01-Fundamentals Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C S12500-X & S12500X-AF Switch Series Command References-Release 113x-6W10101-Fundamentals Command Reference
Table of Contents
Related Documents
01-Text
Title Size Download
01-Text 1.24 MB

Contents

Basic CLI commands· 1

alias· 1

display | { begin | exclude | include } 2

display | by-linenum·· 3

display >· 4

display >>· 5

display alias· 6

display history-command· 7

display history-command all 7

display hotkey· 8

hotkey· 9

quit 10

return· 10

screen-length disable· 11

system-view· 12

Login management commands· 13

activation-key· 13

authentication-mode· 14

auto-execute command· 15

command accounting· 17

command authorization· 17

databits· 18

display line· 19

display telnet client 20

display user-interface· 21

display users· 22

escape-key· 23

flow-control 25

free line· 25

free user-interface· 26

history-command max-size· 27

idle-timeout 28

line· 29

line class· 30

lock· 31

parity· 32

protocol inbound· 32

screen-length· 34

send· 34

set authentication password· 35

shell 36

speed· 37

stopbits· 38

telnet 38

telnet client source· 39

telnet server acl 40

telnet server dscp· 41

telnet server enable· 42

terminal type· 42

user-interface· 43

user-interface class· 44

user-role· 45

RBAC commands· 47

description· 47

display role· 47

display role feature· 49

display role feature-group· 53

feature· 53

interface policy deny· 54

permit interface· 55

permit vlan· 57

permit vpn-instance· 58

role· 59

role default-role enable· 60

role feature-group· 61

rule· 62

super 66

super authentication-mode· 66

super default role· 67

super password· 68

vlan policy deny· 69

vpn-instance policy deny· 70

FTP commands· 72

FTP server commands· 72

display ftp-server 72

display ftp-user 72

free ftp user 73

free ftp user-ip· 74

ftp server acl 74

ftp server dscp· 75

ftp server enable· 76

ftp timeout 76

FTP client commands· 77

append· 77

ascii 77

binary· 78

bye· 79

cd· 79

cdup· 80

close· 81

debug· 81

delete· 82

dir 82

disconnect 83

display ftp client source· 84

ftp· 84

ftp client source· 85

get 86

help· 87

lcd· 88

ls· 89

mkdir 89

newer 90

open· 91

passive· 91

put 92

pwd· 93

quit 94

reget 94

rename· 95

reset 96

restart 96

rhelp· 97

rmdir 98

rstatus· 99

status· 100

system·· 101

user 102

verbose· 102

?· 103

TFTP commands· 105

tftp· 105

tftp client source· 106

tftp-server acl 107

File system management commands· 109

cd· 109

copy· 111

delete· 112

dir 114

fdisk· 116

file prompt 117

fixdisk· 118

format 119

gunzip· 119

gzip· 120

md5sum·· 121

mkdir 121

more· 122

mount 123

move· 124

pwd· 125

rename· 125

reset recycle-bin· 126

rmdir 126

sha256sum·· 127

tar create· 128

tar extract 128

tar list 129

umount 130

undelete· 131

Configuration file management commands· 133

backup startup-configuration· 133

configuration commit 133

configuration commit delay· 134

configuration encrypt 135

display current-configuration· 136

display current-configuration diff 137

display default-configuration· 138

display diff 139

display saved-configuration· 140

display startup· 141

display this· 143

reset saved-configuration· 144

restore startup-configuration· 145

save· 146

startup saved-configuration· 149

Software upgrade commands· 151

boot-loader file· 151

boot-loader update· 153

bootrom backup· 154

bootrom restore· 155

bootrom update· 156

bootrom-update security-check enable· 157

display boot-loader 157

version auto-update enable· 159

version check ignore· 159

ISSU commands· 161

display install active· 161

display install committed· 162

display install ipe-info· 164

display install package· 165

display issu rollback-timer 166

display issu state· 166

display version comp-matrix· 168

install activate· 170

install add· 171

install commit 172

install deactivate· 172

issu accept 173

issu commit 173

issu load· 174

issu rollback· 176

issu rollback-timer 176

issu run switchover 177

Device management commands· 179

clock datetime· 179

clock protocol 180

clock summer-time· 180

clock timezone· 182

command· 183

copyright-info enable· 184

diagnostic start test 185

display alarm·· 185

display clock· 187

display copyright 187

display cpu-usage· 188

display cpu-usage configuration· 190

display cpu-usage history· 190

display device· 193

display device manuinfo· 195

display device manuinfo fan· 198

display device manuinfo power 199

display diagnostic content 200

display diagnostic-information· 202

display environment 203

display exception filepath· 204

display fan· 205

display hardware-resource· 206

display memory· 207

display memory-threshold· 209

display power 211

display scheduler job· 211

display scheduler logfile· 212

display scheduler reboot 213

display scheduler schedule· 214

display system stable state· 215

display system-working-mode· 216

display transceiver alarm·· 217

display transceiver diagnosis· 218

display transceiver interface· 219

display transceiver manuinfo· 220

display version· 221

display version-update-record· 221

exception filepath· 222

hardware-resource tcam·· 223

header 224

job· 225

memory-threshold· 226

memory-threshold usage· 227

monitor cpu-usage enable· 228

monitor cpu-usage interval 229

monitor cpu-usage threshold· 230

password-recovery enable· 231

process core· 231

reboot 232

reset scheduler logfile· 235

reset version-update-record· 236

scheduler job· 236

scheduler logfile size· 237

scheduler reboot at 237

scheduler reboot delay· 238

scheduler schedule· 239

shutdown-interval 240

switch-fabric isolate· 241

sysname· 242

system-working-mode· 242

temperature-limit 243

time at 245

time once· 245

time repeating· 247

user-role· 248

MDC commands· 250

MDC commands for the default MDC· 250

allocate interface· 250

display mdc· 252

display mdc interface· 253

display mdc resource· 254

limit-resource cpu· 256

limit-resource memory· 257

location· 258

switchto mdc· 259

mdc· 260

mdc start 260

MDC commands for non-default MDCs· 261

display mdc· 261

display mdc interface· 261

display mdc resource· 262

switchback· 264

Python commands· 265

exit() 265

python· 265

python filename· 266

License management commands· 267

display license· 267

display license feature· 268

display license device-id· 269

license activation-file install 270

license activation-file uninstall 271

license compress· 272

Preprovisioning commands· 274

chassis slot 274

display provision failed-config· 274

provision· 275

slot 276

reset provision failed-config· 276

Index· 278

 


Basic CLI commands

alias

Use alias to configure a command alias.

Use undo alias to remove a command alias.

Syntax

alias alias command

undo alias alias

Default

The system defines a set of command aliases, as listed in Table 1.

Table 1 System-defined command aliases

Alias

Command string

access-list

acl

end

return

erase

delete

exit

quit

hostname

sysname

logging

info-center

no

undo

show

display

write

save

 

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

alias: Specifies an alias, a case-sensitive string of 1 to 20 characters. An alias cannot be alias or contain spaces.

command: Specifies a command string. Make sure the command string meets the syntax requirements.

Usage guidelines

You can configure an alias for a command or the starting keywords of commands, and use the alias to execute the command or commands.

For example, if you configure the alias siprt for display ip routing-table, you can enter siprt to execute the display ip routing-table command. If you configure the alias ship for display ip, you can use ship to execute all commands starting with display ip:

·     Enter ship routing-table to execute the display ip routing-table command.

·     Enter ship interface to execute the display ip interface command.

The command string can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the display ip $1 | include $2 command. Then, to execute the display ip interface | include GigabitEthernet0/0/1 command, you only need to enter shinc interface GigabitEthernet0/0/1.

Examples

# Configure the alias shiprt for the display ip routing-table command and verify the configuration.

<Sysname> system-view

[Sysname] alias shiprt display ip routing-table

[Sysname] shiprt

Destinations : 12        Routes : 12

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

3.3.3.3/32         Static  60  0           192.168.1.62    GE0/0

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

169.254.0.0/24     Direct  0   0           169.254.0.188   GE0/0

169.254.0.0/32     Direct  0   0           169.254.0.188   GE0/0

169.254.0.188/32   Direct  0   0           127.0.0.1       InLoop0

169.254.0.255/32   Direct  0   0           169.254.0.188   GE0/0

192.168.57.0/24    RIP     100 1           192.168.1.62    GE0/0

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# Configure the alias shinc for display ip $1 | include $2.

[Sysname] alias shinc display ip $1 | include $2

# Use the alias shinc to display all static routes.

[Sysname] shinc routing-table Static

3.3.3.3/32         Static  60  0           192.168.1.62    GE0/0

# Use the alias shinc to display all RIP routes.

[Sysname] shinc routing-table RIP

192.168.57.0/24    RIP     100 1           192.168.1.62    GE0/0

Related commands

display alias

display | { begin | exclude | include }

Use display | { begin | exclude | include } to filter the output from a display command with a regular expression.

Syntax

display command | { begin | exclude | include } regular-expression

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

begin: Displays the first line matching the specified regular expression and all subsequent lines.

exclude: Displays all lines not matching the specified regular expression.

include: Displays all lines matching the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

Use the | { begin | exclude | include } regular-expression option with a display command to filter the command output. For more information about regular expressions, see Fundamentals Configuration Guide.

Examples

# Display the lines that contain "vlan" in the running configuration.

<Sysname> display current-configuration | include vlan

vlan 1

vlan 999

 port access vlan 999

display | by-linenum

Use display | by-linenum to number each output line for a display command.

Syntax

display command | by-linenum

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

Usage guidelines

By numbering each output line from a display command, you can easily identify the lines of interest.

Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen (-). If you specify the | by-linenum option and the | begin regular-expression option for a display command, a hyphen is displayed for all lines that do not match the regular expression.

Examples

# Display VLAN 999 settings, with each output line identified by a number.

<Sysname> display vlan 999 | by-linenum

    1:  VLAN ID: 999

    2:  VLAN type: Static

    3:  Route interface: Configured

    4:  IP address: 192.168.2.1

    5:  Subnet mask: 255.255.255.0

    6:  Description: For LAN Access

    7:  Name: VLAN 0999

    8:  Tagged ports:   None

    9:  Untagged ports:

   10:     FortyGigE1/0/1

# Display the first line that begins with "user-group" in the running configuration and all of the following lines.

<Sysname> display current-configuration | by-linenum begin user-group

  114:  user-group system

  115-  #

  116-  return

display >

Use display > to save the output from a display command to a separate file.

Syntax

display command > filename

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use the display > command to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system overwrites the file.

Examples

# Save VLAN 1 settings to a separate file named vlan.txt.

<Sysname> display vlan 1 > vlan.txt

# Verify the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0001

 Name: VLAN 0001

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

display >>

Use display >> to append the output from a display command to the end of a file.

Syntax

display command >> filename

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use display >> to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system appends the output to the end of the file.

Examples

# Append the VLAN 999 settings to the end of the vlan.txt file.

<Sysname> display vlan 999 >> vlan.txt

# Check the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0001

 Name: VLAN 0001

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

 

 VLAN ID: 999

 VLAN type: Static

 Route interface: Configured

 IP address: 192.168.2.1

 Subnet mask: 255.255.255.0

 Description: For LAN Access

 Name: VLAN 0999

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/1

display alias

Use display alias to display command aliases.

Syntax

display alias [ alias ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

alias: Specifies a command alias. If you do not specify this argument, the command displays all command aliases.

Examples

# Display all command aliases.

<Sysname> display alias

Index     Alias                Command key

1         access-list          acl

2         end                  return

3         erase                delete

4         exit                 quit

5         hostname             sysname

6         logging              info-center

7         no                   undo

8         shinc                display $1 | include $2

9         show                 display

10        sirt                 display ip routing-table

11        write                save

# Display the command alias shinc.

<Sysname> display alias shinc

Alias                Command key

shinc                display $1 | include $2

Related commands

alias

display history-command

Use display history-command to display all commands that are saved in the command history buffer for the current CLI session.

Syntax

display history-command

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again.

By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

Examples

# Display all commands saved in the command history buffer for the current CLI session.

<Sysname> display history-command

  system-view

  vlan 2

  quit

Related commands

history-command max-size

display history-command all

Use display history-command all to display all commands saved in the command history buffer for all CLI sessions.

Syntax

display history-command all

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The system automatically saves commands successfully executed by users to the command history buffer for all CLI sessions. Users can view them and execute them again.

