Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-CLI Commands | 72.80 KB |
CLI configuration commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
command-alias enable
Use command-alias enable to enable the command keyword alias function.
Use undo command-alias enable to disable the command keyword alias function.
Syntax
command-alias enable
undo command-alias enable
Default
The command keyword alias function is disabled.
Views
System view
Default command level
2: System level
Usage guidelines
Disabling the command keyword alias function does not delete the configured aliases, but the aliases is not effective anymore.
Examples
# Enable the command keyword alias function.
<Sysname> system-view
[Sysname] command-alias enable
# Disable the command keyword alias function.
<Sysname> system-view
[Sysname] undo command-alias enable
Related commands
command-alias mapping
command-alias mapping
Use command-alias mapping to configure a command keyword alias.
Use undo command-alias mapping to delete a command keyword alias.
Syntax
command-alias mapping cmdkey alias
undo command-alias mapping cmdkey
Default
A command keyword has no alias.
Views
System view
Default command level
2: System level
Parameters
cmdkey: Complete form of the first keyword of a non-undo command, or the second keyword of an undo command.
alias: Alias for the keyword, which must be different from the first keyword of any non-undo command.
Usage guidelines
Command keyword aliases take effect only after you enable the command keyword alias function.
Examples
# Define show as the alias of the display keyword.
<Sysname> system-view
[Sysname] command-alias mapping display show
After you configure the alias, you can enter show to execute a display command. For example, you can enter show clock to execute the display clock command.
# Delete the alias of the display keyword.
<Sysname> system-view
[Sysname] undo command-alias mapping display
command-privilege
Use command-privilege to assign a level for a specific command in a view.
Use undo command-privilege to restore the default.
Syntax
command-privilege level level view view command
undo command-privilege view view command
Default
Each command in a view has a specified level.
Views
System view
Default command level
3: Manage level
Parameters
level level: Command level, which ranges from 0 to 3.
view view: Specifies a view.
command: Command to be set in the specified view.
Usage guidelines
Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user's need. When logging in to the device, the user can access the assigned level and all levels below it.
Inappropriate use of this command can cause maintenance, operation, and security problems. Make sure you understand the impact of this command on your network before you use it.
The command specified for the command-privilege command must be complete and have valid parameters. For example, the default level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] command is 3. You can configure the command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command, so a user with the user privilege level of 0 can execute the tftp server-address put source-filename command but cannot specify the get, sget, source, or destination-filename option.
The command specified for the undo command-privilege view command can be incomplete. For example, after the undo command-privilege view system ftp command is executed, all commands starting with the keyword ftp (such as ftp server acl, ftp server enable, and ftp timeout) are restored to their default level. If you have modified the level of commands ftp server enable and ftp timeout, and you want to restore only the ftp server enable command to its default level, use the undo command-privilege view system ftp server command.
If you change a command's level to a level lower than the default, you must change the command levels for the command used to enter the view and the quit command in the view. For example, the interface and system-view commands are both level 2 (system level) commands. To allow level 1 users to use the interface command, you must execute the following three commands: command-privilege level 1 view shell system-view, command-privilege level 1 view system interface gigabitethernet 1/0/1, and command-privilege level 1 view system quit. Then, level 1 users can enter system view, execute the interface gigabitethernet command, and return to user view.
Examples
# Set the command level of the interface command to 0 in system view.
[Sysname] command-privilege level 0 view system interface
display clipboard
Use display clipboard to display data in the clipboard.
Syntax
display clipboard [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
To copy content to the clipboard:
1. Move the cursor to the starting position of the content and then press the Esc+Shift+, combination.
2. Move the cursor to the ending position of the content and then press the Esc+Shift+. combination.
Examples
# Display data in the clipboard.
<Sysname> display clipboard
---------------- CLIPBOARD-----------------
display current-configuration
display command-alias
Use display command-alias to display the command keyword alias configuration.
Syntax
display command-alias [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display the command keyword alias configuration.
<Sysname> display command-alias
Command alias is enabled
index alias command key
1 show display
display history-command
Use display history-command to display commands saved in the command history buffer.
Syntax
display history-command [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.
