For example, if you configure the alias siprt for display ip routing-table, you can enter siprt to execute the display ip routing-table command. If you configure the alias ship for display ip, you can use ship to execute all commands that start with display ip:

· Enter ship routing-table to execute the display ip routing-table command.

· Enter ship interface to execute the display ip interface command.

The command string can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the display ip $1 | include $2 command. Then, to execute the display ip interface | include GigabitEthernet1/0/1 command, you only need to enter shinc interface GigabitEthernet1/0/1.

Examples

# Configure the alias shiprt for the display ip routing-table command and verify the configuration.

<Sysname> system-view

[Sysname] alias shiprt display ip routing-table

[Sysname] shiprt

Destinations : 13 Routes : 13

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

3.3.3.3/32 Static 60 0 192.168.1.62 GE1/0/1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

169.254.0.0/24 Direct 0 0 169.254.0.188 GE1/0/1

169.254.0.0/32 Direct 0 0 169.254.0.188 GE1/0/1

169.254.0.188/32 Direct 0 0 127.0.0.1 InLoop0

169.254.0.255/32 Direct 0 0 169.254.0.188 GE1/0/1

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# Configure the alias shinc for display ip $1 | include $2.

<Sysname> system-view

[Sysname] alias shinc display ip $1 | include $2

# Use the alias shinc to display all static routes.

<Sysname> system-view

[Sysname] shinc routing-table Static

3.3.3.3/32 Static 60 0 192.168.1.62 GE1/0/1

Related commands

display alias

display | { begin | exclude | include }

Use display | { begin | exclude | include } to filter the output from a display command with a regular expression.

Syntax

display command | { begin | exclude | include } regular-expression

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

begin: Displays the first line matching the specified regular expression and all subsequent lines.

exclude: Displays all lines not matching the specified regular expression.

include: Displays all lines matching the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

Use the | { begin | exclude | include } regular-expression option with a display command to filter the command output. For more information about regular expressions, see Fundamentals Configuration Guide.

Examples

# Display the lines that contain vlan in the running configuration.

<Sysname> display current-configuration | include vlan

vlan 1

vlan 999

port access vlan 999

display | by-linenum

Use display | by-linenum to number each output line for a display command.

Syntax

display command | by-linenum

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

Usage guidelines

By numbering each output line from a display command, you can easily identify the lines of interest.

Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen (-). If you specify both | by-linenum and | begin regular-expression for a display command, a hyphen is displayed for all lines that do not match the regular expression.

Examples

# Display VLAN 999 settings, with each output line identified by a number.

<Sysname> display vlan 999 | by-linenum

1: VLAN ID: 999

2: VLAN type: Static

3: Route interface: Configured

4: IPv4 address: 192.168.2.1

5: IPv4 subnet mask: 255.255.255.0

6: Description: For LAN Access

7: Name: VLAN 0999

8: Tagged ports: None

9: Untagged ports:

10: GigabitEthernet1/0/1

# Display the first line that begins with user-group in the running configuration and all of the following lines.

<Sysname> display current-configuration | by-linenum begin user-group

114: user-group system

115- #

116- return

display >

Use display > to save the output from a display command to a separate file.

Syntax

display command > filename

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use the display > command to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system overwrites the file.

Examples

# Save VLAN 1 settings to a separate file named vlan.txt.

<Sysname> display vlan 1 > vlan.txt

# Verify the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

VLAN type: Static

Route interface: Not configured

Description: VLAN 0001

Name: VLAN 0001

Tagged ports: None

Untagged ports:

GigabitEthernet1/0/2

display >>

Use display >> to append the output from a display command to the end of a file.

Syntax

display command >> filename

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use display >> to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system appends the output to the end of the file.

Examples

# Append the VLAN 999 settings to the end of the vlan.txt file.

<Sysname> display vlan 999 >> vlan.txt

# Check the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

VLAN type: Static

Route interface: Not configured

Description: VLAN 0001

Name: VLAN 0001

Tagged ports: None

Untagged ports:

GigabitEthernet1/0/2

VLAN ID: 999

VLAN type: Static

Route interface: Configured

IPv4 address: 192.168.2.1

IPv4 subnet mask: 255.255.255.0

Description: For LAN Access

Name: VLAN 0999

Tagged ports: None

Untagged ports:

GigabitEthernet1/0/1

display alias

Use display alias to display command aliases.

Syntax

display alias [ alias ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

alias: Specifies a command alias. If you do not specify this argument, the command displays all command aliases.

Examples

# Display all command aliases.

<Sysname> display alias

Index Alias Command key

1 access-list acl

2 end return

3 erase delete

4 exit quit

5 hostname sysname

6 logging info-center

7 no undo

8 shinc display $1 | include $2

9 show display

10 sirt display ip routing-table

11 write save

# Display the command alias shinc.

<Sysname> display alias shinc

Alias Command key

shinc display ip $1 | include $2

Related commands

alias

display history-command

Use display history-command to display all commands that are saved in the command history buffer for the current CLI session.

Syntax

display history-command

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again.

By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

Examples

# Display all commands saved in the command history buffer for the current CLI session.

<Sysname> display history-command

system-view

vlan 2

quit

Related commands

history-command max-size

display history-command all

Use display history-command all to display all commands saved in the command history buffer for all CLI sessions.

Syntax

display history-command all

Views

Any view

Predefined user roles

network-admin

Usage guidelines

The system automatically saves commands successfully executed by users to the command history buffer for all CLI sessions. Users can view them and execute them again.

Up to 1024 commands can be saved in the command history buffer. When this number is reached, the system deletes the earliest commands to make room for newly executed commands.

Examples

# Display all commands saved in the command history buffer for all CLI sessions.

<Sysname> display history-command all

Date Time Terminal Ip User

03/16/2017 20:03:33 vty0 192.168.1.26 **

Cmd:dis his all

03/16/2017 20:03:29 vty0 192.168.1.26 **

Cmd:sys

Related commands

display history-command

display hotkey

Use display hotkey to display hotkey information.

Syntax

display hotkey

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display hotkey information.

<Sysname> display hotkey

----------------- Hotkeys -----------------

-Defined command hotkeys-

CTRL_G display current-configuration

CTRL_L display ip routing-table

CTRL_O undo debugging all

-Undefined command hotkeys-

CTRL_T NULL

CTRL_U NULL

-System-reserved hotkeys-

CTRL_A Move the cursor to the beginning of the line.

CTRL_B Move the cursor one character to the left.

CTRL_C Stop the current command.

CTRL_D Erase the character at the cursor.

CTRL_E Move the cursor to the end of the line.

CTRL_F Move the cursor one character to the right.

CTRL_H Erase the character to the left of the cursor.

CTRL_K Abort the connection request.

CTRL_N Display the next command in the history buffer.

CTRL_P Display the previous command in the history buffer.

CTRL_R Redisplay the current line.

CTRL_V Paste text from the clipboard.

CTRL_W Delete the word to the left of the cursor.

CTRL_X Delete all characters from the beginning of the line to the cursor.

CTRL_Y Delete all characters from the cursor to the end of the line.

CTRL_Z Return to the User View.

CTRL_] Kill incoming connection or redirect connection.

ESC_B Move the cursor back one word.

ESC_D Delete all characters from the cursor to the end of the word.

ESC_F Move the cursor forward one word.

ESC_N Move the cursor down a line.

ESC_P Move the cursor up a line.

ESC_< Move the cursor to the beginning of the clipboard.

ESC_> Move the cursor to the end of the clipboard.

Related commands

hotkey

Use hotkey to assign a command to a configurable hotkey.

Use undo hotkey to restore the default.

Syntax

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }

Default

· Ctrl_G: display current-configuration (display the running configuration).

· Ctrl_L: display ip routing-table (display the IPv4 routing table information).

· Ctrl_O: undo debugging all (disable all debugging functions).

· Ctrl_T: No command is assigned to this hotkey.

· Ctrl_U: No command is assigned to this hotkey.

Views

System view

Predefined user roles

network-admin

Parameters

CTRL_G: Assigns a command to Ctrl+G.

CTRL_L: Assigns a command to Ctrl+L.

CTRL_O: Assigns a command to Ctrl+O.

CTRL_T: Assigns a command to Ctrl+T.

CTRL_U: Assigns a command to Ctrl+U.

command: Specifies the command to be assigned to the hotkey.

Usage guidelines

The system defines some hotkeys and provides five configurable command hotkeys. Pressing a hotkey executes the command assigned to the hotkey.

To display system-defined and configurable hotkeys, use the display hotkey command.

Examples

# Assign the display tcp statistics command to the hotkey Ctrl+T.

<Sysname> system-view

[Sysname] hotkey ctrl_t display tcp statistics

Related commands

display hotkey

quit

Use quit to return to the upper-level view.

Syntax

quit

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Executing this command in user view disconnects you from the device.

Examples

# Return from GigabitEthernet 1/0/1 interface view to system view and then to user view.

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] quit

repeat

Use repeat to repeat commands in the command history buffer for the current CLI session..

Syntax

repeat [ number ] [ count times ] [ delay seconds ]

Views

Any view

Predefined user roles

network-admin

Parameters

number: Specifies the number of the most recently executed commands in the history buffer for the current CLI session. that you want to execute. The value range is 1 to 10. The default is 1.

count times: Specifies the number of times that you want to execute the commands. The value range is 0 to 4294967295. The default is 0. If you do not specify this option, the system keeps executing the commands until you terminate the execution.

delay seconds: Specifies the time (in seconds) that the system waits before executing the commands again. The value range is 0 to 4294967295. The default is 1.

Usage guidelines

To terminate the execution of commands, press the escape key.

The repeat command executes commands in the order they were executed.

The system waits for your interaction when it repeats an interactive command.

Examples

# Configure the system to execute the two most recently executed commands (display cpu and display clock) twice at an interval of 10 seconds.

<Sysname> repeat 2 count 2 delay 10

<Sysname> display cpu

Unit CPU usage:

33% in last 5 seconds

32% in last 1 minute

33% in last 5 minutes

<Sysname> display clock

12:20:08 UTC Thu 03/19/2017

<Sysname> display cpu

Unit CPU usage:

33% in last 5 seconds

32% in last 1 minute

33% in last 5 minutes

<Sysname> display clock

12:20:18 UTC Thu 03/19/2017

Related commands

· display history-command

· escape-key

· history-command max-size

return

Use return to return to user view from any other view.

Syntax

return

Views

Any view except user view

Predefined user roles

network-admin

network-operator

Usage guidelines

Pressing Ctrl+Z has the same effect as the return command.

Examples

# Return to user view from GigabitEthernet 1/0/1 interface view.

[Sysname-GigabitEthernet1/0/1] return

screen-length disable

Use screen-length disable to disable pausing between screens of output for the current session.

Use undo screen-length disable to enable pausing between screens of output for the current session.

Syntax

screen-length disable

undo screen-length disable

Default

The default depends on the configuration of the screen-length command in user line view.

The following are the default settings for the screen-length command:

· Pausing between screens of output.

· Displaying up to 24 lines on a screen.

Views

User view

Predefined user roles

network-admin

Usage guidelines

If you disable pausing between screens of output, all output is displayed. The screen is refreshed continuously until the final screen is displayed.

This command takes effect only for the current session. When you are logged out, the default is restored.

Examples

# Disable pausing between screens of output for the current session.

<Sysname> screen-length disable

Related commands

screen-length

system-view

Use system-view to enter system view from user view.

Syntax

system-view

Views

User view

Predefined user roles

network-admin

network-operator

Examples

# Enter system view from user view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]

RBAC commands

description

Use description to configure a description for a user role for easy identification.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A user role does not have a description.

Views

User role view

Predefined user roles

network-admin

Parameters

text: Configures a user role description, a case-sensitive string of 1 to 128 characters.

Examples

# Configure the description as labVIP for user role role1.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] description labVIP

Related commands

· display role

· role

display role

Use display role to display user role information.

Syntax

display role [ name role-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles.

Examples

# Display information about user role 123.

<Sysname> display role name 123

Role: 123

Description: new role

VLAN policy: Deny

Permitted VLANs: 1 to 5, 7 to 8

Interface policy: Deny

Permitted interfaces: GigabitEthernet1/0/1 to GigabitEthernet1/0/2, Vlan-interface1 to Vlan-interface20

VPN instance policy: Deny

Permitted VPN instances: vpn, vpn1, vpn2

Location policy: Deny

Permitted locations: abc 123

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

1 permit RWX feature-group abc

2 deny -W- feature ldap

3 permit command system ; radius sc *

4 permit R-- xml-element -

5 permit RW- oid 1.2.1

R:Read W:Write X:Execute

# Display information about all user roles.

<Sysname> display role

Role: network-admin

Description: Predefined network admin role has access to all commands on the

device

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit command *

sys-2 permit RWX web-menu -

sys-3 permit RWX xml-element -

sys-4 deny command display security-logfile summary

sys-5 deny command system-view ; info-center

security-logfile directory *

sys-6 deny command security-logfile save

sys-7 permit RW- oid 1

R:Read W:Write X:Execute

Role: network-operator

Description: Predefined network operator role has access to all read commands

on the device

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit command display *

sys-2 permit command xml

sys-3 deny command display history-command all

sys-4 deny command display exception *

sys-5 deny command display cpu-usage configuration *

sys-6 deny command display kernel exception *

sys-7 deny command display kernel deadloop *

sys-8 deny command display kernel starvation *

sys-9 deny command display kernel reboot *

sys-12 permit command system-view ; local-user *

sys-13 permit command system-view ; switchto *

sys-14 permit R-- web-menu -

sys-15 permit R-- xml-element -

sys-16 deny command display security-logfile summary

sys-17 deny command system-view ; info-center

security-logfile directory *

sys-18 deny command security-logfile save

sys-19 deny command system-view ; local-user-import *

sys-20 deny command system-view ; local-user-export *

sys-21 permit R-- oid 1

R:Read W:Write X:Execute

Role: level-0

Description: Predefined level-0 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit command tracert *

sys-2 permit command telnet *

sys-3 permit command ping *

sys-4 permit command ssh2 *

sys-5 permit command super *

R:Read W:Write X:Execute

Role: level-1

Description: Predefined level-1 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit command tracert *

sys-2 permit command telnet *

sys-3 permit command ping *

sys-4 permit command ssh2 *

sys-5 permit command display *

sys-6 permit command super *

sys-7 deny command display history-command all

R:Read W:Write X:Execute

Role: level-2

Description: Predefined level-2 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-3

Description: Predefined level-3 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-4

Description: Predefined level-4 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-5

Description: Predefined level-5 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-6

Description: Predefined level-6 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-7

Description: Predefined level-7 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-8

Description: Predefined level-8 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-9

Description: Predefined level-9 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit RWX feature -

sys-2 deny RWX feature device

sys-3 deny RWX feature filesystem

sys-4 permit command display *

sys-5 deny command display history-command all

R:Read W:Write X:Execute

Role: level-10

Description: Predefined level-10 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-11

Description: Predefined level-11 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-12

Description: Predefined level-12 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-13

Description: Predefined level-13 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-14

Description: Predefined level-14 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

Role: level-15

Description: Predefined level-15 role

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit command *

sys-2 permit RWX web-menu -

sys-3 permit RWX xml-element -

sys-4 deny command display security-logfile summary

sys-5 deny command system-view ; info-center

security-logfile directory *

sys-6 deny command security-logfile save

sys-7 permit RW- oid 1

R:Read W:Write X:Execute

Role: security-audit

Description: Predefined security audit role only has access to commands for

the security log administrator

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 deny command *

sys-2 permit command display security-logfile summary

sys-3 permit command system-view ; info-center

security-logfile directory *

sys-4 permit command security-logfile save

sys-5 permit command cd *

sys-6 permit command copy *

sys-7 permit command delete *

sys-8 permit command dir *

sys-9 permit command mkdir *

sys-10 permit command more *

sys-11 permit command move *

sys-12 permit command rmdir *

sys-13 permit command pwd

sys-14 permit command rename *

sys-15 permit command undelete *

sys-16 permit command ftp *

sys-17 permit command sftp *

R:Read W:Write X:Execute

Role: guest-manager

Description: Predefined guest manager role can't access to commands

VLAN policy: Permit (default)

Interface policy: Permit (default)

VPN instance policy: Permit (default)

Location policy: Permit (default)

-------------------------------------------------------------------

Rule Perm Type Scope Entity

-------------------------------------------------------------------

sys-1 permit RWX xml-element useraccounts/approveguest/

sys-2 permit RWX xml-element useraccounts/exportguestaccount/

sys-3 permit RWX xml-element useraccounts/generateguestaccount/

sys-4 permit RWX xml-element useraccounts/guest/

sys-5 permit RWX xml-element useraccounts/guestconfigure/

sys-6 permit RWX xml-element useraccounts/importguestaccount/

sys-7 permit RWX xml-element useraccounts/exportguesttemplet/

sys-8 permit RWX xml-element rpc/

sys-9 permit RWX web-menu m_global/m_networksecurity/

m_guestmanage/m_guestlist/

sys-10 permit RWX web-menu m_global/m_networksecurity/

m_guestmanage/m_importguest/

sys-11 permit RWX web-menu m_global/m_networksecurity/

m_guestmanage/m_generateguest/

sys-12 permit RWX web-menu m_global/m_networksecurity/

m_guestmanage/m_approveguest/

sys-13 deny command *

R:Read W:Write X:Execute

Table 2 Command output

Field	Description
Role	User role name. Predefined user role names: · network-admin. · network-operator. · level-n (where n represents an integer in the range of 0 to 15). · security-audit. · guest-manager.
Description	User role description you have configured for easy identification.
VLAN policy	VLAN policy of the user role: · Deny—Denies access to any VLANs except permitted VLANs. · Permit (default)—Default VLAN policy, which enables the user role to access all VLANs.
Permitted VLANs	VLANs accessible to the user role.
Interface policy	Interface policy of the user role: · Deny—Denies access to any interfaces except permitted interfaces. · Permit (default)—Default interface policy, which enables the user role to access all interfaces.
Permitted interfaces	Interfaces accessible to the user role.
VPN instance policy	VPN instance policy of the user role: · Deny—Denies access to any VPNs except permitted VPNs. · Permit (default)—Default VPN instance policy, which enables the user role to access all VPN instances. This field is not supported in the current software version.
Permitted VPN instances	VPNs accessible to the user role. This field is not supported in the current software version.
Location policy	Location identifier policy of the user role: · Deny—Denies access to any location identifiers except for permitted location identifiers. · Permit (default)—Default location identifier policy, which enables the user role to access all location identifiers. This field is not supported in the current software version.
Permitted locations	Location identifiers accessible to the user role. This field is not supported in the current software version.
Rule	User role rule number. A user role rule specifies access permissions for items, including commands, feature-specific commands, Web menus, XML elements, and MIB nodes. Predefined user role rules are identified by sys-n, where n represents an integer.
Perm	Access control type: · permit—User role has access to the specified items. · deny—User role does not have access to the specified items.
Type	Controlled type: · R—Read-only. · W—Write. · X—Execute.
Scope	Rule control scope: · command—Controls access to the command or commands, as specified in the Entity field. · feature—Controls access to the commands of the feature, as specified in the Entity field. · feature-group—Controls access to the commands of the features in the feature group, as specified in the Entity field. · web-menu—Controls access to Web menus. · xml-element—Controls access to XML elements. · oid—Controls access to MIB nodes.
Entity	Command string, feature name, feature group, Web menu, XML element, or OID specified in the user role rule: · An en dash (–) represents any feature. · An asterisk (*) represents zero or more characters.

Related commands

role

display role feature

Use display role feature to display features available in the system.

Syntax

display role feature [ name feature-name | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name feature-name: Displays the commands of a feature. The feature-name argument specifies the feature name, and all letters must be in lower case.

verbose: Displays the commands of each feature.

Usage guidelines

If you specify neither the name feature-name option nor the verbose keyword, the command displays only the list of features available in the system.

Examples

NOTE:

Support for the features and commands in the following examples depends on the device model.

# Display the list of feature names.

<Sysname> display role feature

Feature: device (Device configuration related commands)

Feature: interface (Interface related commands)

Feature: syslog (Syslog related commands)

…

# Display the commands of each feature.

<Sysname> display role feature verbose

Feature: device (Device configuration related commands)

display clock (R)

debugging dev (W)

display debugging dev (R)

display device * (R)

display diagnostic-information (R)

…

# Display the commands of the aaa feature.

<Sysname> display role feature name aaa

Feature: aaa (AAA related commands)

system-view ; domain * (W)

system-view ; header * (W)

system-view ; aaa * (W)

system-view ; ita * (W)

display domain * (R)

system-view ; user-group * (W)

system-view ; local-user * (W)

display local-user * (R)

display user-group * (R)

display debugging local-server (R)

debugging local-server * (W)

super * (X)

display password-control * (R)

reset password-control * (W)

system-view ; password-control * (W)

Table 3 Command output (display role feature name aaa)

Field	Description
Feature	Displays the name and brief function description of the feature.
system-view ; domain *	All commands that start with the domain keyword in system view, and all commands in ISP domain view.
system-view ; header *	All commands that start with the header keyword in system view.
system-view ; aaa *	All commands that start with the aaa keyword in system view.
system-view ; ita *	All commands that start with the ita keyword in system view.
display domain *	All commands that start with the display domain keywords in user view.
system-view ; user-group *	All commands that start with the user-group keyword in system view, and all commands in user group view.
system-view ; local-user *	All commands that start with the local-user keyword in system view, and all commands in local user view.
display local-user *	All commands that start with the display local user keywords in user view.
display user-group *	All commands that start with the display user-group keywords in user view.
display debugging local-server	All commands that start with the display debugging local-server keywords in user view.
debugging local-server *	All commands that start with the debugging local-server keywords in user view.
super *	All commands that start with the super keyword in user view.
display password-control *	All commands that start with the display password-control keywords in user view.
reset password-control *	All commands that start with the reset password-control keywords in user view.
system-view ; password-control *	All commands that start with the password-control keyword in system view.
(W)	Command type is Write. A write command configures the system.
(R)	Command type is Read. A read command displays configuration or maintenance information.
(X)	Command type is Execute. An execute command executes a specific function.

Related commands

feature

display role feature-group

Use display role feature-group to display feature group information.

Syntax

display role feature-group [ name feature-group-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name feature-group-name: Specifies a feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups.

verbose: Displays the commands of each feature in the specified feature group. If you do not specify a feature group, the keyword enables displaying the commands of each feature in every feature group. If you do not specify this keyword, the command displays only the feature lists of feature groups.

Usage guidelines

Feature groups L2 and L3 are predefined feature groups.

Examples

NOTE:

Support for the features and commands in the following examples depends on the device model.

# Display the feature lists of feature groups.

<Sysname> display role feature-group

Feature group: L2

Feature: igmp-snooping (IGMP-Snooping related commands)

Feature: mld-snooping (MLD-Snooping related commands)

Feature: lacp (LACP related commands)

Feature: stp (STP related commands)

Feature: lldp (LLDP related commands)

Feature: loopbk-detect (Loopback-detection related commands)

Feature: vlan (Virtual LAN related commands)

Feature: evi (EVI related commands)

Feature: ofp (OFP related commands)

Feature: port-security (Port-security related commands)

Feature group: L3

Feature: route (Route management related commands)

Feature: usr (Unicast static route related commands)

Feature: l3vpn (Layer 3 Virtual Private Network related commands)

Feature: multicast (Multicast related commands)

# Display the commands in each feature group. For more information about the wildcards and marks used in the command list, see Table 3.

<Sysname> display role feature-group verbose

Feature group: L2

Feature: igmp-snooping (IGMP-Snooping related commands)

system-view ; igmp-snooping * (W)

system-view ; vlan * ; igmp-snooping * (W)

system-view ; vlan * ; pim-snooping * (W)

system-view ; interface * ; igmp-snooping * (W)

display igmp-snooping * (R)

display pim-snooping * (R)

display l2-multicast * (R)

system-view ; probe ; display system internal l2-multicast * (R)

reset igmp-snooping * (W)

reset pim-snooping * (W)

reset l2-multicast * (W)

debugging igmp-snooping * (W)

display debugging igmp-snooping * (R)

system-view ; probe ; debugging system internal igmp-snooping * (W)

Feature: mld-snooping (MLD-Snooping related commands)

system-view ; mld-snooping * (W)

system-view ; vlan * ; mld-snooping * (W)

system-view ; vlan * ; ipv6 pim-snooping * (W)

system-view ; interface * ; mld-snooping * (W)

display mld-snooping * (R)

display ipv6 pim-snooping * (R)

display ipv6 l2-multicast * (R)

system-view ; probe ; display system internal ipv6 l2-multicast * (R)

reset mld-snooping * (W)

reset ipv6 pim-snooping * (W)

reset ipv6 l2-multicast * (W)

debugging mld-snooping * (W)

display debugging mld-snooping * (R)

system-view ; probe ; debugging system internal mld-snooping * (W)

…

# Display the feature list of the L3 feature group.

<Sysname> display role feature-group name L3

Feature group: L3

Feature: route (Route management related commands)

Feature: usr (Unicast static route related commands)

Feature: l3vpn (Layer 3 Virtual Private Network related commands)

Feature: multicast (Multicast related commands)

Related commands

· feature

· role feature-group

feature

Use feature to add a feature to a feature group.

Use undo feature to remove a feature from a feature group.

Syntax

feature feature-name

undo feature feature-name

Default

A user-defined feature group does not have any features.

Views

Feature group view

Predefined user roles

network-admin

Parameters

feature-name: Specifies a feature name. You must enter the feature name exactly as the feature name is displayed, including the case.

Usage guidelines

Repeat the feature command to add multiple features to a feature group.

Examples

# Add the AAA and ACL features to feature group security-features.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features] feature aaa

[Sysname-featuregrp-security-features] feature acl

Related commands

· display role feature

· display role feature-group

· role feature-group

interface policy deny

Use interface policy deny to enter user role interface policy view.

Use undo interface policy deny to restore the default user role interface policy.

Syntax

interface policy deny

undo interface policy deny

Default

A user role has access to all interfaces.

Views

User role view

Predefined user roles

network-admin

Usage guidelines

To restrict the interface access of a user role to a set of interfaces, perform the following tasks:

1. Use interface policy deny to enter user role interface policy view.

2. Use permit interface to specify accessible interfaces.

NOTE:

The interface policy deny command denies the access of the user role to any interfaces if the permit interface command is not configured.

To configure an interface, make sure the interface is permitted by the user role interface policy in use. You can perform the following tasks on an accessible interface:

· Create, remove, or configure the interface.

· Enter the interface view.

· Specify the interface in feature commands.

The create and remove operations are available only for logical interfaces.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role interface policy view of role1, and deny role1 to access any interfaces.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] quit

# Enter user role interface policy view of role1, and deny role1 to access any interfaces except for GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet 1/0/5

Related commands

· display role

· permit interface

· role

permit interface

Use permit interface to configure a list of interfaces accessible to a user role.

Use undo permit interface to disable the access of a user role to specific interfaces.

Syntax

permit interface interface-list

undo permit interface [ interface-list ]

Default

No permitted interfaces are configured in user role interface policy view.

Views

User role interface policy view

Predefined user roles

network-admin

Parameters

interface-list: Specifies a space-separated list of up to 10 interface items. Each interface item specifies one interface in the interface-type interface-number form or a range of interfaces in the interface-type interface-number to interface-type interface-number form. If you specify an interface range, the end interface must meet the following requirements:

· Be the same type as the start interface.

· Have a higher interface number than the start interface.

Usage guidelines

To permit a user role to access an interface after you configure the interface policy deny command, you must add the interface to the permitted interface list of the policy. With the user role, you can perform the following tasks to the interfaces in the permitted interface list:

· Create, remove, or configure the interfaces.

· Enter the interface views.

· Specify the interfaces in feature commands.

The create and remove operations are available only for logical interfaces.

You can repeat the permit interface command to add permitted interfaces to a user role interface policy.

The undo permit interface command removes the entire list of permitted interfaces if you do not specify an interface.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

1. Configure user role role1:

# Permit the user role role1 to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access VLAN-interface 1, and VLAN-interface 5 to VLAN-interface 7.

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface vlan-interface 1 vlan-interface 5 to vlan-interface 7

[Sysname-role-role1-ifpolicy] quit

[Sysname-role-role1] quit

2. Verify that you cannot use the user role to work on any interfaces except VLAN-interface 1 and VLAN-interface 5 to VLAN-interface 7:

# Verify that you can enter VLAN-interface 1 interface view.

[Sysname] interface interface vlan-interface 1

[Sysname-Vlan-interface1] quit

# Verify that you cannot enter VLAN-interface 2 interface view.

[Sysname] interface vlan-interface 2

Permission denied.

Related commands

· display role

· interface policy deny

· role

permit vlan

Use permit vlan to configure a list of VLANs accessible to a user role.

Use undo permit vlan to remove the permission for a user role to access specific VLANs.

Syntax

permit vlan vlan-id-list

undo permit vlan [ vlan-id-list ]

Default

No permitted VLANs are configured in user role VLAN policy view.

Views

User role VLAN policy view

Predefined user roles

network-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must be greater than the value for the vlan-id1 argument.

Usage guidelines

To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the following tasks on the VLANs in the permitted VLAN list:

· Create, remove, or configure the VLANs.

· Enter the VLAN views.

· Specify the VLANs in feature commands.

You can repeat the permit vlan command to add multiple permitted VLANs to a user role VLAN policy.

The undo permit vlan command removes the entire list of permitted VLANs if you do not specify a VLAN.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

1. Configure user role role1:

# Permit the user role role1 to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role role1 to access VLANs 2, 4, and 50 to 100.

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100

[Sysname-role-role1-vlanpolicy] quit

[Sysname-role-role1] quit

2. Verify that you cannot use the user role to work on any VLANs except VLANs 2, 4, and 50 to 100:

# Verify that you can create VLAN 100 and enter the VLAN view.

[Sysname] vlan 100

[Sysname-vlan100] quit

# Verify that you can add port GigabitEthernet 1/0/1 to VLAN 100 as an access port.

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] port access vlan 100

[Sysname-GigabitEthernet1/0/1] quit

# Verify that you cannot create VLAN 101 or enter the VLAN view.

[Sysname] vlan 101

Permission denied.

Related commands

· display role

· role

· vlan policy deny

role

Use role to create a user role and enter its view, or enter the view of an existing user role.

Use undo role to delete a user role.

Syntax

role name role-name

undo role name role-name

Default

The system has the following predefined user roles: network-admin, network-operator, level-n (where n represents an integer in the range of 0 to 15), security-audit, and guest-manager.

Views

System view

Predefined user roles

network-admin

Parameters

name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can create a maximum of 64 user roles in addition to the predefined user roles.

To change the permissions assigned to a user role, you must first enter the user role view.

You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, level-15, security-audit, or guest-manager.

You cannot assign the security-audit user role to non-AAA authentication users.

The access permissions of the level-0 to level-14 user roles can be modified through user role rules and resource access policies. However, you cannot make changes on the predefined access permissions of these user roles. For example, you cannot change the access permission of these user roles to the display history-command all command.

Examples

# Create the user role role1 and enter the user role view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1]

Related commands

· display role

· interface policy deny

· rule

· vlan policy deny

role default-role enable

Use role default-role enable to enable the default user role feature for remote AAA users.

Use undo role default-role enable to restore the default.

Syntax

role default-role enable [ role-name ]

undo role default-role enable

Default

The default user role feature is disabled. AAA users who do not have a user role cannot log in to the device.

Views

System view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role by its name for the default user role. The user role must already exist. The argument is a case-sensitive string of 1 to 63 characters. If you do not specify a user role, the default user role is network-operator.

Usage guidelines

The default user role feature assigns the default user role to AAA-authenticated users if the authentication server does not assign any user roles to the users. These users are allowed to access the system with the default user role.

If AAA users have been assigned user roles, they log in with the user roles.

Examples

# Enable the default user role feature.

<Sysname> system-view

[Sysname] role default-role enable

Related commands

role

role feature-group

Use role feature-group to create a user role feature group and enter its view, or enter the view of an existing user role feature group.

Use undo role feature-group to delete a user role feature group.

Syntax

role feature-group name feature-group-name

undo role feature-group name feature-group-name

Default

Two user role feature groups, L2 and L3, are created.

Views

System view

Predefined user roles

network-admin

Parameters

name feature-group-name: Specifies a feature group name. The feature-group-name argument is a case-sensitive string of 1 to 31 characters.

Usage guidelines

The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all Layer 3 feature commands. These predefined feature groups are not user configurable.

In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role feature groups.

After you create a user role feature group, you can use the display role feature command to display the features available in the system. Then you can use the feature command to add features to the feature group.

Examples

# Create a feature group named security-features and enter its view.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features]

Related commands

· display role feature-group

· display role feature

· feature

rule

Use rule to create or change a user role rule for controlling command, Web menu, XML element, or MIB node access.

Use undo rule to delete a user role rule.

Syntax

rule number { deny | permit } { command command-string | { execute | read | write } * { feature [ feature-name ] | feature-group feature-group-name | oid oid-string | web-menu [ web-string ] | xml-element [ xml-string ] } }

undo rule { number | all }

Default

A user-defined user role does not have any rules and cannot access any commands, Web menus, XML elements, or MIB nodes.