Up to 1024 commands can be saved in the command history buffer. When this number is reached, the system deletes the earliest commands to make room for newly executed commands.

Examples

# Display all commands saved in the command history buffer for all CLI sessions.

<Sysname> display history-command all

  Date       Time     Terminal   Ip              User

  03/16/2013 20:03:33 vty0       192.168.1.26    **

  Cmd:dis his all

 

  03/16/2013 20:03:29 vty0       192.168.1.26    **

  Cmd:sys

Related commands

display history-command

display hotkey

Use display hotkey to display hotkey information.

Syntax

display hotkey

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display hotkey information.

<Sysname> display hotkey

----------------- Hotkeys -----------------

           -Defined command hotkeys-

CTRL_G display current-configuration

CTRL_L display ip routing-table

CTRL_O undo debugging all

 

           -Undefined command hotkeys-

CTRL_T NULL

CTRL_U NULL

 

           -System-reserved hotkeys-

CTRL_A  Move the cursor to the beginning of the line.

CTRL_B  Move the cursor one character to the left.

CTRL_C  Stop the current command.

CTRL_D  Erase the character at the cursor.

CTRL_E  Move the cursor to the end of the line.

CTRL_F  Move the cursor one character to the right.

CTRL_H  Erase the character to the left of the cursor.

CTRL_K  Abort the connection request.

CTRL_N  Display the next command in the history buffer.

CTRL_P  Display the previous command in the history buffer.

CTRL_R  Redisplay the current line.

CTRL_V  Paste text from the clipboard.

CTRL_W  Delete the word to the left of the cursor.

CTRL_X  Delete all characters from the beginning of the line to the cursor.

CTRL_Y  Delete all characters from the cursor to the end of the line.

CTRL_Z  Return to the User View.

CTRL_]  Kill incoming connection or redirect connection.

ESC_B   Move the cursor back one word.

ESC_D   Delete all characters from the cursor to the end of the word.

ESC_F   Move the cursor forward one word.

Related commands

hotkey

hotkey

Use hotkey to assign a command to a configurable hotkey.

Use undo hotkey to restore the default.

Syntax

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }

Default

·     Ctrl_G: display current-configuration (display the running configuration).

·     Ctrl_L: display ip routing-table (display the IPv4 routing table information).

·     Ctrl_O: undo debugging all (disable all debugging functions).

·     Ctrl_T: No command is assigned to this hotkey.

·     Ctrl_U: No command is assigned to this hotkey.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

CTRL_G: Assigns a command to Ctrl+G.

CTRL_L: Assigns a command to Ctrl+L.

CTRL_O: Assigns a command to Ctrl+O.

CTRL_T: Assigns a command to Ctrl+T.

CTRL_U: Assigns a command to Ctrl+U.

command: Specifies the command to be assigned to the hotkey.

Usage guidelines

The system defines some hotkeys and provides five configurable command hotkeys. Pressing a hotkey executes the command assigned to the hotkey.

To display system-defined and configurable hotkeys, use the display hotkey command.

Examples

# Assign the display tcp status command to the hotkey Ctrl+T.

<Sysname> system-view

[Sysname] hotkey ctrl_t display tcp status

Related commands

display hotkey

quit

Use quit to return to the upper-level view.

Syntax

quit

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Executing this command in user view disconnects you from the device.

Examples

# Return from FortyGigE 1/0/1 interface view to system view and then to user view.

[Sysname-FortyGigE1/0/1] quit

[Sysname] quit

<Sysname>

return

Use return to return to user view from any other view.

Syntax

return

Views

Any view except user view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Pressing Ctrl+Z has the same effect as the return command.

Examples

# Return to user view from FortyGigE 1/0/1 interface view.

[Sysname-FortyGigE1/0/1] return

<Sysname>

screen-length disable

Use screen-length disable to disable pausing between screens of output for the current session.

Use undo screen-length disable to enable pausing between screens of output for the current session.

Syntax

screen-length disable

undo screen-length disable

Default

The default depends on the configuration of the screen-length command in user line view.

The following are default settings for the screen-length command:

·     Pausing between screens of output.

·     Displaying up to 24 lines on a screen.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you disable pausing between screens of output, all output is displayed. The screen is refreshed continuously until the final screen is displayed.

This command takes effect only for the current session. When you are logged out, the default is restored.

Examples

# Disable pausing between screens of output for the current session.

<Sysname> screen-length disable

Related commands

screen-length

system-view

Use system-view to enter system view from user view.

Syntax

system-view

Views

User view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Enter system view from user view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]


Login management commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

Some login management commands are not supported in some user line views but can be configured in the corresponding user line class views. However, the commands do not take effect. This chapter provides only remarks about commands that are not supported in user line view.

activation-key

Use activation-key to define a shortcut key for starting a terminal session.

Use undo activation-key to restore the default.

Syntax

activation-key character

undo activation-key

Default

Pressing Enter starts a terminal session.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

character: Specifies the shortcut key. It can be a single character, a key sequence, or the ASCII code value (in the range of 0 to 127) of the character or key sequence.

Usage guidelines

This command is not supported in VTY line view or VTY line class view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

To display the shortcut key you have defined, use the display current-configuration | include activation-key command.

Examples

# Configure character s as the shortcut key for starting a terminal session on the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] activation-key s

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

In non-FIPS mode:

authentication-mode { none | password | scheme }

undo authentication-mode

In FIPS mode:

authentication-mode scheme

undo authentication-mode

Default

In non-FIPS mode, the authentication mode is password for VTY lines, and none for AUX lines.

In FIPS mode, the authentication mode is scheme.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

Usage guidelines

When the authentication mode is none, any user can log in without authentication. To improve device security, use the password or scheme authentication mode.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable the none authentication mode for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode none

# Enable password authentication for the user line VTY 0 and set the password to 321.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple 321

# Enable scheme authentication for the user line VTY 0, set the username to 123 and the password to 321, and authorize the Telnet service and network-admin user role to the user.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode scheme

[Sysname-line-vty0] quit

[Sysname] local-user 123

[Sysname-luser-manage-123] password simple 321

[Sysname-luser-manage-123] service-type telnet

[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

auto-execute command

CAUTION

CAUTION:

After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration.

 

Use auto-execute command to specify the command to be automatically executed for login users.

Use undo auto-execute command to delete the configuration.

Syntax

auto-execute command command

undo auto-execute command

Default

Command auto-execution is disabled.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

command: Specifies the command to be automatically executed.

Usage guidelines

This command is not supported in AUX line view or AUX line class view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

The device automatically executes the specified command when a user logs in through the user line, and closes the user connection after the command is executed. If the command triggers another task, the device does not close the user connection until the task is completed.

Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X. In this case, the connection to the current device is closed when the user terminates the Telnet connection to X.X.X.X.

Examples

# Configure the device to automatically Telnet to 192.168.1.41 after a user logs in through user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] auto-execute command telnet 192.168.1.41

% This action will lead to configuration failure through line-vty0. Are you sure?

[Y/N]:y

[Sysname-line-vty0]

# To verify the configuration, Telnet to 192.168.1.40.

The device automatically Telnets to 192.168.1.41, and the following output is displayed:

C:\> telnet 192.168.1.40

******************************************************************************

* * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

<Sysname>

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.

command accounting

Use command accounting to enable command accounting.

Use undo command accounting to restore the default.

Syntax

command accounting

undo command accounting

Default

Command accounting is disabled. The accounting server does not record executed commands.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.

Invalid commands issued by users are not recorded.

If the command accounting command is configured in user line class view, command accounting is enabled on all user lines in the class, and you cannot configure the undo command accounting command in the view of a user line in the class.

Examples

# Enable command accounting for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command accounting

Related commands

·     accounting command (Security Command Reference)

·     command authorization

command authorization

Use command authorization to enable command authorization.

Use undo command authorization to restore the default.

Syntax

command authorization

undo command authorization

Default

Command authorization is disabled. Logged-in users can execute commands without authorization.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When command authorization is enabled, a command is available only if the user has the commensurate user role and is authorized to use the command by the AAA scheme.

If the command authorization command is configured in user line class view:

·     Command authorization is enabled on all user lines in the class.

·     You cannot configure the undo command authorization command in the view of a user line in the class.

Examples

# Enable command accounting for VTY 0 so its user can execute only authorized commands that are permitted by the user role.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command authorization

Related commands

authorization command (Security Command Reference)

databits

Use databits to specify the number of data bits for each character.

Use undo databits to restore the default.

Syntax

databits { 5 | 6 | 7 | 8 }

undo databits

Default

Eight data bits are used for each character.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

5: Uses five data bits for each character.

6: Uses six data bits for each character.

7: Uses seven data bits for each character.

8: Uses eight data bits for each character.

Usage guidelines

This command is not supported in VTY line view.

This setting must be the same as that on the configuration terminal.

Examples

# Configure AUX 0 to use five data bits for each character.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] databits 5

display line

Use display line to display user line information.

Syntax

display line [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Examples

# Display user line information.

<Sysname> display line 1

  Idx  Type     Tx/Rx      Modem Auth  Int                                     

F 1    AUX 1    9600       -     N     -                                       

                                                                               

  +    : Line is active.                                                        

  F    : Line is active and in async mode.                                     

  Idx  : Absolute index of line.                                               

  Type : Type and relative index of line.                                      

  Auth : Login authentication mode.                                            

  Int  : Physical port of the line.                                            

  A    : Authentication use AAA.                                               

  N    : No authentication is required.                                        

  P    : Password authentication.

Table 2 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

 

# In IRF mode, display summary information about all user lines.

<Sysname> display line summary

  Line type : [AUX]

           0:XUXX XXXX                                                         

  Line type : [VTY]                                                            

           8:UUXU UUUU UXXX XXXX                                               

          24:XXXX XXXX XXXX XXXX                                               

          40:XXXX XXXX XXXX XXXX                                               

          56:XXXX XXXX XXXX XXXX                                               

                                                                                

   9 lines used.      (U)                                                      

  63 lines not used.  (X)

Table 3 Command output

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "0:XUXX XXXX" is displayed, the user line class has eight user lines. The user lines use the absolute numbers 0 through 7. User line 1 is being used, and the others are not.

 

display telnet client

Use display telnet client to display the source IPv4 address or source line configured for the device to use for outgoing Telnet packets when serving as a Telnet client.

Syntax

display telnet client

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the Telnet client configuration of the device when it serves as a Telnet client.

<Sysname> display telnet client

 The source IP address is 1.1.1.1.

The output shows that the device uses the source IPv4 address 1.1.1.1 for outgoing Telnet packets when it serves as a Telnet client.

Related commands

telnet client source

display user-interface

Use display user-interface to display user line information.

Syntax

display user-interface [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Usage guidelines

This is an older command reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.

Examples

# Display user line information.

<Sysname> display user-interface 1

  Idx  Type     Tx/Rx      Modem Auth  Int                                     

+ 1    VTY 0               -     N     -                                    

                                                                                

  +    : Line is active.                                                       

  F    : Line is active and in async mode.                                     

  Idx  : Absolute index of line.                                               

  Type : Type and relative index of line.                                      

  Auth : Login authentication mode.                                            

  Int  : Physical port of the line.                                            

  A    : Authentication use AAA.                                               

  N    : No authentication is required.                                        

  P    : Password authentication

Table 4 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

 

# In IRF mode, display summary information about all user lines.

<Sysname> display user-interface summary

Line type : [AUX]                                                            

           0:XUXX XXXX                                                         

  Line type : [VTY]                                                            

           8:UXXX XXXX XXXX XXXX                                               

          24:XXXX XXXX XXXX XXXX                                               

          40:XXXX XXXX XXXX XXXX                                               

          56:XXXX XXXX XXXX XXXX                                               

                                                                               

   1 lines used.      (U)                                                      

  71 lines not used.  (X)

Table 5 Command output

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "0:XUXX XXXX" is displayed, the user line class has eight user lines. The user lines use the absolute numbers 0 through 7. User line 1 is being used, and the others are not.

 

display users

Use display users to display online CLI user information.

Syntax

display users [ all ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

all: Displays all user lines supported by the device.

Examples

# Display online user information.

<Sysname> display users

  Idx  Line    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

 

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

The output shows that two users have logged in to the device: one is using user line VTY 0 and the other (yourself) is using VTY 1. Your IP address is 192.168.1.26.

