Using the CLI

Boldface

Bold text represents commands and keywords that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[ ]

Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ]

Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

#

A line that starts with a pound (#) sign is comments.

Enter system view from user view.

system-view

Return to the upper-level view from any view.

quit

Return to user view.

return

Common keys

If the edit buffer is not full, pressing a common key inserts the character at the position of the cursor and moves the cursor to the right.

Backspace

Deletes the character to the left of the cursor and moves the cursor back one character.

Left arrow key or Ctrl+B

Moves the cursor one character to the left.

Right arrow key or Ctrl+F

Moves the cursor one character to the right.

Tab

If you press Tab after entering part of a keyword, the system automatically completes the keyword:

·         If a unique match is found, the system substitutes the complete keyword for the incomplete one and displays what you entered in the next line.

·         If there is more than one match, you can press Tab repeatedly to pick the keyword you want to enter.

·         If there is no match, the system does not modify what you entered but displays it again in the next line.

1.       Enter system view.

system-view

N/A

2.       Enable the command keyword alias function.

command-alias enable

By default, the command keyword alias function is disabled.

3.       Configure a command keyword alias.

command-alias mapping cmdkey alias

By default, no command keyword alias is configured.

You must enter the cmdkey and alias arguments in their complete form.

1.       Enter system view.

system-view

N/A

2.       Configure hotkeys.

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

By default:

·         Ctrl+G is assigned the display current-configuration command.

·         Ctrl+L is assigned the display ip routing-table command.

·         Ctrl+O is assigned the undo debugging all command.

·         No command is assigned to Ctrl+T or Ctrl+U.

3.       Display hotkeys.

display hotkey [ | { begin | exclude | include } regular-expression ]

Optional.

Available in any view. See Table 3 for hotkeys reserved by the system.

Ctrl+A

Moves the cursor to the beginning of a line.

Ctrl+B

Moves the cursor one character to the left.

Ctrl+C

Stops the current command.

Ctrl+D

Deletes the character at the cursor.

Ctrl+E

Moves the cursor to the end of a line.

Ctrl+F

Moves the cursor one character to the right.

Ctrl+H

Deletes the character to the left of the cursor.

Ctrl+K

Aborts the connection request.

Ctrl+N

Displays the next command in the command history buffer.

Ctrl+P

Displays the previous command in the command history buffer.

Ctrl+R

Redisplays the current line.

Ctrl+V

Pastes text from the clipboard.

Ctrl+W

Deletes the word to the left of the cursor.

Ctrl+X

Deletes all characters to the left of the cursor.

Ctrl+Y

Deletes all characters to the right of the cursor.

Ctrl+Z

Returns to user view.

Ctrl+]

Terminates an incoming connection or a redirect connection.

Esc+B

Moves the cursor back one word.

Esc+D

Deletes all characters from the cursor to the end of the word.

Esc+F

Moves the cursor forward one word.

Esc+N

Moves the cursor down one line. This hotkey is available before you press Enter.

Esc+P

Moves the cursor up one line. This hotkey is available before you press Enter.

Esc+<

Moves the cursor to the beginning of the clipboard.

Esc+>

Moves the cursor to the ending of the clipboard.

1.       Enter system view.

system-view

N/A

2.       Enable redisplaying entered-but-not-submitted commands.

info-center synchronous

By default, this feature is disabled.

For more information about this command, see Network Management and Monitoring Command Reference.

% Unrecognized command found at '^' position.

The keyword in the marked position is invalid.

% Incomplete command found at '^' position.

One or more required keywords or arguments are missing.

% Ambiguous command found at '^' position.

The entered character sequence matches more than one command.

Too many parameters

The entered character sequence contains excessive keywords or arguments.

% Wrong parameter found at '^' position.

The argument in the marked position is invalid.

Display all commands in the command history buffer.

display history-command [ | { begin | exclude | include } regular-expression ]

Display the previous history command.

Up arrow key or Ctrl+P

Display the next history command.

Down arrow key or Ctrl+N

1.       Enter system view.

system-view

N/A

2.       Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] }

N/A

3.       Set the maximum number of commands that can be saved in the command history buffer.

history-command max-size size-value

Optional.

By default, the command history buffer can save up to 10 commands.

Space

Displays the next screen.

Enter

Displays the next line.

Ctrl+C

Stops the display and cancels the command execution.

<PageUp>

Displays the previous page.

<PageDown>

Displays the next page.

Disable pausing between screens of output for the current session.

screen-length disable

The default for a session depends on the setting of the screen-length command in user interface view. The default of the screen-length command is pausing between screens of output and displaying up to 24 lines on a screen.