Examples
# Display all commands saved in the command history buffer.
<Sysname> display history-command
display history-command
system-view
vlan 2
quit
display hotkey
Use display hotkey to display hotkey information.
Syntax
display hotkey [ | { begin | exclude | include } regular-expression ]
Views
Any view
Default command level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Examples
# Display hotkey information.
<Sysname> display hotkey
----------------- HOTKEY -----------------
=Defined hotkeys=
Hotkeys Command
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debugging all
=Undefined hotkeys=
Hotkeys Command
CTRL_T NULL
CTRL_U NULL
=System hotkeys=
Hotkeys Function
CTRL_A Move the cursor to the beginning of the current line.
CTRL_B Move the cursor one character left.
CTRL_C Stop current command function.
CTRL_D Erase current character.
CTRL_E Move the cursor to the end of the current line.
CTRL_F Move the cursor one character right.
CTRL_H Erase the character left of the cursor.
CTRL_K Kill outgoing connection.
CTRL_N Display the next command from the history buffer.
CTRL_P Display the previous command from the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word left of the cursor.
CTRL_X Delete all characters up to the cursor.
CTRL_Y Delete all characters after the cursor.
CTRL_Z Return to the User View.
CTRL_] Kill incoming connection or redirect connection.
CTRL_^ Removes any special meaning for the following keystroke.
For example, press Ctrl_^ before entering a question mark (?) in the
plaintext form of a password.
ESC_B Move the cursor one word back.
ESC_D Delete remainder of word.
ESC_F Move the cursor forward one word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Specify the beginning of clipboard.
ESC_> Specify the end of clipboard.
hotkey
Use hotkey to assign a command to a configurable hotkey.
Use undo hotkey to restore the default.
Syntax
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command
undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }
Default
· Ctrl_G: display current-configuration (display the running configuration).
· Ctrl_L: display ip routing-table (display the IPv4 routing table information).
· Ctrl_O: undo debugging all (disable all debugging functions).
· Ctrl_T: No command is assigned to this hotkey.
· Ctrl_U: No command is assigned to this hotkey.
Views
System view
Default command level
2: System level
Parameters
CTRL_G: Assigns a command to Ctrl+G.
CTRL_L: Assigns a command to Ctrl+L.
CTRL_O: Assigns a command to Ctrl+O.
CTRL_T: Assigns a command to Ctrl+T.
CTRL_U: Assigns a command to Ctrl+U.
command: Command to be assigned to the hotkey.
Examples
# Assign the display tcp status command to the hotkey Ctrl+T.
<Sysname> system-view
[Sysname] hotkey ctrl_t display tcp status
quit
Use quit to return to the upper level view.
Syntax
quit
Views
Any view
Default command level
0: Visit level (executed in user view)
2: System level (executed in other views)
Usage guidelines
Executing this command in user view disconnects you from the device.
Examples
# Return from GigabitEthernet 1/0/1 interface view to system view and then to user view.
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] quit
<Sysname>
return
Use return to return to user view from any other view. You can also press Ctrl+Z.
Syntax
return
Views
Any view except user view
Default command level
2: System level
Examples
# Return to user view from GigabitEthernet 1/0/1 interface view.
[Sysname-GigabitEthernet1/0/1] return
<Sysname>
Related commands
quit
screen-length disable
Use screen-length disable to disable pausing between screens of output for the current session.
Use undo screen-length disable to enable pausing between screens of output for the current session.
Syntax
screen-length disable
undo screen-length disable
Default
The default depends on the configuration of the screen-length command in user interface view.
The following are default settings for the screen-length command:
· Pausing between screens of output.
· Displaying up to 24 lines on a screen.
Views
User view
Default command level
1: Monitor level
Usage guidelines
When the screen pause function is disabled, all output is displayed at one time and the screen is refreshed continuously.
This command takes effect only for the current session. When you log out, the default is restored.
Examples
# Disable pausing between screens of output for the current session.
<Sysname> screen-length disable
Related commands
screen-length
super
Use super to switch from the current user privilege level to a specified user privilege level.
Syntax
super [ level ]
Views
User view
Default command level
0: Visit level
Parameters
level: User level in the range of 0 to 3. The default is 3.
