CLI configuration commands 1

command-alias enable· 1

command-alias mapping· 1

command-privilege· 2

display clipboard· 3

display command-alias 4

display history-command· 4

display hotkey· 5

hotkey· 7

quit 7

return· 8

screen-length disable· 8

super 9

super authentication-mode· 10

super password· 11

system-view·· 12

 

command-alias enable

Syntax

command-alias enable

undo command-alias enable

View

System view

Default level

2: System level

Description

Use command-alias enable to enable the command keyword alias function.

Use undo command-alias enable to disable the command keyword alias function.

By default, the command keyword alias function is disabled.

Disabling the command keyword alias function does not delete the configured aliases, but the aliases do not take effect anymore.

Related commands: command-alias mapping.

Examples

# Enable the command keyword alias function.

<Sysname> system-view

[Sysname] command-alias enable

# Disable the command keyword alias function.

<Sysname> system-view

[Sysname] undo command-alias enable

command-alias mapping

Syntax

command-alias mapping cmdkey alias

undo command-alias mapping cmdkey

View

System view

Default level

2: System level

Parameters

cmdkey: Complete form of the first keyword of a non-undo command, or the second keyword of an undo command.

alias: Alias for the keyword, which must be different from the first keyword of any non-undo command.

Description

Use command-alias mapping to configure a command keyword alias.

Use undo command-alias mapping to delete a command keyword alias.

By default, a command keyword has no alias.

Command keyword aliases take effect only after you enable the command keyword alias function.

Examples

# Define show as the alias of the display keyword.

<Sysname> system-view

[Sysname] command-alias mapping display show

After you configure the alias, you can enter show to execute a display command. For example, you can enter show clock to execute the display clock command.

# Delete the alias of the display keyword.

<Sysname> system-view

[Sysname] undo command-alias mapping display

command-privilege

Syntax

command-privilege level level view view command

undo command-privilege view view command

View

System view

Default level

3: Manage level

Parameters

level level: Specifies a command level in the range of 0 to 3.

view view: Specifies a view.

command: Command to be set in the specified view.

Description

Use command-privilege to assign a level to a specific command in a view.

Use undo command-privilege to restore the default.

By default, each command in a view has a specified level.

Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user's need. When logging in to the switch, the user can access the assigned level and all levels below it.

Inappropriate use of this command can cause maintenance, operation, and security problems. Make sure you understand the impact of this command on your network before you use it.

The command specified in the command-privilege command must be complete, and has valid arguments. For example, the default level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] command is 3. After the command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command is executed, when users with the user privilege level of 0 log in to the switch, they can execute the tftp server-address put source-filename command (such as the tftp 192.168.1.26 put syslog.txt command), but cannot execute the command with the get, sget or source keyword, and cannot specify the destination-filename argument.

The command specified in the undo command-privilege view command can be incomplete. For example, after the undo command-privilege view system ftp command is executed, all commands starting with the keyword ftp (such as ftp server acl, ftp server enable, and ftp timeout) are restored to their default level. If you have modified the level of commands ftp server enable and ftp timeout, and you want to restore only the ftp server enable command to its default level, you should use the undo command-privilege view system ftp server command.

If you modify the command level of a command in a specified view from the default command level to a lower level, remember to modify the command levels of the quit command and the command used to enter this view. For example, the default command level of commands interface and system-view is 2 (system level). If you want to make the interface command available to the level 1 users, execute the following three commands: command-privilege level 1 view shell system-view, command-privilege level 1 view system interface gigabitethernet 3/0/1, and command-privilege level 1 view system quit. Then, the level 1 users can enter system view, execute the interface gigabitethernet command, and return to user view.

Examples

# Set the command level of the interface command to 0 in system view.

<Sysname> system-view

[Sysname] command-privilege level 0 view system interface

display clipboard

Syntax

display clipboard [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display clipboard to view the contents of the clipboard.

To copy the specified content to the clipboard:

1.     Move the cursor to the starting position of the content and press the Esc+Shift+, combination.

2.     Move the cursor to the ending position of the content and press the Esc+Shift+. combination.

Examples

# View the content of the clipboard.

<Sysname> display clipboard

---------------- CLIPBOARD-----------------

display current-configuration

display command-alias

Syntax

display command-alias [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display command-alias to display configuration information about the command keyword alias function.

Examples

# Display configuration information about the command keyword alias function.

<Sysname> display command-alias

Command alias is enabled

index  alias                        command key

1      show                         display

display history-command

Syntax

display history-command [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display history-command to display commands saved in the command history buffer.