Views

User role view

Predefined user roles

network-admin

Parameters

number: Specifies a rule number in the range of 1 to 256.

deny: Denies access to the specified commands, Web menus, XML elements, or MIB nodes.

permit: Permits access to the specified commands, Web menus, XML elements, or MIB nodes.

command command-string: Specifies a command string. The command-string argument is a case-sensitive string of 1 to 128 characters, including the following characters:

· The wildcard asterisk (*).

· The delimiters space and tab.

· All printable characters.

execute: Specifies the execute commands, Web menus, XML elements, or MIB nodes. An execute command (for example, ping), Web menu, XML element, or MIB node executes a specific function or program.

read: Specifies the read commands, Web menus, XML elements, or MIB nodes. A read command (for example, display, dir, more, or pwd), Web menu, XML element, or MIB node displays configuration or maintenance information.

write: Specifies the write commands, Web menus, XML elements, or MIB nodes. A write command (for example, ssh server enable), Web menu, XML element, or MIB node configures the system.

feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature name. If you do not specify a feature name, you specify all the features in the system. When you specify a feature, the feature name must be the same, including the case, as the name displayed by the display role feature command.

feature-group feature-group-name: Specifies a user-defined or predefined feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If the feature group has not been created, the rule takes effect after the group is created. To display the feature groups that have been created, use the display role feature-group command.

oid oid-string: Specifies an OID of a MIB node. The oid-string argument represents the OID, a case-insensitive string of 1 to 255 characters. The OID is a dotted numeric string that uniquely identifies the path from the root node to this node. For example, 1.3.6.1.4.1.25506.8.35.14.19.1.1.

web-menu [ web-string ]: Specifies a Web menu. The web-string argument represents the ID path of the Web menu, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate ID items, for example, M_DEVICE/I_BASIC_INFO/I_reboot. If you do not specify a Web menu, the rule applies to all Web items. To verify the ID path of a Web menu, use the display web menu command.

xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the XPath of the XML element, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate Xpath items, for example, Interfaces/Index/Name. If you do not specify an XML element, the rule applies to all XML elements.

all: Deletes all the user role rules.

Usage guidelines

You can define the following types of rules for different access control granularities:

· Command rule—Controls access to a command or a set of commands that match a regular expression.

· Feature rule—Controls access to the commands of a feature by command type.

· Feature group rule—Controls access to the commands of a group of features by command type.

· Web menu rule—Controls access to Web menus by menu type.

· XML element rule—Controls access to XML elements by element type.

· OID rule—Controls access to the specified MIB node and its child nodes by node type.

A user role can access the set of permitted commands, Web menus, XML elements, and MIB nodes specified in the user role rules. User role rules include predefined (identified by sys-n) and user-defined user role rules.

You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024.

Access to the file system commands is controlled by both the file system command rules and the file system feature rule.

A command with output redirection to the file system is permitted only when the command type write is assigned to the file system feature.

Any rule modification, addition, or removal for a user role takes effect only on the users who log in with the user role after the change.

The following guidelines apply to non-OID rules:

· If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For example, a user role can use the tracert command but not the ping command if the user role contains rules configured by using the following commands:

? rule 1 permit command ping

? rule 2 permit command tracert

? rule 3 deny command ping

· If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule takes effect.

The following guidelines apply to OID rules:

· The system compares an OID with the OIDs specified in rules, and it uses the longest match principle to select a rule for the OID. For example, a user role cannot access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

? rule 1 permit read write oid 1.3.6

? rule 2 deny read write oid 1.3.6.1.4.1

? rule 3 permit read write oid 1.3.6.1.4

· If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

? rule 1 permit read write oid 1.3.6

? rule 2 deny read write oid 1.3.6.1.4.1

? rule 3 permit read write oid 1.3.6.1.4.1

When you specify a command string, follow the guidelines in Table 4.

Table 4 Command string configuration rules

Rule	Guidelines
Semicolon (;) is the delimiter.	Use a semicolon to separate the command of each view that you must enter before you access a command or a set of commands. However, do not use a semicolon to separate commands available in user view or any view, for example, display and dir. Each semicolon-separated segment must have a minimum of one printable character. To specify the commands in a view but not the commands in the view's subviews, use a semicolon as the last printable character in the last segment. To specify the commands in a view and the view's subviews, the last printable character in the last segment must not be a semicolon. For example, you must enter system view before you enter interface view. To specify all commands starting with the ip keyword in any interface view, you must use the "system ; interface * ; ip * ;" command string. For another example, the "system ; radius scheme * ;" command string represents all commands that start with the radius scheme keywords in system view. The "system ; radius scheme *" command string represents all commands that start with the radius scheme keywords in system view and all commands in RADIUS scheme view.
Asterisk (*) is the wildcard.	An asterisk represents zero or multiple characters. In a non-last segment, you can use an asterisk only at the end of the segment. In the last segment, you can use an asterisk in any position of the segment. If the asterisk appears at the beginning, you cannot specify a printable character behind the asterisk. For example, the "system ; " command string represents all commands available in system view and all subviews of the system view. The "debugging event" command string represents all event debugging commands available in user view.
Keyword abbreviation is allowed.	You can specify a keyword by entering the first few characters of the keyword. Any command that starts with this character string matches the rule. For example, " rule 1 deny command dis ip routing-table" denies access to the display ip routing-table summary and display ip routing-table verbose commands.
To control the access to a command, you must specify the command immediately after the view that has the command.	To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command. For example, the "rule 1 deny command system ; interface * ; " command string disables access to any command that is assigned to interface view. However, you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl ;".
Do not include the vertical bar (\|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule.	The system does not treat the redirect signs and the parameters that follow the signs as part of command lines. However, in user role command rules, these redirect signs and parameters are handled as part of command lines. As a result, no rule that includes any of these signs can find a match. For example, "rule 1 permit command display debugging > log" can never find a match. This is because the system has a display debugging command but not a display debugging > log command.

Examples

# Permit the user role role1 to execute the display acl command.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command display acl

# Permit the user role role1 to execute all commands that start with the display keyword.

[Sysname-role-role1] rule 2 permit command display *

# Permit the user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view.

[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa

# Deny the access of role1 to any read or write commands of any features.

[Sysname-role-role1] rule 4 deny read write feature

# Deny the access of role1 to any read commands of the aaa feature.

[Sysname-role-role1] rule 5 deny read feature aaa

# Permit role1 to access all read, write, and execute commands of the feature group security-features.

[Sysname-role-role1] rule 6 permit read write execute feature-group security-features

# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.

[Sysname-role-role1] rule 7 permit read write oid 1.1.2

Related commands

· display role

· display role feature

· display role feature-group

· display web menu

· role

super

Use super to obtain another user role without reconnecting to the device.

Syntax

super [ role-name ]

Views

User view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system, and it cannot be security-audit or guest-manager. If you do not specify a user role, you obtain the default target user role.

Usage guidelines

The obtained user role is a temporary user role, because this command is effective only on the current login. The next time you are logged in with the user account, the original user role settings take effect.

To enable a user to obtain another user role without reconnecting to the device, you must configure user role authentication.

· If no local password is configured in the local password authentication (local), a console user can obtain the user role by either entering a string or not entering anything.

· If no local password is configured in the local-then-remote authentication (local scheme), a console or VTY user performs remote authentication.

Examples

# Obtain the user role network-operator.

<Sysname> super network-operator

Password:

User privilege role is network-operator, and only those commands that authorized to the role can be used.

Related commands

· authentication super (Security Command Reference)

· super authentication-mode

· super password

super authentication-mode

Use super authentication-mode to set an authentication mode for temporary user role authorization.

Use undo super authentication-mode to restore the default.

Syntax

super authentication-mode { local | scheme } *

undo super authentication-mode

Default

Local password authentication applies.

Views

System view

Predefined user roles

network-admin

Parameters

local: Enables local password authentication.

scheme: Enables remote AAA authentication.

Usage guidelines

For local password authentication, use the super password command to set a password.

For remote AAA authentication, set the username and password on the RADIUS or HWTACACS server.

If you specify both local and scheme keywords, the keyword first entered in the command takes precedence.

· scheme local—Enables remote-then-local authentication mode. The device first performs AAA authentication to obtain a temporary user role. Local password authentication is performed if the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the device is invalid.

· local scheme—Enables local-then-remote authentication mode. The device first performs local password authentication. If no password is configured for the user role, the device performs remote authentication for console and VTY users.

For more information about AAA, see Security Configuration Guide.

Examples

# Enable local-only authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode local

# Enable remote-then-local authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode scheme local

Related commands

· authentication super (Security Command Reference)

· super password

super default role

Use super default role to specify the default target user role for temporary user role authorization.

Use undo super default role to restore the default.

Syntax

super default role role-name

undo super default role

Default

The default target user role is network-admin.

Views

System view

Predefined user roles

network-admin

Parameters

role-name: Specifies the name of the default target user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system, and it cannot be security-audit or guest-manager.

Usage guidelines

The default target user role is applied to the super or super password command when you do not specify a user role for the command.

Examples

# Specify the default target user role as network-operator for temporary user role authorization.

<Sysname> system-view

[Sysname] super default role network-operator

Related commands

· super

· super password

super password

Use super password to set a password for a user role.

Use undo super password to delete the password for a user role.

Syntax

super password [ role role-name ] [ { hash | simple } string ]

undo super password [ role role-name ]

Default

No password is set for a user role.

Views

System view

Predefined user roles

network-admin

Parameters

role role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system, and it cannot be security-audit or guest-manager. If you do not specify a user role, the command sets a password for the default target user role.

hash: Sets a hashed password.

simple: Sets a plaintext password. For security purposes, the password specified in plaintext form will be stored in hashed form.

string: Specifies the password string. This argument is case sensitive.

· If the simple keyword is specified, the password must be a string of 1 to 63 characters.

· If the hash keyword is specified, the password must be a string of 1 to 110 characters.

Usage guidelines

If you do not specify either the hash keyword or the simple keyword, you specify a plaintext password in the interactive mode.

Set a password if you configure local password authentication for temporary user role authorization.

It is a good practice to specify different passwords for different user roles.

Examples

# Set the password to 123456TESTplat&! for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator simple 123456TESTplat&!

# Set the password to 123456TESTplat&! in the interactive mode for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator

Password:

Confirm :

Updating user information. Please wait... ...

Related commands

· super authentication-mode

· super default role

vlan policy deny

Use vlan policy deny to enter user role VLAN policy view.

Use undo vlan policy deny to restore the default user role VLAN policy.

Syntax

vlan policy deny

undo vlan policy deny

Default

A user role has access to all VLANs.

Views

User role view

Predefined user roles

network-admin

Usage guidelines

To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:

1. Use vlan policy deny to enter user role VLAN policy view.

2. Use permit vlan to specify accessible VLANs.

NOTE:

The vlan policy deny command denies the access of the user role to any VLANs if the permit vlan command is not configured.

To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can perform the following tasks on an accessible VLAN:

· Create, remove, or configure the VLAN.

· Enter the VLAN view.

· Specify the VLAN in feature commands.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLANs.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] quit

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLANs except VLANs 50 to 100.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100

Related commands

· display role

· permit vlan

· role

Login management commands

Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:

· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

activation-key

Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a terminal session.

Use undo activation-key to restore the default.

Syntax

activation-key key-string

undo activation-key

Default

The terminal session activation key is Enter.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure activation-key 1, the shortcut key is Ctrl+A. If you configure activation-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 5.

Usage guidelines

This command is not supported in VTY line view or VTY line class view.

This command takes effect immediately.

To display the current terminal session activation key, use the display current-configuration | include activation-key command.

Table 5 ASCII code values for combined keys that use the Ctrl key

Combined key	ASCII code value
Ctrl+A	1
Ctrl+B	2
Ctrl+C	3
Ctrl+D	4
Ctrl+E	5
Ctrl+F	6
Ctrl+G	7
Ctrl+H	8
Ctrl+I	9
Ctrl+J	10
Ctrl+K	11
Ctrl+L	12
Ctrl+M	13
Ctrl+N	14
Ctrl+O	15
Ctrl+P	16
Ctrl+Q	17
Ctrl+R	18
Ctrl+S	19
Ctrl+T	20
Ctrl+U	21
Ctrl+V	22
Ctrl+W	23
Ctrl+X	24
Ctrl+Y	25
Ctrl+Z	26

Examples

# Configure character s as the terminal session activation key for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] activation-key s

To verify the configuration:

1. Exit the console session.

[Sysname-line-console0] return

<Sysname> quit

2. Log in again through the console line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Press s.

A terminal session is started.

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

authentication-mode { none | password | scheme }

undo authentication-mode

Default

The authentication mode is password for VTY lines, and none for console lines.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

Usage guidelines

Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

When the authentication mode is none, a user can log in without authentication. To improve device security, use the password or scheme authentication mode.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.

An authentication mode change does not take effect for the current session. It takes effect for subsequent login sessions.

Examples

# Enable the none authentication mode for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode none

# Enable password authentication for the user line VTY 0 and set the password to 321.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple 321

# Enable scheme authentication for the user line VTY 0. Configure the local user 123 and set the password to 321. Assign the Telnet service and the network-admin user role to the user.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode scheme

[Sysname-line-vty0] quit

[Sysname] local-user 123

[Sysname-luser-manage-123] password simple 321

[Sysname-luser-manage-123] service-type telnet

[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

auto-execute command

CAUTION:

After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration.

Use auto-execute command to specify the command to be automatically executed for a login user.

Use undo auto-execute command to restore the default.

Syntax

auto-execute command command

undo auto-execute command

Default

No command is specified to be automatically executed for a login user.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

command: Specifies the command to be automatically executed.

Usage guidelines

This command is not supported in console line view or console line class view.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over the default setting in the other view. A non-default setting in user line view takes precedence over the non-default setting in user line class view.

A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.

The device automatically executes the specified command when a user logs in through the user line. If the command triggers another task, the device does not close the user connection until the task is completed. If the command does not trigger any other tasks, the device closes the user connection after the command is executed.

Typically, you configure the auto-execute command telnet X.X.X.X command so the device redirects a Telnet user to the host at X.X.X.X. The connection to the device is closed when the user terminates the Telnet connection to X.X.X.X.

Examples

# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs in through user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] auto-execute command telnet 192.168.1.41

This action will lead to configuration failure through line-vty0. Are you sure?

[Y/N]:y

[Sysname-line-vty0]

# To verify the configuration, Telnet to the device (192.168.1.40).

The device automatically Telnets to 192.168.1.41, and the following output is displayed on the configuration terminal:

C:\> telnet 192.168.1.40

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.

command accounting

Use command accounting to enable command accounting.

Use undo command accounting to disable command accounting.

Syntax

command accounting

undo command accounting

Default

Command accounting is disabled, and the accounting server does not record executed commands.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.

Invalid commands are not recorded.

A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.

After you configure the command accounting command in user line class view, you cannot configure the undo command accounting command in any user line views in the class.

Examples

# Enable command accounting for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command accounting

Related commands

· accounting command (Security Command Reference)

· command authorization

command authorization

Use command authorization to enable command authorization.

Use undo command authorization to disable command authorization.

Syntax

command authorization

undo command authorization

Default

Command authorization is disabled. Logged-in users can execute commands without authorization.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.

A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.

If you configure the command authorization command in user line class view, command authorization is enabled for all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class.

Examples

# Enable command authorization for VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command authorization

Related commands

· authorization command (Security Command Reference)

· command accounting

databits

Use databits to specify the number of data bits for a character.

Use undo databits to restore the default.

Syntax

databits { 5 | 6 | 7 | 8 }

undo databits

Default

Eight data bits are used for a character.

Views

User line view

Predefined user roles

network-admin

Parameters

5: Uses five data bits for a character. This keyword is not supported in the current software version.

6: Uses six data bits for a character. This keyword is not supported in the current software version.

7: Uses seven data bits for a character.

8: Uses eight data bits for a character.

Usage guidelines

This command is not supported in VTY line class view.

This setting must be the same as the setting on the configuration terminal.

Examples

# Configure Console 0 to use seven data bits for a character.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] databits 5

display ip http

Use display ip http to display HTTP service configuration and status information.

Syntax

display ip http

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display HTTP service configuration and status information.

<Sysname> display ip http

HTTP port: 80

Basic ACL: 2222

HTTP status: Enabled

Table 6 Command output

Field	Description
HTTP port	HTTP service port number.
Basic ACL	ACL used to control HTTP access. If no ACL is used, this field displays 0.
HTTP status	Whether the HTTP service is enabled.

Related commands

· ip http acl

· ip http enable

· ip http port

display ip https

Use display ip https to display HTTPS service configuration and status information.

Syntax

display ip https

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display HTTPS service configuration and status information.

<Sysname> display ip https

HTTPS port: 443

SSL server policy: test

Certificate access control policy: Not configured

Basic ACL: 2222

HTTPS status: Enabled

Table 7 Command output

Field	Description
HTTPS port	HTTPS service port number.
SSL server policy	SSL server policy applied to the HTTPS service. If no SSL server policy is applied, this field displays Not configured.
Certificate access-control-policy	Certificate-based access control policy used to control client access rights. If no certificate-based access control policy is used, this field displays Not configured.
Basic ACL	ACL used to control HTTPS access. If no ACL is used, this field displays 0.
HTTPS status	Whether the HTTPS service is enabled.

Related commands

· ip https acl

· ip https certificate access-control-policy

· ip https enable

· ip https port

· ip https ssl-server-policy

display line

Use display line to display user line information.

Syntax

display line [ number1 | { console | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line.

The following matrix shows the value ranges for the number1 argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console number2: Specifies the relative number of a console line.

vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.

summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.

Examples

# Display user line information.

<Sysname> display line 0

Idx Type Tx/Rx Modem Auth Int Location

+ 0 CON 0 9600 - N - 1/0

+ : Line is active.

F : Line is active and in async mode.

Idx : Absolute index of line.

Type : Type and relative index of line.

Auth : Login authentication mode.

Int : Physical port of the line.

A : Authentication use AAA.

N : No authentication is required.

P : Password authentication.

Table 8 Command output

Field	Description
Modem	Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).
Int	Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-).
Location	On an IRF-incapable device, this field displays the physical position of the line, in the slot number/CPU number format. On an IRF-capable device, this field displays the physical position of the line, in the chassis number/CPU number format.

# Display summary information about all user lines.

<Sysname> display line summary

Line type : [CON]

0:XXXX

Line type : [VTY]

4:UUUU UXXX XXXX XXXX

20:XXXX XXXX XXXX XXXX

5 lines used. (U)

31 lines not used. (X)

Table 9 Command output

Fields	Description
number:status	number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not.

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not.

display telnet client

Use display telnet client to display the packet source setting for the Telnet client.

Syntax

display telnet client

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the packet source setting for the Telnet client.

<Sysname> display telnet client

The source IP address is 1.1.1.1.

Related commands

telnet client source

display user-interface

Use display user-interface to display user line information.

Syntax

display user-interface [ number1 | { console | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

number1: Specifies the absolute number of a user line.

The following matrix shows the value ranges for the number1 argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console number2: Specifies the relative number of a console line.

vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. H3C recommends that you use the display line command.

Examples

# Display user line information.

<Sysname> display user-interface 0

Idx Type Tx/Rx Modem Auth Int Location

+ 0 CON 0 9600 - N - 0/0

+ : Line is active.

F : Line is active and in async mode.

Idx : Absolute index of line.

Type : Type and relative index of line.

Auth : Login authentication mode.

Int : Physical port of the line.

A : Authentication use AAA.

N : No authentication is required.

P : Password authentication.

Table 10 Command output

Field	Description
Modem	Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).
Int	Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-).
Location	On an IRF-incapable device, this field displays the physical position of the line, in the slot number/CPU number format. On an IRF-capable device, this field displays the physical position of the line, in the chassis number/CPU number format.

# Display summary information about all user lines.

<Sysname> display user-interface summary

Line type : [CON]

0:XXXX

Line type : [VTY]

4:UUUU UXXX XXXX XXXX

20:XXXX XXXX XXXX XXXX

5 lines used. (U)

31 lines not used. (X)

Table 11 Command output

Fields	Description
number:status	number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not.

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not.

display users

Use display users to display online CLI users.

Syntax

display users [ all ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all user lines supported by the device.

Examples

# Display online user information.

<Sysname> display users

Idx Line Idle Time Pid Type

10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

The output shows that two users have logged in to the device: one is using user line VTY 0 and the other (yourself) is using VTY 1. Your IP address is 192.168.1.26.

Table 12 Command output

Field	Description
Idx	Absolute number of the user line.
Line	Type and relative number of the user line.
Idle	Time elapsed after the user's most recent input, in the hh:mm:ss format.
Time	Login time of the user.
Pid	Process ID of the user session.
Type	User type, such as Telnet or SSH.
+	User line you are using.
Location	IP address of the user.

display web menu

Use display web menu to display Web interface navigation tree information.

Syntax

display web menu [ chinese ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chinese: Displays information about the Chinese Web interface navigation tree. If you do not specify this keyword, the command displays information about the English Web interface navigation tree.

Usage guidelines

This command displays all options on the Web interface navigation tree.

Examples

# Display Web interface navigation tree information.

<Sysname> display web menu

|--m_system: ID = m_system

| |--m_dashboard: ID = m_dashboard

| |--Network Configuration: ID = m_controller

| | |--Mobility Domain: ID = m_mobilitydomain

| | | `--Roam: ID = m_roamoutstation

| | |--Network Interfaces: ID = m_networkinterfaces

| | | |--m_interface: ID = m_interface

| | | |--m_lagg: ID = m_lagg

| | | `--m_stormconstrain: ID = m_stormconstrain

| | |--VLAN: ID = m_vlan

| | | |--m_vlan: ID = m_vlan

| | | |--m_mac: ID = m_mac

| | | `--m_stp: ID = m_stp

| | |--Network Routing: ID = m_networkrouting

| | | |--m_routingtable: ID = m_routingtable

| | | |--m_staticrouting: ID = m_staticrouting

| | | |--m_rip: ID = m_rip

| | | `--m_pbr: ID = m_pbr

| | |--Network Services: ID = m_networkservices

| | | |--IP Services: ID = m_ipservices

| | | | `--m_ipv6: ID = m_ipv6

| | | |--DHCP/DNS: ID = m_dhcpdns

| | | | `--m_ipv6dns: ID = m_ipv6dns

| | | |--Multicast: ID = m_multicast

| | | | `--m_mldsnooping: ID = m_mldsnooping

| | | |--ARP: ID = m_arp

| | | | `--m_arp: ID = m_arp

| | | `--ND: ID = m_nd

| | | `--m_nd: ID = m_nd

| | `--Management Protocols: ID = m_managementprotocols

| | |--m_http: ID = m_http

| | |--m_ftp: ID = m_ftp

| | |--m_telnet: ID = m_telnet

| | |--m_ntp: ID = m_ntp

| | |--m_lldp: ID = m_lldp

| | `--m_logsettings: ID = m_logsettings

| |--Network Security: ID = m_networksecurity

| | |--Packet Filter: ID = m_packetfilter

| | | `--m_packetfilter: ID = m_packetfilter

| | |--QoS: ID = m_trafficpolicy

| | | |--m_mqc: ID = m_mqc

| | | |--m_priority: ID = m_priority

| | | `--m_linerate: ID = m_linerate

| | |--Access Control: ID = m_accesscontrol

| | | `--m_8021x: ID = m_8021x

| | |--Authentication: ID = m_authentication

| | | |--m_ispdomain: ID = m_ispdomain

| | | `--m_radius: ID = m_radius

| | `--User Management: ID = m_usermanagement

| | `--m_localuser: ID = m_localuser

| |--System: ID = m_system

| | |--Event Logs: ID = m_syslogtop

| | | `--Event Logs: ID = m_syslog

| | |--Resource: ID = m_resource

| | | |--IPv4 ACL: ID = m_ipv4acl

| | | |--IPv6 ACL: ID = m_ipv6acl

| | | |--m_macacl: ID = m_macacl

| | | |--m_useracl: ID = m_useracl

| | | `--m_timerange: ID = m_timerange

| | |--Administrators: ID = m_administrator

| | | `--m_admin: ID = m_admin

| | `--Management: ID = m_management

| | |--m_devicesettings: ID = m_devicesettings

| | |--m_config: ID = m_config

| | |--m_upgrade: ID = m_upgrade

| | |--m_reboot: ID = m_reboot

| | `--m_about: ID = m_about

| `--Tools: ID = m_tools

| |--Port Mirroring: ID = m_portmirroring

| | `--m_portmirror: ID = m_portmirror

| `--Debug: ID = m_debug

| `--m_diagnostic: ID = m_diagnostic

|--m_global: ID = m_global

| |--m_dashboard: ID = m_dashboard

| |--Quick Start: ID = m_quickaction

| | |--Add New AP: ID = m_addaptop

| | | `--Add New AP: ID = m_addap

| | `--Add New SSID: ID = m_addssidtop

| | `--Add New SSID: ID = m_addssid

| |--Monitoring: ID = m_monitoring

| | |--Wireless Networks: ID = m_monwirelessnetworks

| | | `--Wireless Services: ID = m_monssid

| | |--Access Points: ID = m_monaccesspoints

| | | |--APs: ID = m_monaps

| | | `--AP Groups: ID = m_monapgroups

| | |--Clients: ID = m_monclients

| | | `--Clients: ID = m_monclients

| | |--Wireless Security: ID = m_wipssecurity

| | | `--WIPS: ID = m_wipsdashboard

| | |--RF Monitoring: ID = m_rfmonitoring

| | | |--RF Optimization: ID = m_monrfoptimization

| | | `--Spectrum Analysis: ID = m_monitoringspectrumanalysis

| | `--Application Monitoring: ID = m_appmonitoring

| | `--Bonjour: ID = m_monbonjour

| |--Wireless Configuration: ID = m_wsconfig

| | |--Wireless Networks: ID = m_wirelessnetworks

| | | `--Wireless Networks: ID = m_servicetemplate

| | |--AP Management: ID = m_apmanage

| | | |--AP Groups: ID = m_apgroups

| | | |--Access Points: ID = m_accesspoints

| | | |--AP Global Settings: ID = m_apsettings

| | | |--AP Provision: ID = m_approvision

| | | `--AP Group Provision: ID = m_apgroupprovision

| | |--Wireless QoS: ID = m_wlanqos

| | | |--Client Rate Limit: ID = m_clientratelimit

| | | |--Bandwidth Guarantee: ID = m_bandwidthguarantee

| | | `--Wi-Fi Multimedia: ID = m_wifimultimedia

| | |--Wireless Security: ID = m_wirelesssecurity

| | | |--WIPS: ID = m_wips

| | | `--Filter: ID = m_wuac

| | |--Radio Resource: ID = m_radiomanage

| | | |--Radio Management: ID = m_radio

| | | |--RF Optimization: ID = m_rfoptimization

| | | |--Spectrum Analysis: ID = m_spectrumanalysis

| | | |--Load Balancing: ID = m_loadbalancing

| | | `--Band Navigation: ID = m_bandnavigation

| | `--Applications: ID = m_applications

| | |--Mesh Services: ID = m_meshservices

| | |--Location Aware: ID = m_locationaware

| | `--Bonjour: ID = m_bonjour

| |--Network Security: ID = m_networksecurity

| | |--Packet Filter: ID = m_packetfilter

| | | `--m_packetfilter: ID = m_packetfilter

| | |--QoS: ID = m_trafficpolicy

| | | |--m_mqc: ID = m_mqc

| | | |--m_priority: ID = m_priority

| | | `--m_linerate: ID = m_linerate

| | |--Access Control: ID = m_accesscontrol

| | | `--m_8021x: ID = m_8021x

| | |--Authentication: ID = m_authentication

| | | |--m_ispdomain: ID = m_ispdomain

| | | `--m_radius: ID = m_radius

| | |--BYOD: ID = m_byod

| | | |--BYOD DB: ID = m_byod

| | | `--BYOD Authorization: ID = m_byodauth

| | |--User Management: ID = m_usermanage

| | | `--m_localuser: ID = m_localuser

| | `--Guest Management: ID = m_guestmanage

| | |--Guest User: ID = m_guestlist

| | |--Import Guest: ID = m_importguest

| | |--Generate Guest Account: ID = m_generateguest

| | |--Approve Guest: ID = m_approveguest

| | `--Guest Configuration: ID = m_guestsyscfg

| |--Tools: ID = m_tools

| | |--Wireless Capture: ID = m_wirelesscapture

| | | `--Wireless Capture: ID = m_wirelesscapture

| | |--RF Ping: ID = m_rfping

| | | `--RF Ping: ID = m_rfping

| | `--Debug: ID = m_debug

| | `--m_diagnostic: ID = m_diagnostic

| `--Reporting: ID = m_reporting

| |--Client Statistics: ID = m_clientreports

| | |--AC Frame: ID = m_acframe

| | |--AC Bytes: ID = m_acbyte

| | |--Total Frame: ID = m_totalframe

| | `--Total Bytes: ID = m_totalbyte

| |--AP Statistics: ID = m_apreports

| | `--AP Statistics: ID = m_apreports

| `--Wireless Service Statistics: ID = m_wsreport

`--m_apnode: ID = m_apnode

`--Wireless Configuration: ID = m_wsconfig

|--AP Management: ID = m_apmanage

| `--Access Points: ID = m_accesspoints

|--Applications: ID = m_applications

| `--Location Aware: ID = m_locationaware

`--Radio Resource: ID = m_radiomanage

|--Radio Management: ID = m_radio

`--RF Optimization: ID = m_rfoptimization

display web users

Use display web users to display online Web users.

Syntax

display web users

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display online Web users.

<Sysname> display web users

UserID Name Type Language JobCount LoginTime LastOperation

AB2039483271293 Administrator HTTP Chinese 3 12:00:23 14:10:05

F09382BA2014AC8 user HTTPS English 1 13:05:00 14:11:00

Table 13 Command output

Field	Description
UserID	ID used to uniquely identify the online Web user.
JobCount	Number of connections established by the user.

escape-key

Use escape-key to set the escape key.

Use undo escape-key to disable the escape key.

Syntax

escape-key { key-string | default }

undo escape-key

Default

The escape key is Ctrl+C.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a case sensitive character except for d and D, or an ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut key is Ctrl+A. If you configure escape-key a, the shortcut key is a. If you specify character d or D for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must specify the ASCII code value of the character for this argument. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 5.

default: Restores the default escape key Ctrl+C.

Usage guidelines

You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.

Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.

As a best practice, use a key sequence as the shortcut key. If you define a single character as the shortcut key, pressing the key while a command is being executed stops the command. If no command is being executed, pressing the key enters the character as a common character. If you Telnet from the device to a remote device, pressing the key enters the character as a common character on the remote device. The key acts as the escape key on the remote device only when the following conditions are met:

· You define the same character as the escape key on the remote device.

· You press the key while a command is being executed on the remote device.

The undo escape-key command disables the current escape key. After you execute this command, no escape key is available.

The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured. To display the current escape key, use the display current-configuration | include escape-key command.

Examples

# Define character a as the escape key for console line 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] escape-key a

To verify the configuration:

1. Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.

<Sysname> ping -c 20 192.168.1.49

PING 192.168.1.49: 56 data bytes, press a to break

Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2. Press a.

The system aborts the command and returns to user view.

--- 192.168.1.49 ping statistics ---

2 packet(s) transmitted

2 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/3/3 ms

flow-control

Use flow-control to configure the flow control mode.

Use undo flow-control to restore the default.

Syntax

flow-control { hardware | none | software }

undo flow-control

Default

Flow control is disabled on a user line.

Views

User line view

Predefined user roles

network-admin

Parameters

hardware: Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Usage guidelines

This command is not supported in VTY line view.

The device supports flow control in both the inbound and outbound directions.

· For flow control in the inbound direction, the local device listens to flow control information from the remote device.

· For flow control in the outbound direction, the local device sends flow control information to the remote device.

The flow control setting takes effect in both directions.

For two devices to communicate, make sure their flow control modes match.

Examples

# Configure software flow control for the user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] flow-control software

free line

Use free line to release a user line.

Syntax

free line { number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line.

The following matrix shows the value ranges for the number1 argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console number2: Specifies the relative number of a console line.

vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.

Usage guidelines

This command does not release the line you are using.

Examples

# Display online users.

<Sysname> display users

Idx Line Idle Time Pid Type

10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

# Release the user line VTY 1.

<Sysname> free line vty 1

Are you sure to free line vty1? [Y/N]:y

[OK]

free user-interface

Use free user-interface to release a user line.

Syntax

free user-interface { number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

number1: Specifies the absolute number of a user line.

The following matrix shows the value ranges for the number1 argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console number2: Specifies the relative number of a console line.

vty number2: Specifies the relative number of a VTY line. The value range is 0 to 31.

Usage guidelines

This command does not release the line you are using.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. H3C recommends that you use the free line command.

Examples

# Display online users.

<Sysname> display users

Idx LINE Idle Time Pid Type

10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL

+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.12

VTY 1 :

Location: 192.168.1.26

+ : Current operation user.

F : Current operation user works in async mode.

# Release the user line VTY 1.

<Sysname> free user-interface vty 1

Are you sure to free line vty1? [Y/N]:y

[OK]

free web users

Use free web users to log off online Web users.