Table 6 Command output

Field

Description

Idx

Absolute number of the user line.

Line

Type and relative number of the user line.

Idle

Time elapsed after the user's most recent input, in the hh:mm:ss format.

Time

Login time of the user.

Pid

Process ID of the user session.

Type

User type, such as Telnet, SSH.

+

Indicates the user line you are using.

Location

IP address of the user.

 

escape-key

Use escape-key to set the escape key.

Use undo escape-key to disable the escape key.

Syntax

escape-key { character | default }

undo escape-key [ default ]

Default

The escape key is Ctrl+C.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

character: Specifies the shortcut key. It can be a single character, a key sequence, or the ASCII code value (in the range of 0 to 127) of the character or key sequence.

default: Restores the default escape key sequence Ctrl+C.

Usage guidelines

You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.

Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the description of the command.

As a best practice, use a key sequence as the shortcut key. If you define a single character as the shortcut key, pressing the key while a command is being executed stops the command. If no command is being executed, the result depends on the following:

·     If you are managing the local device, pressing the key enters the character as a common character.

·     If you Telnet to another device and manage the remote device, pressing the key does nothing.

You can execute this command multiple times, but only the most recent configuration takes effect. To view the current shortcut key definition, use the display current-configuration command.

The undo escape-key command disables the current escape key. After you execute this command, no escape key is available.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Define character a as the shortcut key for terminating a task.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] escape-key a

To verify the configuration:

1.     Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.

<Sysname> ping -c 20 192.168.1.49

  PING 192.168.1.49: 56  data bytes, press a to break

    Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

    Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2.     Press a.

The task is terminated, and the system returns to user view.

  --- 192.168.1.49 ping statistics ---

    2 packet(s) transmitted

    2 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 3/3/3 ms

<Sysname>

flow-control

Use flow-control to configure the flow control mode.

Use undo flow-control to restore the default.

Syntax

flow-control { hardware | none | software }

undo flow-control

Default

The flow control mode is none.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

hardware: Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Usage guidelines

This command is not supported in VTY line view.

The device supports flow control in both the inbound and outbound directions:

·     For flow control in the inbound direction, the local device listens to flow control information from the remote device.

·     For flow control in the outbound direction, the local device sends flow control information to the remote device.

The flow control setting takes effect in both directions.

To communicate, two devices must be configured with the same flow control mode.

Examples

# Configure software flow control in the inbound and outbound directions for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] flow-control software

free line

Use free line to release a user line.

Syntax

free line { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

This command does not release the line you are using.

Examples

# Release the user line VTY 1:

1.     Display online users.

<Sysname> display users

  Idx  Line    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

 

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

2.     If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free line vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

free user-interface

Use free user-interface to release a user line.

Syntax

free user-interface { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

This command does not release the line you are using.

This is an older command reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.

Examples

# Release the user line VTY 1:

1.     Display online users.

<Sysname> display users

  Idx  LINE    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

2.     If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free user-interface vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

history-command max-size

Use history-command max-size to set the size of the command history buffer for a user line.

Use undo history-command max-size to restore the default.

Syntax

history-command max-size size-value

undo history-command max-size

Default

The buffer of a user line saves up to 10 history commands.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.

Usage guidelines

Each user line uses a separate command history buffer to save commands successfully executed by its user. The size of the buffer determines how many history commands the buffer can store.

To view stored history commands on your user line, press the up arrow key or down arrow key or execute the display history-command command.

Terminating a CLI session clears the commands in the history buffer.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the size of the command history buffer to 20 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] history-command max-size 20

idle-timeout

Use idle-timeout to set the CLI connection idle-timeout timer.

Use undo idle-timeout to restore the default.

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

Default

The CLI connection idle-timeout timer is 10 minutes.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

minutes: Specifies the number of minutes for the timer, in the range of 0 to 35791. The default is 10 minutes.

seconds: Specifies the number of seconds for the timer, in the range of 0 to 59. The default is 0 seconds.

Usage guidelines

The system automatically terminates the user connection on the user line if there is no information interaction between the device and the user within the idle-timeout interval.

Setting the CLI connection idle-timeout timer to 0 disables the idle-timeout feature.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] idle-timeout 1 30

line

Use line to enter one or multiple user line views.

Syntax

line { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

first-number1: Specifies the absolute number of the first user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

last-number2: Specifies the relative number of the last user line. This number cannot be smaller than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4]

Related commands

line class

line class

Use line class to enter user line class view.

Syntax

line class { aux | vty }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] line class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX 0 line view, restore the default shortcut key for starting a terminal session.

[Sysname] line aux 0

[Sysname-line-aux0] undo activation-key

Alternatively:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

line

lock

Use lock to lock the current user line. This method prevents unauthorized users from using the user line.

Syntax

lock

Default

By default, the system does not lock any user line.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is not supported in FIPS mode.

This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

To unlock the user line, press Enter and enter the password you set.

Examples

# Lock the current user line and set the password for unlocking the line.

<Sysname> lock

Please input password<1 to 16> to lock current line:

Password:

Again:

 

                   locked !

// The user line is locked. To unlock it, press Enter and enter the password:

Password:

<Sysname>

parity

Use parity to specify a parity check mode.

Use undo parity to restore the default.

Syntax

parity { even | mark | none | odd | space }

undo parity

Default

The setting is none, and no parity check is performed.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

even: Performs even parity check.

mark: Performs mark parity check.

none: Disables parity check.

odd: Performs odd parity check.

space: Performs space parity check.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same parity check mode to communicate.

Examples

# Configure user line AUX 0 to perform odd parity check.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] parity odd

protocol inbound

Use protocol inbound to enable a user line to support Telnet, SSH, or both protocols.

Use undo protocol inbound to restore the default.

Syntax

In non-FIPS mode:

protocol inbound { all | ssh | telnet }

undo protocol inbound

In FIPS mode:

protocol inbound ssh

undo protocol inbound

Default

In non-FIPS mode, both protocols are supported.

In FIPS mode, SSH is supported.

Views

VTY line view, VTY line class view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Supports both protocols.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Usage guidelines

This configuration is effective only for a user who logs in through the user line after the configuration is completed.

Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable user lines VTY 0 through VTY 4 to support only SSH.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] authentication-mode scheme

[Sysname-line-vty0-4] protocol inbound ssh

# Enable scheme authentication for the VTY line class and enable the line class to support only SSH. Disable authentication for VTY lines 0 through 4.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] authentication-mode scheme

[Sysname-line-class-vty] protocol inbound ssh

[Sysname-line-class-vty] line vty 0 4

[Sysname-line-vty0-4] authentication-mode none

screen-length

Use screen-length to set the maximum number of lines to be displayed on a screen.

Use undo screen-length to restore the default.

Syntax

screen-length screen-length

undo screen-length

Default

Up to 24 lines are displayed on a screen.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

screen-length: Specifies the maximum number of lines to be displayed on a screen, in the range of 0 to 512. Setting this argument to 0 disables pausing between screens of output.

Usage guidelines

This command sets the maximum number of lines that can be displayed on one screen when the screen pause feature is enabled. If the screen pause feature is disabled, the system displays command output without any pause.

The actual number of lines that can be displayed on a screen is restricted by the display specification of the configuration terminal. For example, if you set the maximum number of lines for a screen to 40 when the display specification is 24 lines, the device sends 40 lines to the screen at a time, but only the last 24 lines are displayed on the screen. To view the previous 16 lines, you must press PgUp.

The screen pause feature is enabled by default. To disable this feature, use the screen-length 0 or screen-length disable command. The screen-length disable command is available in user view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the maximum number of lines to be displayed on a screen to 30 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] screen-length 30

Related commands

screen-length disable

send

Use send to send messages to user lines.

Syntax

send { all | number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Specifies all user lines.

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

To end a message, press Enter. To cancel a message and return to user view, press Ctrl+C.

Examples

# Before you restart the device, send a notification to VTY 1 to inform the user.

<Sysname> send vty 1

Input message, end with Enter; abort with CTRL+C:

Your attention, please. I will reboot the system in 3 minutes.

Send message? [Y/N]:y

The message should appear on the screen of the user's configuration terminal, as shown in the following example:

[Sysname]

 

***

***

***Message from vty0 to vty1

***

Your attention, please. I will reboot the system in 3 minutes.

set authentication password

Use set authentication password to set a password for password authentication.

Use undo set authentication password to delete the password.

Syntax

set authentication password { hash | simple } password

undo set authentication password

Default

No password is set for password authentication.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

hash: Sets a hashed password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If hash is specified, it must be a string of 1 to 110 characters.

Usage guidelines

This command is not supported in FIPS mode.

For security purposes, the password is hashed before being saved, whether you specify the hash or simple keyword.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the password for password authentication on the user line AUX 0 to hello.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] authentication-mode password

[Sysname-line-aux0] set authentication password simple hello

When you log in again through user line AUX 0, you must enter the password hello to pass authentication.

Related commands

authentication-mode

shell

Use shell to enable the terminal service for a user line.

Use undo shell to disable the terminal service for a user line.

Syntax

shell

undo shell

Default

The terminal service is enabled on all user lines.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The undo shell command is not supported in AUX line view or AUX line class view.

You cannot disable the terminal service on the user line you are using.

When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.

If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.

Examples

# Disable the terminal service for the user line VTY 0 through VTY 4 so no user can log in to the device through the user lines.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] undo shell

Disable line-vty0-4 , are you sure? [Y/N]:y

[Sysname-line-vty0-4]

speed

Use speed to set the transmission rate (also called the "baud rate") on a user line.

Use undo speed to restore the default.

Syntax

speed speed-value

undo speed

Default

The transmission rate is 9600 bps on a user line.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

speed-value: Transmission rate in bps. The transmission rates available for asynchronous serial interfaces include: 300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600 bps, and 115200 bps. The transmission rate varies with devices and configuration environments.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same transmission rate to communicate.

Examples

# Set the transmission rate to 19200 bps for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] speed 19200

stopbits

Use stopbits to specify the number of stop bits for a character.

Use undo stopbits to restore the default.

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

Default

One stop bit is used.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

1: Uses one stop bit.

1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

2: Uses two stop bits.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured to use the same number of stop bits to communicate.

Examples

# Set the number of stop bits to 1 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] stopbits 1

telnet

Use telnet to Telnet to a host in an IPv4 network.

Syntax

telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

source: Specifies a source IPv4 address or source interface for outgoing Telnet packets.

interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.

dscp dscp-value: Specifies the DSCP value for IP to use in outgoing Telnet packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 48.

Usage guidelines

This command is not supported in FIPS mode.

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

The source IPv4 address or source interface that is specified by this command is only applicable to the current Telnet connection.

Examples

# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

Related commands

telnet client source

telnet client source

Use telnet client source to specify a source IPv4 address or source interface for outgoing Telnet packets when the device serves as a Telnet client.

Use undo telnet client source to delete the configuration.

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

Default

No source IPv4 address or source interface is specified for outgoing Telnet packets. The source IPv4 address is the primary IPv4 address of the outbound interface.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

This command is not supported in FIPS mode.

The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.

Examples

# Set the source IPv4 address for outgoing Telnet packets to 1.1.1.1 when the device serves as a Telnet client.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

Related commands

display telnet client configuration

telnet server acl

Use telnet server acl to apply an ACL to filter Telnet logins.

Use undo telnet server acl to restore the default.

Syntax

telnet server acl acl-number

undo telnet server acl

Default

No ACL is used to filter Telnet logins.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

·     Basic ACL2000 to 2999.

·     Advanced ACL3000 to 3999.

·     Ethernet frame header ACL4000 to 4999.

Usage guidelines

This command is not supported in FIPS mode.

Only one ACL can be used to filter Telnet logins, and only users permitted by the ACL can Telnet to the device.

This command does not take effect on existing Telnet connections.

You can specify an ACL that has not been created yet in this command. The command takes effect after the ACL is created.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 1.1.1.1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2001] quit

[Sysname] telnet server acl 2001

telnet server dscp

Use telnet server dscp to set the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server dscp to restore the default.

Syntax

telnet server dscp dscp-value

undo telnet server dscp

Default

IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

This command is not supported in FIPS mode.

The DSCP value is carried in the ToS field of an IP packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server dscp 30

telnet server enable

Use telnet server enable to enable the Telnet server feature.

Use undo telnet server enable to disable the Telnet server feature.