By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

Examples

# Display all commands saved in the command history buffer.

<Sysname> display history-command

  display history-command

  system-view

  vlan 2

  quit

display hotkey

Syntax

display hotkey [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use display hotkey to display hotkey information.

Examples

# Display hotkey information.

<Sysname> display hotkey

----------------- HOTKEY -----------------

 

            =Defined hotkeys=

Hotkeys Command

CTRL_G  display current-configuration

CTRL_L  display ip routing-table

CTRL_O  undo debug all

 

           =Undefined hotkeys=

Hotkeys Command

CTRL_T  NULL

CTRL_U  NULL

 

            =System hotkeys=

Hotkeys Function

CTRL_A  Move the cursor to the beginning of the current line.

CTRL_B  Move the cursor one character left.

CTRL_C  Stop current command function.

CTRL_D  Erase current character.

CTRL_E  Move the cursor to the end of the current line.

CTRL_F  Move the cursor one character right.

CTRL_H  Erase the character left of the cursor.

CTRL_K  Kill outgoing connection.

CTRL_N  Display the next command from the history buffer.

CTRL_P  Display the previous command from the history buffer.

CTRL_R  Redisplay the current line.

CTRL_V  Paste text from the clipboard.

CTRL_W  Delete the word left of the cursor.

CTRL_X  Delete all characters up to the cursor.

CTRL_Y  Delete all characters after the cursor.

CTRL_Z  Return to the User View.

CTRL_]  Kill incoming connection or redirect connection.

ESC_B   Move the cursor one word back.

ESC_D   Delete remainder of word.

ESC_F   Move the cursor forward one word.

ESC_N   Move the cursor down a line.

ESC_P   Move the cursor up a line.

ESC_<   Specify the beginning of clipboard.

ESC_>   Specify the end of clipboard.

hotkey

Syntax

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }

View

System view

Default level

2: System level

Parameters

CTRL_G: Assigns a command to Ctrl+G.

CTRL_L: Assigns a command to Ctrl+L.

CTRL_O: Assigns a command to Ctrl+O.

CTRL_T: Assigns a command to Ctrl+T.

CTRL_U: Assigns a command to Ctrl+U.

command: Command to be assigned to the hotkey.

Description

Use hotkey to assign a command to a configurable hotkey.

Use undo hotkey to restore the default.

The defaults are as follows:

·     Ctrl_G: display current-configuration (display the running configuration).

·     Ctrl_L: display ip routing-table (display the IPv4 routing table information).

·     Ctrl_O: undo debugging all (disable all debugging functions).

·     Ctrl_T: No command is assigned to this hotkey.

·     Ctrl_U: No command is assigned to this hotkey.

Examples

# Assign the display tcp status command to the hotkey Ctrl+T.

<Sysname> system-view

[Sysname] hotkey ctrl_t display tcp status

quit

Syntax

quit

View

Any view

Default level

0: Visit level (executed in user view)

2: System level (executed in other views)

Description

Use quit to return to the upper-level view.

In user view, the quit command disconnects you from the switch.

Examples

# Return from GigabitEthernet 3/0/18 interface view to system view and then to user view.

[Sysname-GigabitEthernet3/0/18] quit

[Sysname] quit

<Sysname>

return

Syntax

return

View

Any view except user view

Default level

2: System level

Description

Use return to return to user view from any other view. Pressing Ctrl+Z has the same effect.

Related commands: quit.

Examples

# Return to user view from GigabitEthernet 3/0/18 interface view.

[Sysname-GigabitEthernet3/0/18] return

<Sysname>

screen-length disable

Syntax

screen-length disable

undo screen-length disable

View

User view

Default level

1: Monitor level

Description

Use screen-length disable to disable pausing between screens of output for the current session.

Use undo screen-length disable to enable pausing between screens of output for the current session.

By default, a login user uses the settings of the screen-length command. The default settings of the screen-length command are: pausing between screens of output and displaying up to 24 lines on a screen.

Disabling pausing between screens of output prevents you from viewing the information in time because the information refreshes continuously.

This command only takes effect for the current session. When you log out, the setting by this command is restored to the default.

Related commands: screen-length.

Examples

# Disable pausing between screens of output for the current session.

<Sysname> screen-length disable

super

Syntax

super [ level ]

View

User view

Default level

0: Visit level

Parameters

level: Specifies a user level in the range of 0 to 3. The default is 3. If you do not specify this argument, the command switches the user privilege level to 3.