This command is executed in user view and takes effect only for the current session. When you relog in to the device, the default is restored.

^string

Matches the beginning of a line.

"^user" matches all lines beginning with "user". A line beginning with "Auser" is not matched.

string$

Matches the end of a line.

"user$" matches lines ending with "user". A line ending with "userA" is not matched.

.

Matches any single character, such as a single character, a special character, and a blank.

".s" matches both "as" and "bs".

*

Matches the preceding character or character group zero or multiple times.

"zo*" matches "z" and "zoo", and "(zo)*" matches "zo" and "zozo".

+

Matches the preceding character or character group one or multiple times

"zo+" matches "zo" and "zoo", but not "z".

|

Matches the preceding or succeeding character string

"def|int" only matches a character string containing "def" or "int".

_

If it is at the beginning or the end of a regular expression, it equals ^ or $. In other cases, it equals comma, space, round bracket, or curly bracket.

"a_b" matches "a b" or "a(b"; "_ab" only matches a line starting with "ab"; "ab_" only matches a line ending with "ab".

-

It connects two values (the smaller one before it and the bigger one after it) to indicate a range together with [ ].

"1-9" means 1 to 9 (inclusive); "a-h" means a to h (inclusive).

[ ]

Matches a single character contained within the brackets.

 [16A] matches a string containing any character among 1, 6, and A; [1-36A] matches a string containing any character among 1, 2, 3, 6, and A (- is a hyphen).

To match the character "]", put it at the beginning of a string within brackets, for example [ ]string]. There is no such limit on "[".

( )

A character group. It is usually used with "+" or "*".

 (123A) means a character group "123A"; "408(12)+" matches 40812 or 408121212. But it does not match 408.

\index

Repeats the character string specified by the index. A character string refers to the string within () before \. index refers to the sequence number (starting from 1 from left to right) of the character group before \. If only one character group appears before \, index can only be 1; if n character groups appear before index, index can be any integer from 1 to n.

(string)\1 repeats string, and a matching string must contain stringstring. (string1)(string2)\2 repeats string2, and a matching string must contain string1string2string2. (string1)(string2)\1\2 repeats string1 and string2 respectively, and a matching string must contain string1string2string1string2.

[^]

Matches a single character not contained within the brackets.

 [^16A] means to match a string containing any character except 1, 6 or A, and the matching string can also contain 1, 6 or A, but cannot contain these three characters only. For example, [^16A] matches "abc" and "m16", but not 1, 16, or 16A.

\<string

Matches a character string starting with string.

"\<do" matches word "domain" and string "doa".

string\>

Matches a character string ending with string.

"do\>" matches word "undo" and string "abcdo".

\bcharacter2

Matches character1character2. character1 can be any character except number, letter or underline, and \b equals [^A-Za-z0-9_].

"\ba" matches "-a" with "-" being character1, and "a" being character2, but it does not match "2a" or "ba".

\Bcharacter

Matches a string containing character, and no space is allowed before character.

"\Bt" matches "t" in "install", but not "t" in "big top".

character1\w

Matches character1character2. character2 must be a number, letter, or underline, and \w equals [A-Za-z0-9_].

"v\w" matches "vlan" ("v" is character1 and "l" is character2) and "service" ( "i" is character2).

\W

Equals \b.

"\Wa" matches "-a", with "-" being character1, and "a" being character2, but does not match "2a" or "ba".

\

Escape character. If a special character listed in this table follows \, the specific meaning of the character is removed.

"\\" matches a string containing "\", "\^" matches a string containing "^", and "\\b" matches a string containing "\b".

0

Visit

Includes commands for network diagnosis and commands for accessing an external device. Configuration of commands at this level cannot survive a device restart. Upon device restart, the commands at this level are restored to the default settings.

Commands at this level include ping, tracert, telnet and ssh2.

1

Monitor

Includes commands for system maintenance and service fault diagnosis. Commands at this level are not saved after being configured. After the device is restarted, the commands at this level are restored to the default settings.

Commands at this level include debugging, terminal, refresh, and send.

2

System

Includes service configuration commands, including routing configuration commands and commands for configuring services at different network levels.

By default, commands at this level include all configuration commands except for those at manage level.

3

Manage

Includes commands that influence the basic operation of the system and commands for configuring system support modules.

By default, commands at this level involve the configuration commands of file system, FTP, TFTP, Xmodem download, user management, level setting, and parameter settings within a system, which are not defined by any protocols or RFCs.

1.       Enter system view.

system-view

N/A

2.       Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] }

N/A

3.       Specify the scheme authentication mode.

authentication-mode scheme

By default, the authentication mode for VTY users is password, and no authentication is needed for console login users.