Syntax

telnet server enable

undo telnet server enable

Default

The Telnet server feature is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is not supported in FIPS mode.

Administrators can Telnet to the device only when the Telnet server feature is enabled.

Examples

# Enable the Telnet server feature.

<Sysname> system-view

[Sysname] telnet server enable

terminal type

Use terminal type to specify the terminal display type.

Use undo terminal type to restore the default.

Syntax

terminal type { ansi | vt100 }

undo terminal type

Default

The terminal display type is ANSI.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

ansi: Specifies the terminal display type ANSI.

vt100: Specifies the terminal display type VT100.

Usage guidelines

The device supports two terminal display types: ANSI and VT100. As a best practice, set the display type to VT100 on both the device and the configuration terminal. If either side uses the ANSI type, a display problem such as cursor positioning error might occur when a command line has more than 80 characters.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] terminal type vt100

user-interface

Use user-interface to enter one or multiple user line views.

Syntax

user-interface { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

first-number1: Specifies the absolute number of the first user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

last-number2: Specifies the relative number of the last user line. This number cannot be smaller than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-line-vty0-4]

Related commands

user-interface class

user-interface class

Use user-interface class to enter user line class view.

Syntax

user-interface class { aux | vty }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] user-interface class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] user-interface class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX 0 line view, restore the default shortcut key for starting a terminal session.

[Sysname] user-interface aux 0

[Sysname-line-aux0] undo activation-key

Alternatively:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

user-interface

user-role

Use user-role to assign a user role to a user line so users logged in through the user line get the user role at login.

Use undo user-role to remove a user role or restore the default.

Syntax

user-role role-name

undo user-role [ role-name ]

Default

A console line user of the default MDC is assigned the user role network-admin. Users of other user lines on the default MDC are assigned the user role network-operator.

A non-default MDC user switched from the default device by using the switchto mdc command is assigned the user role mdc-admin. Other non-default MDC users are assigned the user role mdc-operator.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined (network-admin, network-operator, mdc-admin, mdc-operator, or level-0 to level-15). If you do not specify this argument, the undo user-role command restores the default user role.

Usage guidelines

This command is not supported in FIPS mode.

You can assign up to 64 user roles to a user line. A user logged in through the user line gets all the user roles.

For more information about user roles, see "Configuring RBAC."

Examples

# Assign user role network-admin through the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] user-role network-admin


RBAC commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

description

Use description to configure a description for a user role.

Use undo description to delete the description of a user role.

Syntax

description text

undo description

Default

A user role does not have a description.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a user role description, a case-sensitive string of 1 to 128 characters.

Examples

# Configure the description as labVIP for the user role role1.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] description labVIP

Related commands

·     display role

·     role

display role

Use display role to display user role information.

Syntax

display role [ name role-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles.

Examples

# Display information about the user role 123.

<Sysname> display role name 123

Role: 123

  Description: new role

  VLAN policy: deny

  Permitted VLANs: 1 to 5, 7 to 8

  Interface policy: deny

  Permitted interfaces: FortyGigE1/0/1 to FortyGigE1/0/3, Vlan-interface1 to Vlan-interface20

  VPN instance policy: deny

  Permitted VPN instances: vpn, vpn1, vpn2

  -------------------------------------------------------------------

  Rule    Perm   Type  Scope         Entity

  -------------------------------------------------------------------

  1       permit RWX   feature-group abc

  2       deny   -W-   feature       ldap

  3       permit       command       system ; radius sc *

  4       permit R--   xml-element   -

  5       permit RW-   oid           1.2.1

  R:Read W:Write X:Execute

Table 7 Command output

Field

Description

Role

User role name.

Predefined user role names include:

·     network-admin.

·     network-operator.

·     mdc-admin.

·     mdc-operator.

·     level-n (where n represents an integer in the range of 0 to 15).

Description

User role description you have configured for easy identification.

VLAN policy

VLAN policy of the user role:

·     deny—Denies access to any VLAN except permitted VLANs.

·     permit (default)—Default VLAN policy, which enables the user role to access any VLAN.

Permitted VLANs

VLANs accessible to the user role.

Interface policy

Interface policy of the user role:

·     denyDenies access to any interface except permitted interfaces.

·     permit (default)—Default interface policy, which enables the user role to access any interface.

Permitted interfaces

Interfaces accessible to the user role.

VPN instance policy

VPN instance policy of the user role:

·     denyDenies access to any VPN except permitted VPNs.

·     permit (default)—Default VPN instance policy, which enables the user role to access any VPN instance.

Permitted VPN instances

VPNs accessible to the user role.

Rule

User role rule number.

A user role rule specifies the access permission for items, including commands, feature-specific commands, XML elements, and MIB nodes.

Predefined user role rules are identified by sys-n, where n represents an integer.

Perm

Access control criterion:

·     permit—User role has access to the specified items.

·     deny—User role does not have access to the specified items.

Type

Item category:

·     R—Read-only.

·     W—Write.

·     X—Execute.

Scope

Rule control scope:

·     command—Controls access to the command or commands, as specified in the Entity field.

·     feature—Controls access to the commands of the feature, as specified in the Entity field.

·     feature-group—Controls access to the commands of the features in the feature group, as specified in the Entity field.

·     xml-elementControls access to XML elements.

·     oidControls access to MIB nodes.

Entity

Command string, feature name, feature group, XML element, or OID specified in the user role rule:

·     An en dash (–) represents any feature.

·     An asterisk (*) represents zero or more characters.

 

Related commands

role

display role feature

Use display role feature to display features available in the system.

Syntax

display role feature [ name feature-name | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name feature-name: Displays the commands of a feature. The feature-name argument specifies the feature name, and all letters must be in lower case.

verbose: Displays the commands of each feature.

Usage guidelines

If you specify neither name feature-name nor verbose, the display role feature command displays only the list of features available in the system.

Examples

# Display the list of feature names.

<Sysname> display role feature

Feature: device          (Device configuration related commands)

Feature: interface       (Interface related commands)

Feature: syslog          (Syslog related commands)

Feature: process         (Process related commands)

# Display the commands of each feature.

<Sysname> display role feature verbose

Feature: device          (Device configuration related commands)

  display clock    (R)

  debugging dev    (W)

  display debugging dev    (R)

  display device *    (R)

  display diagnostic-information *    (R)

  display environment *    (R)

  display fan *    (R)

  display alarm *    (R)

  display power *    (R)

  display system-working-mode    (R)

  display current-configuration *    (R)

  display saved-configuration *    (R)

  display default-configuration *    (R)

  display startup    (R)

  display this *    (R)

  display archive configuration    (R)

  display bootrom-access    (R)

  clock datetime *    (W)

  reboot *    (W)

  save *    (W)

  archive configuration    (W)

  backup startup-configuration to *    (W)

  restore startup-configuration from *    (W)

  reset saved-configuration *    (W)

  startup saved-configuration *    (W)

  display transceiver *    (R)

  bootrom *    (W)

  bootrom-access *    (W)

  system-view ; temperature-limit *    (W)

  system-view ; sysname *    (W)

  system-view ; clock timezone *    (W)

  system-view ; clock summer-time *    (W)

  system-view ; configuration replace file *    (W)

  system-view ; transceiver *    (W)

  system-view ; system-working-mode *    (W)

  system-view ; archive configuration *    (W)

  system-view ; configuration encrypt *    (W)

  system-view ; version check ignore    (W)

  system-view ; version auto-update enable    (W)

  system-view ; bootrom-update security-check enable    (W)

  system-view ; clock protocol *    (W)

  system-view ; password-recovery *    (W)

  system-view ; switch-fabric removal-signal-suppression    (W)

  system-view ; rtm *    (W)

  system-view ; rtm * ; action *    (W)

  system-view ; rtm * ; running-time *    (W)

  system-view ; rtm * ; commit    (W)

  system-view ; rtm * ; user-role *    (W)

  display rtm *    (R)

  system-view ; probe ;    (W)

  system-view ; probe ; display system internal startup cache    (R)

  system-view ; probe ; view *    (R)

  system-view ; probe ; list *    (R)

  system-view ; probe ; display system internal lipc *    (R)

  system-view ; probe ; lipc *    (W)

  debugging lipc *    (W)

  display debugging lipc    (R)

  system-view ; probe ; display system internal dbm *    (R)

  system-view ; probe ; display hardware internal transceiver *    (R)

Feature: interface       (Interface related commands)

  reset counters interface *    (W)

  reset packet-drop *    (W)

  debugging ifmgr *    (W)

  display debugging ifmgr    (R)

  debugging system-event *    (W)

  display debugging system-event    (R)

  display interface *    (R)

# Display the commands of the aaa feature.

<Sysname> display role feature name aaa

Feature: aaa             (AAA related commands)

  system-view ; domain *    (W)

  system-view ; header *    (W)

  system-view ; aaa *    (W)

  display domain *    (R)

  system-view ; user-group *    (W)

  system-view ; local-user *    (W)

  display local-user *    (R)

  display user-group *    (R)

  display debugging local-server    (R)

  debugging local-server *    (W)

  super *    (X)

  display password-control *    (R)

  reset password-control *    (W)

  system-view ; password-control *    (W)

Table 8 Command output (display role feature name aaa)

Field

Description

Feature

Displays the name and brief function description of the feature.

system-view ; domain *

All the commands that start with domain in system view and all the commands in ISP domain view.

system-view ; header *

All the commands that start with header in system view.

system-view ; aaa *

All the commands that start with aaa in system view.

display domain *

All the commands that start with display domain in user view.

system-view ; user-group *

All the commands that start with user-group in system view, and all the commands in user group view.

system-view ; local-user *

All the commands that start with local-user in system view, and all the commands in local user view.

display user-group *

All the commands that start with display user-group in user view.

display debugging local-server

All the commands that start with display debugging local-server in user view.

debugging local-server *

All the commands that start with debugging local-server in user view.

super *

All the commands that start with super in user view.

display password-control *

All the commands that start with display password-control in user view.

reset password-control *

All the commands that start with reset password-control in user view.

system-view ; password-control *

All the commands that start with password-control in system view.

(W)

Command type is Write. A write command configures the system.

(R)

Command type is Read. A read command displays configuration or maintenance information.

(X)

Command type is Execute. An execute command executes a specific function.

 

Related commands

feature

display role feature-group

Use display role feature-group to display feature group information.

Syntax

display role feature-group [ name feature-group-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name feature-group-name: Specifies a feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups.

verbose: Displays the commands of each feature in the specified feature group. If you do not specify a feature group, this keyword enables displaying the commands of each feature in every feature group. If you do not specify this keyword, the command displays only the feature lists of feature groups.

Usage guidelines

Feature groups L2 and L3 are predefined feature groups.

Examples

# Display the feature list of the feature group L3.

<Sysname> display role feature-group name L3

Feature group: L3

Feature: route           (Route management related commands)

Feature: usr             (Unicast static route related commands)

Feature: ospf            (Open Shortest Path First protocol related commands)

Feature: rip             (Routing Information Protocol related commands)

Feature: isis            (ISIS protocol related commands)

Feature: bgp             (Border Gateway Protocol related commands)

Related commands

·     feature

·     role feature-group

feature

Use feature to add a feature to a feature group.

Use undo feature to remove a feature from a feature group.

Syntax

feature feature-name

undo feature feature-name

Default

A user-defined feature group does not have any features.

Views

Feature group view

Predefined user roles

network-admin

mdc-admin

Parameters

feature-name: Specifies a feature name. You must enter the feature name as the feature name is displayed, including the case.

Usage guidelines

Repeat the feature command to add multiple features to a feature group.

Examples

# Add the security features AAA and ACL to the security group security-features.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features] feature aaa

[Sysname-featuregrp-security-features] feature acl

Related commands

·     display role feature

·     display role feature-group

·     role feature-group

interface policy deny

Use interface policy deny to enter user role interface policy view.

Use undo interface policy deny to restore the default user role interface policy.

Syntax

interface policy deny

undo interface policy deny

Default

A user role has access to any interface.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the interface access of a user role to a set of interfaces, perform the following tasks:

1.     Use interface policy deny to enter user role interface policy view.

2.     Use permit interface to specify accessible interfaces.

 

 

NOTE:

The interface policy deny command denies the access of the user role to all interfaces if the permit interface command is not configured.

 

To configure an interface, make sure the interface is permitted by the user role interface policy in use. You can perform the following tasks on an accessible interface:

·     Create, remove, or configure the interface.

