letter that you enter are displayed in cycles. l      If there is no match at all, the system does not modify the incomplete keyword and displays it again in the next line.

 

 

CLI Display

With the output information filtering function, you can quickly find the information you are interested in. When there is a lot of information to be output, the system displays the information in multiple screens.

Filtering the output information

The AP provides the function to filter the output information. You can specify a regular expression to search the information you need.

You can use these two methods to filter the output information:

l          Input the begin, exclude or include keyword plus a regular expression in the CLI to filter the output information.

l          When the system displays the information in multiple screens, use /, - or + plus a regular expression. / equals the keyword begin, - equals the keyword exclude, and + equals the keyword include.

The description of the begin, exclude, and include keywords is as follows:

l          begin: Displays the line that matches the regular expression and all the subsequent lines.

l          exclude: Displays the lines that do not match the regular expression.

l          include: Displays only the lines that match the regular expression.

A regular expression is a case sensitive string of 1 to 256 characters. It also supports special characters as shown in Table 1-5.

Table 1-5 Special characters in a regular expression

Character	Meaning	Remarks
^string	Starting sign. string appears only at the beginning of a line.	For example, regular expression “^user” only matches a string beginning with “user”, not “Auser”.
string$	Ending sign. string appears only at the end of a line.	For example, regular expression "user$” only matches a string ending with “user”, not “userA”.
.	Matches any single character, such as a single character, a special character, and a blank.	For example, “.l” matches both “vlan” and “mpls”.
*	Matches the preceding character or character group zero or multiple times.	For example, “zo*” matches “z” and “zoo”; “(zo)*” matches “zo” and “zozo”.
+	Matches the preceding character or character group one or multiple times	For example, “zo+” matches “zo” and “zoo”, but not “z”.
|	Matches the preceding or succeeding character string	For example, “def|int” only matches a character string containing “def” or “int”.
_	If it is at the beginning or the end of a regular expression, it equals ^ or $. In other cases, it equals comma, space, round bracket, or curly bracket.	For example, “a_b” matches “a b” or “a(b”; “_ab” only matches a line starting with “ab”; “ab_” only matches a line ending with “ab”.
-	It connects two values (the smaller one before it and the bigger one after it) to indicate a range together with [ ].	For example, “1-9” means 1 to 9 (inclusive); “a-h” means a to h (inclusive).
[ ]	Matches a single character contained within the brackets.	For example, [16A] matches a string containing any character among 1, 6, and A; [1-36A] matches a string containing any character among 1, 2, 3, 6, and A (- is a hyphen). “]” can be matched as a common character only when it is put at the beginning of characters within the brackets, for example [ ]string]. There is no such limit on “[”.
( )	A character group. It is usually used with “+” or “*”.	For example, (123A) means a character group “123A”; “408(12)+” matches 40812 or 408121212. But it does not match 408.
\index	Matches the character string specified by the index twice. A character string refers to the string within () before \. index refers to the sequence number (starting from 1 from left to right) of the character group before \. If only one character group appears before \, index can only be 1; if n character groups appear before index, index can be any integer from 1 to n.	For example, (string)\1 matches string twice, and thus matches a string containing stringstring. (string1)(string2)\2 matches string2 twice, and thus matches a string containing string1string2string2. (string1)(string2)\1\2 matches string1string2 twice, and thus matches a string containing string1string2string1string2.
[^]	Matches a single character not contained within the brackets.	For example, [^16A] means to match a string containing any character except 1, 6 or A, and the matching string can also contain 1, 6 or A, but cannot contain these three characters only. For example, [^16A] matches “abc” and “m16”, but not 1, 16, or 16A.
\<string	Matches a character string starting with string.	For example, “\<do” matches word “domain” and string “doa”.
string\>	Matches a character string ending with string.	For example, “do\>” matches word “undo” and string “abcdo”.
\bcharacter2	Matches character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_].	For example, “\ba” matches “-a” with “-“ being character1, and “a” being character2, but it does not match “2a” or “ba”.
\Bcharacter	Matches a string containing character, and no space is allowed before character.	For example, “\Bt” matches “t” in “install”, but not “t” in “big top”.
character1\w	Matches character1character2. character2 must be a number, letter, or underline, and \w equals [^A-Za-z0-9_].	For example, “v\w” matches “vlan”, with “v” being character1, and “l” being character2. v\w also matches “service”, with “i” being character2.
\W	Equals \b.	For example, “\Wa” matches “-a”, with “-” being character1, and “a” being character2, but does not match “2a” or “ba”.
\	Escape character. If a special character listed in this table follows \, the specific meaning of the character is removed.	For example, “\\” matches a string containing “\”, “\^” matches a string containing “^”, and “\\b” matches a string containing “\b”.

 

Multiple-screen output

When there is a lot of information to be output, the system displays the information in multiple screens. Generally, 24 lines are displayed on one screen, and you can also use the screen-length command to set the number of lines displayed on the next screen. (For more information about this command, see Logging In to the AP in the Fundamentals Command Reference.) You can follow the step below to disable the multiple-screen output function of the current user.

To do…	Use the command…	Remarks
Disable the multiple-screen output function of the current user	screen-length disable	Required By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: multiple-screen output is enabled and 24 lines are displayed on the next screen. This command is executed in user view, and therefore is applicable to the current user only. When a user re-logs in, the settings restore to the system default.

 

Display functions

CLI offers the following feature:

When the information displayed exceeds one screen, you can pause using one of the methods shown in Table 1-6.

Table 1-6 Display functions

Action	Function
Press Space when information display pauses	Continues to display information of the next screen page.
Press Enter when information display pauses	Continues to display information of the next line.
Press Ctrl+C when information display pauses	Stops the display and the command execution.
Ctrl+E	Moves the cursor to the end of the current line.
PageUp	Displays information on the previous page.
PageDown	Displays information on the next page.

 

Saving Commands in the History Buffer

The CLI can automatically save the commands that have been used lately to the history buffer. You can know the operations that have been executed successfully, invoke and repeatedly execute them as needed. By default, the CLI can save up to ten commands for each user. You can use the history-command max-size command to set the capacity of the history commands buffer for the current user interface (For more information about the history-command max-size command, see Logging In to the AP in the Fundamentals Command Reference). The following table lists the operations that you can perform. In addition:

l          The commands saved in the history buffer are in the same format with the commands you input. If you input an incomplete command, the command saved in the history buffer is also an incomplete command.

l          If you execute the same command repeatedly, the AP saves only the earliest command. However, if you execute the same command in different formats, the system considers them as different commands. For example, if you execute the display cu command repeatedly, the system saves only one command in the history buffer; if you execute the command in the format of display cu and display current-configuration respectively, the system saves them as two commands.

Follow these steps to access history commands:

To do…	Use the key/command…	Result
View the history commands	display history-command	Displays the commands that you have entered
Access the previous history command	Up-arrow key or Ctrl+P	Displays the earlier history command, if there is any.
Access the next history command	Down-arrow key or Ctrl+N	Displays the next history command, if there is any.

 

 

Command Line Error Information

The commands are executed only if they have no syntax error. Otherwise, error information is reported. Table 1-7 lists some common errors.

Table 1-7 Common command line errors

Error information	Cause
% Unrecognized command found at '^' position.	The command was not found.
	The keyword was not found.
	Parameter type error
	The parameter value is beyond the allowed range.
% Incomplete command found at '^' position.	Incomplete command
% Ambiguous command found at '^' position.	Ambiguous command,
Too many parameters	Too many parameters
% Wrong parameter found at '^' position.	Wrong parameter