Usage guidelines
If a level is not specified, the command switches the user privilege level to 3.
There are four user privilege levels: visit (0), monitor (1), system (2), and manage (3). You can assign different privilege levels for different users. After login, a user can access the commands at or under the assigned level.
You can switch to a lower level without authentication, but must provide the correct password to switch to a higher level. If no switching password is configured for a level, you can switch to the level from a lower level only if you are using the console port.
When the level switching authentication mode is scheme, you have three opportunities to enter the correct password for one switching operation.
When the level switching authentication mode is local, you have five opportunities to enter the correct password for one switching operation. If you fail to provide the correct password during five consecutive attempts, the switching operation fails. If the login authentication mode is scheme, you must wait 15 minutes before you can try another switching operation. Trying again before the 15-minute period elapses restores the wait timer to 15 minutes and restarts the timer.
Examples
# Switch to user privilege level 2 from user privilege level 3.
<Sysname> super 2
User privilege level is 2, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
# Switch back to user privilege level 3. (Suppose that the switching password is 123. If no password is set, users cannot switch to user privilege level 3.)
<Sysname> super 3
Please input the password to change the privilege level. Press CTRL_C to abort.
Password:
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
Related commands
· super password
· super authentication-mode
super authentication-mode
Use super authentication-mode to set the authentication mode for user privilege level switching.
Use undo super authentication-mode to restore the default.
Syntax
super authentication-mode { local | scheme } *
undo super authentication-mode
Default
The authentication mode for the user privilege level switching is local.
Views
System view
Default command level
2: System level
Parameters
local: Uses the local password set with the super password command for user privilege level switching authentication. If no password is set with the command, the system allows a console user (who uses the console port or an AUX port operating as the console port) to switch the privilege level without authentication, but denies switching requests from AUX and VTY users.
scheme: Uses AAA for user privilege level switching authentication. For more information about AAA, see Security Configuration Guide.
local scheme: Uses the local password, if configured, for user privilege level switching authentication. If the password is not configured, the system allows a console user to switch the privilege level but uses AAA to authenticate other types of login users.
scheme local: Uses AAA for user privilege level switching authentication. If the AAA configuration is incomplete or invalid or the server does not respond, the system uses the local password for the authentication.
Examples
# Set the authentication mode for user privilege level switching to local.
<Sysname> system-view
[Sysname] super authentication-mode local
# Set the authentication mode for user privilege level switching to scheme local.
<Sysname> system-view
[Sysname] super authentication-mode scheme local
Related commands
super password
super password
Use super password to set a password for a user privilege level.
Use undo super password to restore the default.
Syntax
super password [ level user-level ] [ hash ] { cipher | simple } password
undo super password [ level user-level ]
Default
No password is set for a user privilege level.
Views
System view
Default command level
2: System level
Parameters
level user-level: Specifies a user privilege level in the range of 1 to 3. The default is 3.
hash: Enables hash-based encryption.
{ cipher | simple } password: Specifies a case-sensitive password string. The password length and form requirements vary with the keywords or keyword combinations. In FIPS mode, the password must contain at least 8 characters, and must include upper-case letters, lower-case letters, digits, and special characters.
Table 1 Password length and form requirements for the password argument
|
Keyword combination |
Password string form |
Length (in characters) |
|
simple |
Plain text |
1 to 16 |
|
hash simple |
Plain text |
1 to 16 |
|
cipher |
Plain text, cipher text |
Plain text: 1 to 16 Cipher text: 1 to 53 |
|
hash cipher |
Cipher text (hashed form) |
1 to 110 |
Usage guidelines
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.
Store the plaintext forms of user privilege level passwords in a safe place. If a user privilege level is password protected, you must provide the password in plain text when switching to the privilege level from a lower level.
You cannot configure the super password [ level user-level ] hash cipher password command when the password-control enable command is configured.
Examples
# Set the password for user privilege level 3 to abc.
<Sysname> system-view
[Sysname] super password level 3 simple abc
system-view
Use system-view to enter system view from user view.
Syntax
system-view
Views
User view
Default command level
2: System level
Examples
# Enter system view from user view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname]
Related commands
· quit
· return