·     Enter the interface view.

·     Specify the interface in feature commands.

The create and remove operations are available only for logical interfaces.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role interface policy view of role1, and deny role1 to access any interface.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] quit

# Enter user role interface policy view of role1, and deny role1 to access any interface except FortyGigE 1/0/1 to FortyGigE 1/0/5.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface fortygige 1/0/1 to fortygige 1/0/5

Related commands

·     display role

·     permit interface

·     role

permit interface

Use permit interface to configure a list of interfaces accessible to a user role.

Use undo permit interface to disable the access of a user role to specific interfaces.

Syntax

permit interface interface-list

undo permit interface [ interface-list ]

Default

No permitted interfaces are configured in user role interface policy view.

Views

User role interface policy view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-list: Specifies a space-separated list of up to 10 interface items. Each interface item specifies one interface in the interface-type interface-number form or a range of interfaces in the interface-type interface-number to interface-type interface-number form. If you specify an interface range, the end interface must meet the following requirements:

·     Be the same type as the start interface.

·     Have a higher interface number than the start interface.

Usage guidelines

To permit a user role to access an interface after you configure the interface policy deny command, you must add the interface to the permitted interface list of the policy. With the user role, you can perform the following operations to the interfaces in the permitted interface list:

·     Create, remove, or configure the interfaces.

·     Enter the interface views.

·     Specify the interfaces in feature commands.

The create and remove operations are available only for logical interfaces.

You can repeat the permit interface command to add permitted interfaces to a user role interface policy.

The undo permit interface command removes the entire list of permitted interfaces if you do not specify any interfaces.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access FortyGigE 1/0/1, and FortyGigE 1/0/5 to FortyGigE 1/0/7.

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface fortygige 1/0/1 fortygige 1/0/5 to fortygige 1/0/7

[Sysname-role-role1-ifpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any interfaces except FortyGigE 1/0/1 and FortyGigE 1/0/5 to FortyGigE 1/0/7:

# Verify that you can enter FortyGigE 1/0/1 interface view.

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] quit

# Verify that you can assign FortyGigE 1/0/5 to VLAN 10. In this example, the user role can access any VLAN because the default VLAN policy of the user role is used.

[Sysname] vlan 10

[Sysname-vlan10] port fortygige 1/0/5

[Sysname-vlan10] quit

# Verify that you cannot enter FortyGigE 1/0/2 interface view.

[Sysname] interface fortygige 1/0/2

Permission denied.

Related commands

·     display role

·     interface policy deny

·     role

permit vlan

Use permit vlan to configure a list of VLANs accessible to a user role.

Use undo permit vlan to remove the permission for a user role to access specific VLANs.

Syntax

permit vlan vlan-id-list

undo permit vlan [ vlan-id-list ]

Default

No permitted VLANs are configured in user role VLAN policy view.

Views

User role VLAN policy view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, vlan-id2 must be greater than vlan-id1.

Usage guidelines

To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the following tasks on the VLANs in the permitted VLAN list:

·     Create, remove, or configure the VLANs.

·     Enter the VLAN views.

·     Specify the VLANs in feature commands.

You can repeat the permit vlan command to add permitted VLANs to a user role VLAN policy.

The undo permit vlan command removes the entire list of permitted VLANs if you do not specify any VLANs.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access VLANs 2, 4, and 50 to 100.

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100

[Sysname-role-role1-vlanpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any VLAN except VLANs 2, 4, and 50 to 100:

# Verify that you can create VLAN 100 and enter the VLAN view.

[Sysname] vlan 100

[Sysname-vlan100] quit

# Verify that you can add port FortyGigE 1/0/1 to VLAN 100 as an access port.

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port access vlan 100

[Sysname-FortyGigE1/0/1] quit

# Verify that you cannot create VLAN 101 or enter the VLAN view.

[Sysname] vlan 101

Permission denied.

Related commands

·     display role

·     role

·     vlan policy deny

permit vpn-instance

Use permit vpn-instance to configure a list of VPNs accessible to a user role.

Use undo permit vpn-instance to disable the access of a user role to specific VPNs.

Syntax

permit vpn-instance vpn-instance-name&<1-10>

undo permit vpn-instance [ vpn-instance-name&<1-10> ]

Default

No permitted VPNs are configured in user role VPN instance policy.

Views

User role VPN instance policy view

Predefined user roles

network-admin

mdc-admin

Parameters

vpn-instance-name&<1-10>: Specifies a space-separated list of up to 10 MPLS L3VPN names. Each name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

To permit a user role to access an MPLS L3VPN after you configure the vpn-instance policy deny command, you must add the VPN to the permitted VPN list of the policy. With the user role, you can perform the following tasks on the VPNs in the permitted VPN list:

·     Create, remove, or configure the VPNs.

·     Enter the VPN instance views.

·     Specify the VPNs in feature commands.

You can repeat the permit vpn-instance command to add permitted MPLS L3VPNs to a user role VPN instance policy.

The undo permit vpn-instance command removes the entire list of permitted VPNs if you do not specify any VPNs.

Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in system view and in the child views of system view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; *

# Permit the user role to access VPN vpn1.

[Sysname-role-role1] vpn policy deny

[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1

[Sysname-role-role1-vpnpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any VPN except vpn1:

# Verify that you can enter the view of vpn1.

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] quit

# Verify that you can assign the primary accounting server at 10.110.1.2 to the VPN in the RADIUS scheme radius1.

[Sysname] radius scheme radius1

[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1

[Sysname-radius-radius1] quit

# Verify that you cannot create the VPN vpn2 or enter its view.

[Sysname] ip vpn-instance vpn2

Permission denied.

Related commands

·     display role

·     role

·     vpn-instance policy deny

role

Use role to create a user role and enter user role view. If the user role has been created, you directly enter the user role view.

Use undo role to delete a user role.

Syntax

role name role-name

undo role name role-name

Default

The system has the following predefined user roles: network-admin, network-operator, mdc-admin, mdc-operator, and level-n (where n represents an integer in the range of 0 to 15).

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can create a maximum of 64 user roles in addition to the predefined user roles.

To change the permissions assigned to a user role, you must first enter the user role view.

You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, mdc-admin, mdc-operator, or level-15.

Level-0 to level-14 users can modify their own permissions for any commands except for the display history-command all command.

Examples

# Create the user role role1 and enter the user role view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1]

Related commands

·     display role

·     interface policy deny

·     rule

·     vlan policy deny

·     vpn-instance policy deny

role default-role enable

Use role default-role enable to enable the default user role feature for remote AAA users.

Use undo role default-role enable to restore the default.

Syntax

role default-role enable [ role-name ]

undo role default-role enable

Default

The default user role feature is disabled. AAA users who do not have a user role cannot log in to the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role by its name for the default user role. The user role must already exist. The argument is a case-sensitive string of 1 to 63 characters. If you do not specify a user role, the following default user role settings apply:

·     For login to the default MDC, the default user role is network-operator.

·     For login to a non-default MDC, the default user role is mdc-operator.

Usage guidelines

The default user role feature assigns the default user role to AAA-authenticated users if the authentication server does not assign any user roles to the users. These users are allowed to access the system with the default user role.

If AAA users have been assigned user roles, they log in with the user roles.

Examples

# Enable the default user role feature.

<Sysname> system-view

[Sysname] role default-role enable

Related commands

role

role feature-group

Use role feature-group to create a user role feature group and enter user role feature group view.

Use undo role feature-group to delete a user role feature group.

Syntax

role feature-group name feature-group-name

undo role feature-group name feature-group-name

Default

Two user role feature groups, L2 and L3, are created.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

name feature-group-name: Specifies a feature group name. The feature-group-name argument is a case-sensitive string of 1 to 31 characters.

Usage guidelines

The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all Layer 3 feature commands. These predefined feature groups are not user configurable.

In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role feature groups.

After you create a user role feature group, you can use the display role feature command to display the features available in the system. Then you can use the feature command to add features to the feature group.

Examples

# Create the feature group security-features.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features]

Related commands

·     display role feature-group

·     display role feature

·     feature

rule

Use rule to create or change a user role rule for controlling command, XML element, or MIB node access.

Use undo rule to delete a user role rule.

Syntax

rule number { deny | permit } { command command-string | { execute | read | write } * { feature [ feature-name ] | feature-group feature-group-name | oid oid-string | xml-element [ xml-string ] } }

undo rule { number | all }

Default

A user-defined user role does not have any rules and cannot use any command, XML element, or MIB node.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies a rule number in the range of 1 to 256.

deny: Denies access to any specified command, XML element, or MIB node.

permit: Permits access to any specified command, XML element, or MIB node.

command command-string: Specifies a command string. The command-string argument is a case-sensitive string of 1 to 128 characters, including the following characters:

·     The wildcard asterisk (*).

·     The delimiters space and tab.

·     All printable characters.

execute: Specifies the execute commands, XML elements, or MIB nodes. An execute command (for example, ping) , XML element, or MIB node executes a specific function or program.

read: Specifies the read commands, XML elements, or MIB nodes. A read command (for example, display, dir, more, or pwd), XML element, or MIB node displays configuration or maintenance information.

write: Specifies the write commands, XML elements, or MIB nodes. A write command (for example, ssh server enable), XML element, or MIB node configures the system.

feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature name. If you do not specify a feature name, you specify all the features in the system. When you specify a feature, you must enter the feature name as the name is displayed by display role feature, including the case.

feature-group feature-group-name: Specifies a user-defined or predefined feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If the feature group has not been created, the rule takes effect after the group is created. To display the feature groups that have been created, use the display role feature-group command.

oid oid-string: Specifies an OID of a MIB node. The oid-string argument represents the OID, a case-insensitive string of 1 to 512 characters. The OID is a dotted numeric string that uniquely identifies the path from the root node to this node. For example, 1.3.6.1.4.1.25506.8.35.14.19.1.1.

xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the XPath of the XML element, a case-insensitive string of 1 to 512 characters. Use the forward slash (/) to separate Xpath items, for example, Interfaces/Index/Name. If you do not specify an XML element, the rule applies to all XML elements.

all: Deletes all the user role rules.

Usage guidelines

You can define the following types of rules for different access control granularities:

·     Command rule—Controls access to a command or a set of commands that match a regular expression.

·     Feature rule—Controls access to the commands of a feature by command type.

·     Feature group ruleControls access to the commands of a group of features by command type.

·     XML element rule—Controls access to XML elements by element type.

·     OID rule—Controls access to the specified MIB node and its child nodes by node type.

A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules. User role rules include predefined (identified by sys-n) and user-defined rules.

The following guidelines apply to non-OID rules:

·     If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For example, a user role can use the tracert command but not the ping command if the user role contains rules configured by using the following commands:

¡     rule 1 permit command ping

¡     rule 2 permit command tracert

¡     rule 3 deny command ping

·     If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule takes effect.

The following guidelines apply to OID rules:

·     The system compares an OID with the OIDs specified in rules, and it uses the longest match principle to select a rule for the OID. For example, a user role cannot access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

¡     rule 1 permit read write oid 1.3.6

¡     rule 2 deny read write oid 1.3.6.1.4.1

¡     rule 3 permit read write oid 1.3.6.1.4

·     If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

¡     rule 1 permit read write oid 1.3.6

¡     rule 2 deny read write oid 1.3.6.1.4.1

¡     rule 3 permit read write oid 1.3.6.1.4.1

You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024.

Any rule modification, addition, or removal for a user role takes effect only on the users who log in with the user role after the change.

Access to the file system commands is controlled by both the file system command rules and the file system feature rule.

A command with output redirection to the file system is permitted only when the command type write is assigned to the file system feature.

When you specify a command string, follow the guidelines in Table 9.

Table 9 Command string configuration rules

Rule

Guidelines

Semicolon (;) is the delimiter.

Use a semicolon to separate the command of each view that you must enter before you access a command or a set of commands. However, do not use a semicolon to separate commands available in user view or any view, for example, display and dir.

Each semicolon-separated segment must have a minimum of one printable character.

To specify the commands in a view but not the commands in the view's subviews, use a semicolon as the last printable character in the last segment. To specify the commands in a view and the view's subviews, the last printable character in the last segment must not be a semicolon.

For example, you must enter system view before you enter interface view. To specify all commands starting with ip in any interface view, you must use the "system ; interface * ; ip * ;" command string.