Syntax

free web users { all | user-id user-id | user-name user-name }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all Web users.

user-id: Specifies a Web user by the ID, a hexadecimal number of 15 digits. The system assigns each Web user a unique ID at login to identify the user.

user-name: Specifies a Web user by the username, a case-sensitive string of 1 to 255 characters.

Examples

# Log off all online Web users.

<Sysname> free web users all

Related commands

display web users

history-command max-size

Use history-command max-size to set the size of the command history buffer for a user line.

Use undo history-command max-size to restore the default.

Syntax

history-command max-size size-value

undo history-command max-size

Default

The buffer for a user line saves up to 10 history commands.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.

Usage guidelines

Each user line uses a separate command history buffer to save commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.

To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command.

Terminating a CLI session clears the commands in the history buffer.

Examples

# Set the command history buffer size to 20 for the user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] history-command max-size 20

idle-timeout

Use idle-timeout to set the session idle timeout timer.

Use undo idle-timeout to restore the default.

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

Default

The idle timeout timer is 10 minutes.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

minutes: Specifies the number of minutes, in the range of 0 to 35791. The default is 10 minutes.

seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.

Usage guidelines

The system automatically terminates a user connection if no information interaction occurs on the connection within the idle timeout interval.

To disable the idle timeout feature, execute the idle-timeout 0 command.

Examples

# Set the idle timeout to 1 minute and 30 seconds for the user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] idle-timeout 1 30

ip http acl

Use ip http acl to apply an ACL to the HTTP service.

Use undo ip http acl to restore the default.

Syntax

ip http acl { acl-number | name acl-name }

undo ip http acl

Default

No ACL is applied to the HTTP service.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. The specified ACL takes effect only when the ACL exists and is a basic ACL.

Usage guidelines

If you execute the ip http acl command multiple times, the most recent configuration takes effect.

Only clients permitted by the applied ACL can access the device through HTTP.

Examples

# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTP.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ip http acl 2001

Related commands

acl (ACL and QoS Command Reference)

ip http enable

Use ip http enable to enable the HTTP service.

Use undo ip http enable to disable the HTTP service.

Syntax

ip http enable

undo ip http enable

Default

The HTTP service is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To allow users to access the device through HTTP, you must enable the HTTP service.

Examples

# Enable the HTTP service.

<Sysname> system-view

[Sysname] ip http enable

Related commands

ip https enable

ip http port

Use ip http port to specify the HTTP service port number.

Use undo ip http port to restore the default.

Syntax

ip http port port-number

undo ip http port

Default

The HTTP service port number is 80.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

When the HTTP service is enabled, changing the HTTP service port number re-enables the HTTP service and closes all HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.

Examples

# Set the HTTP service port number to 80.

<Sysname> system-view

[Sysname] ip http port 80

ip https acl

Use ip https acl to apply an ACL to the HTTPS service.

Use undo ip https acl to restore the default.

Syntax

ip https acl { acl-number | name acl-name }

undo ip https acl

Default

No ACL is applied to the HTTPS service.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an ACL by its number. The value range is 2000 to 2999.

Usage guidelines

Web login requests contain usernames and passwords. For security purposes, the device always uses HTTPS to transfer Web login requests.

The ACL applied to the HTTPS service controls both HTTPS and HTTP logins. To access the device, HTTPS clients must be permitted by the ACL applied to the HTTPS service. To access the device, HTTP clients must be permitted by the following ACLs:

· ACL applied to the HTTP service.

· ACL applied to the HTTPS service.

If you execute the ip https acl command multiple times, the most recent configuration takes effect.

Examples

# Use ACL 2001 to allow only users from 10.10.0.0/16 to access the device through HTTPS or HTTP.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ip https acl 2001

Related commands

acl (ACL and QoS Command Reference)

ip https certificate access-control-policy

Use ip https certificate access-control-policy to apply a certificate-based access control policy to control HTTPS access.

Use undo ip https certificate access-control-policy to restore the default.

Syntax

ip https certificate access-control-policy policy-name

undo ip https certificate access-control-policy

Default

No certificate-based access control policy is applied for HTTPS access control.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a certificate-based access control policy by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

For more information about the certificate-based access control policy, see the chapter on PKI in Security Configuration Guide.

Examples

# Use the certificate-based access control policy myacl to control HTTPS access.

<Sysname> system-view

[Sysname] ip https certificate access-control-policy myacl

Related commands

pki certificate access-control-policy (Security Command Reference)

ip https enable

Use ip https enable to enable the HTTPS service.

Use undo ip https enable to disable the HTTPS service.

Syntax

ip https enable

undo ip https enable

Default

The HTTPS service is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To allow users to access the device through HTTPS or HTTP, you must enable the HTTPS service.

Enabling the HTTPS service triggers the SSL handshake negotiation process.

· If the device has a local certificate, the SSL handshake negotiation succeeds and the HTTPS service starts up.

· If the device does not have a local certificate, the certificate application process starts. Because the certificate application process takes a long time, the SSL handshake negotiation might fail and the HTTPS service might not be started. To solve the problem, execute this command again until the HTTPS service is enabled.

Examples

# Enable the HTTPS service.

<Sysname> system-view

[Sysname] ip https enable

Related commands

· ip https certificate access-control-policy

· ip https ssl-server-policy

ip https port

Use ip https port to specify the HTTPS service port number.

Use undo ip https port to restore the default.

Syntax

ip https port port-number

undo ip https port

Default

The HTTPS service port number is 443.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

When the HTTPS service is enabled, changing the HTTPS service port number re-enables the HTTPS service and closes all HTTPS and HTTP connections. To log in again, users must enter the new URL in the Web browser's address bar.

Examples

# Set the HTTPS service port number to 8080.

<Sysname> system-view

[Sysname] ip https port 8080

ip https ssl-server-policy

Use ip https ssl-server-policy to apply an SSL server policy to control HTTPS access.

Use undo ip https ssl-server-policy to restore the default.

Syntax

ip https ssl-server-policy policy-name

undo ip https ssl-server-policy

Default

No SSL server policy is applied. The HTTPS service uses a self-signed certificate.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL server policy name, a string of 1 to 31 characters.

Usage guidelines

If the HTTPS service is enabled, changes to the applied SSL server policy do not take effect. For the changes to take effect, you must disable HTTP and HTTPS, and then apply the policy and enable HTTP and HTTPS again.

To restore the default, you must disable HTTP and HTTPS, execute the undo ip https ssl-server-policy command, and then enable HTTP and HTTPS again.

Examples

# Apply SSL server policy myssl to the HTTPS service.

<Sysname> system-view

[Sysname] ip https ssl-server-policy myssl

Related commands

ssl server-policy (Security Command Reference)

line

Use line to enter one or multiple user line views.

Syntax

line { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line.

last-number1: Specifies the absolute number of the last user line. This number must be greater than first-number1.

The following matrix shows the value ranges for the first-number1 and last-number1 arguments:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console first-number2: Specifies the relative number of the first console line.

vty first-number2: Specifies the relative number of the first VTY line. The value range is 0 to 31.

vty last-number2: Specifies the relative number of the last VTY user line. The value range is 0 to 31. This number must be greater than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

Examples

# Enter the view of user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4]

Related commands

line class

Use line class to enter user line class view.

Syntax

line class { console | vty }

Views

System view

Predefined user roles

network-admin

Parameters

console: Specifies the console line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

In user line class view, you can execute the following commands:

· activation-key

· auto-execute command

· authentication-mode

· command accounting

· command authorization

· escape-key

· history-command max-size

· idle-timeout

· protocol inbound

· screen-length

· set authentication password

· shell

· terminal type

· user-role

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:

· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.

Examples

# Set the user connection timeout to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] idle-timeout 15

# In console line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] line class console

[Sysname-line-class-console] activation-key s

[Sysname-line-class-console] quit

# In console line view, restore the default shortcut key for starting a terminal session.

[Sysname] line console 0

[Sysname-line-console0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-console0] activation-key 13

To verify the configuration:

1. Exit the console session.

[Sysname-line-console0] return

<Sysname> quit

2. Log in again through the console line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Enter s.

A terminal session is started.

Related commands

line

lock

Use lock to lock the current user line and set the password for unlocking the line.

Syntax

lock

Default

The system does not lock any user lines.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

To unlock the user line, press Enter and enter the password you set.

Examples

# Lock the current user line and set the password for unlocking the line.

<Sysname> lock

Please input password<1 to 16> to lock current line:

Password:

Again:

locked !

// The user line is locked. To unlock it, press Enter and enter the password:

Password:

lock-key

Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication.

Use undo lock-key to restore the default.

Syntax

lock-key key-string

undo lock-key

Default

No user line locking key is set.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure lock-key 1, the shortcut key is Ctrl+A. If you configure lock-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 5.

Usage guidelines

H3C recommends that you specify a combined key as the user line locking key. If you specify a single character as the key, the character acts only as the user line locking key. You cannot type the character for any commands, keywords, or arguments.

Pressing this shortcut key is equivalent to executing the lock reauthentication command.

This command takes effect immediately.

To display the current user line locking key, use the display current-configuration | include lock-key command.

Examples

# Set the user line locking key to Ctrl+A for the user line console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] lock-key 1

[Sysname-line-console0] quit

To verify the configuration:

1. Press Ctrl+A.

[Sysname]

Please press Enter to unlock the screen.

2. Press Enter and enter the login password.

Password:

[Sysname]

Related commands

lock reauthentication

Use lock reauthentication to lock the current user line and enable unlocking authentication.

Syntax

lock reauthentication

Default

The system does not lock any user lines or initiate reauthentication.

Views

Any view

Predefined user roles

network-admin

Usage guidelines

This command locks the current user line. To unlock the user line, you must press Enter and provide the login password to pass reauthentication. If you have changed the login password after login, you must provide the new password. If no login password is set, the system unlocks the user line after you press Enter.

Examples

# Lock the current user line and enable unlocking authentication.

<Sysname> lock reauthentication

Please press Enter to unlock the screen.

// The user line is locked. To unlock it, press Enter and enter the login password:

Password:

Related commands

lock-key

parity

Use parity to specify the parity.

Use undo parity to restore the default.

Syntax

parity { even | mark | none | odd | space }

undo parity

Default

The setting is none, and no parity is used.

Views

User line view

Predefined user roles

network-admin

Parameters

even: Uses even parity.

mark: Uses mark parity.

none: Uses no parity.

odd: Uses odd parity.

space: Uses space parity.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must use the same parity.

Examples

# Configure the user line Console 0 to use odd parity.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] parity odd

protocol inbound

Use protocol inbound to specify the supported protocols.

Use undo protocol inbound to restore the default.

Syntax

protocol inbound { all | ssh | telnet }

undo protocol inbound

Default

Both SSH and Telnet are supported.

Views

VTY line view

VTY line class view

Predefined user roles

network-admin

Parameters

all: Supports both SSH and Telnet.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Usage guidelines

Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

A configuration change in user line view does not take effect for the current session. It takes effect for subsequent login sessions.

Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable user lines VTY 0 through VTY 4 to support only SSH.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] authentication-mode scheme

[Sysname-line-vty0-4] protocol inbound ssh

# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] authentication-mode scheme

[Sysname-line-class-vty] protocol inbound ssh

[Sysname-line-class-vty] line vty 0 4

[Sysname-line-vty0-4] authentication-mode none

To verify the configuration:

1. Telnet to the device.

<Client> telnet 192.168.1.241

Trying 192.168.1.241 ...

Press CTRL+K to abort

Connected to 192.168.1.241 ...

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

You are logged in without authentication.

2. Display online CLI user information.

<Server> display users

Idx Line Idle Time Pid Type

+ 50 VTY 0 00:00:00 Jan 17 15:29:27 189 TEL

Following are more details.

VTY 0 :

Location: 192.168.1.186

+ : Current operation user.

F : Current operation user works in async mode.

The output shows that you are using VTY 0. The configuration in user line view is effective.

restful http enable

Use restful http enable to enable RESTful access over HTTP.

Use undo restful http enable to disable RESTful access over HTTP.

Syntax

restful http enable

undo restful http enable

Default

RESTful access over HTTP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For users to access the device through the HTTP-based RESTful API, you must enable RESTful access over HTTP.

Examples

# Enable RESTful access over HTTP.

<Sysname> system-view

[Sysname] restful http enable

restful https enable

Use restful https enable to enable RESTful access over HTTPS.

Use undo restful https enable to disable RESTful access over HTTPS.

Syntax

restful https enable

undo restful https enable

Default

RESTful access over HTTPS is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

For users to access the device through the HTTPS-based RESTful API, you must enable RESTful access over HTTPS.

Examples

# Enable RESTful access over HTTPS.

<Sysname> system-view

[Sysname] restful https enable

screen-length

Use screen-length to set the maximum number of lines of command output to send to the terminal at a time when the screen pausing feature is enabled.

Use undo screen-length to restore the default.

Syntax

screen-length screen-length

undo screen-length

Default

A maximum of 24 lines are sent.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.

Usage guidelines

The number of lines that can be displayed on the terminal screen is restricted by both this setting and the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.

To continue to display command output after a pause, press the space bar.

Examples

# Set the maximum number of lines to send at a time to 30 for the user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] screen-length 30

Related commands

screen-length disable

send

Use send to send messages to online login users.

Syntax

send { all | number1 | { console | vty } number2 }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all user lines.

number1: Specifies the absolute number of a user line.

The following matrix shows the value ranges for the number1 argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console number2: Specifies the relative number of a console line.

vty number2: Specifies the relative number of a VTY line. The number2 argument is in the range of 0 to 31.

Usage guidelines

To end a message, press Enter. To abort the send operation, press Ctrl+C.

You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.

Examples

# Send a notification to the user on VTY 1.

<Sysname> send vty 1

Input message, end with Enter; abort with CTRL+C:

Your attention, please. I will reboot the system in 3 minutes.

Send message? [Y/N]:y

The message should appear on the user's terminal screen as follows:

[Sysname]

***

***Message from vty0 to vty1

***

Your attention, please. I will reboot the system in 3 minutes.

set authentication password

Use set authentication password to set a password for local password authentication.

Use undo set authentication password to delete the password.

Syntax

set authentication password { hash | simple } password

undo set authentication password

Default

No password is set for local password authentication.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

hash: Sets a hashed password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If hash is specified, it must be a string of 1 to 110 characters.

Usage guidelines

Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

For security purposes, the password is hashed before being saved, whether you specify the hash or simple keyword.

This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

A password change does not take effect for the current session. It takes effect for subsequent login sessions.

Examples

# Set the password to hello for local password authentication on the user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] authentication-mode password

[Sysname-line-console0] set authentication password simple hello

Related commands

authentication-mode

shell

Use shell to enable the terminal service for user lines.

Use undo shell to disable the terminal service for user lines.

Syntax

shell

undo shell

Default

The terminal service is enabled on all user lines.

Views

User line view

User line class view

Predefined user roles

network-admin

Usage guidelines

The undo shell command is not supported in console line view or console line class view.

You cannot disable the terminal service on the user line you are using.

When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.

If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.

When terminal service is enabled, a user line can be used for device login. If the device is acting as the redirect server, the user line can also be used for the redirect service. However, the user line can be used for only one purpose at a time.

Examples

# Disable the terminal service for user lines VTY 0 through VTY 4 so no user can log in to the device through the user lines.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] undo shell

Disable ui-vty0-4 , are you sure? [Y/N]:y

[Sysname-line-vty0-4]

speed

Use speed to set the transmission rate (also called the baud rate) on a user line.

Use undo speed to restore the default.

Syntax

speed speed-value

undo speed

Default

The transmission rate on a user line is 9600 bps.

Views

User line view

Predefined user roles

network-admin

Parameters

speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the device model and configuration environment. The transmission rates for asynchronous serial interfaces might include:

· 300 bps.

· 600 bps.

· 1200 bps.

· 2400 bps.

· 4800 bps.

· 9600 bps.

· 19200 bps.

· 38400 bps.

· 57600 bps.

· 115200 bps.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same transmission rate to communicate.

Examples

# Set the transmission rate to 19200 bps for user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] speed 19200

stopbits

Use stopbits to specify the number of stop bits for a character.

Use undo stopbits to restore the default.

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

Default

One stop bit is used.

Views

User line view

Predefined user roles

network-admin

Parameters

1: Uses one stop bit.

1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

2: Uses two stop bits.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured to use the same number of stop bits to communicate.

Examples

# Set the number of stop bits to 1 for user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] stopbits 1

telnet

Use telnet to Telnet to a host in an IPv4 network.

Syntax

telnet remote-host [ service-port ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address.

interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.

dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.

Usage guidelines

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

The source address or interface specified by this command is applied only to the Telnet connection that is being established.

Examples

# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

Related commands

telnet client source

Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to use for outgoing Telnet packets.

Use undo telnet client source to delete the configuration.

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

Default

No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.

Examples

# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

Related commands

display telnet client configuration

telnet ipv6

Use telnet ipv6 to Telnet to a host in an IPv6 network.

Syntax

telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ source { interface interface-type interface-number | ipv6 ipv6-address } ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

Parameters

remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is required when the remote host address is a link-local address. When the server address is a global unicast address, you cannot specify this option.

port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv6 address of the output interface for the route to the server as the source address.

interface interface-type interface-number: Specifies the source interface. The primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets.

ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.

dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.

Usage guidelines

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

Examples

# Telnet to the host at 5000::1.

<Sysname> telnet ipv6 5000::1

# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.

<Sysname> telnet ipv6 2000::1 source ipv6 1000::1

telnet server acl

Use telnet server acl to apply an ACL to filter Telnet logins.

Use undo telnet server acl to restore the default.

Syntax

telnet server acl [ mac ] acl-number

undo telnet server acl

Default

No ACL is used to filter Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.

acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range of this argument is 4000 to 4999. If you do not specify the mac keyword, the value range of this argument is 2000 to 3999.

Usage guidelines

This command does not take effect on existing Telnet connections.

You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.

If you execute this command multiple times, the most recent configuration takes effect.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 1.1.1.1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] telnet server acl 2001

telnet server dscp

Use telnet server dscp to specify the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server dscp to restore the default.

Syntax

telnet server dscp dscp-value

undo telnet server dscp

Default

IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.

Examples

# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server dscp 30

telnet server ipv6 acl

Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.

Use undo telnet server ipv6 acl to restore the default.

Syntax

telnet server ipv6 acl { ipv6 | mac } acl-number

undo telnet server ipv6 acl

Default

No IPv6 ACL is used to filter IPv6 Telnet logins.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies an IPv6 ACL.

mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.

acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range of this argument is 2000 to 3999. If you specify the mac keyword, the value range of this argument is 4000 to 4999.

Usage guidelines

This command does not take effect on existing Telnet connections.

You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.

If you execute this command multiple times, the most recent configuration takes effect.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 2000::1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128

[Sysname-acl6-ipv6-basic-2001] quit

[Sysname] telnet server ipv6 acl ipv6 2001

telnet server ipv6 dscp

Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server ipv6 dscp to restore the default.

Syntax

telnet server ipv6 dscp dscp-value

undo telnet server ipv6 dscp

Default

IPv6 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.

Examples

# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server ipv6 dscp 30

telnet server enable

Use telnet server enable to enable the Telnet server.

Use undo telnet server enable to disable the Telnet server.

Syntax

telnet server enable

undo telnet server enable

Default

The Telnet server is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Users can Telnet to the device only when the Telnet server feature is enabled.

Examples

# Enable the Telnet server.

<Sysname> system-view

[Sysname] telnet server enable

telnet server ipv6 port

Use telnet server ipv6 port to specify the IPv6 Telnet service port number.

Use undo telnet server ipv6 port to restore the default.

Syntax

telnet server ipv6 port port-number

undo telnet server ipv6 port

Default

The IPv6 Telnet service port number is 23.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.

Usage guidelines

This command terminates all Telnet connections to the IPv6 Telnet server. To use the Telnet service, you must reestablish Telnet connections.

Examples

# Set the IPv6 Telnet service port number to 1026.

<Sysname> system-view

[Sysname] telnet server ipv6 port 1026

telnet server port

Use telnet server port to specify the IPv4 Telnet service port number.

Use undo telnet server port to restore the default.

Syntax

telnet server port port-number

undo telnet server port

Default

The IPv4 Telnet service port number is 23.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.

Usage guidelines

This command terminates all Telnet connections to the IPv4 Telnet server. To use the Telnet service, you must reestablish Telnet connections.

Examples

# Set the IPv4 Telnet service port number to 1025.

<Sysname> system-view

[Sysname] telnet server port 1025

terminal type

Use terminal type to specify the terminal display type.

Use undo terminal type to restore the default.

Syntax

terminal type { ansi | vt100 }

undo terminal type

Default

The terminal display type is ANSI.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

ansi: Specifies the ANSI type.

vt100: Specifies the VT100 type.

Usage guidelines

The device supports two terminal display types: ANSI and VT100. H3C recommends that you specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters. For example, a cursor positioning error might occur.

A terminal display type change does not take effect for the current session. It takes effect for subsequent login sessions.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] terminal type vt100

user-interface

Use user-interface to enter one or multiple user line views.

Syntax

user-interface { first-number1 [ last-number1 ] | { console | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

Parameters

first-number1: Specifies the absolute number of the first user line.

last-number1: Specifies the absolute number of the last user line. This number must be greater than first-number1.

The following matrix shows the value ranges for the first-number1 and last-number1 arguments:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 32: · WX1810H · WX1820H · WX1840H 0 to 33: WX1804H
WX3800H series	WX3820H WX3840H	0 to 33
WX5800H series	WX5860H	0 to 33

console first-number2: Specifies the relative number of the first console line.

vty first-number2: Specifies the relative number of the first VTY line. The value range is 0 to 31.

vty last-number2: Specifies the relative number of the last VTY user line. The value range is 0 to 31. This number must be greater than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. H3C recommends that you use the line command.

Examples

# Enter the view of user line Console 0.

<Sysname> system-view

[Sysname] user-interface console 0

[Sysname-line-console0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-line-vty0-4]

Related commands

user-interface class

Use user-interface class to enter user line class view.

Syntax

user-interface class { console | vty }

Views

System view

Predefined user roles

network-admin

Parameters

console: Specifies the console line class view.

vty: Specifies the VTY line class view.

Usage guidelines

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. H3C recommends that you use the line class command.

To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.

The following commands are available in user line class view:

· activation-key

· auto-execute command

· authentication-mode

· command accounting

· command authorization

· escape-key

· history-command max-size

· idle-timeout

· protocol inbound

· screen-length

· set authentication password

· shell

· terminal type

· user-role

For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:

· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.

· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.

Examples

# Set the user connection timeout to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] user-interface class vty

[Sysname-line-class-vty] idle-timeout 15

# In console line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] user-interface class console

[Sysname-line-class-console] activation-key s

[Sysname-line-class-console] quit

# In console line view, restore the default shortcut key for starting a terminal session.

[Sysname] user-interface console 0

[Sysname-line-console0] undo activation-key

Alternatively, you can use the following command:

[Sysname-line-console0] activation-key 13

To verify the configuration:

1. Exit the console session.

[Sysname-line-console0] return

<Sysname> quit

2. Log in again through the console line.

The following message appears:

Press ENTER to get started.

3. Press Enter.

Pressing Enter does not start a session.

4. Enter s.

A terminal session is started.

Related commands

user-interface

user-role

Use user-role to assign a user role to a user line. The device assigns the user role to a user of the line when the user logs in.

Use undo user-role to remove a user role or restore the default.

Syntax

user-role role-name

undo user-role [ role-name ]

Default

A console line user is assigned the network-admin user role. Users of other user lines are assigned the network-operator user role.

Views

User line view

User line class view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined (network-admin, network-operator, or level-0 to level-15). If you do not specify this argument, the undo user-role command restores the default user role.

Usage guidelines

Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.

A user role change does not take effect for the current session. It takes effect for subsequent login sessions.

You can assign up to 64 user roles to a user line.

The security-audit and guest-manager user roles are not available in user line view or user line class view. You cannot use this command to assign the user roles.

For more information about user roles, see RBAC in Fundamentals Configuration Guide.

Examples

# Assign user role network-admin to user line Console 0.

<Sysname> system-view

[Sysname] line console 0

[Sysname-line-console0] user-role network-admin

web captcha

Use web captcha to specify a fixed verification code for Web login.

Use undo web captcha to restore the default.

Syntax

web captcha verification-code

undo web captcha

Default

No fixed verification code is configured for Web login. A Web user must enter the verification code displayed on the login page.

Views

User view

Predefined user roles

network-admin

Parameters

verification-code: Specifies the fixed verification code, a case-sensitive 4-character string.

Usage guidelines

In test environments where a script is used for Web function tests, you can configure a fixed verification code to improve test efficiency.

For Web access security purposes, do not use this feature in production environments.

If you configure the web captcha command multiple times, the most recent configuration takes effect.

This command is not saved to the configuration file and will not take effect after a reboot.

Examples

# Set the fixed verification code to test for Web login.

<Sysname> web captcha test

web https-authorization mode

Use web https-authorization mode to set the authentication mode for HTTPS login.

Use undo web https-authorization mode to restore the default.

Syntax

web https-authorization mode { auto | manual }

undo web https-authorization mode

Default

Manual authentication mode is used for HTTPS login.

Views

System view

Predefined user roles

network-admin

Parameters

auto: Uses the PKI certificate of an HTTPS client to authenticate the client automatically.

manual: Sends the login page to the HTTPS client, and uses the username and password entered on the page to authenticate the client.

Usage guidelines

In auto authentication mode, the device uses the PKI certificate of an HTTPS client to authenticate the client automatically.

· If the certificate is valid, the value of the CN field is used as the username for AAA authentication.

? If the authentication succeeds, the Web interface appears on the client.

? If the authentication fails, the login page appears on the client. The user can log in to the Web interface after entering the correct username and password.

· If the certificate is invalid (for example, expired), the device closes the HTTPS connection.

Examples

# Set the HTTPS login authentication mode to auto.

<Sysname> system-view

[Sysname] web https-authorization mode auto

web idle-timeout

Use web idle-timeout to set the Web connection idle timeout timer.

Use undo web idle-timeout to restore the default.

Syntax

web idle-timeout idle-time

undo web idle-timeout

Default

The Web connection idle timeout timer is 10 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

idle-time: Specifies the Web connection idle timeout timer in minutes. The value range is 1 to 999.

Usage guidelines

The system automatically terminates a user connection if no mouse or keyboard operation occurs within the idle timeout interval.

This command takes effect immediately for current Web connections.

Examples

# Set the Web connection idle timeout timer to 100 minutes.

<Sysname> system-view

[Sysname] web idle-timeout 100

webui log

Use webui log enable to enable Web operation logging.

Use undo webui log enable to restore the default.

Syntax

webui log enable

undo webui log enable

Default

Web operation logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When Web operation logging is enabled, the device generates logs for important Web operations, for example, system time change. The device outputs logs as indicated by information center settings.

Web operations that can trigger Web operation logging depend on the device model.

Web operation logs include the following information:

· Module name WEB.

· Mnemonic prefix WEBOPT_.

· Web client IP address.

· Web user's username.

The following is a sample log message:

%Mar 25 14:32:38:802 2013 H3C WEB/6/WEBOPT_SET_TIME: -HostIP=192.168.100.235-User=Admin; Set the system date and time to 2013-05-27T10:00:00.

Examples

# Enable Web operation logging.

<Sysname> system-view

[Sysname] webui log enable

FTP commands

FTP server commands

display ftp-server

Use display ftp-server to display FTP server configuration and status information.

Syntax

display ftp-server

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display FTP server configuration and status information.

<Sysname> display ftp-server

FTP server is running.

User count: 1

Idle-timeout timer (in minutes): 30

Table 14 Command output

Field	Description
User count	Number of the current logged-in users.
Idle-timeout timer (in minutes)	If no packet is exchanged between the FTP server and client during this period, the FTP connection is closed.

Related commands

· ftp server enable

· ftp timeout

display ftp-user

Use display ftp-user to display detailed information about online FTP users.

Syntax

display ftp-user

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display detailed information about online FTP users.

<Sysname> display ftp-user

UserName HostIP Port HomeDir

root 192.168.20.184 46539 flash:

A field value is wrapped if its length exceeds the limit. The wrapped value is left justified.

The limits for fields are as follows:

· UserName—10 characters.

· HostIP—15 characters.

· HomeDir—37 characters.

<Sysname> display ftp-user

UserName HostIP Port HomeDir

user2 2000:2000:2000: 1499 flash:/user2

2000:2000:2000:

2000:2000

administra 100.100.100.100 10001 flash:/123456789/123456789/123456789/

tor 123456789/123456789/123456789/1234567

89/123456789

Table 15 Command output

Field	Description
UserName	Name of the user.
HostIP	IP address of the user.
Port	Port number of the user.
HomeDir	Authorized directory for the user.

free ftp user

Use free ftp user to manually release the FTP connections established by using a specific user account.

Syntax

free ftp user username

Views

User view

Predefined user roles

network-admin

Parameters

username: Specifies a username. You can use the display ftp-user command to display FTP user information.

Examples

# Release the FTP connections established by using the user account ftpuser.

<Sysname> free ftp user ftpuser

Are you sure to free FTP connection? [Y/N]:y

free ftp user-ip

Use free ftp user-ip to manually release the FTP connections established from a specific IPv4 address.

Syntax

free ftp user-ip ipv4-address [ port port ]

Views

User view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the source IP address of an FTP connection. You can use the display ftp-user command to view the source IP addresses of FTP connections.

port port: Specifies the source port of an FTP connection. You can use the display ftp-user command to view the source ports of FTP connections.

Examples

# Release the FTP connections established from IP address 192.168.20.184.

<Sysname> free ftp user-ip 192.168.20.184

Are you sure to free FTP connection? [Y/N]:y

free ftp user-ip ipv6

Use free ftp user-ip ipv6 to manually release the FTP connections established from a specific IPv6 address.

Syntax

free ftp user-ip ipv6 ipv6-address [ port port ]

Views

User view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the source IPv6 address of an FTP connection. You can use the display ftp-user command to view the source IPv6 addresses of FTP connections.

port port: Specifies the source port of an FTP connection. You can use the display ftp-user command to view the source ports of FTP connections.

Examples

# Release the FTP connections established from IPv6 address 2000::154.

<Sysname> free ftp user-ip ipv6 2000::154

Are you sure to free FTP connection? [Y/N]:y

ftp server acl

Use ftp server acl to use an ACL to control FTP clients' access to the FTP server.

Use undo ftp server acl to restore the default.

Syntax

ftp server acl { acl-number | ipv6 acl-number6 }

undo ftp server acl [ ipv6 ]

Default

No ACL is used to control FTP clients' access to the FTP server.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 ACL number in the range of 2000 to 3999.

ipv6 acl-number6: Specifies an IPv6 ACL number in the range of 2000 to 3999.

Usage guidelines

You can use this command to permit only FTP requests from specific FTP clients. This configuration takes effect only for FTP connections to be established. It does not impact existing FTP connections. If you execute the command multiple times, the most recently specified ACL takes effect.

Examples

# Use ACL 2001 to allow only client 1.1.1.1 to access the FTP server.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule 0 permit source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2001] rule 1 deny source any

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ftp server acl 2001

ftp server dscp

Use ftp server dscp to set the DSCP value for IPv4 to use for outgoing FTP packets on an FTP server.

Use undo ftp server dscp to restore the default.

Syntax

ftp server dscp dscp-value

undo ftp server dscp

Default

IPv4 uses the DSCP value 0 for outgoing FTP packets on an FTP server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the ToS field of an IP packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server.

<Sysname> system-view

[Sysname] ftp server dscp 30

ftp server enable

Use ftp server enable to enable the FTP server.

Use undo ftp server enable to disable the FTP server.

Syntax

ftp server enable

undo ftp server enable

Default

The FTP server is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the FTP server.

<Sysname> system-view

[Sysname] ftp server enable

ftp server ipv6 dscp

Use ftp server ipv6 dscp to set the DSCP value for IPv6 to use for outgoing FTP packets on an FTP server.

Use undo ftp server ipv6 dscp to restore the default.

Syntax

ftp server ipv6 dscp dscp-value

undo ftp server ipv6 dscp

Default

IPv6 uses the DSCP value 0 for outgoing FTP packets on an FTP server.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the Traffic class field of an IPv6 packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv6 to use for outgoing FTP packets to 30 on an FTP server.

<Sysname> system-view

[Sysname] ftp server ipv6 dscp 30

ftp server ssl-server-policy

Use ftp server ssl-server-policy to associate an SSL server policy with the FTP server.

Use undo ftp server ssl-server-policy to remove the association.

Syntax

ftp server ssl-server-policy policy-name

undo ftp server ssl-server-policy

Default

No SSL server policy is associated with the FTP server.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL server policy by its name, a string of 1 to 31 characters.

Usage guidelines

After you associate an SSL server policy with the device, a client that supports SFTP will establish a secure connection to the device to ensure data security.

Examples

# Associate SSL server policy myssl with the FTP server.

<Sysname> system-view

[Sysname] ftp server ssl-server-policy myssl

Related commands

· ftp server enable

· ssl server-policy (Security Command Reference)

ftp timeout

Use ftp timeout to set the idle-timeout interval for FTP connections.

Use undo ftp timeout to restore the default.