4.       Return to system view.

quit

N/A

5.       Configure the authentication mode for SSH users as password.

For more information, see Security Configuration Guide.

This task is required only for SSH users who are required to provide their usernames and passwords for authentication.

6.       Configure the user privilege level through the AAA module.

·         To use local authentication:

a.    Use the local-user command to create a local user and enter local user view.

b.    Use the level keyword in the authorization-attribute command to configure the user privilege level.

·         To use remote authentication (RADIUS, HWTACACS, or LDAP):
Configure the user privilege level on the authentication server.

User either approach.

For local authentication, if you do not configure the user privilege level, the user privilege level is 0.

For remote authentication, if you do not configure the user privilege level, the user privilege level depends on the default configuration of the authentication server.

For more information about the local-user and authorization-attribute commands, see Security Command Reference.

1.       Configure the authentication type for SSH users as publickey.

For more information, see Security Configuration Guide.

Required only for SSH users who use public-key authentication.

2.       Enter system view.

system-view

N/A

3.       Enter user interface view.

user-interface { first-num1 [ last-num1 ] | vty first-num2 [ last-num2 ] }

N/A

4.       Enable the scheme authentication mode.

authentication-mode scheme

By default, the authentication mode for VTY users is password, and no authentication is needed for console users.

5.       Configure the user privilege level.

user privilege level level

By default, the user privilege level for users logged in through the console user interface is 3, and that for users logged in through the other user interfaces is 0.

1.       Enter system view.

system-view

N/A

2.       Enter user interface view.

user-interface { first-num1 [ last-num1 ] | { console | vty } first-num2 [ last-num2 ] }

N/A

3.       Configure the authentication mode for any user who uses the current user interface to log in to the device.

authentication-mode { none | password }

Optional.

By default, the authentication mode for VTY user interfaces is password, and no authentication is needed for console login users.

4.       Configure the privilege level of users logged in through the current user interface.

user privilege level level

Optional.

By default, the user privilege level for users logged in through the console user interface is 3, and that for users logged in through the other user interfaces is 0.

Local password authentication only (local-only)

local

The device uses the locally configured passwords for privilege level switching authentication.

To use this mode, you must set the passwords for privilege level switching using the super password command.

Remote AAA authentication through HWTACACS or RADIUS

scheme

The device sends the username and password for privilege level switching to the HWTACACS or RADIUS server for remote authentication.

To use this mode, you must perform the following configuration tasks:

·         Configure the required HWTACACS or RADIUS schemes and configure the ISP domain to use the schemes for users. For more information, see Security Configuration Guide.

·         Add user accounts and specify the user passwords on the HWTACACS or RADIUS server.

Local password authentication first and then remote AAA authentication

local scheme

The device first uses the locally configured passwords for privilege level switching authentication. If no local password is set, the device allows console users to switch their privilege levels without authentication, but performs AAA authentication for VTY users.

Remote AAA authentication first and then local password authentication

scheme local

AAA authentication is performed first, and if the remote HWTACACS or RADIUS server does not respond or AAA configuration on the device is invalid, the local password authentication is performed.

1.       Enter system view.

system-view

N/A

2.       Set the authentication mode for user privilege level switching.

super authentication-mode { local | scheme } *

Optional.

By default, local-only authentication is used.

3.       Configure the password for the user privilege level.

super password [ level user-level ] { cipher | simple } password

If local authentication is involved, this step is required.

By default, a privilege level has no password.

If no user privilege level is specified when you configure the command, the user privilege level defaults to 3.

Switch the user privilege level.

super [ level ]

When logging in to the device, a user has a user privilege level, which depends on user interface or authentication user level.

none/password

local

Password configured for the privilege level on the device with the super password command.

N/A

local scheme

Password configured for the privilege level on the device with the super password command.

Username and password configured on the AAA server for the privilege level.

scheme

Username and password for the privilege level.

N/A

scheme local

Username and password for the privilege level.

Local user privilege level switching password.

scheme

local

Password configured for the privilege level on the device with the super password command.

N/A

local scheme

Password configured for the privilege level on the device with the super password command.

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

scheme

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

N/A

scheme local

Password for privilege level switching configured on the AAA server. The system uses the login username as the privilege level switching username.

Password configured on the device with the super password command for the privilege level.

1.       Enter system view.

system-view

N/A

2.       Change the level of a command in a specific view.

command-privilege level level view view command

See Table 7 for the default settings.

Display the command keyword alias configuration.

display command-alias [ | { begin | exclude | include } regular-expression ]

Available in any view.

Display data in the clipboard.

display clipboard [ | { begin | exclude | include } regular-expression ]

Available in any view.