For another example, the "system ; radius scheme * ;" command string represents all the commands that start with radius scheme in system view. The "system ; radius scheme *" command string represents all the commands that start with radius scheme in system view and all the commands in RADIUS scheme view.

Asterisk (*) is the wildcard.

An asterisk represents zero or multiple characters.

In a non-last segment, you can use an asterisk only at the end of the segment.

In the last segment, you can use an asterisk in any position of the segment. If the asterisk appears at the beginning, you cannot specify any printable characters behind the asterisk.

For example, the "system ; *" command string represents all commands available in system view and all subviews of the system view. The "debugging * event" command string represents all event debugging commands available in user view.

Keyword abbreviation is allowed.

You can specify a keyword by entering the first few characters of the keyword. Any command that starts with this character string matches the rule.

For example, "rule 1 deny command dis arp source *" denies access to the commands display arp source-mac interface and display arp source-suppression.

To control the access to a command, you must specify the command immediately after the view that has the command.

To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command.

For example, the "rule 1 deny command system ; interface * ; *" command string disables access to any command that is assigned to interface view. However, you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl *;".

Do not include the vertical bar (|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule.

The system does not treat the redirect signs and the parameters that follow the signs as part of command lines. However, in user role command rules, these redirect signs and parameters are handled as part of command lines. As a result, no rule that includes any of these signs can find a match.

For example, "rule 1 permit command display debugging > log" can never find a match. This is because the system has a display debugging command but not a display debugging > log command.

 

Examples

# Permit the user role role1 to execute the display acl command.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command display acl

# Permit the user role role1 to execute all commands that start with display.

[Sysname-role-role1] rule 2 permit command display *

# Permit the user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view.

[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa

# Deny the access of role1 to any read or write command of any feature.

[Sysname-role-role1] rule 4 deny read write feature

# Deny the access of role1 to any read command of the feature aaa.

[Sysname-role-role1] rule 5 deny read feature aaa

# Permit role1 to access all read, write, and execute commands of the feature group security-features.

[Sysname-role-role1] rule 6 permit read write execute feature-group security-features

# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.

[Sysname-role-role1] rule 7 permit read write oid 1.1.2

Related commands

·     display role

·     display role feature

·     display role feature-group

·     role

super

Use super to obtain another user role without reconnecting to the device.

Syntax

super [ rolename ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

rolename: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system. If you do not specify a user role, you obtain the default target user role.

Usage guidelines

The obtained user role is a temporary user role, because this command is effective only on the current login. The next time you are logged in with the user account, the original user role settings take effect.

To enable users to obtain another user roles without reconnecting to the device, you must configure user role authentication.

·     If no local password is configured in the local password authentication (local), an AUX user can obtain the user role by either entering a string or not entering anything.

·     If no local password is configured in the local-then-remote authentication (local scheme):

¡     A VTY user performs remote authentication.

¡     An AUX user can obtain user role authorization by either entering a string or not entering anything.

Examples

# Obtain the user role network-operator.

<Sysname> super network-operator

Password:

User privilege role is network-operator, and only those commands can be used that authorized to the role.

Related commands

·     authentication super (Security Command Reference)

·     super authentication-mode

·     super password

super authentication-mode

Use super authentication-mode to set an authentication mode for temporary user role authorization.

Use undo super authentication-mode to restore the default.

Syntax

super authentication-mode { local | scheme } *

undo super authentication-mode

Default

Local password authentication applies.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

local: Enables local password authentication.

scheme: Enables remote AAA authentication.

Usage guidelines

For local password authentication, use the super password command to set a password.

For remote AAA authentication, set the username and password on the RADIUS or HWTACACS server.

If you specify both local and scheme keywords, the keyword first entered in the command takes precedence, as follows:

·     scheme local—Enables remote-then-local authentication mode. The device first performs AAA authentication for temporary user role authorization. If the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the device is invalid, local password authentication is performed.

·     local scheme—Enables local-then-remote authentication mode. The device first performs local password authentication. If no password is configured for the user role, the device performs remote authentication.

For more information about AAA, see Security Configuration Guide.

Examples

# Enable local-only authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode local

# Enable remote-then-local authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode scheme local

Related commands

·     authentication super (Security Command Reference)

·     super password

super default role

Use super default role to specify the default target user role for temporary user role authorization.

Use undo super default role to restore the default.

Syntax

super default role rolename

undo super default role

Default

If you log in to the default MDC, the default target user role is network-admin.

If you log in to a non-default MDC, the default target user role is mdc-admin.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

rolename: Specifies the name of the default target user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system.

Usage guidelines

The default target user role is applied to the super or super password command when you do not specify a user role for the command.

Examples

# Specify the default target user role as network-operator for temporary user role authorization.

<Sysname> system-view

[Sysname] super default role network-operator

Related commands

·     super

·     super password

super password

Use super password to set a password for a user role.

Use undo super password to restore the default.

Syntax

In non-FIPS mode:

super password [ role rolename ] [ { hash | simple } password ]

undo super password [ role rolename ]

In FIPS mode:

super password [ role rolename ]

undo super password [ role rolename ]

Default

No password is set for a user role.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

role rolename: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system. If you do not specify a user role, this command sets a password for the default target user role.

hash: Sets a hashed password.

simple: Sets a plaintext password. This password will be saved in hashed text for security purpose.

password: Specifies the password string. This argument is case sensitive.

·     In non-FIPS mode:

¡     If simple is specified, the password must be a string of 1 to 63 characters.

¡     If hash is specified, the password must be a string of 1 to 110 characters.

·     In FIPS mode, the password must be a string of 15 to 63 characters. The string must contain four character types including digits, uppercase letters, lowercase letters, and special characters.

Usage guidelines

If you do not specify any parameters, you specify a plaintext password in the interactive mode.

The FIPS mode supports only the interactive mode for setting a password.

Set a password if you configure local password authentication for temporary user role authorization.

It is a good practice to specify different passwords for different user roles.

Examples

# Set the password to 123456TESTplat&! for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator simple 123456TESTplat&!

# Set the password to 123456TESTplat&! in the interactive mode for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator

Password:

Confirm :

Related commands

·     super authentication-mode

·     super default role

vlan policy deny

Use vlan policy deny to enter the user role VLAN policy view.

Use undo vlan policy deny to restore the default user role VLAN policy.

Syntax

vlan policy deny

undo vlan policy deny

Default

A user role has access to any VLAN.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:

1.     Use vlan policy deny to enter user role VLAN policy view.

2.     Use permit vlan to specify accessible VLANs.

 

 

NOTE:

The vlan policy deny command denies the access of the user role to all VLANs if the permit vlan command is not configured.

 

To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can perform the following tasks on an accessible VLAN:

·     Create, remove, or configure the VLAN.

·     Enter the VLAN view.

·     Specify the VLAN in feature commands.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] quit

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN except VLANs 50 to 100.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100

Related commands

·     display role

·     permit vlan

·     role

vpn-instance policy deny

Use vpn-instance policy deny to enter user role VPN instance policy view.

Use undo vpn-instance policy deny to restore the default user role VPN instance policy.

Syntax

vpn-instance policy deny

undo vpn-instance policy deny

Default

A user role has access to any VPN.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the VPN access of a user role to a set of VPNs, perform the following tasks:

1.     Use vpn-instance policy deny to enter user role VPN instance policy view.

2.     Use permit vpn-instance to specify accessible VPNs.

 

 

NOTE:

The vpn-instance policy deny command denies the access of the user role to all VPNs if the permit vpn-instance command is not configured.

 

To configure a VPN, make sure the VPN is permitted by the user role VPN instance policy in use. You can perform the following tasks on an accessible VPN:

·     Create, remove, or configure the VPN.

·     Enter the VPN instance view.

·     Specify the VPN in feature commands.

Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role VPN instance policy view of role1, and deny the access of role1 to any VPN.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vpn-instance policy deny

[Sysname-role-role1-vpnpolicy] quit

# Enter user role VPN instance policy view of role1, and deny the access of role1 to any VPN except vpn2.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vpn-instance policy deny

[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2

Related commands

·     display role

·     permit vpn-instance

·     role


FTP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

FTP is not supported in FIPS mode.

FTP server commands

display ftp-server

Use display ftp-server to display FTP server configuration and status information.

Syntax

display ftp-server

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display FTP server configuration and status information.

<Sysname> display ftp-server

FTP server is running.

User count:                        1

Idle-timeout timer (in minutes):  30

Table 10 Command output

Field

Description

User count

Number of the current logged-in users.

Idle-timeout timer (in minutes)

If no packet is exchanged between the FTP server and client during this period, the FTP connection is closed.

 

Related commands

·     ftp server enable

·     ftp timeout

display ftp-user

Use display ftp-user to display detailed information about logged-in FTP users.

Syntax

display ftp-user

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display detailed information about logged-in FTP users.

<Sysname> display ftp-user

UserName     HostIP             Port     HomeDir

root         192.168.20.184     46539    flash:

If a username exceeds 10 characters, a host IP address exceeds 15 bits, or a directory name exceeds 37 bits, the exceeded part is displayed in the next line and right justified, as shown below.

<Sysname> display ftp-user

UserName     HostIP             Port     HomeDir

user2        2000:2000:2000:    1499     flash:/user2

             2000:2000:2000:

                  2000:2000

administra   100.100.100.100    10001    flash:/123456789/123456789/123456789/

       tor                               123456789/123456789/123456789/1234567

                                                                  89/123456789

Table 11 Command output

Field

Description

UserName

Name of the user.

HostIP

IP address of the user.

Port

Port number of the user.

HomeDir

Authorized directory for the user.

 

free ftp user

Use free ftp user to manually release the FTP connections established by using a specific user account.

Syntax

free ftp user username

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies a username. You can use the display ftp-user command to display FTP user information.

Examples

# Release the FTP connections established by using the user account ftpuser.

<Sysname> free ftp user ftpuser

Are you sure to free FTP connection? [Y/N]:y

<Sysname>

free ftp user-ip

Use free ftp user-ip to manually release the FTP connections established from a specific IPv4 address.

Syntax

free ftp user-ip ipv4-address [ port port ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies the source IP address of an FTP connection. You can use the display ftp-user command to view the source IP addresses of FTP connections.

port port: Specifies the source port of an FTP connection. You can use the display ftp-user command to view the source ports of FTP connections.

Examples

# Release the FTP connections established from IP address 192.168.20.184.

<Sysname> free ftp user-ip 192.168.20.184

Are you sure to free FTP connection? [Y/N]:y

<Sysname>

ftp server acl

Use ftp server acl to use an ACL to control FTP clients' access to the FTP server.

Use undo ftp server acl to restore the default.

Syntax

ftp server acl { acl-number }

undo ftp server acl

Default

No ACL is used to control FTP clients' access to the FTP server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an IPv4 ACL number in the range of 2000 to 3999.

Usage guidelines

You can use this command to permit only FTP requests from specific FTP clients. This configuration takes effect only for FTP connections to be established. It does not impact existing FTP connections. If you execute the command multiple times, the most recently specified ACL takes effect.

Examples

# Use ACL 2001 to allow only client 1.1.1.1 to access the FTP server.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule 0 permit source 1.1.1.1 0

[Sysname-acl-basic-2001] rule 1 deny source any

[Sysname-acl-basic-2001] quit

[Sysname] ftp server acl 2001

ftp server dscp

Use ftp server dscp to set the DSCP value for IPv4 to use for outgoing FTP packets on an FTP server.

Use undo ftp server dscp to restore the default.

Syntax

ftp server dscp dscp-value

undo ftp server dscp

Default

IPv4 uses the DSCP value 0 for outgoing FTP packets on an FTP server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the ToS field of an IP packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server.

<Sysname> system-view

[Sysname] ftp server dscp 30

ftp server enable

Use ftp server enable to enable the FTP server.

Use undo ftp server enable to disable the FTP server.

Syntax

ftp server enable

undo ftp server enable

Default

The FTP server is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the FTP server.

<Sysname> system-view

[Sysname] ftp server enable

ftp timeout

Use ftp timeout to set the FTP connection idle-timeout timer.

Use undo ftp timeout to restore the default.

Syntax

ftp timeout minute

undo ftp timeout

Default

The FTP connection idle-timeout timer is 30 minutes.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

minute: Specifies an idle-timeout interval in the range of 1 to 35791 minutes.