Syntax

ftp timeout minute

undo ftp timeout

Default

The FTP idle-timeout interval is 30 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minute: Specifies an idle-timeout interval in the range of 1 to 35791 minutes.

Usage guidelines

If no packet is exchanged on an FTP connection within the idle-timeout interval, the FTP server closes the FTP connection to release resources.

Examples

# Set the idle-timeout interval to 36 minutes.

<Sysname> system-view

[Sysname] ftp timeout 36

FTP client commands

Before executing FTP client configuration commands, make sure you have configured authorization settings for users on the FTP server. Authorized operations include viewing the files in the working directory, reading/downloading/uploading/renaming/removing files, and creating directories.

The FTP client commands in this section are supported by the device, but whether they can be executed successfully depends on the FTP server.

The output in the examples of this section varies by FTP server type.

append

Use append to add the content of a file on the FTP client to a file on the FTP server.

Syntax

append localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

localfile: Specifies a file on the FTP client.

remotefile: Specifies a file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Append the content of the local a.txt file to the b.txt file on the FTP server.

ftp> append a.txt b.txt

local: a.txt remote: b.txt

150 Connecting to port 50190

226 File successfully transferred

1657 bytes sent in 0.000736 seconds (2.15 Mbyte/s)

ascii

Use ascii to set the file transfer mode to ASCII.

Syntax

ascii

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

FTP transfers files in either of the following modes:

· Binary mode—Transfers non-text files.

· ASCII mode—Transfers text files.

When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode. The transfer mode is binary by default.

Examples

# Set the file transfer mode to ASCII.

ftp> ascii

200 TYPE is now ASCII

Related commands

binary

Use binary to set the file transfer mode to binary, which is also called the flow mode.

Syntax

binary

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

FTP transfers files in either of the following modes:

· Binary mode—Transfers program file or pictures.

· ASCII mode—Transfers text files.

When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode. The default transfer mode is binary.

Examples

# Set the file transfer mode to binary.

ftp> binary

200 TYPE is now 8-bit binary

Related commands

ascii

bye

Use bye to terminate the connection to the FTP server and return to user view. If no connection is established between the device and the FTP server, use this command to return to user view.

Syntax

bye

Views

FTP client view

Predefined user roles

network-admin

Examples

# Terminate the connection to the FTP server and return to user view.

ftp> bye

221-Goodbye. You uploaded 2 and downloaded 2 kbytes.

221 Logout.

Related commands

quit

cd

Use cd to change the current working directory to another directory on the FTP server.

Syntax

cd { directory | .. | / }

Views

FTP client view

Predefined user roles

network-admin

Parameters

directory: Specifies the target directory. If the target directory does not exist, the cd command does not change the current working directory.

..: Specifies the upper directory. Executing the cd .. command is the same as executing the cdup command. If the current working directory is the FTP root directory, the cd .. command does not change the current working directory.

/: Specifies the FTP root directory.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The directory that can be accessed must be authorized by the FTP server.

Examples

# Change the working directory to the subdirectory logfile of the current directory.

ftp> cd logfile

250 OK. Current directory is /logfile

# Change the working directory to the subdirectory folder of the FTP root directory.

ftp> cd /folder

250 OK. Current directory is /folder

# Change the working directory to the upper directory of the current directory.

ftp> cd ..

250 OK. Current directory is /

# Change the working directory to the FTP root directory.

ftp> cd /

250 OK. Current directory is /

Related commands

· cdup

· pwd

cdup

Use cdup to enter the upper directory of the FTP server.

Syntax

cdup

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

This command does not change the working directory if the current directory is the FTP root directory.

Examples

# Change the working directory to the upper directory.

ftp> pwd

257 "/ftp/subdir" is your current location

ftp> cdup

250 OK. Current directory is /ftp

ftp> pwd

257 "/ftp" is your current location

Related commands

· cd

· pwd

close

Use close to terminate the connection to the FTP server without exiting FTP client view.

Syntax

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> close

221-Goodbye. You uploaded 0 and downloaded 0 kbytes.

221 Logout.

ftp>

Related commands

disconnect

debug

Use debug to enable or disable FTP client debugging.

Syntax

debug

Default

FTP client debugging is disabled.

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

When FTP client debugging is enabled, executing this command disables FTP client debugging.

When FTP client debugging is disabled, executing this command enables FTP client debugging.

Examples

# Enable and then disable FTP client debugging.

ftp> debug

Debugging on (debug=1).

ftp> debug

Debugging off (debug=0).

delete

Use delete to permanently delete a file on the FTP server.

Syntax

delete remotefile

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies a file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Examples

# Delete file b.txt.

ftp> delete b.txt

250 Deleted b.txt

dir

Use dir to display detailed information about the files and subdirectories in the current directory on the FTP server.

Use dir remotefile to display detailed information about a file or directory on the FTP server.

Use dir remotefile localfile to save detailed information about a file or directory on the FTP server to a local file.

Syntax

dir [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies a file or directory on the FTP server.

localfile: Specifies the name of the local file used to save the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the dir command is the same as executing the ls command.

Examples

# Display detailed information about the files and subdirectories in the current directory on the FTP server.

ftp> dir

150 Connecting to port 50201

-rwxr-xr-x 1 0 0 1481 Jul 7 15:36 a.txt

drwxr-xr-x 2 0 0 8192 Jul 2 14:33 diagfile

drwxr-xr-x 3 0 0 8192 Jul 7 15:21 ftp

drwxr-xr-x 2 0 0 8192 Jul 5 09:15 logfile

drwxr-xr-x 2 0 0 8192 Jul 2 14:33 seclog

-rwxr-xr-x 1 0 0 40808448 Jul 2 14:33 wx3840-system.bin

-rwxr-xr-x 1 0 0 3050 Jul 7 12:26 startup.cfg

-rwxr-xr-x 1 0 0 54674 Jul 4 09:24 startup.mdb

-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 x.cfg

226 9 matches total

# Save detailed information about file a.txt to s.txt.

ftp> dir a.txt s.txt

output to local-file: s.txt ? [Y/N]y

150 Connecting to port 50203

226-Glob: a.txt

# Display the content of file s.txt.

ftp> bye

221-Goodbye. You uploaded 0 and downloaded 2 kbytes.

221 Logout.

<Sysname> more s.txt

-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 a.txt

Related commands

disconnect

Use disconnect to terminate the connection to the FTP server without exiting FTP client view.

Syntax

disconnect

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> disconnect

221-Goodbye. You uploaded 0 and downloaded 0 kbytes.

221 Logout.

ftp>

Related commands

display ftp client source

Use display ftp client source to display the source address settings on the FTP client.

Syntax

display ftp client source

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the source address settings on the FTP client.

<Sysname> display ftp client source

The source IP address of the FTP client is 1.1.1.1.

The source IPv6 address of the FTP client is 2001::1.

ftp

Use ftp to log in to an FTP server and enter FTP client view.

Syntax

ftp [ ftp-server [ service-port ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] ] *

Views

User view

Predefined user roles

network-admin

Parameters

ftp-server: Specifies the IPv4 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address used to establish the FTP connection.

· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. To establish the FTP connection successfully, make sure the interface is up and has the primary IPv4 address configured.

· ip source-ip-address: Specifies an IPv4 address. To establish the FTP connection successfully, make sure this address is the IPv4 address of an interface in up state on the device.

Usage guidelines

This command is only applicable to IPv4 networks.

If no parameters are specified, this command enters the FTP client view without logging in to the FTP server.

If the server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.

Examples

# Log in to the FTP server 192.168.0.211.

<Sysname> ftp 192.168.0.211

Press CTRL+C to abort.

Connected to 192.168.0.211 (192.168.0.211).

220 3Com 3CDaemon FTP Server Version 2.0

User (192.168.0.211:(none)): abc

331 User name ok, need password

Password:

230 User logged in

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

ftp client ipv6 source

Use ftp client ipv6 source to specify the source IPv6 address for FTP packets sent to the IPv6 FTP server.

Use undo ftp client ipv6 source to restore the default.

Syntax

ftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }

undo ftp client ipv6 source

Default

No source address is specified for FTP packets sent to the IPv6 FTP server. The device automatically selects a source IPv6 address as defined in RFC 3484.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful FTP packet transmission, make sure the interface is up and is configured with an IPv6 address.

ipv6 source-ipv6-address: Specifies an IPv6 address. For successful FTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the ftp ipv6 command takes precedence over the source address specified with the ftp client ipv6 source command.

The source address specified with the ftp client ipv6 source command applies to all FTP connections. The source address specified with the ftp ipv6 command applies only to the current FTP connection.

Examples

# Specify the source IPv6 address of 2000::1 for outgoing FTP packets.

<Sysname> system–view

[Sysname] ftp client ipv6 source ipv6 2000::1

Related commands

ftp ipv6

ftp client source

Use ftp client source to specify the source IPv4 address for FTP packets sent to the IPv4 FTP server.

Use undo ftp client source to restore the default.

Syntax

ftp client source { interface interface-type interface-number | ip source-ip-address }

undo ftp client source

Default

No source IPv4 address is specified for FTP packets sent to the IPv4 FTP server. The device uses the primary IPv4 address of the output interface for the route to the server as the source address.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. For successful FTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.

ip source-ip-address: Specifies an IPv4 address. For successful FTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the ftp command takes precedence over the source address specified with the ftp client source command.

The source address specified with the ftp client source command applies to all FTP connections. The source address specified with the ftp command applies only to the current FTP connection.

Examples

# Specify the source IPv4 address of 192.168.20.222 for outgoing FTP packets.

<Sysname> system-view

[Sysname] ftp client source ip 192.168.20.222

Related commands

ftp

ftp ipv6

Use ftp ipv6 to log in to an FTP server and enter FTP client view.

Syntax

ftp ipv6 [ ftp-server [ service-port ] [ dscp dscp-value | source { ipv6 source-ipv6-address | interface interface-type interface-number } ] * [ -i interface-type interface-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

ftp-server: Specifies the IPv6 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing FTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.

source { ipv6 source-ipv6-address | interface interface-type interface-number }: Specifies the source address used to establish the FTP connection.

· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. To establish the FTP connection successfully, make sure the interface is up and is configured with an IPv6 address.

· ipv6 source-ipv6-address: Specifies an IPv6 address. To establish the FTP connection successfully, make sure this address is the IPv6 address of an interface in up state on the device.

-i interface-type interface-number: Specifies an output interface by its type and number. This option can be used only when the FTP server address is a link local address and the specified output interface has a link local address. For more information about link local addresses, see Layer 3—IP Services Configuration Guide.

Usage guidelines

This command is only applicable to IPv6 networks.

If no parameters are specified, this command enters the FTP client view.

If the FTP server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.

Examples

# Log in to the FTP server 2001:1200::150.

<Sysname> ftp ipv6 2001:1200::150

Press CTRL+C to abort.

Connected to 2001:1200::150 (2001:1200::150).

220 FTP service ready.

User (2001:1200::150:(none)): abc

331 Password required for abc.

Password:

230 User logged in.

Remote system type is H3C.

get

Use get to download a file from the FTP server and save the file.

Syntax

get remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies the file to be downloaded.

localfile: Specifies a name for the downloaded file. If you do not specify this argument, the system uses the name of the source file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To save the downloaded file to the working directory accessed by the ftp command, perform one of the following tasks:

· Execute the command without specifying the localfile argument.

· Specify a file name without the path for the localfile argument, for example, a.cfg.

To save the downloaded file to some other directory, you must specify a fully qualified file name for the localfile argument, for example, flash:/subdirectory/a.cfg.

Examples

# Download file a.txt and save it as b.txt in the working directory accessed by the ftp command.

ftp> get a.txt b.txt

local: b.txt remote: a.txt

150 Connecting to port 47457

226 File successfully transferred

1569 bytes received in 0.00527 seconds (290.6 kbyte/s)

# Download the a.txt file to the root directory of the flash memory on a member device. Save the file as c.txt.

ftp> get a.txt slot1#flash:/c.txt

local: slot1#flash:/c.txt remote: a.txt

150 Connecting to port 47460

226 File successfully transferred

1569 bytes received in 0.0564 seconds (27.2 kbyte/s)

Related commands

put

help

Use help to display all commands supported by an FTP client.

Use help command-name to display the help information of a command.

Syntax

help [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, executing the help command is the same as entering?.

Examples

# Display all commands supported by the FTP client.

ftp> help

Commands may be abbreviated. Commands are:

append delete ls quit rmdir

ascii debug mkdir reget status

binary dir newer rstatus system

bye disconnect open rhelp user

cd get passive rename verbose

cdup help put reset ?

close lcd pwd restart

# Display the help information for the dir command.

ftp> help dir

dir list contents of remote directory

Related commands

lcd

Use lcd to display the local working directory of the FTP client.

Use lcd directory to change the local working directory of the FTP client to the specified directory.

Use lcd / to change the local working directory of the FTP client to the local root directory.

Syntax

lcd [ directory | / ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

directory: Specifies a local directory of the FTP client. There must be a slash sign (/) before the name of the storage medium, for example, /flash:/logfile.

/: Specifies the root directory of the FTP client.

Examples

# Display the local working directory.

ftp> lcd

Local directory now /flash:

# Change the local working directory to flash:/logfile.

ftp> lcd /flash:/logfile

Local directory now /flash:/logfile

ls

Use ls to display detailed information about the files and subdirectories in the current directory on the FTP server.

Use ls remotefile to display detailed information about a file or directory on the FTP server.

Use ls remotefile localfile to save detailed information about a file or directory on the FTP server to a local file.

Syntax

ls [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies a file or directory on the FTP server.

localfile: Specifies the name of the local file used to save the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the ls command is the same as executing the dir command.

Examples

# Display detailed information about the files and subdirectories in the current directory on the FTP server.

ftp> ls

150 Connecting to port 50201

-rwxr-xr-x 1 0 0 1481 Jul 7 15:36 a.txt

drwxr-xr-x 2 0 0 8192 Jul 2 14:33 diagfile

drwxr-xr-x 3 0 0 8192 Jul 7 15:21 ftp

drwxr-xr-x 2 0 0 8192 Jul 5 09:15 logfile

drwxr-xr-x 2 0 0 8192 Jul 2 14:33 seclog

-rwxr-xr-x 1 0 0 40808448 Jul 2 14:33 simware-cmw710-sys

tem-a1801.bin

-rwxr-xr-x 1 0 0 3050 Jul 7 12:26 startup.cfg

-rwxr-xr-x 1 0 0 54674 Jul 4 09:24 startup.mdb

-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 x.cfg

226 9 matches total

# Save detailed information about file a.txt to s.txt.

ftp> ls a.txt s.txt

output to local-file: s.txt ? [Y/N]y

150 Connecting to port 50203

226-Glob: s.txt

# Display the content of file s.txt.

ftp> bye

221-Goodbye. You uploaded 0 and downloaded 2 kbytes.

221 Logout.

<Sysname> more s.txt

-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 a.txt

Related commands

dir

mkdir

Use mkdir to create a subdirectory in the current directory on the FTP server.

Syntax

mkdir directory

Views

FTP client view

Predefined user roles

network-admin

Parameters

directory: Specifies the name for the directory to be created.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

You must have permission to perform this operation on the FTP server.

Examples

# Create subdirectory newdir in the current directory of the FTP server.

ftp> mkdir newdir

257 "newdir" : The directory was successfully created

newer

Use newer to update a local file by using a file on the FTP server.

Syntax

newer remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies a file on the FTP server.

localfile: Specifies the local file to be updated.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If the local file does not exist, this command downloads the file from the FTP server and saves it locally.

If the file on the FTP server is not newer than the local file, this command does not update the local file.

Examples

# Update the local file with the file a.txt on the FTP server.

ftp> newer a.txt

local: a.txt remote: a.txt

150 Connecting to port 63513

226 File successfully transferred

1573 bytes received in 0.0293 seconds (52.3 kbyte/s)

open

Use open to log in to the FTP server in FTP client view.

Syntax

open server-address [ service-port ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

server-address: Specifies the IP address or host name of the FTP server.

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

Usage guidelines

After you issue this command, the system will prompt you to enter the username and password.

After you log in to one FTP server, you must disconnect from the server before you can use the open command to log in to another server.

Examples

# In FTP client view, log in to the FTP server 192.168.40.7.

<Sysname> ftp

ftp> open 192.168.40.7

Press CTRL+C to abort.

Connected to 192.168.40.7 (192.168.40.7).

220 FTP service ready.

User (192.168.40.7:(none)): root

331 Password required for root.

Password:

230 User logged in.

Remote system type is H3C.

ftp>

passive

Use passive to set the FTP operation mode to passive.

Syntax

passive

Default

The FTP operation mode is passive.

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

FTP can operate in either of the following modes:

· Active mode—The FTP server initiates the TCP connection.

· Passive mode—The FTP client initiates the TCP connection.

You can use this command multiple times to change between active and passive modes.

This command is mainly used together with a firewall to control FTP session establishment between private network users and public network users.

Examples

# Set the FTP operation mode to passive.

ftp> passive

Passive mode on.

ftp> passive

Passive mode off.

put

Use put to upload a file on the FTP client to the FTP server.

Syntax

put localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

localfile: Specifies the local file to be uploaded.

remotefile: Specifies the name of the file for saving the uploaded file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To upload a file in the current working directory, specify a file name without the path for the localfile argument, for example, a.cfg.

To upload a file in some other directory, specify a fully qualified file name for the localfile argument, for example, flash:/subdirectory/a.cfg.

Examples

# Upload the file a.txt in the working directory accessed by the ftp command. Save the file as b.txt on the FTP server.

ftp> put a.txt b.txt

local: a.txt remote: b.txt

150 Connecting to port 47461

226 File successfully transferred

1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)

# Upload file a.txt from the test directory of the flash memory on a member device. Save the file as b.txt on the FTP server.

ftp> put slot2#flash:/test/a.txt b.txt

local: slot2#flash:/test/a.txt remote: b.txt

150 Connecting to port 47461

226 File successfully transferred

1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)

Related commands

get

pwd

Use pwd to display the currently accessed directory on the FTP server.

Syntax

pwd

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the currently accessed directory on the FTP server.

ftp> cd subdir

250 OK. Current directory is /subdir

ftp> pwd

257 "/subdir" is your current location

quit

Use quit to terminate the connection to the FTP server and return to user view.

Syntax

quit

Views

FTP client view

Predefined user roles

network-admin

Examples

# Terminate the connection to the FTP server and return to user view

ftp> quit

221-Goodbye. You uploaded 0 and downloaded 0 kbytes.

221 Logout.

Related commands

bye

reget

Use reget to get the missing part of a file from the FTP server.

Syntax

reget remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

network-operator

Parameters

remotefile: Specifies a file on the FTP server.

localfile: Specifies a local file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If a file download is not completed due to network or storage space problems, use this command to get the part that has not been downloaded yet.

Examples

# Get the part of the s.bin file that is missing.

ftp> reget s.bin

local: s.bin remote: s.bin

350 Restarting at 1749706

150-Connecting to port 47429

150 38143.3 kbytes to download

226 File successfully transferred

39058742 bytes received in 66.2 seconds (576.1 kbyte/s)

rename

Use rename to rename a file.

Syntax

rename [ oldfilename [ newfilename ] ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

oldfilename: Specifies the original file name.

newfilename: Specifies the new file name.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Rename the file a.txt as b.txt.

· Method 1:

ftp> rename

(from-name) a.txt

(to-name) b.txt

350 RNFR accepted - file exists, ready for destination

250 File successfully renamed or moved

· Method 2:

ftp> rename a.txt

(to-name) b.txt

350 RNFR accepted - file exists, ready for destination

250 File successfully renamed or moved

· Method 3:

ftp> rename a.txt b.txt

350 RNFR accepted - file exists, ready for destination

250 File successfully renamed or moved

reset

Use reset to clear the reply information received from the FTP server in the buffer.

Syntax

reset

Views

FTP client view

Predefined user roles

network-admin

Examples

# Clear the reply information received from the FTP server.

ftp> reset

restart

Use restart to specify the file retransmission offset.

Syntax

restart marker

Views

FTP client view

Predefined user roles

network-admin

Parameters

marker: Specifies the retransmission offset, in bytes.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command depends on the FTP server.

Examples

# Set retransmission offset to 2 bytes and retransmit the file h.c. The file has 82 bytes in total.

ftp> restart 2

restarting at 2. execute get, put or append to initiate transfer

ftp> put h.c h.c

local: h.c remote: h.c

350 Restart position accepted (2).

150 Ok to send data.

226 File receive OK.

80 bytes sent in 0.000445 seconds (175.6 kbyte/s)

ftp> dir

150 Here comes the directory listing.

-rw-r--r-- 1 0 0 82 Jul 18 02:58 h.c

rhelp

Use rhelp to display the FTP-related commands supported by the FTP server.

Use rhelp protocol-command to display the help information of an FTP-related command supported by the FTP server.

Syntax

rhelp [ protocol-command ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

protocol-command: Specifies an FTP-related command.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the FTP-related commands supported by the FTP.

ftp> rhelp

214-The following FTP commands are recognized

USER PASS NOOP QUIT SYST TYPE

HELP CWD XCWD PWD CDUP XCUP

XPWD LIST NLST MLSD PORT EPRT

PASV EPSV REST RETR STOR APPE

DELE MKD XMKD RMD XRMD ABOR

SIZE RNFR RNTO

214 UNIX Type: L8

Table 16 Command output

Field	Description
USER	Username.
PASS	Password.
NOOP	Null operation.
SYST	System parameters.
TYPE	Request type.
CWD	Changes the current working directory.
XCWD	Extended command with the meaning of CWD.
PWD	Prints the working directory.
CDUP	Changes the directory to the upper directory.
XCUP	Extended command with the meaning of CDUP.
XPWD	Extended command with the meaning of PWD.
LIST	Lists files.
NLST	Lists brief file description.
MLSD	Lists file content.
PORT	Active mode (IPv4).
EPRT	Active mode (IPv6).
PASV	Passive mode (IPv4).
EPSV	Passive mode (IPv6).
REST	Restarts.
RETR	Downloads files.
STOR	Uploads files.
APPE	Appends uploading.
DELE	Deletes files.
MKD	Creates folders.
XMKD	Extended command with the meaning of MKD.
RMD	Deletes folders.
XRMD	Extended command with the meaning of RMD.
ABOR	Aborts the transmission.
SIZE	Size of the transmission file.
RNFR	Original name.
RNTO	New name.

rmdir

Use rmdir to permanently delete a directory from the FTP server.

Syntax

rmdir directory

Views

FTP client view

Predefined user roles

network-admin

Parameters

directory: Specifies a directory on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Delete all files and subdirectories in a directory before you delete the directory. For more information about how to delete files, see the delete command.

Executing the rmdir command does not delete the files in the recycle bin of the specified directory.

Examples

# Delete the empty directory subdir1.

ftp> rmdir subdir1

250 The directory was successfully removed

Related commands

delete

rstatus

Use rstatus to display FTP server status.

Use rstatus remotefile to display detailed information about a directory or file on the FTP server.

Syntax

rstatus [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

remotefile: Specifies a directory or file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command depends on the FTP server.

Examples

# Display FTP server status.

ftp> rstatus

211-FTP server status:

Connected to 192.168.20.177

Logged in as root

TYPE: ASCII

No session bandwidth limit

Session timeout in seconds is 300

Control connection is plain text

Data connections will be plain text

At session startup, client count was 1

vsFTPd 2.0.6 - secure, fast, stable

211 End of status

Table 17 Command output

Filed	Description
211-FTP server status:	Beginning of the display of FTP server status, where 211 specifies the FTP command.
Connected to 192.168.20.177	IP address of the FTP client.
Logged in as root	Login username root.
TYPE: ASCII	File transfer mode ASCII.
Session timeout in seconds is 300	Timeout interval is 300 seconds.
Control connection is plain text	Control connection type is plain text.
Data connections will be plain text	Data connection type is plain text.
At session startup, client count was 1	FTP connection number is 1.
vsFTPd 2.0.6 - secure, fast, stable	FTP version is 2.0.6.
211 End of status	End of the display of FTP server status.

# Display file a.txt.

ftp> rstatus a.txt

213-Status follows:

-rw-r--r-- 1 0 0 80 Jul 18 02:58 a.txt

213 End of status

Table 18 Command output

Field	Description
213-Status follows:	Beginning of the display of the file, where 213 specifies the FTP command.
-rw-r--r--	The first bit specifies the file type. · -—Common. · B—Block. · c—Character. · d—Directory. · l—Symbol connection file. · p—Pipe. · s—socket. The second bit through the tenth bit are divided into three groups. Each group contains three characters, representing the access permission of the owner, group, and other users. · -—No permission. · r—Read permission. · w—Write permission. · x—Execution permission.
1	Number of connections.
0	Name of the file owner.
0	Group number of the file owner.
80	File size, in bytes.
Jul 18 02:58	Date and time when the file was most recently modified.
a.txt	File name.
213 End of status	End of the display of the file information.

status

Use status to display FTP status.

Syntax

status

Views

FTP client view

Predefined user roles

network-admin

Examples

# Display FTP status.

ftp> status

Connected to 192.168.1.56.

No proxy connection.

Not using any security mechanism.

Mode: stream; Type: ascii; Form: non-print; Structure: file

Verbose: on; Bell: off; Prompting: on; Globbing: off

Store unique: off; Receive unique: off

Case: off; CR stripping: on

Ntrans: off

Nmap: off

Hash mark printing: off; Use of PORT cmds: on

Table 19 Command output

Field	Description
Connected to 192.168.1.56.	IP address of the FTP server that is connected to the FTP client.
Verbose: on; Bell: off; Prompting: on; Globbing: off	Displays debugging information.
Store unique: off; Receive unique: off	The name of the file on the FTP server is unique and the name of the local file is unique.
Case: off; CR stripping: on	Does not support obtaining multiple files once and deletes "\r" when downloading text files.
Ntrans: off	Does not use the input-output transmission table.
Nmap: off	The file name does not use the input-to-output mapping template.
Hash mark printing: off; Use of PORT cmds: on	Does not end with a pound sign (#) and uses "PORT" data transmission.

system

Use system to display the system information of the FTP server.

Syntax

system

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the system information of the FTP server.

ftp> system

215 UNIX Type: L8

user

Use user to initiate an FTP authentication on the current FTP connection.

Syntax

user username [ password ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

username: Specifies the username.

password: Specifies the password.

Usage guidelines

If you tried to access an FTP server but failed to pass the authentication, you can use this command to try again before the connection to the FTP server expires.

After you log in to an FTP server, you can initiate an FTP authentication to change to a new account. By changing to a new account, you can get a different privilege without re-establishing the FTP connection.

Make sure the specified username and password have been configured on the FTP server. If the username or password is not configured, this command fails and the FTP connection is closed.

Examples

# After logging in to the FTP server, use the username ftp and password 123456 to log in again to the FTP server.

· Method 1:

ftp> user ftp 123456

331 Password required for ftp.

230 User logged in.

· Method 2:

ftp> user ftp

331 Password required for ftp.

Password:

230 User logged in.

verbose

Use verbose to enable or disable the device to display detailed information about FTP operations.

Syntax

verbose

Default

The device displays detailed information about FTP operations.

Views

FTP client view

Predefined user roles

network-admin

Usage guidelines

This command affects only the current FTP session.

Examples

# Disable the device from displaying detailed information about FTP operations.

ftp> verbose

Verbose mode off.

# Execute the get command.

ftp> get a.cfg 1.cfg

# Enable the device to display detailed information about FTP operations.

ftp> verbose

Verbose mode on.

# Execute the get command.

ftp> get a.cfg 2.cfg

227 Entering Passive Mode (192,168,1,58,68,14)

150-Accepted data connection

150 The computer is your friend. Trust the computer

226 File successfully transferred

3796 bytes received in 0.00762 seconds (486.5 kbyte/s)

?

Use ? to display all commands supported by an FTP client.

Use ? command-name to display the help information for a command.

Syntax

? [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, entering ? is the same as executing the help command.

Examples

# Display all commands supported by the FTP client.

ftp> ?

Commands may be abbreviated. Commands are:

append delete ls quit rmdir

ascii debug mkdir reget status

binary dir newer rstatus system

bye disconnect open rhelp user

cd get passive rename verbose

cdup help put reset ?

close lcd pwd restart

# Display the help information for the dir command.

ftp> ? dir

dir list contents of remote directory

Related commands

help

TFTP commands

tftp

Use tftp to download a file from a TFTP server or upload a file to a TFTP server in an IPv4 network.

Syntax

tftp tftp-server { get | put | sget } source-filename [ destination-filename ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] *

Views

User view

Predefined user roles

network-admin

Parameters

tftp-server: Specifies the IPv4 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).

get: Downloads a file and writes the file directly to the destination folder. If the destination folder already has a file with the same name, the system deletes the existing file before starting the download operation. The existing file is permanently deleted even if the download operation fails.

put: Uploads a file.

sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file with the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.

source-filename: Specifies the source file name, a case-insensitive string of 1 to 1 to 255 characters.

destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.

dscp dscp-value: Specifies the DSCP value for IPv4 to use for outgoing TFTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address for outgoing TFTP packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the TFTP server as the source address.

· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source IPv4 address. For successful TFTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.

· ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.

Usage guidelines

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Download the new.bin file from the TFTP server at 192.168.1.1 and save it as new.bin.

<Sysname> tftp 192.168.1.1 get new.bin

Press CTRL+C to abort.

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 13.9M 100 13.9M 0 0 1206k 0 0:00:11 0:00:11 --:--:-- 1206k

Writing file...Done.

Table 20 Command output

Field	Description
%	Percentage of file transmission progress.
Total	Size of files to be transmitted, in bytes.
%	Percentage of received file size to total file size.
Received	Received file size, in bytes.
%	Percentage of sent file size to total file size.
Xferd	Sent file size, in bytes.
Average Dload	Average download speed, in bps.
Speed Upload	Average upload speed, in bps.
Writing file…	The system was writing the downloaded file to the storage medium. This field is displayed only when the get or sget keyword is specified. If the operation succeeded, this command displays Done at the end of this field. If the operation failed, this command displays Failed.

Related commands

tftp client source

tftp client ipv6 source

Use tftp client ipv6 source to specify the source IPv6 address for TFTP packets sent to the IPv6 TFTP server.

Use undo tftp client ipv6 source to restore the default.

Syntax

tftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }

undo tftp client ipv6 source

Default

No source address is specified for TFTP packets sent to the IPv6 TFTP server. The device automatically selects a source IPv6 address as defined in RFC 3484.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful TFTP packet transmission, make sure the interface is up and is configured with an IPv6 address.

ipv6 source-ipv6-address: Specifies an IPv6 address . For successful TFTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the tftp ipv6 command takes precedence over the source address specified with the tftp client ipv6 source command.

The source address specified with the tftp client ipv6 source command applies to all TFTP connections. The source address specified with the tftp ipv6 command applies only to the current TFTP connection.

Examples

# Specify the source IPv6 address of 2000::1 for outgoing TFTP packets.

<Sysname> system–view

[Sysname] tftp client ipv6 source ipv6 2000::1

Related commands

tftp ipv6

tftp client source

Use tftp client source to specify the source IPv4 address for TFTP packets sent to the IPv4 TFTP server.

Use undo tftp client source to restore the default.

Syntax

tftp client source { interface interface-type interface-number | ip source-ip-address }

undo tftp client source

Default

No source IPv4 address is specified for packets sent to the IPv4 TFTP server. The device uses the primary IPv4 address of the output interface for the route to the server as the source address.

Views

System view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. For successful TFTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.

ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Specify the source IP address of 192.168.20.222 for outgoing TFTP packets.

<Sysname> system-view

[Sysname] tftp client source ip 192.168.20.222

Related commands

tftp

tftp ipv6

Use tftp ipv6 to download a file from a TFTP server or upload a file to a TFTP server in an IPv6 network.

Syntax

tftp ipv6 tftp-server [ -i interface-type interface-number ] { get | put | sget } source-filename [ destination-filename ] [ dscp dscp-value | source { interface interface-type interface-number | ipv6 source-ipv6-address } ] *

Views

User view

Predefined user roles

network-admin

Parameters

tftp-server: Specifies the IPv6 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).

-i interface-type interface-number: Specifies an output interface by its type and number. This option can be used only when the TFTP server address is a link local address and the specified output interface has a link local address. For link local address configuration, see Layer 3—IP Services Configuration Guide.

put: Uploads a file.

sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file using the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.

source-filename: Specifies the source file name, a case-insensitive string of 1 to 255 characters.

destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.

dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing TFTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.

source { interface interface-type interface-number | ipv6 source-ipv6-address }: Specifies the source address for outgoing TFTP packets. If you do not specify this option, the device uses the primary IPv6 address of the route for the route to the TFTP server as the source address.

· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source IPv6 address. For successful TFTP packet transmission, make sure the interface is up and is configured with an IPv6 address.

· ipv6 source-ipv6-address: Specifies an IPv6 address. For successful TFTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.

Usage guidelines

The source address specified with the tftp ipv6 command takes precedence over the source address specified with the tftp client ipv6 source command.

Examples

# Download the new.bin file from the TFTP server at 2001::1 and save it as new.bin.

<Sysname> tftp ipv6 2001::1 get new.bin new.bin

Press CTRL+C to abort.