Description

Use super to switch from the current user privilege level to a specified user privilege level.

There are four user privilege levels: visit (0), monitor (1), system (2), and manage (3). You can assign different privilege levels to different users. After login, a user can access the commands that are at or under the assigned level.

A user can switch to a lower privilege level without authentication. To switch to a higher privilege level, a user must enter the switching password set with the super password command. If no password is configured for the level, the switching operation succeeds for a console user but fails for an AUX or VTY user.

When the level switching authentication mode is scheme, a user has three opportunities to enter the correct password for one switching operation.

When the level switching authentication mode is local, a user has five opportunities to enter the correct password for one switching operation. If the user fails to provide the correct password during five consecutive attempts, the switching operation fails. If the login authentication mode is scheme, the user must wait 15 minutes before performing another switching operation.

Related commands: super password and super authentication-mode.

Examples

# Switch to user privilege level 2 from user privilege level 3.

<Sysname> super 2

User privilege level is 2, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

# Switch back to user privilege level 3. (Suppose the switching password is 123. If no password is set, users cannot switch to user privilege level 3.)

<Sysname> super 3

Please input the password to change the privilege level, press CTRL_C to abort.

 Password:

User privilege level is 3, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

super authentication-mode

Syntax

super authentication-mode { local | scheme } *

undo super authentication-mode

View

System view

Default level

2: System level

Parameters

local: Authenticates a user by using the local password set with the super password command. When no password is set with the super password command, two results can occur: The privilege level switching succeeds if the user is logged in through the console port or the AUX port used as the console port. The switching fails if the user logs in through any of the AUX or VTY user interfaces or enters an incorrect switching password.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

local scheme: Authenticates a user by using the local password first. If no password is set for the user logged in through the console port, the privilege level switching succeeds. If no password is set for the user logged in through any of the AUX, TTY, or VTY user interfaces, the AAA authentication is performed.

scheme local: Performs AAA authentication first. If the AAA configuration is invalid (the domain parameters or authentication scheme is not configured) or the server does not respond, the local password authentication is performed.

Description

Use super authentication-mode to set the authentication mode for user privilege level switching.

Use undo super authentication-mode to restore the default.

By default, the authentication mode for the user privilege level switching is local.

Related commands: super password.

Examples

# Set the authentication mode for the user privilege level switching to local.

<Sysname> system-view

[Sysname] super authentication-mode local

# Set the authentication mode for the user privilege level switching to scheme local.

<Sysname> system-view

[Sysname] super authentication-mode scheme local

super password

Syntax

super password [ level user-level ] [ hash ] { cipher | simple } password

undo super password [ level user-level ]

View

System view

Default level

2: System level

Parameters

level user-level: Specifies a user privilege level in the range of 1 to 3. The default is 3.

hash: Enables hash-based encryption. This keyword is not supported in FIPS mode.

{ cipher | simple } password: Specifies a case-sensitive password string. In FIPS mode, the password must include upper-case letters, lower-case letters, digits, and special characters. The password length and form requirements vary with the keywords or keyword combinations (see Table 1 and Table 2).

Table 1 Password length and form requirements for the password argument in non-FIPS mode

Keyword combination	Password string form	Length (in characters)
simple	Plain text	1 to 16
hash simple	Plain text	1 to 16
cipher	Plain text, ciphertext	Plain text: 1 to 16 Ciphertext: 1 to 53
hash cipher	Ciphertext (hashed form)	1 to 110

 

Table 2  Password length and form requirements for the password argument in FIPS mode

Keyword	Password string form	Length (in characters)
simple	Plain text	8 to 16
cipher	Plain text, ciphertext	Plain text: 8 to 16 Ciphertext: 8 to 53 (the corresponding plaintext string of the password must have 8 to 16 characters)

 

Description

Use super password to set a password for a user privilege level.

Use undo super password to restore the default.

By default, no password is set for a user privilege level.

For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.

Store the plaintext forms of user privilege level passwords in a safe place. If a user privilege level is password protected, you must provide the password in plain text when switching to the privilege level from a lower level.

You cannot configure the super password [ level user-level ] hash cipher password command when the password-control enable command is configured.

Examples

# Set the password for user privilege level 3 to abc.

<Sysname> system-view

[Sysname] super password level 3 simple abc

system-view

Syntax

system-view

View

User view

Default level

2: System level

Description

Use system-view to enter system view from user view.

Related commands: quit and return.

Examples

# Enter system view from user view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]