Usage guidelines

If no data transfer occurs on an FTP connection within the idle-timeout interval, the FTP server closes the FTP connection to release resources.

Examples

# Set the FTP connection idle-timeout timer to 36 minutes.

<Sysname> system-view

[Sysname] ftp timeout 36

FTP client commands

Before executing FTP client configuration commands, make sure you have configured authorization settings for users on the FTP server. Authorized operations include viewing the files in the working directory, reading/downloading/uploading/renaming/removing files, and creating directories.

The FTP client commands in this section are supported by the device, but whether they can be executed successfully depends on the FTP server.

The output in the examples of this section varies with FTP server types.

append

Use append to add the content of a file on the FTP client to a file on the FTP server.

Syntax

append localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

localfile: Specifies a local file on the FTP client.

remotefile: Specifies a remote file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Append the content of the local a.txt file to the b.txt file on the FTP server.

ftp> append a.txt b.txt                                                        

227 Entering Passive Mode (10,153,116,114,10,184)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to

 receive in IMAGE / Binary mode                                                 

226 Transfer finished successfully.                                            

4987 bytes sent in 0.00104 seconds (4.56 Mbyte/s)                              

ascii

Use ascii to set the file transfer mode to ASCII.

Syntax

ascii

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The carriage return characters vary with operating systems. For example, H3C and Windows use /r/n, and Linux uses /n. To transfer files between two systems that use different carriage return characters, select the FTP transfer mode according to the file type.

FTP transfers files in either of the following modes:

·     Binary modeTransfers image files or pictures. This mode is also called "flow mode."

·     ASCII modeTransfers text files.

Examples

# Set the file transfer mode to ASCII.

ftp> ascii

200 TYPE is now ASCII

Related commands

binary

binary

Use binary to set the file transfer mode to binary, which is also called the "flow mode."

Syntax

binary

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The carriage return characters vary with operating systems. For example, H3C and Windows use /r/n, and Linux uses /n. To transfer files between two systems that use different carriage return characters, determine FTP transfer mode according to the file type.

FTP transfers files in the following modes:

·     Binary modeTransfers program file or pictures. This mode is also called "flow mode."

·     ASCII modeTransfers text files.

Examples

# Set the file transfer mode to binary.

ftp> binary

200 TYPE is now 8-bit binary

Related commands

ascii

bye

Use bye to terminate the connection to the FTP server and return to user view.

If no connection is established between the device and the FTP server, use this command to return to user view.

Syntax

bye

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Terminate the connection to the FTP server and return to user view.

ftp> bye

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname>

Related commands

quit

cd

Use cd to change the current working directory to another directory on the FTP server.

Syntax

cd { directory | .. | / }

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the target directory in the [drive:][/]path format, where drive represents the storage medium name, typically flash or cf. If the target directory does not exist, the cd command does not change the current working directory. If no drive information is provided, the argument represents a folder or subfolder in the current directory. For more information about the drive and path arguments, see Fundamentals Configuration Guide.

..: Returns to the upper directory. Executing the cd .. command is the same as executing the cdup command. If the current working directory is the FTP root directory, the cd .. command does not change the current working directory.

/: Returns to the FTP root directory.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The directory that can be accessed must be authorized by the FTP server.

Examples

# Change the working directory to the subdirectory logfile of the current directory.

ftp> cd logfile

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\logfile " is current directory

# Change the working directory to the subdirectory diagfile in the FTP root directory.

ftp> cd /diagfile

250 "C:\diagfile " is current directory

# Change the working directory to the upper directory of the current directory.

ftp> cd ..

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X" is current directory

# Change the working directory to the FTP root directory.

ftp> cd /

250 "C:\" is current directory

Related commands

·     cdup

·     pwd

cdup

Use cdup to enter the upper directory of the FTP server.

This command does not change the working directory if the current directory is the FTP root directory.

Syntax

cdup

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Change the working directory to the upper directory.

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X" is current directory

ftp> cdup

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk" is current directory

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk" is current directory

Related commands

·     cd

·     pwd

close

Use close to terminate the connection to the FTP server without exiting FTP client view.

Syntax

close

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> close

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye.

ftp>

Related commands

disconnect

debug

Use debug to enable or disable FTP client debugging.

Syntax

debug

Default

FTP client debugging is disabled.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When FTP client debugging is enabled, executing this command disables FTP client debugging.

When FTP client debugging is disabled, executing this command enables FTP client debugging.

Examples

# Enable and then disable FTP client debugging.

ftp> debug

Debugging on (debug=1).

ftp> debug

Debugging off (debug=0).

delete

Use delete to permanently delete a file on the FTP server.

Syntax

delete remotefile

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of a file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Examples

# Delete file b.txt.

ftp> delete b.txt

250 File deleted from remote host.

dir

Use dir to display detailed information about the files and subdirectories in the current directory on the FTP server.

Use dir remotefile to display detailed information about a specific file or directory on the FTP server.

Use dir remotefile localfile to save detailed information about a specific file or directory on the FTP server to a local file.

Syntax

dir [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of a file or directory on the FTP server.

localfile: Specifies the name of the local file used for saving the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the dir command is the same as executing the ls command.

Examples

# Display detailed information about the files and subdirectories in the current directory on the FTP server.

ftp> dir

227 Entering Passive Mode (10,153,116,114,11,9)

150 File Listing Follows in ASCII mode

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:15 .

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:15 ..

-rwxrwxrwx   1 noone    nogroup     6324 Apr  8 14:48 1.txt

-rwxrwxrwx   1 noone    nogroup 97401856 Feb 27 12:28 125X.ipe

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Compatiable

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Incompatiable

drwxrwxrwx   1 noone    nogroup        0 Apr  1 15:34 aa

226 Transfer finished successfully.

# Save detailed information about file a.txt to s.txt.

ftp> dir a.txt s.txt

output to local-file: s.txt ? [Y/N]y

227 Entering Passive Mode (10,153,116,114,11,34)

150 File Listing Follows in ASCII mode

226 Transfer finished successfully.

# Display the content of file s.txt.

ftp> bye

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname> more s.txt

-rwxr-xr-x    1 0          0                1481 Jul  7 12:34 a.txt

Related commands

ls

disconnect

Use disconnect to terminate the connection to the FTP server without exiting FTP client view.

Syntax

disconnect

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> disconnect

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

ftp>

Related commands

close

display ftp client source

Use display ftp client source to display the source address settings on the FTP client.

Syntax

display ftp client source

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the source address settings on the FTP client.

<Sysname> display ftp client source

The source IP address of the FTP client is 1.1.1.1.

ftp

Use ftp to log in to an FTP server and enter FTP client view.

Syntax

ftp [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] ] *

Views

User view

Parameters

ftp-server: Specifies the IPv4 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address used to establish the FTP connection.

·     interface interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of this interface will be used as the source address for outgoing FTP packets. If no primary IPv4 address is configured on the source interface, the connection cannot be established.

·     ip source-ip-address: Specifies an IPv4 address. This address must have been configured on the device.

Usage guidelines

This command is only applicable to IPv4 networks.

If no parameters are specified, this command enters the FTP client view without logging in to the FTP server.

If the server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.

Examples

# Log in to the FTP server 10.153.86.57, and specify the source IPv4 address for outgoing FTP packets as 10.153.116.114.

<Sysname>ftp 10.153.116.114 source ip 10.153.86.57                                 

Press CTRL+C to abort.                                                          

Connected to 10.153.116.114 (10.153.116.114).                                  

220-                                                                           

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user          

User (10.153.116.114:(none)): cs                                               

331 Give me your password, please                                              

Password:                                                                      

230 Logged in successfully                                                     

Remote system type is MSDOS.                                                   

200 Type is Image (Binary)                                                     

ftp>

ftp client source

Use ftp client source to specify the source IPv4 address for outgoing FTP packets.

Use undo ftp client source to restore the default.

Syntax

ftp client source { interface interface-type interface-number | ip source-ip-address }

undo ftp client source

Default

No source IPv4 address is configured for outgoing FTP packets. The device uses the primary IPv4 address of the output interface for the route to the server as the source IP address.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies the source interface for establishing FTP connections. The primary IPv4 address of the source interface is used as the source IP address of packets sent to a FTP server. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

ip source-ip-address: Specifies the source IP address for outgoing FTP packets. It must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the ftp command takes precedence over the source address specified with the ftp client source command.

The source address specified with the ftp client source command applies to all FTP connections. The source address specified with the ftp command applies only to the current FTP connection.

Examples

# Specify the source IPv4 address for outgoing FTP packets as 192.168.20.222.

<Sysname> system-view

[Sysname] ftp client source ip 192.168.20.222

Related commands

ftp

get

Use get to download a file from the FTP server and save the file.

Syntax

get remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of the file to be downloaded.

localfile: Specifies a name for the downloaded file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To save the downloaded file to the working directory accessed by the ftp command, the localfile argument must specify a file name such as a.cfg. If you do not provide the localfile argument, the downloaded file uses its original name.

To save the downloaded file to some other directory, the localfile argument must specify the target directory plus the file name such as flash:/subdirectory/a.cfg. Otherwise, the command fails to take effect.

Examples

# Download file a.txt and save it as b.txt in the working directory accessed by the ftp command.

ftp> get a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,126)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (1 bytes) in IMAGE / Binary mode                                              

226 Transfer finished successfully.                                            

1 bytes received in 0.00325 seconds (308 byte/s)

# Download file a.txt to the folder test from the working directory accessed by the ftp command.

ftp> get a.txt flash:/test/b.txt

227 Entering Passive Mode (10,153,116,114,11,151)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (6324 bytes) in IMAGE / Binary mode                                           

226 Transfer finished successfully.                                            

6324 bytes received in 0.0237 seconds (260.6 kbyte/s)

# In IRF mode, download file a.txt to the Flash root directory of the MPU that resides in slot 17 of member device 1. Save the file as c.txt.

ftp> get a.txt chassis1#slot17#flash:/c.txt

227 Entering Passive Mode (10,153,116,114,11,151)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (6324 bytes) in IMAGE / Binary mode                                           

226 Transfer finished successfully.                                            

6324 bytes received in 0.0237 seconds (260.6 kbyte/s)

Related commands

put

help

Use help to display all commands supported by an FTP client.

Use help command-name to display the help information of a specific command.

Syntax

help [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, executing the help command is the same as entering?.

Examples

# Display all commands supported by the FTP client.

ftp> help

Commands may be abbreviated.  Commands are:

 

append           delete          ls              quit            rmdir         

ascii            debug           mkdir           reget           status        

binary           dir             newer           rstatus         system        

bye              disconnect      open            rhelp           user          

cd               get             passive         rename          verbose       

cdup             help            put             reset           ?             

close            lcd             pwd             restart

# Display the help information for the dir command.

ftp> help dir

dir              list contents of remote directory

Related commands

?

lcd

Use lcd to display the local working directory of the FTP client.

Use lcd directory to change the local working directory of the FTP client to the specified directory.

Use lcd / to change the local working directory of the FTP client to the local root directory.

Syntax

lcd [ directory | / ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies a local directory of the FTP client. There must be a slash sign (/) before the name of the storage medium, for example, /flash:/logfile.

/: Specifies the root directory of the FTP client.

Examples

# Display the local working directory.

ftp> lcd

Local directory now /flash:

# Change the local working directory to flash:/logfile.

ftp> lcd /flash:/logfile

Local directory now /flash:/logfile

ls

Use ls to display detailed information about the files and subdirectories under the current directory on the FTP server.

Use ls remotefile to display detailed information about a specific file or directory on the FTP server.

Use ls remotefile localfile to save detailed information about a specific file or directory on the FTP server to a local file.

Syntax

ls [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the file name or directory on the FTP server.

localfile: Specifies the local file used to save the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the ls command is the same as executing the dir command.

Examples

# Display detailed information about the files and subdirectories under the current directory on the FTP server.

ftp> ls

227 Entering Passive Mode (10,153,116,114,11,181)

150 File Listing Follows in ASCII mode

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:19 .

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:19 ..

-rwxrwxrwx   1 noone    nogroup     6324 Apr  8 14:48 1.txt

-rwxrwxrwx   1 noone    nogroup 97401856 Feb 27 12:28 10500.ipe

-rwxrwxrwx   1 noone    nogroup        1 Apr  8 15:20 3.txt

-rwxrwxrwx   1 noone    nogroup        1 Apr  8 15:20 4.txt

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Compatiable

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Incompatiable

drwxrwxrwx   1 noone    nogroup        0 Apr  1 15:34 aa

226 Transfer finished successfully

Related commands

dir

mkdir

Use mkdir to create a subdirectory in the current directory on the FTP server.