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

100 13.9M 100 13.9M 0 0 1206k 0 0:00:11 0:00:11 --:--:-- 1206k

Writing file...Done.

For more information about the command output, see Table 20.

tftp-server acl

Use tftp-server acl to use an ACL to control the device's access to TFTP servers in an IPv4 network.

Use undo tftp-server acl to restore the default.

Syntax

tftp-server acl acl-number

undo tftp-server acl

Default

No ACL is used to control the device's access to TFTP servers.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.

Usage guidelines

You can use an ACL to deny or permit the device's access to specific TFTP servers.

Examples

# Allow the device to access only the TFTP server at 1.1.1.1.

<Sysname> system-view

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-ipv4-basic-2000] quit

[Sysname] tftp-server acl 2000

tftp-server ipv6 acl

Use tftp-server ipv6 acl to use an ACL to control the device's access to TFTP servers in an IPv6 network.

Use undo tftp-server ipv6 acl to restore the default.

Syntax

tftp-server ipv6 acl acl-number

undo tftp-server ipv6 acl

Default

No ACL is used to control the device's access to TFTP servers.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.

Usage guidelines

You can use an ACL to deny or permit the device's access to specific TFTP servers.

Examples

# Allow the device to access only the TFTP server at 2001::1.

<Sysname> System-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1/128

[Sysname-acl-ipv6-basic-2001] quit

[Sysname] tftp-server ipv6 acl 2001

File system management commands

IMPORTANT:

· Before managing storage media, file systems, files, and directories, make sure you know the possible impacts.

· A file or directory whose name starts with a dot character (.) is a hidden file or directory. To prevent the system from hiding a file or directory, make sure the file or directory name does not start with a dot character.

· Some system files and directories are hidden. For correct system operation and full functionality, do not modify or delete hidden files or directories.

File system names, directory names, or file names must be compliant with the naming conventions. For more information about the naming conventions and the methods for specifying the names, see Fundamentals Configuration Guide.

Before you use the copy, delete, fixdisk, format, gunzip, gzip, mkdir, move, rename, rmdir, or undelete command on a USB disk, make sure the disk is not write protected.

You cannot access a file system that is being formatted or repaired. To access a file system after it is formatted or repaired, use one of the following methods:

· Use the absolute path to specify a file or directory. For example, use the dir flash:/ command to display the files and directories in the file system on the flash memory.

· Use the cd command to change the working directory to the root directory of the file system before accessing a file or directory in the file system. For example, to display the files and directories in the root directory of the file system on the flash memory, perform the following tasks:

a. Use the cd flash:/ command to change the working directory to the root directory of the file system.

b. Execute the dir command.

The following matrix shows the supported storage medium types:

Hardware series	Model	Fixed storage medium types	Hot swappable storage medium types
WX1800H series	WX1804H WX1810H	Flash memory	USB disk
WX1800H series	WX1820H WX1840H	Flash memory	SD card USB disk
WX3800H series	WX3820H WX3840H	CF card	Not supported
WX5800H series	WX5860H	CF card	Not supported

The examples in this chapter use the flash memory as the storage medium.

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

cd

Use cd to change the working directory.

Syntax

cd { directory | .. }

Views

User view

Predefined user roles

network-admin

Parameters

directory: Specifies the destination directory.

..: Specifies the parent directory. If the working directory is the root directory, an error message appears when you execute the cd .. command. No online help information is available for this keyword.

Examples

# Access the test directory after logging in to the device.

<Sysname> cd test

# Change to the parent directory.

<Sysname> cd ..

copy

Use copy to copy a file.

Syntax

copy source-file { dest-file | dest-directory } [ source interface interface-type interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

source-file: Specifies the name or URL of the file to be copied. If the file resides on an FTP or TFTP server rather than on the device, specify the URL of the file. Whether a URL is case sensitive depends on the server.

{ dest-file | dest-directory }: Specifies the name or URL of the destination file or directory. To copy the source file to an FTP or TFTP server, specify a URL. If you specify a directory, the device copies the specified file to the directory and saves it with its original file name. Whether a URL is case sensitive depends on the server.

source interface interface-type interface-number: Specifies the source interface used to connect to the server. After you specify the source interface, the device uses the primary IP address of the source interface as the source IP address for outgoing packets. If you do not specify this option, the device uses the outgoing interface as the source interface.

Usage guidelines

You can use the copy command to perform the following tasks:

· Copy a local file and save it locally.

· Copy a local file and save it to an FTP or TFTP server.

· Copy a file on an FTP or TFTP server and save it locally.

To specify a file or directory, use the following guidelines:

Location	Name format	Remarks
On the device	Use the file name guidelines in Fundamentals Configuration Guide.	N/A
On an FTP server	Enter the URL in the format of ftp://FTP username[:password]@server address[:port number]/file path[/file name].	The username and password must be the same as those configured on the FTP server. If the server authenticates users only by the username, you are not required to enter the password. For example, to use the username 1 and password 1 and specify the startup.cfg file in the authorized working directory on FTP server 1.1.1.1, enter ftp://1:[email protected]/startup.cfg. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]), for example, ftp://test:test@[2001::1]:21/test.cfg.
On a TFTP server	Enter the URL in the format of tftp://server address[:port number]/file path[/file name].	For example, to specify the startup.cfg file in the working directory on TFTP server 1.1.1.1, enter the URL tftp://1.1.1.1/startup.cfg. To enter an IPv6 address, enclose the IPv6 address in square brackets ([ ]), for example, tftp://[2001::1]:21/test.cfg.

Examples

# Copy the test.cfg file in the current directory and save it to the current directory as testbackup.cfg.

<Sysname> copy test.cfg testbackup.cfg

Copy flash:/test.cfg to flash:/testbackup.cfg? [Y/N]:y

Copying file flash:/test.cfg to flash:/testbackup.cfg...Done.

delete

Use delete to delete a file.

Syntax

delete [ /unreserved ] file

Views

User view

Predefined user roles

network-admin

Parameters

/unreserved: Permanently deletes the specified file. If you do not specify this keyword, the command moves the file to the recycle bin.

file: Specifies the name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the .txt extension in the current directory, enter delete *.txt.

Usage guidelines

Use the delete /unreserved file command with caution. You cannot restore a file that was deleted with this command.

The delete file command (without /unreserved) moves the specified file to the recycle bin if the file system has sufficient storage space. If the file system is running out of storage space, the command permanently deletes the file.

A file moved to the recycle bin can be restored by using the undelete command.

Do not use the delete command to delete files from the recycle bin. To delete files from the recycle bin, use the reset recycle-bin command.

If you delete two files that have the same name from different directories, both files are retained in the recycle bin. If you successively delete two files that have the same name from the same directory, only the most recently deleted file is retained in the recycle bin.

Examples

# Remove file 1.cfg from the current directory.

<Sysname> delete 1.cfg

Delete flash:/1.cfg? [Y/N]:y

Deleting file flash:/1.cfg...Done.

# Permanently delete file 1.cfg from the current directory.

<Sysname> delete /unreserved 1.cfg

The file cannot be restored. Delete flash:/1.cfg? [Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file flash:/1.cfg...Done.

# (IRF-capable devices.) Remove file 1.cfg from the current directory.

<Sysname> delete 1.cfg

Delete cfa0:/1.cfg? [Y/N]:y

Deleting file cfa0:/1.cfg...Done.

# (IRF-capable devices.) Permanently delete file 2.cfg from the root directory of the cfa0: file system on the master.

<Sysname> delete /unreserved 2.cfg

The file cannot be restored. Delete cfa0:/2.cfg? [Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file cfa0:/2.cfg...Done.

# (IRF-capable devices.) Remove file 1.cfg from the root directory of the cfa0: file system on the subordinate member with the member ID 2.

· Method 1:

<Sysname> delete slot2#cfa0:/1.cfg

Delete slot2#cfa0:/1.cfg? [Y/N]:y

Deleting file delete slot2#cfa0:/1.cfg...Done.

· Method 2:

<Sysname> cd slot2#cfa0:/

<Sysname> delete 1.cfg

Delete slot2#cfa0:/1.cfg? [Y/N]:y

Deleting file slot2#cfa0:/1.cfg...Done.

Related commands

· reset recycle-bin

· undelete

dir

Use dir to display files or directories.

Syntax

dir [ /all ] [ file | directory | /all-filesystems ]

Views

User view

Predefined user roles

network-admin

Parameters

/all: Displays all files and directories in the current directory, visible or hidden. If you do not specify this option, only visible files and directories are displayed.

file: Displays a specific file. This argument can use the asterisk (*) as a wildcard. For example, to display files with the .txt extension in the current directory, enter dir *.txt.

directory: Displays a specific directory.

/all-filesystems: Displays files and directories in the root directories of all file systems on the device.

Usage guidelines

If no option is specified, the command displays all visible files and directories in the current directory.

The directory name of the recycle bin is .trash. To display files in the recycle bin, use either of the following methods:

· Execute the dir /all .trash command.

· Execute the cd .trash command and then the dir command.

Examples

# Display information about all files and directories in the current directory.

<Sysname> dir /all

Directory of flash:/

...

# Display files and directories in the root directories of all file systems on the device.

<Sysname> dir /all-filesystems

Directory of flash:/

...

# (IRF-capable devices.) Display information about all files and directories in the cfa0: file system on the master.

<Sysname> dir /all

Directory of cfa0:/

...

# (IRF-capable devices.) Display files and directories in the root directories of all file systems in the IRF fabric.

<Sysname> dir /all-filesystems

Directory of cfa0:/

...

Directory of slot1#cfa0:/

...

# (IRF-capable devices.) Display information about all files and directories in the cfa0: file system of the subordinate member with the member ID 2.

<Sysname> cd slot2#cfa0:/

<Sysname> dir /all

Directory of slot2#cfa0:/

...

Table 21 Command output

Field	Description
Directory of	Current directory.
0 -rwh 3144 Apr 26 2014 13:45:28 xx.xx	File or directory information: · 0—File or directory number, which is automatically allocated by the system. · -rwh—Attributes of the file or directory. The first character is the directory indicator (d for directory and – for file). The second character indicates whether the file or directory is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The fourth character indicates whether the file or directory is hidden (h for hidden, - for visible). Modifying, renaming, or deleting hidden files might affect functions. · 3144—File size in bytes. For a directory, a hyphen (-) is displayed. · Apr 26 2014 13:45:28—Last date and time when the file or directory was modified. · xx.xx—File or directory name.

Field

Description

Directory of

Current directory.

0 -rwh 3144 Apr 26 2014 13:45:28 xx.xx

File or directory information:

· 0—File or directory number, which is automatically allocated by the system.

· -rwh—Attributes of the file or directory. The first character is the directory indicator (d for directory and – for file). The second character indicates whether the file or directory is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The fourth character indicates whether the file or directory is hidden (h for hidden, - for visible). Modifying, renaming, or deleting hidden files might affect functions.

· 3144—File size in bytes. For a directory, a hyphen (-) is displayed.

· Apr 26 2014 13:45:28—Last date and time when the file or directory was modified.

· xx.xx—File or directory name.

file prompt

Use file prompt to set the operation mode for files and directories.

Use undo file prompt to restore the default.

Syntax

file prompt { alert | quiet }

undo file prompt

Default

The operation mode is alert. The system prompts for confirmation when you perform a destructive file or directory operation.

Views

System view

Predefined user roles

network-admin

Parameters

alert: Prompts for confirmation when a destructive file or directory operation is being performed.

quiet: Gives no confirmation prompt for file or directory operations.

Usage guidelines

In quiet mode, the system does not prompt for confirmation when a user performs a file or directory operation. The alert mode provides an opportunity to cancel a disruptive operation.

Examples

# Set the file and directory operation mode to alert.

<Sysname> system-view

[Sysname] file prompt alert

format

Use format to format a file system.

Syntax

format filesystem

Views

User view

Predefined user roles

network-admin

Parameters

filesystem: Specifies the name of a file system.

Usage guidelines

Formatting a file system permanently deletes all files in the file system. If a startup configuration file exists in the file system, back it up if necessary.

You can format a file system only when no other users are accessing the medium.

Examples

# Format the file system flash:.

<Sysname> format flash:

All data on flash: will be lost, continue? [Y/N]:y

Formatting flash:... Done.

gunzip

Use gunzip to decompress a file.

Syntax

gunzip file

Views

User view

Predefined user roles

network-admin

Parameters

file: Specifies the name of the file to be decompressed. This argument must have .gz as the extension.

Usage guidelines

This command deletes the specified file after decompressing it.

Examples

# Decompress the file system.bin.gz:

1. Before decompressing the file, you can display files whose names start with the system. string.

<Sysname> dir system.*

Directory of flash:

1 -rw- 20 Jun 14 2012 10:18:53 system.bin.gz

472972 KB total (472840 KB free)

2. Decompress the file system.bin.gz.

<Sysname> gunzip system.bin.gz

Decompressing file flash:/system.bin.gz..... Done.

3. Verify the decompress operation.

<Sysname> dir system.*

Directory of flash:

1 -rw- 0 May 30 2012 11:42:25 system.bin

472972 KB total (472844 KB free)

gzip

Use gzip to compress a file.

Syntax

gzip file

Views

User view

Predefined user roles

network-admin

Parameters

file: Specifies the name of the file to be compressed. The compressed file will be saved to the file.gz file.

Usage guidelines

This command deletes the specified file after compressing it.

Examples

# Compress the file system.bin:

1. Before compressing the file, you can display files whose names start with system.

<Sysname> dir system.*

Directory of flash:

1 -rw- 0 May 30 2012 11:42:24 system.bin

472972 KB total (472844 KB free)

2. Compress the file system.bin.

<Sysname> gzip system.bin

Compressing file flash:/system.bin..... Done.

3. Verify the compress operation.

<Sysname> dir system.*

Directory of flash:

1 -rw- 20 Jun 14 2012 10:18:53 system.bin.gz

472972 KB total (472840 KB free)

md5sum

Use md5sum to use the MD5 algorithm to calculate the digest of a file.

Syntax

md5sum file

Views

User view

Predefined user roles

network-admin

network-operator

Parameters

file: Specifies the name of a file.

Usage guidelines

You can use file digests to verify file integrity.

Examples

# Use the MD5 algorithm to calculate the digest of file system.bin.

<Sysname> md5sum system.bin

MD5 digest:

4f22b6190d151a167105df61c35f0917

mkdir

Use mkdir to create a directory in the current directory.

Syntax

mkdir directory

Views

User view

Predefined user roles

network-admin

Parameters

directory: Specifies a directory.

Usage guidelines

The name of the directory to be created must be unique in the specified directory.

You can create a directory only in an existing directory. For example, to create the flash:/test/mytest directory, make sure the test directory already exists.

Examples

# Create the test directory in the current directory.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Create the test/subtest directory in the current directory.

<Sysname> mkdir test/subtest

Creating directory flash:/test/subtest... Done.

Use more to display the contents of a text file.

Syntax

more file

Views

User view

Predefined user roles

network-admin

Parameters

file: Specifies the name of a file.

Examples

# Display the contents of the test.txt file.

<Sysname> more test.txt

Have a nice day.

# Display the contents of the testcfg.cfg file.

<Sysname> more testcfg.cfg

version 7.1.064, ESS 5103

sysname Sysname

---- More ----

move

Use move to move a file.

Syntax

move source-file { dest-file | dest-directory }

Views

User view

Predefined user roles

network-admin

Parameters

source-file: Specifies the name of the source file.

dest-file: Specifies the name of the destination file.

dest-directory: Specifies the name of the destination directory.

Usage guidelines

If you specify a destination directory, the system moves the source file to the specified directory without changing the file name.

Examples

# Move the flash:/test/sample.txt file to flash:/, and save it as 1.txt.

<Sysname> move test/sample.txt 1.txt

Move flash:/test/sample.txt to flash:/1.txt? [Y/N]:y

Moving file flash:/test/sample.txt to flash:/1.txt ...Done.

# Move the b.cfg file to the directory test2.

<Sysname> move b.cfg test2

Move flash:/b.cfg to flash:/test2/b.cfg? [Y/N]:y

Moving file flash:/b.cfg to flash:/test2/b.cfg... Done.

pwd

Use pwd to display the working directory.

Syntax

pwd

Views

User view

Predefined user roles

network-admin

Examples

# Display the working directory.

<Sysname> pwd

flash:

rename

Use rename to rename a file or directory.

Syntax

rename { source-file | source-directory } { dest-file | dest-directory }

Views

User view

Predefined user roles

network-admin

Parameters

source-file: Specifies the name of the source file.

source-directory: Specifies the name of the source directory.

dest-file: Specifies the name of the destination file.

dest-directory: Specifies the name of the destination directory.

Usage guidelines

This command is not executed if the destination file or directory name is already used by an existing file or directory in the working directory.

Examples

# Rename the copy.cfg file as test.cfg.

<Sysname> rename copy.cfg test.cfg

Rename flash:/copy.cfg as flash:/test.cfg? [Y/N]:y

Renaming flash:/copy.cfg as flash:/test.cfg... Done.

reset recycle-bin

Use reset recycle-bin to delete files from the recycle bin.

Syntax

reset recycle-bin [ /force ]

Views

User view

Predefined user roles

network-admin

Parameters

/force: Deletes all files in the recycle bin without prompting for confirmation. If you do not specify this option, the command prompts you to confirm the deletion.

Usage guidelines

The delete file command only moves a file to the recycle bin. To permanently delete the file, use the reset recycle-bin command to clear the recycle bin.

If a file is corrupted, you might not be able to delete the file by using the reset recycle-bin command. In this case, use the reset recycle-bin /force command.

Examples

# Empty the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg? [Y/N]:y

Clearing file flash:/a.cfg... Done.

Clear flash:/b.cfg? [Y/N]:y

Clearing file flash:/b.cfg... Done.

# Delete the b.cfg file from the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg? [Y/N]:n

Clear flash:/b.cfg? [Y/N]:y

Clearing file flash:/b.cfg... Done.

Related commands

delete

rmdir

Use rmdir to delete a directory.

Syntax

rmdir directory

Views

User view

Predefined user roles

network-admin

Parameters

directory: Specifies a directory.

Usage guidelines

To delete a directory, you must delete all files and subdirectories in the directory permanently or move them to the recycle bin. If you move them to the recycle bin, executing the rmdir command permanently deletes them.

Examples

# Delete the subtest directory.

<Sysname> rmdir subtest/

Remove directory flash:/test/subtest and the files in the recycle-bin under this directory will be deleted permanently. Continue? [Y/N]:y

Removing directory flash:/test/subtest... Done.

sha256sum

Use sha256sum to use the SHA-256 algorithm to calculate the digest of a file.

Syntax

sha256sum file

Views

User view

Predefined user roles

network-admin

Parameters

file: Specifies the name of a file.

Usage guidelines

You can use file digests to verify file integrity.

Examples

# Use the SHA-256 algorithm to calculate the digest of file system.bin.

<Sysname> sha256sum system.bin

SHA256 digest:

0851e0139f2770e87d01ee8c2995ca9e59a8f5f4062e99af14b141b1a36ca152

tar create

Use tar create to archive files and directories.

Syntax

tar create [ gz ] archive-file dest-file [ verbose ] source { source-file | source-directory }&<1-5>

Views

User view

Predefined user roles

network-admin

Parameters

gz: Uses gzip to compress the files and directories before archiving them. If you do not specify this keyword, the command archives the files and directories without compressing them.

archive-file dest-file: Specifies the archive file name. If you specified the gz keyword, the suffix of the archive file name must be .tar.gz. If you did not specify the gz keyword, the suffix of the archive file name must be .tar.

verbose: Displays the names of the successfully archived files and directories. If you do not specify this keyword, the command does not display the names of the successfully archived files and directories.

source { source-file | source-directory }&<1-5>: Specifies the files and directories to be archived. The argument can be a space-separated list of up to five items. Each item can be a file or directory name.

Examples

# Archive the files 1.cfg, 2.cfg, and the directory test to the file a.tar.

<Sysname> tar create archive-file a.tar source 1.cfg 2.cfg test

Creating archive flash:/a.tar Done.

# Compress and archive the files 1.cfg, 2.cfg, and the directory test to b.tar.gz.

<Sysname> tar create gz archive-file b.tar.gz source 1.cfg 2.cfg test

Creating archive flash:/b.tar.gz Done.

# Compress and archive files and directories, and display the successfully archived files and directories.

<Sysname> tar create gz archive-file c.tar.gz verbose source 1.cfg 2.cfg test

1.cfg

2.cfg

test/

test/a.log

test/subtest/

test/subtest/aa.log

Related commands

· tar extract

· tar list

tar extract

Use tar extract to extract files and directories.

Syntax

tar extract archive-file file [ verbose ] [ screen | to directory ]

Views

User view

Predefined user roles

network-admin

Parameters

archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.

verbose: Displays the names of the successfully extracted files and directories.

screen: Displays the content of the extracted files and directories on the screen. The extracted files are not saved.

to directory: Saves the extracted files and directories to a different directory. The directory argument specifies the directory.

Usage guidelines

If you do not specify the screen keyword or the to directory option, the command saves the extracted files and directories to the working directory.

The command saves the extracted files and directories by using their original names. If a file or directory that has the same name as an extracted file or directory already exists in the destination directory, the file or directory is overwritten.

Examples

# Extract files and directories from archive file a.tar.

<Sysname> tar extract archive-file a.tar

Extracting archive flash:/a.tar Done.

# Extract files and directories from archive file a.tar, and display the names of the successfully extracted files and directories.

<Sysname> tar extract archive-file a.tar.gz verbose

1.cfg

2.cfg

test/

test/a.log

test/subtest/

test/subtest/aa.log

# Extract files and directories from archive file a.tar, and display the content of the files on the screen.

<Sysname> tar extract archive-file a.tar.gz screen

version 7.1.055, Demo 2501008

sysname Sysname

...

Related commands

· tar create

· tar list

tar list

Use tar list to display the names of archived files and directories.

Syntax

tar list archive-file file

Views

User view

Predefined user roles

network-admin

Parameters

archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.

Examples

# Display the names of archived files and directories.

<Sysname> tar list archive-file a.tar

1.cfg

2.cfg

test/

test/a.log

test/subtest/

test/subtest/aa.log

Related commands

· tar create

· tar extract

undelete

Use undelete to restore a file from the recycle bin.

Syntax

undelete file

Views

User view

Predefined user roles

network-admin

Parameters

file: Specifies the name of the file to be restored.

Usage guidelines

If a file with the same name already exists in the directory, the system prompts whether or not you want to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.

Examples

# Restore the copy.cfg file, which was moved from the flash: directory to the recycle bin.

<Sysname> undelete copy.cfg

Undelete flash:/copy.cfg? [Y/N]:y

Undeleting file flash:/copy.cfg... Done.

# Restore the startup.cfg file, which was moved from the flash:/seclog directory to the recycle bin.

· Method 1:

<Sysname> undelete seclog/startup.cfg

Undelete flash:/seclog/startup.cfg? [Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.

· Method 2:

<Sysname> cd seclog

<Sysname> undelete startup.cfg

Undelete flash:/seclog/startup.cfg? [Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.

Configuration file management commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

archive configuration

Use archive configuration to manually archive the running configuration to the configuration archive directory.

Syntax

archive configuration

Views

User view

Predefined user roles

network-admin

Usage guidelines

Before manually archiving the running configuration, you must use the archive configuration location command to specify a directory and a name prefix for the configuration archives.

Configuration archive facilitates configuration rollback. It provides manual and automatic methods for saving the running configuration. For more information about the archiving mechanism, see the section about configuration rollback in Fundamentals Configuration Guide.

Examples

# Archive the running configuration.

<Sysname> archive configuration

Save the running configuration to an archive file. Continue? [Y/N]: Y

The archive configuration file myarchive_1.cfg is saved.

Related commands

· archive configuration interval

· archive configuration location

· archive configuration max

· display archive configuration

archive configuration interval

Use archive configuration interval to enable automatic running-configuration archiving and set the archiving interval.

Use undo archive configuration interval to restore the default.

Syntax

archive configuration interval minutes

undo archive configuration interval

Default

The system does not automatically archive the running configuration.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the interval (in minutes) for automatically saving the running configuration. The value range is 10 to 525600 (365 days).

Usage guidelines

Before enabling automatic configuration archiving, use the archive configuration location command to specify the configuration archive directory and archive file name prefix.

Configuration archive is a feature that facilitates configuration rollback. It provides manual and automatic methods for saving the running configuration.

Automatic configuration archiving enables the system to periodically save the running configuration to the archive directory. After the system finishes an automatic archive, it resets the archiving interval timer. For more information about the archiving mechanism, see the section about configuration rollback in Fundamentals Configuration Guide.

Change the archiving interval depending on the available amount of storage space. The shorter the interval, the more amount of free storage space is required.

Examples

# Set the system to archive the running configuration every 60 minutes.

<Sysname> system-view

[Sysname] archive configuration interval 60

Archive files will be saved every 60 minutes.

Related commands

· archive configuration

· archive configuration location

· archive configuration max

· display archive configuration

archive configuration location

Use archive configuration location to set the directory and file name prefix for archiving the running configuration.

Use undo archive configuration location to restore the default.

Syntax

archive configuration location directory filename-prefix filename-prefix

undo archive configuration location

Default

No configuration archive directory or configuration archive file name prefix has been set.

Views

System view

Predefined user roles

network-admin

Parameters

directory: Specifies the archive directory, a string of 1 to 63 characters. The value for this argument must take the format of storage-medium-name:/folder-name. The directory must already exist on the master. (IRF-capable devices.)

filename-prefix: Specifies a file name prefix for configuration archives, a case-insensitive string of 1 to 30 characters. Valid characters are letters, digits, underscores (_), and hyphens (-).

Usage guidelines

Before archiving the running configuration, either manually or automatically, you must set a directory and file name prefix for configuration archives.

In an IRF fabric, the configuration archive feature saves the running configuration only on the master device. To make sure the system can archive the running configuration after a master/subordinate switchover, create the directory on all IRF members.

Configuration archives are named in the format of prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1.

If you change the file directory or file name prefix, or reboot the device, the following events occur:

· The old configuration archives change to common configuration files.

· The configuration archive counter is reset.

· The display archive configuration command no longer displays the old configuration archives.

· The serial number for new configuration archives starts at 1.

The undo archive configuration location command removes the configuration archive directory and file name prefix settings. The command also performs the following operations:

· Disables the configuration archive feature (both manual and automatic methods).

· Restores the default settings of the archive configuration interval and archive configuration max commands.

· Clears the configuration archive information displayed by using the display archive configuration command.

Examples

# Set the configuration archive directory as flash:/archive and the archive file name prefix as my_archive.

<Sysname> mkdir flash:/archive

Creating directory flash:/archive... Done.

<Sysname> system-view

[Sysname] archive configuration location flash:/archive filename-prefix my_archive

Related commands

· archive configuration

· archive configuration location

· archive configuration max

· display archive configuration

archive configuration max

Use archive configuration max to set the maximum number of configuration archives.

Use undo archive configuration max to restore the default.

Syntax

archive configuration max file-number

undo archive configuration max

Default

Up to five configuration archives can be saved.

Views

System view

Predefined user roles

network-admin

Parameters

file-number: Specifies the maximum number of configuration archives that can be saved. The value range is 1 to 10. Adjust the setting depending on the amount of storage space available.

Usage guidelines

Before you can set a limit on configuration archives, use the archive configuration location command to specify a configuration archive directory and archive file name prefix.

After the maximum number of configuration archives is reached, the system deletes the oldest archive for the new archive.

Changing the limit setting to a lower value does not cause immediate deletion of excess archives. Instead, the configuration archive feature deletes the oldest n files when a new archive is manually or automatically saved, where n = current archive count – new archive limit + 1.

Suppose seven configuration archives have been saved before the archive limit is set to four. When saving a new configuration archive, the system first deletes the oldest four (7 – 4 + 1) archives.

If you execute the undo archive configuration location command, the default archive limit is restored.

Examples

# Set the maximum number of configuration archives to 10.

<Sysname> system-view

[Sysname] archive configuration max 10

Related commands

· archive configuration

· archive configuration location

· archive configuration interval

· display archive configuration

backup startup-configuration

Use backup startup-configuration to back up the main next-startup configuration file to a TFTP server.

Syntax

backup startup-configuration to { ipv4-server | ipv6 ipv6-server } [ dest-filename ]

Views

User view

Predefined user roles

network-admin

Parameters

ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

dest-filename: Specifies the target file name used for saving the file on the server. The file must be a .cfg file. If you do not specify a target file name, the source file name is used.

Examples

# Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2, and set the target file name to 192-168-1-26.cfg.

<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg

Backing up the main startup configuration file to 2.2.2.2...

Done.

# Back up the main next-startup configuration file to the IPv6 TFTP server at 2001::2, and set the target file name to 192-168-1-26.cfg.

<Sysname> backup startup-configuration to ipv6 2001::2 192-168-1-26.cfg

Backing up the main startup configuration file to 2001::2...

Done.

Related commands

restore startup-configuration

configuration encrypt

Use configuration encrypt to enable configuration encryption.

Use undo configuration encrypt to restore the default.

Syntax

configuration encrypt { private-key | public-key }

undo configuration encrypt

Default

Configuration encryption is disabled. The running configuration is saved to a configuration file without encryption.

Views

System view

Predefined user roles

network-admin

Parameters

private-key: Encrypts configuration with a private key. All H3C devices running Comware 7 software use the same private key.

public-key: Encrypts configuration with a public key. All H3C devices running Comware 7 software use the same public key.

Usage guidelines

Configuration encryption enables the device to automatically encrypt a configuration file when saving the running configuration to the file.

Only H3C devices running Comware 7 software can decrypt the encrypted configuration file.

Examples

# Enable the public-key method for configuration encryption.

<Sysname> system-view

[Sysname] configuration encrypt public-key

configuration replace file

Use configuration replace file to perform configuration rollback.

Syntax

configuration replace file filename

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies the path of the replacement configuration file, a string of up to 255 characters. The file must be a .cfg file.

Usage guidelines

To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback feature. This feature helps you revert to a previous configuration state or adapt the running configuration to different network environments.

To ensure a successful rollback, follow these guidelines:

· Make sure the replacement configuration file is created by using the configuration archive feature or the save command on the device.

· If the configuration file is not created on the device, make sure the command lines in the configuration file are fully compatible with the device.

· Make sure the replacement configuration file is not encrypted.

Examples

# Replace the running configuration with the configuration in the my_archive_1.cfg configuration file.

<Sysname> system-view

[Sysname] configuration replace file my_archive_1.cfg

Current configuration will be lost, save current configuration? [Y/N]:n

Now replacing the current configuration. Please wait...

Succeeded in replacing current configuration with the file my_archive_1.cfg.

display archive configuration

Use display archive configuration to display configuration archive information, including the archive directory, archive prefix, archive interval, maximum number of archives, and saved archives.

Syntax

display archive configuration

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display configuration archive information.

<Sysname> display archive configuration

Location: flash:/archive

Filename prefix: my_archive

Archive interval in minutes: 120

Maximum number of archive files: 10

Saved archive files:

No. TimeStamp FileName

1 Thur Dec 15 14:20:18 2016 my_archive_1.cfg

2 Thur Dec 15 14:33:10 2016 my_archive_2.cfg

# 3 Thur Dec 15 14:49:37 2016 my_archive_3.cfg

'#' indicates the most recent archive file.

Next archive file to be saved: my_archive_4.cfg

Table 22 Command output

Field	Description
Location	Absolute path of the directory for saving running-configuration archives.
Filename prefix	File name prefix for configuration archives.
Archive interval in minutes	Interval (in minutes) for the system to automatically archive the running configuration. If automatic configuration saving is disabled, this field is not available.
Maximum number of archive files	Maximum number of configuration archives that can be saved.
Saved archive files	Configuration archives that have been saved.
TimeStamp	Time when the configuration archive was created.

Related commands

· archive configuration

· archive configuration interval

· archive configuration location

· archive configuration max

display current-configuration

Use display current-configuration to display the running configuration.

Syntax

display current-configuration [ configuration [ module-name ] | exclude-provision | interface [ interface-type [ interface-number ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

configuration [ module-name ]: Displays feature configuration. The module-name argument specifies a feature module. If you do not specify a feature module, the command displays all feature settings you have made.

exclude-provision: Excludes preprovisioned settings from the running configuration.

interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the interface-type argument represents the interface type and the interface-number argument represents the interface number.

Usage guidelines

Use this command to verify the configuration you have made.

If the system has automatically changed the setting you have made for a parameter, this command displays the effective setting instead of the configured one. An automatic change typically occurs because of system restrictions.

This command does not display parameters that are using the default settings.

Examples

# Display local user configuration.

<Sysname> display current-configuration configuration local-user

local-user ftp

password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==

service-type ftp

authorization-attribute user-role network-operator

local-user root

password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==

service-type ssh telnet terminal

authorization-attribute user-role network-admin

return

display current-configuration diff

Use display current-configuration diff to display the differences that the running configuration has as compared with the next-startup configuration.

Syntax

display current-configuration diff

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command compares the running configuration with the next-startup configuration in the following steps:

1. Compares the running configuration with the main next-startup configuration file.

2. If the main next-startup configuration file is unavailable, this command compares the running configuration with the backup next-startup configuration file.

If both the main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist.

Examples

# Display the differences that the running configuration has as compared with the next-startup configuration.

<Sysname> display current-configuration diff

--- Startup configuration

+++ Current configuration

@@ -17,7 +17,9 @@

vlan 200

-vlan 300

+vlan 400

+vlan 500

interface Vlan-interface1

Table 23 Command output

Field	Description
- - - A +++ B	· A represents the source configuration for comparison, which can be Startup configuration, Current configuration, or the name of the source configuration file with its directory information. · B represents the target configuration for comparison, which can be Current configuration, Startup configuration, or the name of the target configuration file with its directory information. In this example, the startup configuration and the current configuration are the source and target, respectively.
@@ -linenumber1,number1 +linenumber2,number2 @@	Location information for identifying the command line differences: · -linenumber1,number1—Source configuration section that contains differences. The linenumber1 argument represents the start line of the section. The number1 argument represents the number of lines between the start line and the end line of the section. · +linenumber2,number2—Target configuration section that contains differences. The linenumber2 argument represents the start line of the section. The number2 argument represents the number of lines between the start line and the end line of the section.
cmd1 - cmd2 + cmd3 cmd4	Displays command differences. · cmd1 and cmd4—Command lines are contained in both source and target configurations if they are not prefixed with a minus (-) or plus (+) sign. They provide a context for locating command line differences. · - cmd2—Command lines are prefixed with a minus sign if they are contained in the source configuration but not in the target configuration. · + cmd3—Command lines are prefixed with a plus sign if they are contained in the target configuration but not in the source configuration. In this example, the sample output shows that VLAN 200 and VLAN-interface 1 are contained in both configurations, VLAN 400 and VLAN 500 are contained only in the running configuration, and VLAN 300 is contained only in the next-startup configuration.

Field

Description

- - - A

+++ B

· A represents the source configuration for comparison, which can be Startup configuration, Current configuration, or the name of the source configuration file with its directory information.

· B represents the target configuration for comparison, which can be Current configuration, Startup configuration, or the name of the target configuration file with its directory information.

In this example, the startup configuration and the current configuration are the source and target, respectively.

@@ -linenumber1,number1 +linenumber2,number2 @@

Location information for identifying the command line differences:

· -linenumber1,number1—Source configuration section that contains differences. The linenumber1 argument represents the start line of the section. The number1 argument represents the number of lines between the start line and the end line of the section.

· +linenumber2,number2—Target configuration section that contains differences. The linenumber2 argument represents the start line of the section. The number2 argument represents the number of lines between the start line and the end line of the section.

cmd1

- cmd2

+ cmd3

cmd4

Displays command differences.

· cmd1 and cmd4—Command lines are contained in both source and target configurations if they are not prefixed with a minus (-) or plus (+) sign. They provide a context for locating command line differences.

· - cmd2—Command lines are prefixed with a minus sign if they are contained in the source configuration but not in the target configuration.

· + cmd3—Command lines are prefixed with a plus sign if they are contained in the target configuration but not in the source configuration.

In this example, the sample output shows that VLAN 200 and VLAN-interface 1 are contained in both configurations, VLAN 400 and VLAN 500 are contained only in the running configuration, and VLAN 300 is contained only in the next-startup configuration.

Related commands

· display current-configuration

· display diff

· display saved-configuration

display default-configuration

Use display default-configuration to display the factory defaults.

Syntax

display default-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The device is shipped with some basic settings called factory defaults. These default settings ensure that the device can start up and run correctly when it does not have a startup configuration file or the configuration file is corrupt.

Factory defaults vary by device models and might differ from the initial default settings for the commands.

Examples

# Display the factory defaults.

<Sysname> display default-configuration

display diff

Use display diff to display differences between configurations.

Syntax

display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration }

display diff current-configuration { configfile file-name-d | startup-configuration }

display diff startup-configuration { configfile file-name-d | current-configuration }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

configfile file-name-s: Specifies the source configuration file for comparison.

configfile file-name-d: Specifies the target configuration file for comparison.

current-configuration: Specifies the running configuration. In the display diff current-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff startup-configuration commands, this keyword specifies the target configuration.

startup-configuration: Specifies the next-startup configuration. In the display diff startup-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff current-configuration commands, this keyword specifies the target configuration.

Usage guidelines

If you specify the startup-configuration keyword, the system searches for the next-startup configuration for comparison in the following order:

1. The main next-startup configuration file.

2. The backup next-startup configuration file if the main next-startup configuration file is unavailable.

If both the main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist.

Examples

# Display the differences between startup.cfg and test.cfg.

<Sysname> display diff configfile startup.cfg configfile test.cfg

--- flash:/startup.cfg

+++ flash:/test.cfg

@@ -17,7 +17,9 @@

vlan 200

-vlan 300

+vlan 400

+vlan 500

interface Vlan-interface1

The output shows that VLAN 200 and VLAN-interface 1 are contained in both configurations, VLAN 400 and VLAN 500 are contained only in test.cfg, and VLAN 300 is contained only in startup.cfg.

# Display the differences between the running configuration and the next-startup configuration.

<Sysname> display diff current-configuration startup-configuration

--- Current configuration

+++ Startup configuration

@@ -17,9 +17,7 @@

vlan 200

-vlan 400

-vlan 500

+vlan 300

interface Vlan-interface1

The output shows that VLAN 200 and VLAN-interface 1 are contained in both configurations, VLAN 400 and VLAN 500 are contained only in the running configuration, and VLAN 300 is contained only in the next-startup configuration.

For information about the command output descriptions, see Table 23.

Related commands

· display current-configuration

· display current-configuration diff

· display saved-configuration

display saved-configuration

Use display saved-configuration to display the contents of the configuration file for the next system startup.

Syntax

display saved-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Use this command to verify that important settings have been saved to the configuration file for the next system startup.

This command selects the configuration file to display in the following order:

1. If the main startup configuration file is available, this command displays the contents of the main startup configuration file.

2. If only the backup startup configuration file is available, this command displays the contents of the backup file.

3. If both the main and backup startup configuration files are not available, this command does not display anything.

Examples

# Display the contents of the configuration file for the next system startup.

<Sysname> display saved-configuration

version 7.1.064, ESS 5103

sysname Sysname

telnet server enable

password-recovery enable

vlan 1

---- More ----

Related commands

· reset saved-configuration

· save

display startup

Use display startup to display the names of the current startup configuration file and the next-startup configuration files.

Syntax

display startup

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Current startup configuration file is the configuration file that has been loaded. Next-startup configuration file is the configuration file used at the next startup.

In an IRF fabric, all IRF members use the same current startup configuration file as the master. After a master/subordinate switchover, it is normal that the current startup configuration files on all IRF members are displayed as NULL. This is because the new master continues to run with the running configuration rather than rebooting with a startup configuration file.

Examples

# (WX1800H ACs.) Display names of the startup configuration files.

<Sysname> display startup

Current startup saved-configuration file: flash:/startup.cfg

Next main startup saved-configuration file: flash:/startup.cfg

Next backup startup saved-configuration file: NULL

Table 24 Command output

Field	Description
Current startup saved-configuration file	Configuration file that the device has started up with.
Next main startup saved-configuration file	Primary configuration file to be used at the next startup.
Next backup startup saved-configuration file	Backup configuration file to be used at the next startup.

# Display names of the startup configuration files.

<Sysname> display startup

MainBoard:

Current startup saved-configuration file: cfa0:/startup.cfg

Next main startup saved-configuration file: cfa0:/startup.cfg

Next backup startup saved-configuration file: NULL

Slot 1:

Current startup saved-configuration file: cfa0:/startup.cfg

Next main startup saved-configuration file: cfa0:/startup.cfg

Next backup startup saved-configuration file: NULL

Table 25 Command output

Field	Description
MainBoard	Displays the startup configuration files on the master device.
Current startup saved-configuration file	Configuration file that the device has started up with.
Next main startup saved-configuration file	Primary startup configuration file to be used at the next startup.
Next backup startup saved-configuration file	Backup startup configuration file to be used at the next startup.
Slot n	Displays the startup configuration files on member device n.

Related commands

startup saved-configuration

display this

Use display this to display the running configuration in the current view.

Syntax

display this

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Use this command to verify the configuration you have made in a certain view.

This command does not display parameters that are using the default settings.

Some parameters can be successfully set even if their dependent features are not enabled. For these parameters, this command displays their settings after the dependent features are enabled.

This command can be executed in any user line view to display the running configuration of all user lines.

Examples

# Display the running configuration in system view.

<Sysname> system-view

[Sysname] display this

sysname Sysname

clock summer-time PDT 06:00:00 08/01 06:00:00 09/01 01:00:00

alias shiprt display ip routing-table

telnet server enable

configuration encrypt public-key

dhcp enable

loopback-detection global action shutdown

password-recovery enable

stp instance 0 root secondary

stp instance 2 root primary

stp port-log instance 0

stp vlan 2 root primary

stp ignore-pvid-inconsistency

stp global enable

scheduler logfile size 16

ip route-static fast-reroute auto

undo info-center enable

undo info-center logfile enable

domain default enable system

ip http enable

ip https enable

return

reset saved-configuration

Use reset saved-configuration to delete a next-startup configuration file.

Syntax

reset saved-configuration [ backup | main ]

Views

User view

Predefined user roles

network-admin

Parameters

backup: Deletes the backup next-startup configuration file.

main: Deletes the main next-startup configuration file.

Usage guidelines

CAUTION:

Use this command with caution. This command deletes the specified next-startup configuration file permanently from the device. (IRF-incapable devices.)

Use this command with caution. This command permanently deletes the specified next-startup configuration file from all IRF member devices. (IRF-capable devices.)

Delete a next-startup configuration file if it does not match the software version or is corrupted.

You can delete the main file, the backup file, or both.

To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.

For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL. However, the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.

If you do not specify a configuration file attribute, the reset saved-configuration command deletes the main next-startup configuration file.

Examples

# (WX1800H ACs.) Delete the main next-startup configuration file.

<Sysname> reset saved-configuration

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in flash: is being cleared.

Please wait ...........

Configuration file is cleared.

# Delete the backup next-startup configuration file.

<Sysname> reset saved-configuration backup

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in cfa0: is being cleared.

Please wait ...

MainBoard:

Configuration file is cleared.

Slot 2:

Erase next configuration file successfully

Related commands

display saved-configuration

restore startup-configuration

Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the main next-startup configuration file.

Syntax

restore startup-configuration from { ipv4-server | ipv6 ipv6-server } src-filename

Views

User view

Predefined user roles

network-admin

Parameters

src-filename: Specifies the file name of the configuration file to be downloaded. The file must be a .cfg file. The file name is a case-insensitive string of up to 255 characters.

Usage guidelines

Before restoring the configuration file for the next startup, make sure the following requirements are met:

· The server is reachable.

· The server is enabled with TFTP service.

· You have read and write permissions to the server.

This command downloads the configuration file to the root directory of the default storage medium on the device and specifies the file as the main next-startup configuration file. If the default storage medium has been partitioned, the configuration file is downloaded to the first partition. For IRF-capable devices, this command applies to all IRF member devices.

Examples

# (WX1800H ACs.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2, and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 test.cfg

Restoring the next startup-configuration file from 2.2.2.2....

Done.

# Download config.cfg from the IPv4 TFTP server at 2.2.2.2, and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 config.cfg

Restoring the next startup-configuration file from 2.2.2.2...

Done.

Related commands

backup startup-configuration

save

Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.

Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of a storage medium. This command automatically specifies the file as a next-startup configuration file. In an IRF fabric, this command saves the file on each member device.

Syntax

save file-url [ all | slot slot-number ]

save [ safely ] [ backup | main ] [ force ] [ changed ]

Views

Any view

Predefined user roles

network-admin

Parameters

file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file. If you specify the all keyword or a member ID, the file path cannot include a member ID. If the file path includes a folder name, the folder must already exist.

all: Saves the running configuration to all IRF member devices. If you do not specify this keyword or the slot slot-number option, the command saves the running configuration only to the master. The following matrix shows the all keyword and hardware compatibility:

Hardware series	Model	Keyword compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

slot slot-number: Specifies an IRF subordinate device by its member ID. If you do not specify a subordinate device or the all keyword, this command saves the running configuration only to the master. For IRF-incapable devices, do not specify this option.

safely: Saves the configuration file in safe mode. If you do not specify this keyword, the device saves the configuration file in fast mode. Safe mode is slower than fast mode, but more secure. As a best practice, specify the safely keyword for this command.

backup: Saves the running configuration to a configuration file, and specifies the file as the backup next-startup configuration file. If you do not specify this keyword or the main keyword, the command specifies the saved file as the main next-startup configuration file.

main: Saves the running configuration to a configuration file, and specifies the file as the main next-startup configuration file. If you do not specify this keyword or the backup keyword, the command specifies the saved file as the main next-startup configuration file.

force: Saves the running configuration without prompting for confirmation. If you do not specify this keyword, the system prompts you to confirm the operation. If you do not confirm the operation within 30 seconds, the system automatically aborts the operation. If you enter Y within the time limit, you can continue the save process and change the target file name during the process.

changed: Overwrites the target configuration file with the running configuration if an inconsistency is detected between the settings in the configuration file and the running configuration. The save command does not take effect if no inconsistency is detected. If you do not specify this keyword, the save command always overwrites the configuration file with the running configuration.

Usage guidelines

If the file specified for this command does not exist, the system creates the file before saving the configuration. If the file already exists, the system prompts you to confirm whether to overwrite the file. If you choose to not overwrite the file, the system cancels the save operation.

This command saves the running configuration to an .mdb binary file as well as a .cfg text file. The two files use the same file name. An .mdb file takes less time to load than a .cfg file.

In safe mode, the system saves configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot, power failure, out of memory, or out of storage space event occurs during the save operation, the next-startup configuration file is retained.

In fast mode, the device directly overwrites the target next-startup configuration file. If a reboot, power failure, out of memory, or out of storage event occurs during this process, the next-startup configuration file is lost.

Examples

# Save the running configuration to backup.cfg, without specifying the file as the next-startup configuration file.

<Sysname> save backup.cfg

The current configuration will be saved to flash:/backup.cfg. Continue? [Y/N]:y

Now saving current configuration to the device.

Saving configuration flash:/backup.cfg. Please wait...

Configuration is saved to device successfully.

# Save the running configuration to the main next-startup configuration file without any confirmation required.

<Sysname> save force

Validating file. Please wait....

Saved the current configuration to mainboard device successfully.

# (WX1800H ACs.) Save the running configuration to a file in the root directory of the default storage medium, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/backup.cfg]

(To leave the existing filename unchanged, press the enter key):test.cfg

Validating file. Please wait............

Saved the current configuration to mainboard device successfully.

# Save the running configuration to a file in the root directory of a storage medium, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Slot 1:

Save next configuration file successfully.

Related commands

· display current-configuration

· display saved-configuration

startup saved-configuration

Use startup saved-configuration to specify a file as a next-startup configuration file.

Use undo startup saved-configuration to configure the system to start up with the factory defaults at the next startup.

Syntax

startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration

Default

No next-startup configuration files are specified.

Views

User view

Predefined user roles

network-admin

Parameters

cfgfile: Specifies the path of a configuration file, a string of up to 255 characters. The file must be a .cfg file. If the file is not on the default storage medium, you must specify the file name with storage medium information.

backup: Specifies the configuration file as the backup next-startup configuration file.

main: Specifies the configuration file as the main next-startup configuration file. This is the primary configuration file that the device attempts to load at startup. If the loading attempt fails, the device tries the backup next-startup configuration file.

Usage guidelines

CAUTION:

In an IRF fabric, the undo startup saved-configuration command can cause an IRF split after the IRF fabric or an IRF member reboots.

To successfully execute the startup saved-configuration command, make sure the specified file has been saved in the root directory of the storage medium.

In an IRF fabric, the startup saved-configuration command applies to all IRF members. To successfully execute this command, make sure the specified file has been saved in the root directory of the storage medium on each member.

If you do not specify the backup or main keyword, the startup saved-configuration command specifies the main next-startup configuration file.

As a best practice, specify different files as the main and backup next-startup configuration files.

The undo startup saved-configuration command changes the file attribute of the main and backup next-startup configuration files to NULL. However, the command does not delete the two configuration files.

You can also specify a configuration file as a next startup file when you use the save command to save the running configuration.

Examples

# Specify the main next-startup configuration file.

<Sysname> startup saved-configuration testcfg.cfg

Please wait ....... Done!

Related commands

display startup

Software upgrade commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

boot-loader file

Use boot-loader file to specify startup software image files.

Syntax

boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | slot slot-number } { backup | main }

boot-loader file ipe-filename { all | slot slot-number } { backup | main }

Views

User view

Predefined user roles

network-admin

Parameters

boot boot-package: Specifies a .bin boot image file in the [filesystemlocation]filesystemname:/filename.bin format. The file must be stored in the root directory of a file system on the device. The filesystemname:/filename.bin section can have a maximum of 63 characters. For more information about specifying a file, see file system management in Fundamentals Configuration Guide.

system system-package: Specifies a .bin system image file in the [filesystemlocation]filesystemname:/filename.bin format. The file must be stored in the root directory of a file system on the device. The filesystemname:/filename.bin section can have a maximum of 63 characters. For more information about specifying a file, see file system management in Fundamentals Configuration Guide.

feature feature-package: Specifies a space-separated list of up to 30 .bin feature image files. Specify each .bin file in the [filesystemlocation]filesystemname:/filename.bin format. The files must be stored in the root directory of a file system on the device. The filesystemname:/filename.bin section can have a maximum of 63 characters. For more information about specifying a file, see file system management in Fundamentals Configuration Guide.

ipe-filename: Specifies an .ipe image package file in the [filesystemlocation]filesystemname:/filename.ipe format. The file must be stored in the root directory of a file system on the device. The filesystemname:/filename.ipe section can have a maximum of 63 characters. For more information about specifying a file, see file system management in Fundamentals Configuration Guide.

all: Specifies startup images for all IRF member devices. If you specify this keyword, the system upgrades all IRF member devices in an IRF fabric.

The following matrix shows the all keyword and hardware compatibility:

Hardware series	Model	Keyword compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H	WX5860H	Yes

slot slot-number: Specifies the IRF member ID of a member device.

backup: Specifies the files as backup startup image files. Backup images are used only when main images are not available.

main: Specifies the files as main startup image files. The device always first attempts to start up with main startup files.

Usage guidelines

To avoid configuration failure, make sure no other users are configuring or managing the device.

Use this command to upgrade software images. To load the startup software images, you must reboot the system.

Before you specify startup software image files, perform the following tasks:

· On an IRF-incapable or standalone device, save the upgrade files to the root directory of the file system.

· On an IRF fabric, save the upgrade files to the root directory of the file system on an IRF member device.

· If the specified software images require a license, register and activate a license for each image. If a license-based software image lacks a license, the command execution result is as follows:

? If you specify .bin files, the command cannot be executed.

? If you specify an .ipe file, the command sets all images as startup images except for the image that does not have a license.

For more information about licensing, see Fundamentals Configuration Guide.

If you specify a subordinate device, the system examines the root directory of the file system on the specified device for any file with the same name as the specified startup upgrade file. If no such a file exists, the system copies the specified file to the specified device and sets it as a startup image file. If a file with the same name exists, you must choose whether to overwrite the file already on the specified device.

The boot-loader file command overwrites the entire startup software image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup software image list. The new startup software image list will contain only the feature image files that are specified in the command.

Examples

# (IRF-incapable devices.) Specify flash:/all.ipe as the main startup image file.

<Sysname> boot-loader file flash:/all.ipe main

Verifying the IPE file and the images............Done.

H3C WX1804H images in IPE:

boot.bin

system.bin

This command will set the main startup software images. Continue? [Y/N]:Y

Add images to the device.

File flash:/boot.bin already exists on the device.

File flash:/system.bin already exists on the device.

Overwrite the existing files? [Y/N]:Y

Decompressing file boot.bin to flash:/boot.bin........................Done.

Decompressing file system.bin to flash:/system.bin...............................Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on the device.

# (IRF-incapable devices.) Specify flash:/boot.bin and flash:/system.bin as the main startup boot and system image files.

<Sysname> boot-loader file boot flash:/boot.bin system flash:/system.bin main

This command will set the main startup software images. Continue? [Y/N]:y

The images that have passed all examinations will be used as the main startup software images at the next reboot on the device.

# (IRF-capable devices.) Specify cfa0:/all.ipe as the main startup image file for IRF member device 1.

<Sysname> boot-loader file cfa0:/all.ipe slot 1 main

Verifying the IPE file and the images............Done.

H3C WX3820H images in IPE:

boot.bin

system.bin

This command will set the main startup software images. Continue? [Y/N]:Y

Add images to slot 1.

File cfa0:/boot.bin already exists on slot 1.

File cfa0:/system.bin already exists on slot 1.

Overwrite the existing files? [Y/N]:Y

Decompressing file boot.bin to cfa0:/boot.bin........................Done.

Decompressing file system.bin to cfa0:/system.bin...............................Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.

# (IRF-capable devices.) Specify cfa0:/all.ipe as the main startup image file for all IRF member devices.

<Sysname> boot-loader file slot2#cfa0:/all.ipe all main

Verifying the IPE file and the images..........................................................................Done.

H3C WX3820H images in IPE:

boot.bin

system.bin

This command will set the main startup software images. Continue? [Y/N]:y

Add images to slot 1.

File cfa0:/boot.bin already exists on slot 1.

File cfa0:/system.bin already exists on slot 1.

Overwrite the existing files? [Y/N]:y

Decompressing file boot.bin to cfa0:/boot.bin........................Done.

Decompressing file system.bin to cfa0:/system.bin........................Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.

File cfa0:/boot.bin already exists on slot 2.

Do you want to overwrite the file?

Y: Overwrite the file.

N: Not overwrite the file.

A: From now on, overwrite or not overwrite without prompt.

Please make a choice. [Y/N/A]:a

What type of overwrite operation do you want to perform?

Y: Overwrite without prompt.

N: Not overwrite or display prompt.

Q: Return to the previous step.

Please make a choice. [Y/N/Q]:y

An existing file will be overwritten without prompt if it has the same name as any upgrade file.

Loading......................Done.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 2.

The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 3.

Decompression completed.

Do you want to delete cfa0:/all.ipe now? [Y/N]:n

Related commands

display boot-loader

boot-loader update

Use boot-loader update to synchronize startup images from the master to a subordinate device.

Syntax

boot-loader update { all | slot slot-number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Upgrades all the subordinate devices.

slot: Specifies the IRF member ID of a subordinate device.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H	WX5860H	Yes

You can use this command to synchronize startup images after adding new member devices.

If any of the startup software images require a license, register and activate a license for the image on the new subordinate device before executing this command. Use the display license feature command to verify the licensing state of software images.

The startup images synchronized to the subordinate device are set as main startup images, regardless of whether the source startup images are main or backup.

· If the master device has started up with main startup images, its main startup images are synchronized to the subordinate device, regardless of whether any main startup image has been respecified on the master device.

· If the master device has started up with backup startup images, its backup startup images are synchronized to the subordinate device, regardless of whether any backup startup image has been respecified on the master device.

Startup image synchronization fails if any software image being synchronized is not available or is corrupted.

If a patch installation has been performed on the master, use the install commit command to update the set of main startup images on the master before software synchronization. This command ensures startup image consistency between the master and the subordinate device.

Examples

# Synchronize startup images from the master device to subordinate device 1.

<Sysname> boot-loader update slot 1

This command will update the specified standby MPU. Continue? [Y/N]:y

Updating. Please wait...

Copying main startup software images to slot 1. Please wait... Done.

Setting copied images as main startup software images for slot 1...Done.

Successfully updated the startup software images of slot 1.

Related commands

display boot-loader

bootrom backup

Use bootrom backup to back up the Boot ROM image in the Normal area to the Backup area on a Boot ROM.

Syntax

bootrom backup slot slot-number-list [ all | part ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies an IRF member device by its member ID or a range of IRF member devices in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number.

all: Backs up the entire Boot ROM image, including the basic segment and the extended segment. If you do not specify either all or part, this command backs up the entire Boot ROM image.

part: Backs up the extended Boot ROM image section.

Usage guidelines

A Boot ROM is divided into a Normal area and a Backup area. The Boot ROM image is stored in the Normal area and backed up to the Backup area. At startup, the system reads the Boot ROM image automatically from the Normal area. If the image is inaccessible, the system reads the Boot ROM image from the Backup area.

If the Boot ROM image in the Normal area is corrupted or requires a version rollback, use the bootrom restore command to copy the Boot ROM image in the Backup area to the Normal area.

Examples

# Back up the entire ROM image from the Normal area to the Backup area.

<Sysname> bootrom backup all

Now backing up the Boot ROM, please wait.........Done.

Related commands

bootrom restore

bootrom read

Use bootrom read to back up the Boot ROM image in the Normal area of a Boot ROM to the file system.

Syntax

bootrom read slot slot-number-list [ all | part ]

Views

User view

Predefined user roles

network-admin

Parameters

all: Backs up the entire Boot ROM image, including the basic segment and the extended segment. If you do not specify either all or part, this command backs up the entire Boot ROM image.

part: Backs up the extended Boot ROM image section.

Usage guidelines

For each Boot ROM image you are backing up, this command creates two files (basicbtm.bin and extendbtm.bin) for the basic segment and the extended segment in the file system. If the Boot ROM image in the Normal area of a Boot ROM is corrupted or requires a version rollback, use the bootrom update command to read the two backup files from the file system to the Boot ROM.

Examples

# Back up the Boot ROM image from the Normal area of Boot ROM to the file system.

<Sysname> bootrom read all

Now reading the Boot ROM, please wait............Done.

Related commands

bootrom update

bootrom restore

Use bootrom restore to replace the Boot ROM image in the Normal area with the Boot ROM image in the Backup area for image restoration or version rollback.

Syntax

bootrom restore slot slot-number-list [ all | part ]

Views

User view

Predefined user roles

network-admin

Parameters

all: Restores the entire Boot ROM image, including the basic segment and the extended segment. If you do not specify either all or part, this command restores the entire Boot ROM image.

part: Restores the extended Boot ROM image section.

Examples

# Restore the entire Boot ROM image.

<Sysname> bootrom restore all

This command will restore the Boot ROM file, Continue? [Y/N]:y

Now restoring the Boot ROM, please wait........Done.

Related commands

bootrom backup

bootrom update

Use bootrom update to load the Boot ROM image in the file system to the Normal area of Boot ROM.

Syntax

bootrom update file file-url slot slot-number-list [ all | part ]

Views

User view

Predefined user roles

network-admin

Parameters

file file-url: Specifies the file that contains the Boot ROM image in the file system. The file-url argument represents the file name, a string of 1 to 63 characters.

all: Loads the entire Boot ROM image, including the basic segment and the extended segment. If you do not specify either all or part, this command restores the entire Boot ROM image.

part: Loads the extended Boot ROM image section.

Usage guidelines

If a software upgrade requires upgrading the Boot ROM image, you can use this command to preload the new Boot ROM image to the Boot ROM before upgrading Comware images. This command helps shorten the subsequent upgrade time, reducing the risk of upgrade failure caused by unexpected electricity failure.

To complete the upgrade, reboot the device.

To save space, you can delete the Boot ROM image in the file system after completing the Boot ROM image upgrade.

Examples

# Use the file a.bin to upgrade the Boot ROM image.

<Sysname> bootrom update file a.bin

This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

Now updating the Boot ROM, please wait................Done.

Related commands

boot-loader file

display boot-loader

Use display boot-loader to display current software images and startup software images.

Syntax

display boot-loader [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies the member ID of an IRF member device. If you do not specify a member device, this command displays the software images on each IRF member device.

Examples

# (IRF-incapable devices.) Display the current software images and startup software images.

<Sysname> display boot-loader

Software images on the device:

Current software images:

flash:/boot.bin

flash:/system.bin

Main startup software images:

flash:/boot.bin

flash:/system.bin

Backup startup software images:

flash:/boot.bin

flash:/system.bin

# (IRF-capable devices.) Display the current software images and startup software images.

<Sysname> display boot-loader

Software images on slot 1:

Current software images:

cfa0:/boot.bin

cfa0:/system.bin

Main startup software images:

cfa0:/boot.bin

cfa0:/system.bin

Backup startup software images:

cfa0:/boot.bin

cfa0:/system.bin

Table 26 Command output

Field	Description
Software images on the device	Comware images on the device. This field is available only on IRF-incapable devices.
Software images on slot slot-number	Comware images on the member device. The slot number represents the device's IRF member ID. This field is available only on IRF-capable devices.
Current software images	Comware images that have been loaded.
Main startup software images	Main Comware images for the next startup.
Backup startup software images	Backup Comware images for the next startup.

Related commands

boot-loader file

Device management commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

clock datetime

Use clock datetime to set the local system time.

Syntax

clock datetime time date

Views

User view

Predefined user roles

network-admin

Parameters

time: Specifies a time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

date: Specifies a date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.

Usage guidelines

Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.

For the device to use the local system time, execute the clock protocol none command and this command in turn. The specified system time takes effect immediately. Then, the device uses the clock signals generated by its built-in crystal oscillator to maintain the system time.

Examples

# Set the local system time to 08:08:08 01/01/2018.

<Sysname> clock datetime 8:8:8 1/1/2018

# Set the local system time to 08:10:00 01/01/2018.

<Sysname> clock datetime 8:10 2018/1/1

Related commands

· clock protocol

· clock summer-time

· clock timezone

· display clock

clock protocol

Use clock protocol to specify the system time source.

Use undo clock protocol to restore the default.

Syntax

clock protocol { none | ntp }

undo clock protocol

Default

The device uses the NTP time source.

Views

System view

Predefined user roles

network-admin

Parameters

none: Uses the local system time.

ntp: Uses NTP to obtain the UTC time. You must configure NTP correctly. For more information about NTP, see Network Management and Monitoring Configuration Guide.

Usage guidelines

Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.

The device can use the locally set system time, or obtain the UTC time from a time source on the network and calculate the system time.

· If you configure the clock protocol none command, the device uses the locally set system time. The device then uses the clock signals generated by its built-in crystal oscillator to maintain the system time.

· If you configure the clock protocol ntp command, the device obtains the UTC time through NTP and calculates the system time. The device then periodically synchronizes the UTC time and recalculates the system time.

The system time calculated by using the UTC time from an NTP time source is more precise.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to use the local system time.

<Sysname> system-view

[Sysname] clock protocol none

clock summer-time

Use clock summer-time to configure the device to use daylight saving time during a specific period of time.

Use undo clock summer-time to cancel the configuration.

Syntax

clock summer-time name start-time start-date end-time end-date add-time

undo clock summer-time

Default

Daylight saving time is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

name: Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32 characters.

start-time: Specifies the start time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

start-date: Specifies the start date in one of the following formats:

· MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.

· month week day, where:

? month—Takes January, February, March, April, May, June, July, August, September, October, November or December.

? week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.

? day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.

end-time: Specifies the end time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

end-date: Specifies the end date in one of the following formats:

· MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.

· month week day, where:

? month—Takes January, February, March, April, May, June, July, August, September, October, November or December.

? week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.

? day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.

add-time: Specifies the time to be added to the standard time, in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

Usage guidelines

Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.

After you set the daylight saving time, the device recalculates the system time. To view the system time, use the display clock command.

Make sure all devices on the network are using the same daylight saving time as the local time.

Examples

# Set the system time ahead 1 hour for the period between 06:00:00 on 08/01 and 06:00:00 on 09/01.

<Sysname> system-view

[Sysname] clock summer-time PDT 6 08/01 6 09/01 1

Related commands

· clock datetime

· clock timezone

· display clock

clock timezone

Use clock timezone to set the time zone.

Use undo clock timezone to restore the default.

Syntax

clock timezone zone-name { add | minus } zone-offset

undo clock timezone

Default

The system uses the UTC time zone.

Views

System view

Predefined user roles

network-admin

Parameters

zone-name: Specifies a time zone by its name, a case-sensitive string of 1 to 32 characters.

add: Adds an offset to the UTC time.

minus: Decreases the UTC time by an offset.

zone-offset: Specifies an offset to the UTC time, in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

Usage guidelines

Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.

After you set the time zone, the device recalculates the system time. To view the system time, use the display clock command.

Make sure all devices on the network are using the same time zone as the local time.

Examples

# Set the name of the time zone to Z5, and add 5 hours to the UTC time.

<Sysname> system-view

[Sysname] clock timezone Z5 add 5

Related commands

· clock datetime

· clock summer-time

· display clock

command

Use command to assign a command to a job.

Use undo command to revoke a command.

Syntax

command id command

undo command id

Default

No command is assigned to a job.

Views

Job view

Predefined user roles

network-admin

Parameters

id: Specifies an ID for the command, in the range of 0 to 4294967295. A command ID uniquely identifies a command in a job. Commands in a job are executed in ascending order of their command IDs.

command: Specifies the command to be assigned to the job.

Usage guidelines

To assign a command (command A) to a job, you must first assign the job the command or commands for entering the view of command A.

Make sure all commands in a schedule are compliant to the command syntax. The system does not examine the syntax when you assign a command to a job.

A job cannot contain any of these commands: telnet, ftp, ssh2, and monitor process.

A schedule does not support user interaction. If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If a command requires a character string input, the system assumes that either the default character string (if any) or a null string is entered.

If a command uses the ID of an existing command, the existing command is replaced.

Examples

# Assign commands to the job backupconfig to back up the configuration file startup.cfg to the TFTP server at 192.168.100.11.

<Sysname> system-view

[Sysname] scheduler job backupconfig

[Sysname-job-backupconfig] command 2 tftp 192.168.100.11 put flash:/startup.cfg backup.cfg

# Assign commands to the job shutdownGE to shut down GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] scheduler job shutdownGE

[Sysname-job-shutdownGE] command 1 system-view

[Sysname-job-shutdownGE] command 2 interface gigabitethernet 1/0/1

[Sysname-job-shutdownGE] command 3 shutdown

Related commands

scheduler job

copyright-info enable

Use copyright-info enable to enable displaying the copyright statement.

Use undo copyright-info enable to disable displaying the copyright statement.

Syntax

undo copyright-info enable

Default

The copyright statement is displayed.

Views

System view

Predefined user roles

network-admin

Examples

# Enable displaying the copyright statement.

<Sysname> system-view

[Sysname] copyright-info enable

The device will display the following statement when a user logs in:

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

display clock

Use display clock to display the system time, date, local time zone, and daylight saving time.

Syntax

display clock

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the system time and date when the local time zone is not specified.

<Sysname> display clock

10:09:00 UTC Fri 02/16/2018

# Display the system time and date when the local time zone Z5 is specified.

<Sysname> display clock

15:10:00 Z5 Fri 02/16/2018

Time Zone : Z5 add 05:00:00

# Display the system time and date when the local time zone Z5 and daylight saving time PDT are specified.

<Sysname> display clock

15:11:00 Z5 Fri 02/16/2018

Time Zone : Z5 add 05:00:00

Summer Time : PDT 06:00:00 08/01 06:00:00 09/01 01:00:00

Related commands

· clock datetime

· clock timezone

· clock summer-time

display copyright

Use display copyright to display the copyright statement, including software and hardware copyright statements, and software license information.

Syntax

display copyright

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the copyright statement.

<Sysname> display copyright

display cpu-usage

Use display cpu-usage to display the current CPU usage statistics.

Syntax

display cpu-usage [ summary ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

summary: Displays CPU usage statistics in table form. If you do not specify this keyword, this command displays CPU usage statistics in text form.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays CPU usage statistics for all member devices.

Usage guidelines

After startup, the device tracks the average CPU usage at the following intervals:

· 5 seconds.

· 1 minute.

· 5 minutes.

This command displays the average CPU usage values during the last 5-second, 1-minute, and 5-minute intervals.

Examples

# (IRF-incapable devices.) Display the current CPU usage statistics in text form.

<Sysname> display cpu-usage

Unit CPU usage:

1% in last 5 seconds

1% in last 1 minute

1% in last 5 minutes

# (IRF-capable devices.) Display the current CPU usage statistics for all member devices in text form.

<Sysname> display cpu-usage

Slot 1 CPU 0 CPU usage:

6% in last 5 seconds

10% in last 1 minute

5% in last 5 minutes

Slot 2 CPU 0 CPU usage:

5% in last 5 seconds

8% in last 1 minute

5% in last 5 minutes

# Display the current CPU usage statistics for all member devices in table form.

<Sysname> display cpu-usage

Slot CPU Last 5 sec Last 1 min Last 5 min

1 0 22% 54% 44%

2 0 17% 29% 28%

Table 27 Command output

Field	Description
Unit CPU usage	CPU usage statistics.
Slot	Member ID of the IRF member device.
CPU	Number of the CPU.
x% in last 5 seconds Last 5 sec	Average CPU usage during the last 5-second interval.
y% in last 1 minute Last 1 min	Average CPU usage during the last 1-minute interval.
z% in last 5 minutes Last 5 min	Average CPU usage during the last 5-minute interval.
Slot x CPU y CPU usage	Usage statistics for CPU y of member device x.

display cpu-usage configuration

Use display cpu-usage configuration to display CPU usage monitoring settings.

Syntax

display cpu-usage configuration [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the CPU usage monitoring settings for the master device.

Examples

# Display the CPU usage monitoring settings.

<Sysname> display cpu-usage configuration

CPU usage monitor is enabled.

Current monitor interval is 60 seconds.

Current monitor threshold is 90%.

Related commands

· monitor cpu-usage enable

· monitor cpu-usage interval

· monitor cpu-usage threshold

display cpu-usage history

Use display cpu-usage history to display the historical CPU usage statistics in a coordinate system.

Syntax

display cpu-usage history [ job job-id ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a process by its ID. If you do not specify a process, this command displays the statistics for the entire system's CPU usage (the total CPU usage of all processes). To view the IDs and names of the running processes, use the display process command. For more information, see Network Management and Monitoring Configuration Guide.

slot slot-number: Specifies an IRF member device by its member ID. If you specify a process but do not specify a member device, this command displays the statistics for the process on the master device. If you do not specify any options, this command displays the statistics for all processes on all member devices.

Usage guidelines

After CPU usage monitoring is enabled, the system regularly samples CPU usage and saves the samples to the history record buffer. This command displays the most recent 60 samples in a coordinate system as follows:

· The vertical axis represents the CPU usage. If a statistic is not a multiple of the usage step, it is rounded up or down to the closest multiple of the usage step. For example, if the CPU usage step is 5%, the statistic 53% is rounded up to 55%, and the statistic 52% is rounded down to 50%.

· The horizontal axis represents the time.

· Pound signs (#) indicate the CPU usage. The value on the vertical axis for the topmost pound sign at a specific time represents the CPU usage at that time.

Examples

# Display the historical CPU usage statistics for the entire system.

<Sysname> display cpu-usage history

100%|

95%|

90%|

85%|

80%|

75%|

70%|

65%|

60%|

55%|

50%|

45%|

40%|

35%|

30%|

25%|

20%|

15%| #

10%| ### #

5%| ########

------------------------------------------------------------

10 20 30 40 50 60 (minutes)

cpu-usage (Slot 1 CPU 0) last 60 minutes (SYSTEM)

The output shows the following items:

· Process name. The name SYSTEM represents the entire system.

· CPU that is holding the process: CPU 0 of member device 1.

· Historical CPU usage statistics for the entire system during the last 60 minutes.

? 12 minutes ago: Approximately 5%.

? 13 minutes ago: Approximately 10%.

? 14 minutes ago: Approximately 15%.

? 15 minutes ago: Approximately 10%.

? 16 and 17 minutes ago: Approximately 5%.

? 18 minutes ago: Approximately 10%.

? 19 minutes ago: Approximately 5%.

? Other time: 2% or lower than 2%.

# Display the historical CPU usage statistics for process 1.

<Sysname> display cpu-usage history job 1

100%|

95%|

90%|

85%|

80%|

75%|

70%|

65%|

60%|

55%|

50%|

45%|

40%|

35%|

30%|

25%|

20%|

15%|

10%|

5%| #

------------------------------------------------------------

10 20 30 40 50 60 (minutes)

cpu-usage (Slot 1 CPU 0) last 60 minutes (scmd)

The output shows the following items:

· Process name, which is scmd. A process name in a pair of square brackets ([ ]) represents a kernel process.

· CPU that is holding the process: CPU 0 of member device 1.

· Historical CPU usage statistics for process 1 in the last 60 minutes.

? 20 minutes ago: Approximately 5%.

? Other time: 2% or lower than 2%.

Related commands

· monitor cpu-usage enable

· monitor cpu-usage interval

display device

Use display device to display device information.

Syntax

display device [ cf-card ] [ slot slot-number | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

cf-card: Specifies the CF cards.

The following matrix shows the cf-card keyword and hardware compatibility:

Hardware series	Model	Keyword compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays hardware information for all member devices.

verbose: Displays detailed hardware information. If you do not specify this keyword, this command displays brief information.

Usage guidelines

If you do not specify the cf-card keyword, this command displays information about cards on the device.

Examples

# Display device information.

<Sysname> display device

Slot No. Subslot No. Board Type Status Max Ports

1 0 WX1840H Normal 10

Table 28 Command output

Field	Description
Slot No.	IRF member device ID.
Subslot No.	Subslot number of the subcard.
Board Type	Hardware type.
Status	Hardware status: · Normal—The hardware is operating correctly. · Fault—The hardware is not operating correctly.
Max Ports	Maximum number of ports supported.

display device manuinfo

Use display device manuinfo to display electronic label information for the device.

Syntax

display device manuinfo [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays electronic label information for all member devices.

Usage guidelines

An electronic label is a profile of a device or card. It contains the permanent configuration, including the serial number, manufacturing date, MAC address, and vendor name. The data is written to the storage component during debugging or testing.

Examples

# Display electronic label information for the device.

<Sysname> display device manuinfo

Slot 1 CPU 0:

DEVICE_NAME:WX3820H

DEVICE_SERIAL_NUMBER:210235A3MLB05B003820

MAC_ADDRESS:487A-DA59-4F20

MANUFACTURING_DATE:2018-01-10

VENDOR_NAME:H3C

Table 29 Command output

Field	Description
Slot 1 CPU 0	Member ID of the device and number of the CPU.
DEVICE_NAME	Device name.
DEVICE_SERIAL_NUMBER	Serial number.
MAC_ADDRESS	MAC address.
MANUFACTURING_DATE	Manufacturing date.
VENDOR_NAME	Vendor name.

display diagnostic-information

Use display diagnostic-information to display or save device diagnostic information.

Syntax

display diagnostic-information [ hardware | infrastructure | l2 | l3 | service ] [ key-info ] [ filename ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

hardware: Specifies hardware-related diagnostic information.

infrastructure: Specifies diagnostic information for the fundamental features.

l2: Specifies diagnostic information for the Layer 2 features.

l3: Specifies diagnostic information for the Layer 3 features.

service: Specifies diagnostic information for Layer 4 and upper-layer features.

key-info: Displays or saves only critical diagnostic information. The device might have a large amount of diagnostic information if an exception occurs or after the device runs for a long period of time. Specifying this keyword reduces the command execution time and helps you focus on critical diagnostic information. If you do not specify this keyword, the command displays or saves both critical and non-critical diagnostic information.

filename: Saves the information to a file. The filename argument must use the .tar.gz extension.

Usage guidelines

You can use one of the following methods to collect operating statistics for diagnostics and troubleshooting:

· Use separate display commands to collect operating information feature by feature or module by module.

· Use the display diagnostic-information command to collect operating information for multiple or all features and hardware modules.

To save storage space, this command automatically compresses the information before saving the information to a file. To view the file content:

1. Use the tar extract command to extract the file.

2. Use the gunzip command to decompress the extracted file.

3. Use the more command to view the content of the decompressed file.

If you do not specify a file name for the command, the system prompts you to choose whether to display or save the information. If you choose to save the information, the system automatically assigns a file name and displays the file name in brackets. For file name uniqueness, the file name includes the device name and the current system time. If the device name contains any of the following special characters, the system uses an underscore (_) to replace each special character: forward slashes (/), backward slashes (\), colons (:), asterisks (*), question marks (?), less than signs (<), greater than signs (>), pipeline signs (|), and quotation marks ("). For example, if the device name is A/B, the file name uses A_B, as in flash:/diag_A_B_20180101-000438.tar.gz.

This command does not support the |, >, or >> option.

If you do not specify any feature parameters, this command displays or saves the operating information for all features and modules.

Examples

# Display the device diagnostic information.

<Sysname> display diagnostic-information

Save or display diagnostic information (Y=save, N=display)? [Y/N]:n

===============================================

===============display clock===============

14:03:55 UTC Fir 01/05/2018

=================================================

===============display version===============

...

# Save the device diagnostic information to the default file.

<Sysname> display diagnostic-information

Save or display diagnostic information (Y=save, N=display)? [Y/N]:y

Please input the file name(*.tar.gz)[flash:/diag_Sysnme_20180101-024601.tar.gz]:

Diagnostic information is outputting to flash:/diag_Sysname_20180101-024601.tar.gz.

Please wait...

Save successfully.

Press Enter when the system prompts you to input the file name.

# Save the device diagnostic information to file test.tar.gz.

<Sysname> display diagnostic-information test.tar.gz

Diagnostic information is outputting to flash:/test.tar.gz.

Please wait...

Save successfully.

Related commands

· gunzip

· more

· tar extract

display environment

Use display environment to display temperature information, including the temperature thresholds and the current temperature values.

Syntax

display environment [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays temperature information for all member devices.

Examples

# Display information about all temperature sensors on the device.

<Sysname> display environment

System temperature information (degree centigrade):

-----------------------------------------------------------------------------

Slot Sensor Temperature LowerLimit WarningLimit AlarmLimit ShutdownLimit

0 inflow 1 27 -10 50 70 100

0 hotspot 1 53 10 50 80 100

Table 30 Command output

Field	Description
System temperature information (degree centigrade)	Temperature information (°C).
sensor	Temperature sensor: · hotspot—Hotspot sensor. · inflow—Air inlet sensor.
Slot	A number in this field indicates an IRF member device.
Temperature	Current temperature.
LowerLimit	Lower temperature limit.
WarningLimit	Warning temperature threshold.
AlarmLimit	Alarming temperature threshold.
ShutdownLimit	Shutdown temperature threshold. When the sensor temperature reaches the limit, the system shuts down automatically.

display fan

Use display fan to display fan operating status information.

Syntax

display fan [ slot slot-number [ fan-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fan operating status information for all member devices.

fan-id: Specifies a fan by its ID. If you do not specify a fan, this command displays operating status information for all fans at the specified position.

The following matrix shows the fan-id argument and hardware compatibility:

Hardware series	Model	Argument compatibility	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No	N/A
WX3800H series	WX3820H WX3840H	Yes	1 to 3
WX5800H series	WX5860H	Yes	1 to 4

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Examples

# Display the operating states of all fans.

<Sysname> display fan

Fan 1 State: Normal

Fan 2 State: Normal

Fan 3 State: Normal

display memory

Use display memory to display memory usage information.

Syntax

display memory [ summary ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

summary: Displays brief information about memory usage. If you do not specify this keyword, this command displays detailed information about memory usage.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays memory usage for all member devices.

Examples

# Display brief memory usage information.

<Sysname> display memory summary

Memory statistics are measured in KB:

Slot 1:

Total Used Free Shared Buffers Cached FreeRatio

Mem: 3774732 1608528 2166204 0 1188 188096 57.4%

-/+ Buffers/Cache: 1419244 2355488

Swap: 0 0 0

Table 31 Command output

Field	Description
Slot	Member ID of the IRF member device.
Mem	Memory usage information.
Total	Total size of the physical memory space that can be allocated. The memory space is virtually divided into two parts. Part 1 is solely used for kernel code and kernel management. Part 2 can be allocated and used for such tasks as running service modules and storing files. The size of part 2 equals the total size minus the size of part 1.
Used	Used physical memory.
Free	Free physical memory.
Shared	Physical memory shared by processes.
Buffers	Physical memory used for buffers.
Cached	Physical memory used for caches.
FreeRatio	Free memory ratio.
-/+ Buffers/Cache	-/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the physical memory used by applications. -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the physical memory available for applications.
Swap	Swap memory.

display memory-threshold

Use display memory-threshold to display memory alarm thresholds and statistics.

Syntax

display memory-threshold [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the memory usage thresholds and statistics for the master device.

Usage guidelines

For more information about memory usage notifications, see log information containing MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD.

Examples

# Display memory alarm thresholds and statistics.

<Sysname> display memory-threshold

Memory usage threshold: 100%

Free memory threshold:

Minor: 64M

Severe: 48M

Critical: 32M

Normal: 96M

Current memory state: Normal

Event statistics:

[Back to normal state]

First notification: 2018-2-15 09:21:35.546

Latest notification: 2018-2-15 09:21:35.546

Total number of notifications sent: 1

[Enter minor low-memory state]

First notification at: 2018-2-15 09:07:05.941

Latest notification at: 2018-2-15 09:07:05.941

Total number of notifications sent: 1

[Back to minor low-memory state]

First notification at: 0.0

Latest notification at: 0.0

Total number of notifications sent: 0

[Enter severe low-memory state]

First notification at: 0.0

Latest notification at: 0.0

Total number of notifications sent: 0

[Back to severe low-memory state]

First notification at: 0.0

Latest notification at: 0.0

Total number of notifications sent: 0

[Enter critical low-memory state]

First notification at: 0.0

Latest notification at: 0.0

Total number of notifications sent: 0

display power

Use display power to display power supply information.

Syntax

display power [ slot slot-number [ power-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays power supply information for all member devices.

power-id: Specifies a power supply by its ID. If you do not specify a power supply, this command displays information about all power supplies at the specified position.

The following matrix shows the power-id argument and hardware compatibility:

Hardware series	Model	Argument compatibility	Value range
WX1800H series	WX1804H WX1810H WX1820H	No	N/A
WX1800H series	WX1840H	Yes	1
WX3800H series	WX3820H WX3840H	Yes	1 to 2
WX5800H series	WX5860H	Yes	1 to 2

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H	No
WX1800H series	WX1840H	Yes
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Examples

# Display power supply information.

<Sysname> display power

Power 1 State: Normal

display scheduler job

Use display scheduler job to display job configuration information.

Syntax

display scheduler job [ job-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job-name: Specifies a job by its name, a case-sensitive string of 1 to 47 characters. If you do not specify a job, this command displays configuration information for all jobs.

Examples

# Display configuration information for all jobs.

<Sysname> display scheduler job

Job name: saveconfig

copy startup.cfg backup.cfg

Job name: backupconfig

Job name: creat-VLAN100

system-view

vlan 100

// The output shows that the device has three jobs: the first has one command, the second has no command, and the third has two commands. Jobs are separated by blank lines.

display scheduler logfile

Use display scheduler logfile to display job execution log information.

Syntax

display scheduler logfile

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display job execution log information.

<Sysname> display scheduler logfile

Logfile Size: 1902 Bytes.

Job name : shutdown

Schedule name : shutdown

Execution time : Fri Feb 23 10:44:42 2018

Completion time : Fri Feb 23 10:44:47 2018

--------------------------------- Job output -----------------------------------

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]interface rang gigabitethernet 1/0/1 to gigabitethernet 1/0/3

[Sysname-if-range]shutdown

Table 32 Command output

Field	Description
Logfile Size	Size of the log file, in bytes.
Schedule name	Schedule to which the job belongs.
Execution time	Time when the job was started.
Completion time	Time when the job was completed. If the job has never been executed or the job has no commands, this field is blank.
Job output	Commands in the job and their output.

Related commands

reset scheduler logfile

display scheduler reboot

Use display scheduler reboot to display the automatic reboot schedule.

Syntax

display scheduler reboot

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the automatic reboot schedule.

<Sysname> display scheduler reboot

System will reboot at 16:32:00 03/03/2018 (in 1 hours and 39 minutes).

Related commands

· scheduler reboot at

· scheduler reboot delay

display scheduler schedule

Use display scheduler schedule to display schedule information.

Syntax

display scheduler schedule [ schedule-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

schedule-name: Specifies a schedule by its name, a case-sensitive string of 1 to 47 characters. If you do not specify a schedule, this command displays information about all schedules.

Examples

# Display information about all schedules.

<Sysname> display scheduler schedule

Schedule name : shutdown

Schedule type : Run once after 0 hours 2 minutes

Start time : Fri Feb 23 10:44:42 2018

Last execution time : Fri Feb 23 10:44:42 2018

Last completion time : Fri Feb 23 10:44:47 2018

Execution counts : 1

-----------------------------------------------------------------------

Job name Last execution status

shutdown Successful

Table 33 Command output

Field	Description
Schedule type	Execution time setting of the schedule. If no execution time is specified, this field is not displayed.
Start time	Time to execute the schedule for the first time. If no execution time is specified, this field is not displayed.
Last execution time	Last time when the schedule was executed. If no execution time is specified, this field is not displayed. If the schedule has never been executed, "Yet to be executed" is displayed for this field.
Last completion time	Last time when the schedule was completed. If no execution time is specified, this field is not displayed.
Execution counts	Number of times the schedule has been executed. If the schedule has never been executed, this field is not displayed.
Job name	Name of a job under the schedule.
Last execution status	Result of the most recent execution: · Successful. · Failed. · Waiting—The device is executing the schedule and the job is waiting to be executed. · In process—The job is being executed. · -NA-—The execution time has not arrived yet. To view information about whether the commands in the job has been executed and the execution results, execute the display scheduler logfile command.

display system stable state

Use display system stable state to display system stability and status information.

Syntax

display system stable state

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The device takes some time to start up. If the values of the status fields do not change to Stable, execute this command multiple times to identify the device or member devices that are not in Stable state. You can also use other commands to identify the faulty components. For example:

· Use the display device command to identify the cards in Fault state.

· Use the display ha service-group command to display the status of HA service groups and identify the groups in batch backup state.

· Use the display system internal ha service-group command to display service operating status.

Examples

# (IRF-incapable devices.) Display system stability and status information.

<Sysname> display system stable state

System state : Stable

Role State

Active Stable

# (IRF-capable devices.) Display system stability and status information.

<Sysname> display system stable state

System state : Not ready

Redundancy state: Not ready

Slot CPU Role State

1 0 Active Stable

* 2 0 Standby HA batch backup

Table 34 Command output

Field	Description
System state	System status: · Stable—The system is operating stably. This value is displayed only on IRF-capable devices. · Not ready—The system is not operating stably.
Redundancy state	This field is available only on IRF-capable devices. System redundancy status: · Stable—Both MPUs are operating stably. You can perform a switchover. · No redundance—The system has only one MPU and the MPU is operating stably. You cannot perform a switchover. · Not ready—The system is not operating stably. You cannot perform a switchover.
Role	Role of the member in the system: · Active—The member is the master. · Standby—The member is a subordinate member.
State	Device status: · Stable—The device is operating stably. The following states are available only on IRF-capable devices: · Board Inserted—The member device has just been installed. · Kernel initiating—Kernel of the member device is being initialized. · Service starting—Services on the member device are starting. · Service stopping—Services on the member device are stopping. · HA batch backup—An HA batch backup is going on. · Interface data batch backup—An interface data batch backup is in progress.
*	The object is not operating stably.

Related commands

· display device

· display system internal process state (Device management probe commands)

display transceiver alarm

Use display transceiver alarm to display transceiver alarms.

Syntax

display transceiver alarm interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the alarms present on every transceiver module.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H	No
WX1800H series	WX1840H	Yes
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Table 35 shows the common transceiver alarm components. If no error occurs, "None" is displayed.

Table 35 Common transceiver alarm components

Field	Description
RX	Receive
TX	Transmit
power	Optical power
Temp	Temperature

Examples

# Display the alarms present on the transceiver module in interface GigabitEthernet 1/0/5.

<Sysname> display transceiver alarm interface gigabitethernet 1/0/5

GigabitEthernet1/0/5 transceiver current alarm information:

RX loss of signal

RX power low

Table 36 Command output

Field	Description
transceiver current alarm information	Alarms present on the transceiver module.
RX loss of signal	Received signals are lost.
RX power low	Received power is low.

display transceiver diagnosis

Use display transceiver diagnosis to display the current values of the digital diagnosis parameters on transceiver modules.

Syntax

display transceiver diagnosis interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the current values of the digital diagnosis parameters on every transceiver module.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H	No
WX1800H series	WX1840H	Yes
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

This command cannot display information about some transceiver modules.

Examples

# Display the current values of the digital diagnosis parameters on the transceiver module in interface GigabitEthernet 1/0/5.

<Sysname> display transceiver diagnosis interface gigabitethernet 1/0/5

GigabitEthernet1/0/5 transceiver diagnostic information:

Current diagnostic parameters:

Temp(°C) Voltage(V) Bias(mA) RX power(dBm) TX power(dBm)

36 3.31 6.13 -35.64 -5.19

Alarm thresholds:

Temp(°C) Voltage(V) Bias(mA) RX power(dBM) TX power(dBM)

High 50 3.55 1.44 -10.00 5.00

Low 30 3.01 1.01 -30.00 0.00

Table 37 Command output

Field	Description
transceiver diagnostic information	Digital diagnosis information for the transceiver module in the interface.
Temp.(°C)	Temperature in °C, accurate to 1°C.
Voltage(V)	Voltage in V, accurate to 0.01 V.
Bias(mA)	Bias current in mA, accurate to 0.01 mA.
RX power(dBm)	Receive power in dBm, accurate to 0.01 dBm.
TX power(dBm)	Transmit power in dBm, accurate to 0.01 dBm.

display transceiver interface

Use display transceiver interface to display the key parameters of transceiver modules.

Syntax

display transceiver interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the key parameters of every transceiver module.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H	No
WX1800H series	WX1840H	Yes
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Examples

# Display the key parameters of the transceiver module in interface GigabitEthernet 1/0/5.

<Sysname> display transceiver interface gigabitethernet 1/0/5

GigabitEthernet1/0/5 transceiver information:

Transceiver Type : 1000_BASE_SX_SFP

Connector Type : LC

Wavelength(nm) : 850

Transfer Distance(m) : 550(50um),270(62.5um)

Digital Diagnostic Monitoring : YES

Vendor Name : H3C

Ordering Name : SFP-GE-SX-MM850

Table 38 Command output

Field	Description
Connector Type	Connector types: · SC—Fiber connector developed by NTT. · LC—1.25 mm/RJ-45 fiber connector developed by Lucent. · RJ-45. · CX 4.
Wavelength(nm)	Central wavelength (in nm) of the transmit laser. If the transceiver supports multiple wavelengths, every two wavelength values are separated by a comma. For a copper cable, this field displays N/A.
Transfer Distance(xx)	Transmission distance, where xx indicates the distance unit: · km—Kilometers, for single-mode transceiver modules. · m—Meters, for other transceiver modules. If the transceiver module supports multiple types of transmission media, this field displays the transmission distance for each type, in the form transmission distance (medium type). Transmission medium types include: · 9 um—9/125 μm single-mode fiber. · 50 um—50/125 μm multimode fiber. · 62.5 um—62.5/125 μm multimode fiber. · TP—Twisted pair. · CX4—CX4 cable.
Digital Diagnostic Monitoring	Support for the digital diagnosis function: · YES—Supported. · NO—Not supported.
Ordering Name	Product code.

display transceiver manuinfo

Use display transceiver manuinfo to display electronic label information for transceiver modules.

Syntax

display transceiver manuinfo interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays electronic label information for the transceiver modules on all interfaces.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H	No
WX1800H series	WX1840H	Yes
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

This command displays only part of the electronic label information.

Examples

# Display electronic label information for the transceiver module on interface GigabitEthernet 1/0/5.

<Sysname> display transceiver manuinfo interface gigabitethernet 1/0/5

GigabitEthernet1/0/5 transceiver manufacture information:

Manu. Serial Number : 213410A0000054000251

Manufacturing Date : 2018-02-01

Vendor Name : H3C

Table 39 Command output

Field	Description
Manu. Serial Number	Serial number generated during production of the transceiver module.
Manufacturing Date	Date when the electronic label information was written to the transceiver module.

display version

Use display version to display system version information.

Syntax

display version

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display system version information.

<Sysname> display version

header

Use header to configure a banner.

Use undo header to delete a banner.

Syntax

header { incoming | legal | login | motd | shell } text

undo header { incoming | legal | login | motd | shell }

Views

System view

Predefined user roles

network-admin

Parameters

incoming: Configures the banner to be displayed before a modem dial-in user accesses user view. If authentication is required, the incoming banner appears after the authentication is passed.

legal: Configures the banner to be displayed before a user inputs the username and password to access the CLI.

motd: Configures the greeting banner to be displayed before the legal banner appears.

shell: Configures the banner to be displayed before a non-modem dial-in user accesses user view.

text: Specifies the banner message. You can configure a single-line banner or a multiline banner. For more information, see Fundamentals Configuration Guide.

Examples

# Configure the incoming banner, legal banner, login banner, MOTD banner, and shell banner.

<Sysname> system-view

[Sysname] header incoming

Please input banner content, and quit with the character '%'.

Welcome to incoming(header incoming)%

[Sysname] header legal

Please input banner content, and quit with the character '%'.

Welcome to legal (header legal)%

[Sysname] header login

Please input banner content, and quit with the character '%'.

Welcome to login(header login)%

[Sysname] header motd

Please input banner content, and quit with the character '%'.

Welcome to motd(header motd)%

[Sysname] header shell

Please input banner content, and quit with the character '%'.

Welcome to shell(header shell)%

In this example, the percentage sign (%) is the starting and ending character for each banner and is not included in the banners.

# Telnet to the device to test the configuration. The login banner appears only when password or scheme login authentication has been configured.

******************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

Welcome to legal (header legal)

Press Y or ENTER to continue, N to exit.

Welcome to motd(header motd)

Welcome to login(header login)

Password:

Welcome to shell(header shell)

job

Use job to assign a job to a schedule.

Use undo job to revoke a job.

Syntax

job job-name

undo job job-name

Default

No job is assigned to a schedule.

Views

Schedule view

Predefined user roles

network-admin

Parameters

job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

You can assign multiple jobs to a schedule. The jobs in a schedule are executed concurrently.

The jobs to be assigned to a schedule must already exist. To create a job, use the scheduler job command.

Examples

# Assign job save-job to schedule saveconfig.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] job save-job

Related commands

· scheduler job

· scheduler schedule

memory-threshold

Use memory-threshold to set free-memory thresholds.

Use undo memory-threshold to restore the defaults.

Syntax

memory-threshold [ slot slot-number ] minor minor-value severe severe-value critical critical-value normal normal-value

undo memory-threshold [ slot slot-number ]

Default

The following matrix shows the default values for the arguments:

Hardware series	Model	Default (MB)
WX1800H series	WX1804H WX1810H WX1820H WX1840H	Minor alarm threshold: 96 Severe alarm threshold: 64 Critical alarm threshold: 48 Normal state threshold: 128
WX3800H series	WX3820H WX3840H	Minor alarm threshold: 352 Severe alarm threshold: 256 Critical alarm threshold: 192 Normal state threshold: 384
WX5800H series	WX5860H	Minor alarm threshold: 1024 Severe alarm threshold: 896 Critical alarm threshold: 768 Normal state threshold: 1152

Views

System view

Predefined user roles

network-admin

Parameters

minor minor-value: Specifies the minor alarm threshold in MB. This threshold must be equal to or less than the normal state threshold. Setting this threshold to 0 disables the minor alarm function.

The following matrix shows the value ranges for the minor-value argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H WX1840H	0 to 992: WX1804H WX1810H WX1820H 0 to 985: WX1840H
WX3800H series	WX3820H WX3840H	0 to 7704: WX3820H 0 to 15479: WX3840H
WX5800H series	WX5860H	0 to 31775

severe severe-value: Specifies the severe alarm threshold in MB. This threshold must be equal to or less than the minor alarm threshold. Setting this threshold to 0 disables the severe alarm function.

critical critical-value: Specifies the critical alarm threshold in MB. This threshold must be equal to or less than the severe alarm threshold. Setting this threshold to 0 disables the critical alarm function.

normal normal-value: Specifies the normal state threshold in MB. This threshold must be equal to or less than the total memory size.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets free-memory thresholds for the master device.

Usage guidelines

To ensure correct operation and improve memory efficiency, the system monitors the amount of free memory space in real time. If the amount of free memory space exceeds a free-memory threshold, the system generates an alarm notification and sends it to affected service modules or processes. If the amount of free memory space drops below a free-memory threshold, the system generates an alarm-removed notification and sends it to affected service modules or processes. For more information about the thresholds, see Fundamentals Configuration Guide.

Examples

# Set the minor alarm, severe alarm, critical alarm, and normal state thresholds to 64 MB, 48 MB, 32 MB, and 96 MB, respectively.

<Sysname> system-view

[Sysname] memory-threshold minor 64 severe 48 critical 32 normal 96

Related commands

display memory-threshold

memory-threshold usage

Use memory-threshold usage to set the memory usage threshold.

Use undo memory-threshold usage to restore the default.

Syntax

memory-threshold [ slot slot-number ] usage memory-threshold

undo memory-threshold [ slot slot-number ] usage

Default

The memory usage threshold is 100%.

Views

System view

Predefined user roles

network-admin

Parameters

memory-threshold: Specifies the memory usage threshold in percentage. The value range is 0 to 100.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the memory usage threshold for the master device.

Usage guidelines

The device samples memory usage at an interval of 1 minute. If the sample is greater than the memory usage threshold, the device sends a trap.

Examples

# Set the memory usage threshold to 80%.

<Sysname> system-view

[Sysname] memory-threshold chassis 1 slot 2 cpu 1 usage 80

Related commands

display memory-threshold

monitor cpu-usage enable

Use monitor cpu-usage enable to enable CPU usage monitoring.

Use undo monitor cpu-usage enable to disable CPU usage monitoring.

Syntax

monitor cpu-usage enable [ slot slot-number ]

undo monitor cpu-usage enable [ slot slot-number ]

Default

CPU usage monitoring is enabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command enables CPU usage monitoring for the master device.

Usage guidelines

After CPU usage monitoring is enabled, the system samples and saves CPU usage at the interval specified by the monitor cpu-usage interval command. You can use the display cpu-usage history command to view recent CPU usage.

Examples

# Enable CPU usage monitoring.

<Sysname> system-view

[Sysname] monitor cpu-usage enable

Related commands

· display cpu-usage configuration

· display cpu-usage history

· monitor cpu-usage interval

monitor cpu-usage interval

Use monitor cpu-usage interval to set the sampling interval for CPU usage monitoring.

Syntax

monitor cpu-usage interval interval-value [ slot slot-number ]

Default

The system samples CPU usage every 1 minute.

Views

System view

Predefined user roles

network-admin

Parameters

interval-value: Specifies the sampling interval for CPU usage monitoring. Valid values include 5Sec for 5 seconds, 1Min for 1 minute, and 5Min for 5 minutes.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the interval for the master device.

Usage guidelines

After CPU usage monitoring is enabled, the system samples and saves CPU usage at the specified interval. You can use the display cpu-usage history command to view recent CPU usage.

Examples

# Set the sampling interval for CPU usage monitoring to 5 seconds.

<Sysname> system-view

[Sysname] monitor cpu-usage interval 5Sec

Related commands

· display cpu-usage configuration

· display cpu-usage history

· monitor cpu-usage enable

monitor cpu-usage threshold

Use monitor cpu-usage threshold to set the CPU usage threshold.

Use undo monitor cpu-usage threshold to restore the default.

Syntax

monitor cpu-usage threshold cpu-threshold [ slot slot-number ]

undo monitor cpu-usage threshold [ slot slot-number ]

Default

The CPU usage threshold is 99%.

Views

System view

Predefined user roles

network-admin

Parameters

cpu-threshold: Specifies the CPU usage threshold in percentage. The value range is 0 to 100.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the CPU usage threshold for the master device.

Usage guidelines

The device samples CPU usage at an interval of 1 minute. If the sample is greater than the CPU usage threshold, the device sends a trap.

Examples

# Set the CPU usage threshold to 80%.

<Sysname> system-view

[Sysname] monitor cpu-usage threshold 80

Related commands

display cpu-usage configuration

password-recovery enable

Use password-recovery enable to enable password recovery capability.

Use undo password-recovery enable to disable password recovery capability.

Syntax

password-recovery enable

undo password-recovery enable

Default

Password recovery capability is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Password recovery capability controls console user access to the device configuration and SDRAM from Boot ROM menus.

If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.

If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.

To enhance system security, disable password recovery capability.

Availability of Boot ROM menu options depends on the password recovery capability setting. For more information, see the release notes.

Examples

# Disable password recovery capability.

<Sysname> system-view

[Sysname] undo password-recovery enable

reboot

Use reboot to reboot an IRF member device or all IRF member devices.

Syntax

reboot [ slot slot-number ] [ force ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify an IRF member device, this command reboots the IRF fabric.

force: Reboots the device immediately without performing software or hard disk check. If this keyword is not specified, the system first identifies whether the reboot might result in data loss or a system failure. For example, the system identifies whether the main system software image file exists and whether a write operation is in progress on a storage medium. If the reboot might cause problems, the system does not reboot the device.

Usage guidelines

CAUTION:

· A reboot might interrupt network services.

· If the main startup software images are corrupt or missing, you must re-specify a set of main startup software images before executing the reboot command.

· Use the force keyword only when the device fails or a reboot command without the force keyword cannot perform a reboot correctly. A reboot command with the force keyword might result in file system corruption because it does not perform data protection.

For data security, the device does not reboot if you reboot the device while the device is performing file operations.

On an IRF fabric, you can use this command to reboot the master or a subordinate member device.

Perform the following tasks before rebooting the master:

· Identify whether the IRF fabric has subordinate members and whether the subordinate members are operating correctly.

· Use the display system stable state command to display system stability and status information.

If the IRF fabric has only one member device, the IRF fabric will be rebooted. If the IRF fabric has a subordinate member and the member is operating correctly, a switchover will occur.

NOTE:

To ensure correct operation of the IRF fabric and member devices, do not trigger a switchover by rebooting the master if the status of a member device is not Stable.

Examples

# Reboot the device when no configuration change has occurred since the last time you saved the running configuration.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# If any configuration has changed, reboot the device and save the configuration.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

Current configuration will be lost after the reboot, save current configuration? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Configuration is saved to flash successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# If any configuration has changed, reboot the device but do not save the configuration.

<Sysname> reboot

Start to check configuration with next startup configuration file, please wait.........DONE!

Current configuration will be lost after the reboot, save current configuration? [Y/N]:n

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Reboot the device immediately without performing software check.

<Sysname> reboot force

A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y

Now rebooting, please wait...

Related commands

display system stable state

reset scheduler logfile

Use reset scheduler logfile to clear job execution log information.

Syntax

reset scheduler logfile

Views

User view

Predefined user roles

network-admin

Examples

# Clear job execution log information.

<Sysname> reset scheduler logfile

Related commands

display scheduler logfile

restore factory-default

Use restore factory-default to restore the factory-default configuration for the device.

Syntax

restore factory-default

Views

User view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

This command is disruptive. Use this command only when you cannot troubleshoot the device by using other methods, or you want to use the device in a different scenario.

The command takes effect after the device reboots.

Examples

# Restore the factory-default configuration for the device.

<Sysname> restore factory-default

This command will restore the system to the factory default configuration and clear the operation data. Continue [Y/N]:y

Restoring the factory default configuration. This process might take a few minutes. Please wait..........................................................................................................Done.

Please reboot the system to place the factory default configuration into effect.

Related commands

reboot

scheduler job

Use scheduler job to create a job and enter job view. If the job already exists, you enter job view directly.

Use undo scheduler job to delete a job.

Syntax

scheduler job job-name

undo scheduler job job-name

Default

No job exists.

Views

System view

Predefined user roles

network-admin

Parameters

job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

A job can be referenced by multiple schedules. In job view, you can assign commands to the job.

Examples

# Create a job named backupconfig and enter job view.

<Sysname> system-view

[Sysname] scheduler job backupconfig

[Sysname-job-backupconfig]

Related commands

· command

· scheduler schedule

scheduler logfile size

Use scheduler logfile size to set the size of the job execution log file.

Syntax

scheduler logfile size value

Default

The size of the job execution log file is 16 KB.

Views

System view

Predefined user roles

network-admin

Parameters

value: Sets the size of the job execution log file, in KB. The value range is 16 to 1024.

Usage guidelines

The job execution log file saves the execution information of jobs. If the file is full, old records are deleted to make room for new records. If the size of the log information to be written to the file is greater than the file size, the excessive information is not written to the file.

Examples

# Set the size of the job execution log file to 32 KB.

<Sysname> system-view

[Sysname] scheduler logfile size 32

Related commands

display scheduler logfile

scheduler reboot at

Use scheduler reboot at to specify the reboot date and time.

Use undo scheduler reboot to delete the reboot schedule configuration.

Syntax

scheduler reboot at time [ date ]

undo scheduler reboot

Default

No reboot date or time is specified.

Views

User view

Predefined user roles

network-admin

Parameters

time: Specifies the reboot time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.

date: Specifies the reboot date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.

Usage guidelines

CAUTION:

Device reboot interrupts network services.

When the date argument is not specified, the system uses the following rules to determine the reboot time:

· If the reboot time is later than the current time, a reboot occurs at the reboot time of the current day.

· If the reboot time is earlier than the current time, a reboot occurs at the reboot time the next day.

For data security, if you are performing file operations at the reboot time, the system does not reboot.

The device supports only one device reboot schedule. If you configure both the scheduler reboot delay and scheduler reboot at commands or configure one of the commands multiple times, the most recent configuration takes effect.

Examples

# Configure the device to reboot at 12:00 p.m. This example assumes that the current time is 11:43 a.m. on February 6, 2018.

<Sysname> scheduler reboot at 12:00

Reboot system at 12:00:00 06/02/2018 (in 0 hours and 16 minutes). Confirm? [Y/N]:

Related commands

scheduler reboot delay

Use scheduler reboot delay to specify the reboot delay time.

Use undo scheduler reboot to delete the reboot schedule configuration.

Syntax

scheduler reboot delay time

undo scheduler reboot

Default

No reboot delay time is specified.

Views

User view

Predefined user roles

network-admin

Parameters

time: Specifies the reboot delay time in the hh:mm or mm format. This argument can contain up to 6 characters. When in the hh:mm format, mm must be in the range of 0 to 59.

Usage guidelines

CAUTION:

Device reboot interrupts network services.

For data security, if you are performing file operations at the reboot time, the system does not reboot.

The device supports only one device reboot schedule. If you configure both the scheduler reboot delay and schedule reboot at commands or configure one of the commands multiple times, the most recent configuration takes effect.

Examples

# Configure the device to reboot after 88 minutes. This example assumes that the current time is 11:48 a.m. on February 6, 2018.

<Sysname> scheduler reboot delay 88

Reboot system at 13:16 06/02/2018(in 1 hours and 28 minutes). Confirm? [Y/N]:

scheduler schedule

Use scheduler schedule to create a schedule and enter schedule view. If the schedule already exists, you enter schedule view directly.

Use undo scheduler schedule to delete a schedule.

Syntax

scheduler schedule schedule-name

undo scheduler schedule schedule-name

Default

No schedule exists.

Views

System view

Predefined user roles

network-admin

Parameters

schedule-name: Specifies the schedule name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

You can configure a schedule to have the device automatically run a command or a set of commands without administrative interference.

To configure a schedule:

1. Use the scheduler job command to create a job and enter job view.

2. Use the command command to assign commands to the job.

3. Use the scheduler schedule command to create a schedule and enter schedule view.

4. Use the job command to assign the job to the schedule. You can assign multiple jobs to a schedule. The jobs must already exist.

5. Use the user-role command to assign user roles to the schedule. You can assign up to 64 user roles to a schedule.

6. Use the time at, time once, or time repeating command to specify an execution time for the schedule. You can specify only one execution time for a schedule.

Examples

# Create a schedule named saveconfig.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

Related commands

· job

· time at

· time once

shutdown-interval

Use shutdown-interval to set the port status detection timer.

Use undo shutdown-interval to restore the default.

Syntax

shutdown-interval time

undo shutdown-interval

Default

The port status detection timer setting is 30 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time: Specifies the port status detection timer value in seconds. The value range is 0 to 300. To disable port status detection, set this argument to 0.

Usage guidelines

The device starts a port status detection timer when a port is shut down by a protocol. Once the timer expires, the device brings up the port so the port status reflects the port's physical status.

If you change the timer setting during port detection, the device compares the new setting (T1) with the time that elapsed since the port was shut down (T).

· If T < T1, the port will be brought up after T1 – T seconds.

· If T ≥ T1, the port is brought up immediately.

For example, the timer setting is 30 seconds. If you change it to 10 seconds 2 seconds after the port is shut down, the port will come up 8 seconds later. If you change the timer setting to 2 seconds 10 seconds after the port is shut down, the port comes up immediately.

Examples

# Set the port status detection timer to 100 seconds.

<Sysname> system-view

[Sysname] shutdown-interval 100

sysname

Use sysname to set the device name.

Use undo sysname to restore the default.

Syntax

sysname sysname

undo sysname

Default

The device name is H3C.

Views

System view

Predefined user roles

network-admin

Parameters

sysname: Specifies a name for the device, a string of 1 to 64 characters.

Usage guidelines

A device name identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>.

Examples

# Set the name of the device to R2000.

<Sysname> system-view

[Sysname] sysname R2000

[R2000]

temperature-limit

Use temperature-limit to set the temperature alarm thresholds for the device.

Use undo temperature-limit to restore the default.

Syntax

temperature-limit slot slot-number { hotspot | inflow } sensor-number lowlimit warninglimit [ alarmlimit ]

undo temperature-limit slot slot-number { hotspot | inflow } sensor-number

Default

The defaults vary by temperature sensor model. To view the defaults, use the undo temperature-limit command to restore the defaults and then execute the display environment command.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its member ID.

hotspot: Configures temperature alarm thresholds for hotspot sensors. A hotspot sensor is typically near the chip that generates a great amount of heat and used to monitor the chip.

inflow: Configures temperature alarm thresholds for inlet sensors. An inlet sensor is near the air inlet and used for monitoring ambient temperature.

sensor-number: Specifies a sensor by its number, an integer starting from 1. Each number represents a temperature sensor on the device or card.

The following matrix shows the sensor-number argument and hardware compatibility:

Hardware series	Model	Argument compatibility	Value range
WX1800H series	WX1804H WX1810H WX1820H	No	N/A
WX1800H series	WX1840H	Yes	hotspot: 1 inflow: 1
WX3800H series	WX3820H WX3840H	Yes	hotspot: 1 inflow: 1
WX5800H series	WX5860H	Yes	hotspot: 1 and 2 inflow: 1

lowlimit: Specifies the low-temperature threshold in Celsius degrees.

The following matrix shows the value ranges for the lowlimit argument:

Hardware series	Model	Value range
WX1800H series	WX1804H WX1810H WX1820H	hotspot: 0°C to 10°C (32°F to 50°F)
WX1800H series	WX1840H	hotspot: 32°C to 42°C (89.6°F to 107.6°F) inflow: 5°C to 15°C (41°F to 59°F)
WX3800H series	WX3820H WX3840H	hotspot: –30°C to +100°C (–22°F to +212°F) inflow: –30°C to 74°C (–22°F to +165.2°F)
WX5800H series	WX5860H	hotspot 1: 24°C to 40°C (75.2°F to 104°F) hotspot 2: 20°C to 35°C (68°F to 95°F) inflow: 5°C to 20°C (41°F to 68°F)

warninglimit: Specifies the high-temperature warning threshold in Celsius degrees. This threshold must be greater than the low-temperature threshold.

alarmlimit: Specifies the high-temperature alarming threshold in Celsius degrees. This threshold must be greater than the high-temperature warning threshold.

Usage guidelines

When the temperature drops below the low-temperature threshold or reaches the high-temperature warning or alarming threshold, the device performs the following operations:

· Sends log messages and traps.

· Sets LEDs on the device panel.

Examples

# Set temperature alarm thresholds for inlet sensor 1 on member device 1.

<Sysname> system-view

[sysname] temperature-limit slot 1 inflow 1 -10 70 100

time at

Use time at to specify an execution date and time for a non-periodic schedule.

Use undo time to delete the execution time configuration for a schedule.

Syntax

time at time date

undo time

Default

No execution time or date is specified for a schedule.

Views

Schedule view

Predefined user roles

network-admin

Parameters

time: Specifies the schedule execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.

date: Specifies the schedule execution date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.

Usage guidelines

The specified time (date plus time) must be later than the current system time.

The time at command, the time once command, and the time repeating command overwrite one another. The most recently configured command takes effect.

Examples

# Configure the device to execute schedule saveconfig at 01:01 a.m. on May 11, 2018.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time at 1:1 2018/05/11

Related commands

scheduler schedule

time once

Use time once to specify one or more execution days and the execution time for a non-periodic schedule.

Use undo time to delete the execution time configuration for a schedule.

Syntax

time once at time [ month-date month-day | week-day week-day&<1-7> ]

time once delay time

undo time

Default

No execution time or day is specified for a schedule.

Views

Schedule view

Predefined user roles

network-admin

Parameters

at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.

month-date month-day: Specifies a day in the current month, in the range of 1 to 31. If you specify a day that does not exist in the current month, the configuration takes effect on that day in the next month.

week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.

delay time: Specifies the delay time for executing the schedule, in the hh:mm or mm format. This argument can have up to 6 characters. When in the hh:mm format, mm must be in the range of 0 to 59.

Usage guidelines

If the specified time has already occurred, the schedule will be executed at the specified time the following day.

If the day in the month has already occurred, the schedule will be executed at the specified day in the following month.

If the specified day in a week has already occurred, the schedule will be executed at the specified day in the following week.

The time at command, the time once command, and the time repeating command overwrite one another. The most recently configured command takes effect.

Examples

# Configure the device to execute schedule saveconfig once at 15:00.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 15:00

Schedule starts at 15:00 5/11/2011.

# Configure the device to execute schedule saveconfig once at 15:00 on the coming 15th day in a month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 15:00 month-date 15

# Configure the device to execute schedule saveconfig at 12:00 p.m. on the coming Monday and Friday.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 12:00 week-day mon fri

# Configure the device to execute schedule saveconfig after 10 minutes.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once delay 10

Related commands

scheduler schedule

time repeating

Use time repeating to specify an execution time table for a periodic schedule.

Use undo time to delete the execution time configuration for a schedule.

Syntax

time repeating [ at time [ date ] ] interval interval-time

time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]

undo time

Default

No execution time table is specified for a schedule.

Views

Schedule view

Predefined user roles

network-admin

Parameters

at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. If you do not specify this option, the current system time is used as the execution time.

date: Specifies the start date for the periodic schedule, in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month. If you do not specify this argument, the execution start date is the first day when the specified time arrives.

interval interval-time: Specifies the execution time interval in the hh:mm or mm format. This argument can have up to 6 characters. When in the hh:mm format, mm must be in the range of 0 to 59. When in the mm format, this argument must be equal to or greater than 1 minute.

month-date [ month-day | last ]: Specifies a day in a month, in the range 1 to 31. The last keyword indicates the last day of a month. If you specify a day that does not exist in a month, the configuration takes effect on that day in the next month.

week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.

Usage guidelines

The time repeating [ at time [ date ] ] interval interval-time command configures the device to execute a schedule at an interval from the specified time on.

The time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ] command configures the device to execute a schedule at the specified time on every specified day in a month or week.

The time at command, the time once command, and the time repeating command overwrite one another, whichever is configured most recently takes effect.

Examples

# Configure the device to execute schedule saveconfig once an hour from 8:00 a.m. on.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 interval 60

# Configure the device to execute schedule saveconfig at 12:00 p.m. every day.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 12:00

# Configure the device to execute schedule saveconfig at 8:00 a.m. on the 5th of every month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 month-date 5

# Configure the device to execute schedule saveconfig at 8:00 a.m. on the last day of every month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 month-date last

# Configure the device to execute schedule saveconfig at 8:00 a.m. every Friday and Saturday.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 week-day fri sat

Related commands

scheduler schedule

user-role

Use user-role to assign user roles to a schedule.

Use undo user-role to remove user roles from a schedule.

Syntax

user-role role-name

undo user-role role-name

Default

A schedule has the user roles of the schedule creator.

Views

Schedule view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Predefined user roles include network-admin, network-operator, and level-0 to level-15.

Usage guidelines

By assigning user roles to and removing user roles from a schedule, you can control the commands to be executed in a schedule.

A schedule must have one or more user roles, and can have up to 64 user roles. A command in a schedule can be executed if it is permitted by one or more user roles of the schedule.

The security-audit role is mutually exclusive with any other user roles. Assigning the security-audit role removes existing user role assignments. Assigning any other user roles removes the security-audit role assignment.

For more information about user roles, see the RBAC configuration in Fundamentals Configuration Guide.

Examples

# Assign user role rolename to schedule test.

<sysname> system-view

[Sysname] scheduler schedule test

[Sysname-schedule-test] user-role rolename

Related commands

· command

· scheduler schedule

Tcl configuration commands

cli

Use cli to enable a Comware command to be executed in Tcl configuration view when it conflicts with a Tcl command.

Syntax

cli command

Views

Tcl configuration view

Predefined user roles

network-admin

Parameters

command: Specifies the commands to be executed. They must be complete command lines.

Usage guidelines

In Tcl configuration view, if a Comware command conflicts with a Tcl command, the Tcl command will be executed. To execute the Comware command when a conflict occurs, execute the cli command.

You cannot use the cli command to execute a Tcl command.

Examples

# Perform the following steps to execute a Comware command that conflicts with a Tcl command in Tcl configuration view.

1. Execute a Comware command in Tcl configuration view. The output shows that the Comware command cannot be executed because it conflicts with a Tcl command.

<Sysname> tclsh

<Sysname-tcl> system-view

[Sysname-tcl] user-interface vty 0 31

[Sysname-tcl-line-vty0-31] set authentication password simple password1

wrong # args: should be "set varName ?newValue?"

2. Configure the cli command to execute the Comware command again.

[Sysname-tcl-line-vty0-31] cli set authentication password simple password1

# Execute multiple Comware commands in one operation to enter Radio view.

Method 1:

[Sysname-tcl] cli "wlan ap ap1 model WA536-WW ; radio 1"

[Sysname-tcl-wlan-ap-ap1-radio-1]

Method 2:

[Sysname-tcl] cli wlan ap ap1 model WA536-WW ; cli radio 1

[Sysname-tcl- wlan-ap-ap1-radio-1]

tclquit

Use tclquit to return from Tcl configuration view to user view.

Syntax

tclquit

Views

Tcl configuration view

Predefined user roles

network-admin

Usage guidelines

To return from Tcl configuration view to user view, you can also use the quit command.

To return to the upper-level view after you execute Comware commands to enter system view or a Comware feature view, use the quit command.

Examples

# Return from Tcl configuration view to user view.

<Sysname-tcl> tclquit

Related commands

tclsh

Use tclsh to enter Tcl configuration view from user view.

Syntax

tclsh

Views

User view

Predefined user roles

network-admin

Usage guidelines

In Tcl configuration view, you can execute the following commands:

· All Tcl 8.5 commands.

· Comware commands. The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.

Examples

# Enter Tcl configuration view from user view.

<Sysname> tclsh

<Sysname-tcl>

Related commands

tclquit

Python commands

python

Use python to enter the Python shell.

Syntax

python

Views

User view

Predefined user roles

network-admin

Usage guidelines

In the Python shell, you can use the following items:

· Python 2.7 commands.

· Python 2.7 standard API.

· Comware V7 extended API.

To return to user view from the Python shell, enter exit().

Examples

# Enter the Python shell.

<Sysname> python

Python 2.7.3 (default)

[GCC 4.4.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>>

>>> exit()

python filename

Use python filename to execute a Python script.

Syntax

python filename [ param ]

Views

User view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a Python script on a storage medium of the device. The script name is case sensitive and must use the extension .py. The extension .py is case insensitive.

param: Specifies the parameters to be passed to the script. To enter multiple parameters, use spaces as the delimiter.

Usage guidelines

You cannot perform any operations while a Python script is being executed by your command.

Make sure the statements in the script meet the syntax requirements. The system stops executing a Python script if it finds a statement with syntax errors.

When executing a script, the system uses the defaults for interactive statements. The system does not stop for human input.

Examples

# Execute Python script test.py.

<Sysname> python test.py 1 2

['/flash:/test.py', '1', '2']

License management commands

The following matrix shows the feature and hardware compatibility:

Hardware series	Model	License management compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No: · WX1804H · WX1810H · WX1820H Yes: WX1840H
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

display license

Use display license to display detailed license information.

Syntax

display license [ activation-file ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

activation-file: Displays information about activation files. The device supports license installation through activation files only, so this command always displays license information about activation files whether you specify this keyword or not.

slot slot-number: Specifies the member ID of an IRF member device. If you do not specify a member device, this command displays license information for all IRF member devices.

Usage guidelines

After you execute this command, it takes certain time for the device to output detailed license information depending on the device load.

Examples

# Display detailed license information for each IRF member device.

<Sysname> display license

cfa0:/license/210235A1AMB1450000272015052317092592481.ak

Feature: APMGR

Product Description: Enhanced Access Controller License,128 APs,for Verticals,for V7 Registered at: 2018-01-28 16:54:24

License Type: Trial (days restricted)

Trial Time Left (days): 30

Current State: In use

Table 40 Command output

Field	Description
Feature	Feature name.
Registered at	Time when the license was installed.
License Type	License type by validity period: · NA—The system cannot obtain the license type. · Permanent—Purchased license that never expires and is always valid. · Days restricted—Purchased license that is valid for a period in days, for example, 30 days. · Trial (days restricted)—Free trial license that is valid for a period in days.
Trial Time Left (days)	Remaining days of the trial period. This field is available for a trial license.
Time Left (days)	Remaining days of the license. This field is available for a purchased license.
Current State	State of the license: · In use—The license is being used. · Usable—The license is available for use. If multiple days-restricted licenses for one feature are installed, only one license is in In use state and the rest licenses are in Usable state. · Expired—The license has expired. · Uninstalled—The license has been uninstalled. · Unusable—The license cannot be used. · Invalid—The license is invalid and cannot be used.
Uninstall Key	This field is available for licenses that have been uninstalled. An Uninstall file that contain an Uninstall key is created after the uninstallation. The Uninstall key is required for transferring the license.
Uninstall Date	Date when the license was uninstalled. This field is available for licenses that have been uninstalled.

display license device-id

Use display license device-id to display device SN, checksum, and DID information.

Syntax

display license device-id slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

Each device has a unique SN and DID. When you register a license for a device, you must provide its SN and DID.

The DID changes each time you use the license compress command to compress the license storage. Use the display license device-id command to identify the up-to-date DID each time you register licenses.

The DID is generated as an .id file. Upload the file when you register the license with the license center.

Examples

# Display the device SN and DID.

<Sysname> display license device-id

SN: 210235A0VSB011000029

SN CHECK_SUM: FFFFFFEA

Device ID: cfa0:/license/210235A0VSB011000029.did

display license feature

Use display license feature to display brief license information for features.

Syntax

display license feature

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Feature license information includes the following information:

· The total number of licenses that the device supports.

· The number of installed licenses.

· Features that must be licensed to run on the device.

Examples

# Display brief feature license information.

<Sysname> display license feature

Total: 128 Usage: 2

Feature Licensed State

APMGR Y Trial

Table 41 Command output

Field	Description
Total	Total number of licenses that can be installed.
Usage	Number of installed licenses.
Feature	Feature that must be licensed before being used.
Licensed	Licensing state of the feature: · N—Not licensed. · Y—Licensed.
State	License type by purchasing state: · Trial—Trial license. · Formal—Purchased license. If the feature is not licensed, this field displays a hyphen (-). To use the feature, you must install a valid license file.

license activation-file install

Use license activation-file install to install a license activation file.

Syntax

license activation-file install file-name slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

file-name: Specifies the file path, a case-sensitive string of 1 to 127 characters. The activation file must be valid and stored on the device.

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

To install a license activation file successfully, make sure the SN and DID used for registering the feature license matches the current SN and DID of the device.

Activation files are device locked rather than MPU locked. A licensed feature can run on the entire system even after an MPU replacement.

Examples

# Install the activation file 20130812.ak on the device.

<Sysname> system-view

[Sysname] license activation-file install flash:/license/20130812.ak

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...

Related commands

· display license activation-file

· display license device-id

· license activation-file uninstall

license activation-file uninstall

Use license activation-file uninstall to uninstall an activation file.

Syntax

license activation-file uninstall file-name slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

file-name: Specifies the file path, a case-sensitive string of 1 to 127 characters.

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

A feature cannot run on the device after you uninstall all its activation files.

Use this command to revoke an unexpired license if you want to transfer the license from one device to another.

When an activation file is uninstalled, the system creates an Uninstall key. Use this key together with the SN and DID of the transfer destination to register the license for the transfer destination.

Trial licenses are not transferrable. When you uninstall the activation file of a trial license, no Uninstall file is created.

Examples

# Uninstall the activation file flash:/license/20130812.ak from the device.

<Sysname> system-view

[Sysname] license activation-file uninstall flash:/license/20130812.ak

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...

Uninstall file: flash:/license/20130812.uak

Related commands

· display license activation-file

· license activation-file install

license compress

Use license compress to compress the license storage.

Syntax

license compress slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies the member ID of an IRF member device.

Usage guidelines

CAUTION:

The DID changes each time the license storage is compressed. Before performing a compression, make sure all activation files generated based on the old DID have been installed. They cannot be installed after the compression.

Use this command if the free license storage (see the display license feature command) is not sufficient.

This command clears invalid licenses (expired licenses and uninstalled licenses) and Uninstall keys from the license storage area. Back up the Uninstall keys before you compress the license storage.

Examples

# Compress the license storage on the device.

<Sysname> system-view

[Sysname] license compress

This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.

Are you sure you want to continue? [Y/N]: Y

This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait...

Index

A B C D E F G H I J L M N O P Q R S T U V W

activation-key,41

alias,1

append,104

archive configuration,156

archive configuration interval,156

archive configuration location,157

archive configuration max,159

ascii,105

authentication-mode,43

auto-execute command,44

backup startup-configuration,159

binary,105

boot-loader file,177

boot-loader update,180

bootrom backup,181

bootrom read,182

bootrom restore,183

bootrom update,183

bye,106

cd,139

cd,107

cdup,107

cli,236

clock datetime,186

clock protocol,186

clock summer-time,187

clock timezone,189

close,108

command,190

command accounting,45

command authorization,46

configuration encrypt,160

configuration replace file,161

copy,140

databits,47

debug,108

delete,141

delete,109

description,13

dir,109

dir,143

disconnect,111

display | { begin | exclude | include },2

display | by-linenum,3

display >,4

display >>,5

display alias,6

display archive configuration,162

display boot-loader,184

display clock,191

display copyright,192

display cpu-usage,192

display cpu-usage configuration,193

display cpu-usage history,194

display current-configuration,163

display current-configuration diff,164

display default-configuration,165

display device,196

display device manuinfo,197

display diagnostic-information,198

display diff,166

display environment,200

display fan,201

display ftp client source,111

display ftp-server,98

display ftp-user,98

display history-command,6

display history-command all,7

display hotkey,8

display ip http,48

display ip https,48

display license,240

display license device-id,241

display license feature,242

display line,49

display memory,202

display memory-threshold,203

display power,204

display role,13

display role feature,21

display role feature-group,23

display saved-configuration,167

display scheduler job,205

display scheduler logfile,206

display scheduler reboot,207

display scheduler schedule,207

display startup,168

display system stable state,208

display telnet client,51

display this,170

display transceiver alarm,210

display transceiver diagnosis,211

display transceiver interface,212

display transceiver manuinfo,213

display user-interface,51

display users,53

display version,214

display web menu,54

display web users,58

escape-key,59

feature,25

file prompt,144

flow-control,60

format,145

free ftp user,99

free ftp user-ip,100

free ftp user-ip ipv6,100

free line,61

free user-interface,62

free web users,63

ftp,111

ftp client ipv6 source,112

ftp client source,113

ftp ipv6,114

ftp server acl,101

ftp server dscp,101

ftp server enable,102

ftp server ipv6 dscp,102

ftp server ssl-server-policy,103

ftp timeout,104

get,115

gunzip,145

gzip,146

header,215

help,116

history-command max-size,63

hotkey,9

idle-timeout,64

interface policy deny,26

ip http acl,65

ip http enable,66

ip http port,66

ip https acl,67

ip https certificate access-control-policy,68

ip https enable,68

ip https port,69

ip https ssl-server-policy,70

job,216

lcd,117

license activation-file install,243

license activation-file uninstall,243

license compress,244

line,70

line class,71

lock,73

lock reauthentication,75

lock-key,74

ls,117

md5sum,147

memory-threshold,217

memory-threshold usage,218

mkdir,147

mkdir,118

monitor cpu-usage enable,219

monitor cpu-usage interval,220

monitor cpu-usage threshold,220

more,148

move,148

newer,119

open,120

parity,75

passive,120

password-recovery enable,221

permit interface,27

permit vlan,28

protocol inbound,76

put,121

pwd,122

pwd,149

python,238

python filename,238

quit,10

quit,122

reboot,222

reget,123

rename,123

rename,149

repeat,10

reset,124

reset recycle-bin,150

reset saved-configuration,171

reset scheduler logfile,223

restart,124

restful http enable,78

restful https enable,78

restore factory-default,224

restore startup-configuration,172

return,11

rhelp,125

rmdir,150

rmdir,126

role,30

role default-role enable,30

role feature-group,31

rstatus,127

rule,32

save,173

scheduler job,224

scheduler logfile size,225

scheduler reboot at,225

scheduler reboot delay,226

scheduler schedule,227

screen-length,79

screen-length disable,11

send,79

set authentication password,80

sha256sum,151

shell,81

shutdown-interval,228

speed,82

startup saved-configuration,175

status,129

stopbits,83

super,36

super authentication-mode,37

super default role,38

super password,38

sysname,229

system,130

system-view,12

tar create,151

tar extract,152

tar list,154

tclquit,236

tclsh,237

telnet,84

telnet client source,84

telnet ipv6,85

telnet server acl,86

telnet server dscp,87

telnet server enable,89

telnet server ipv6 acl,87

telnet server ipv6 dscp,88

telnet server ipv6 port,89

telnet server port,90

temperature-limit,229

terminal type,90

tftp,133

tftp client ipv6 source,134

tftp client source,135

tftp ipv6,136

tftp-server acl,137

tftp-server ipv6 acl,138

time at,231

time once,232

time repeating,233

undelete,154

user,130

user-interface,91

user-interface class,92

user-role,94

user-role,234

verbose,131

vlan policy deny,39

web captcha,95

web https-authorization mode,95

web idle-timeout,96

webui log,97

01 Fundamentals

Basic CLI commands

alias

repeat

feature

role default-role enable

auto-execute command

display ip http

free line

idle-timeout

ip https ssl-server-policy

restful http enable

set authentication password

shell

speed

telnet server ipv6 dscp

FTP commands

ftp server enable

ftp server ipv6 dscp

append

dir

rhelp

rmdir