Syntax

mkdir directory

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the directory to be created.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

You must have permission to perform this operation on the FTP server.

Examples

# Create subdirectory newdir in the current directory of the remote FTP server.

ftp> mkdir newdir

257 "newdir" directory created

newer

Use newer to update a local file by using a remote file on the FTP server.

Syntax

newer remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of the remote file on the FTP server.

localfile: Specifies the name of the local file to be updated.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If the local file does not exist, this command downloads the file from the FTP server and saves it locally.

If the remote file on the FTP server is not newer than the local file, this command does not update the local file.

Examples

# Update the local file with the file a.txt on the FTP server.

ftp> newer a.txt

227 Entering Passive Mode (10,153,116,114,11,190)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (1 bytes) in IMAGE / Binary mode

226 Transfer finished successfully.

1 bytes received in 0.00268 seconds (374 byte/s)

open

Use open to log in to the FTP server in FTP client view.

Syntax

open server-address [ service-port ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

server-address: Specifies the IP address or host name of the FTP server.

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

Usage guidelines

After you issue this command, the system will prompt you to enter the username and password.

After you log in to one FTP server, you must disconnect from the server before you can use the open command to log in to another server.

Examples

# In FTP client view, log in to the FTP server 192.168.40.7.

<Sysname>ftp

ftp: No control connection for command.

ftp> open 10.153.116.114

Press CTRL+C to abort.

Connected to 10.153.116.114 (10.153.116.114).

220-

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User (10.153.116.114:(none)): cs

331 Give me your password, please

Password:

230 Logged in successfully

Remote system type is MSDOS.

ftp>

passive

Use passive to set the FTP operation mode to passive.

Syntax

passive

Default

The FTP operation mode is passive.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

FTP can operate in either of the following modes:

·     Active mode—The FTP server initiates the TCP connection.

·     Passive mode—The FTP client initiates the TCP connection.

You can use this command multiple times to change between active and passive modes.

This command is mainly used together with a firewall to control FTP session establishment between private network users and public network users.

Examples

# Set the FTP operation mode to passive.

ftp> passive

Passive mode on.

ftp> passive

Passive mode off.

put

Use put to upload a file on the client to the remote FTP server.

Syntax

put localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

localfile: Specifies the name of the local file to be uploaded.

remotefile: Specifies the file name for saving the uploaded file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To upload a file in the working directory accessed by the ftp command, the localfile argument must specify a file name such as a.cfg.

To upload a file in some other directory, the localfile argument must specify the target directory plus the file name such as flash:/subdirectory/a.cfg. Otherwise, the command fails to take effect.

Examples

# Upload the file a.txt in the working directory accessed by the ftp command and save the file as b.txt on the FTP server.

ftp> put a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,196)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

 in ASCII mode

226 Transfer finished successfully.

45925 bytes sent in 0.00714 seconds (6.13 Mbyte/s)

# Upload the file a.txt in the folder test from the working directory accessed by the ftp command. Save the file as b.txt on the FTP server.

ftp> put flash:/test/a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,201)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

in ASCII mode

226 Transfer finished successfully.

1 bytes sent in 0.000522 seconds (1.9 kbyte/s)

# In IRF mode, upload the file a.txt in the Flash root directory of the MPU that resides in slot 17 of member device 1. Save the file as b.txt on the FTP server.

ftp> put chassis1#slot17#flash:/test/a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,201)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

in ASCII mode

226 Transfer finished successfully.

1 bytes sent in 0.000522 seconds (1.9 kbyte/s)

Related commands

get

pwd

Use pwd to display the currently accessed directory on the FTP server.

Syntax

pwd

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the currently accessed directory on the remote FTP server.

ftp> cd subdir

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\subdir" is current directory

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\subdir" is current directory

quit

Use quit to terminate the connection to the FTP server and return to user view.

Syntax

quit

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Terminate the connection to the FTP server and return to user view

ftp> quit

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname>

Related commands

bye

reget

Use reget to get the missing part of a file from the FTP server.

Syntax

reget remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

remotefile: Specifies the name of the file on the FTP server.

localfile: Specifies the name of the local file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If a file download is not completed due to network problems or insufficient storage space, you can use the reget command to get the missing part of the file from the FTP server after you solve the problem.

Examples

# Get the part of the s.bin file that is missing due to transmission interruption.

ftp> reget s.bin

local: s.bin remote: s.bin

350 Restarting at 1749706

150-Connecting to port 47429

150 38143.3 kbytes to download

226 File successfully transferred

39058742 bytes received in 66.2 seconds (576.1 kbyte/s)

rename

Use rename to rename a file.

Syntax

rename [ oldfilename [ newfilename ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

oldfilename: Specifies the original file name.

newfilename: Specifies the new file name.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Rename the file a.txt as b.txt:

·     Method 1

ftp> rename

(from-name) a.txt

(to-name) b.txt

350 Enter the name to rename it to...

250 File renamed successfully

·     Method 2

ftp> rename a.txt

(to-name) b.txt

350 Enter the name to rename it to...

250 File renamed successfully

·     Method 3

ftp> rename a.txt b.txt

350 Enter the name to rename it to...

250 File renamed successfully

reset

Use reset to clear the reply information received from the FTP server in the buffer.

Syntax

reset

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear the reply information received from the FTP server.

ftp> reset

restart

Use restart to specify the marker to retransmit a file.

Syntax

restart marker

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

marker: Specifies the retransmit marker.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command varies with FTP servers.

Examples

# Retransmit the file h.c (82 bytes) from 2 bytes.

ftp> restart 2

restarting at 2. execute get, put or append to initiate transfer

ftp> put h.c h.c

local: h.c remote: h.c

350 Restart position accepted (2).

150 Ok to send data.

226 File receive OK.

80 bytes sent in 0.000445 seconds (175.6 kbyte/s)

ftp> dir

150 Here comes the directory listing.

-rw-r--r--    1 0        0              80 Jul 18 02:58 h.c

rhelp

Use rhelp to display the FTP-related commands supported by the FTP server.

Use rhelp protocol-command to display the help information of an FTP-related command supported by the FTP server.

Syntax

rhelp [ protocol-command ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

protocol-command: Specifies an FTP-related command.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the FTP-related commands supported by the FTP.

ftp> rhelp

214-The following FTP commands are recognized

 USER PASS NOOP QUIT SYST TYPE

 HELP CWD  XCWD PWD  CDUP XCUP

 XPWD LIST NLST MLSD PORT EPRT

 PASV EPSV REST RETR STOR APPE

 DELE MKD  XMKD RMD  XRMD ABOR

 SIZE RNFR RNTO

4 UNIX Type: L8

Table 12 Command output

Field

Description

USER

Username, corresponding to the xx command in FTP client view.

PASS

Password.

NOOP

Null operation.

SYST

System parameters.

TYPE

Request type.

CWD

Changes the current working directory.

XCWD

Extended command with the meaning of CWD.

PWD

Prints the working directory.

CDUP

Changes the directory to the upper directory.

XCUP

Extended command with the meaning of CDUP.

XPWD

Extended command with the meaning of PWD.

LIST

Lists files.

NLST

Lists brief file description.

MLSD

Lists file content.

PORT

Active mode.

PASV

Passive mode.

REST

Restarts.

RETR

Downloads files.

STOR

Uploads files.

APPE

Appends uploading.

DELE

Deletes files.

MKD

Creates folders.

XMKD

Extended command with the meaning of MKD.

RMD

Deletes folders.

XRMD

Extended command with the meaning of RMD.

ABOR

Aborts the transmission.

SIZE

Size of the transmission file.

RNFR

Original name.

RNTO

New name.

 

rmdir

Use rmdir to permanently delete a directory from the FTP server.

Syntax

rmdir directory

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of a directory on the remote FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Delete all files and subdirectories in a directory before you delete the directory. For more information about how to delete files, see the delete command.

Executing the rmdir command also deletes the files in the recycle bin of the specified directory.

Examples

# Delete the empty directory subdir1.

ftp>rmdir subdir1

200 Directory subdir1 removed

Related commands

delete

rstatus

Use rstatus to display FTP server status.

Use rstatus remotefile to display detailed information about a specific directory or file on the FTP server.

Syntax

rstatus [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies a directory or file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command varies with FTP servers.

Examples

# Display FTP server status.

ftp> rstatus

211-FTP server status:

     Connected to 192.168.20.177

     Logged in as root

     TYPE: ASCII

     No session bandwidth limit

     Session timeout in seconds is 300

     Control connection is plain text

     Data connections will be plain text

     At session startup, client count was 1

     vsFTPd 2.0.6 - secure, fast, stable

211 End of status

Table 13 Command output

Filed

Description

211-FTP server status:

Beginning of the display of FTP server status, where 211 specifies the FTP command.

Connected to 192.168.20.177

IP address of the FTP client.

Logged in as root

Login username root.

TYPE: ASCII

File transfer mode ASCII.

Session timeout in seconds is 300

Timeout interval is 300 seconds.

Control connection is plain text

Control connection type is plain text.

Data connections will be plain text

Data connection type is plain text.

At session startup, client count was 1

FTP connection number is 1.

vsFTPd 2.0.6 - secure, fast, stable

FTP version is 2.0.6.

211 End of status

End of the display of FTP server status.

 

# Display file a.txt.

ftp> rstatus a.txt

213-Status follows:

-rw-r--r--    1 0        0              80 Jul 18 02:58 a.txt

213 End of status

Table 14 Command output

Field

Description

213-Status follows:

Beginning of the display of the file, where 213 specifies the FTP command.

-rw-r--r--

The first bit specifies the file type:

·     -—Common.

·     B—Block.

·     c—Character.

·     d—Directory.

·     l—Symbol connection file.

·     p—Pipe.

·     s—socket.

The second bit through the tenth bit are divided into three groups. Each group contains three characters, representing the access permission of the owner, group, and other users.

·     -—No permission.

·     r—Read permission.

·     w—Write permission.

·     x—Execution permission.

1

Number of connections.

0

Name of the file owner.

0

Group number of the file owner.

80

File size, in bytes.

Jul 18 02:58

Date and time when the file was most recently modified.

a.txt

File name.

213 End of status

End of the display of the file information.

 

status

Use status to display FTP status.

Syntax

status

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Display FTP status.

ftp> status

Connected to 192.168.1.56.

No proxy connection.

Not using any security mechanism.

Mode: stream; Type: ascii; Form: non-print; Structure: file

Verbose: on; Bell: off; Prompting: on; Globbing: off

Store unique: off; Receive unique: off

Case: off; CR stripping: on

Ntrans: off

Nmap: off

Hash mark printing: off; Use of PORT cmds: on

Table 15 Command output

Field

Description

Connected to 192.168.1.56.

IP address of the FTP server that is connected to the FTP client.

Verbose: on; Bell: off; Prompting: on; Globbing: off

Displays debugging information.

Store unique: off; Receive unique: off

The name of the file on the FTP server is unique and the name of the local file is unique.

Case: off; CR stripping: on

Does not support obtaining multiple files once and deletes "\r" when downloading text files.

Ntrans: off

Does not use the input-output transmission table.

Nmap: off

The file name does not use the input-to-output mapping template.

Hash mark printing: off; Use of PORT cmds: on

Does not end with a pound sign (#) and uses "PORT" data transmission.

 

system

Use system to display the system information of the FTP server.

Syntax

system

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the system information of the FTP server.

ftp> system

5 UNIX Type: L8

user

Use user to change to another user account after login.

Syntax

user username [ password ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies the username of the target user account.

password: Specifies the password of the target user account.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The username and password of the target user account must have been configured. Otherwise, the user account change operation fails and the FTP connection is closed.

Examples

# After logging in to the FTP server, use the username ftp and password 123456 to re-log in to the FTP server (the output might vary by the FTP server):

·     Method 1

ftp> user ftp 123456

331 Password required for ftp.

230 User logged in.

·     Method 2

ftp> user ftp

331 Give me your password, please

Password:

230 Logged in successfully

verbose

Use verbose to enable or disable the device to display detailed information about FTP operations.

Syntax

verbose

Default

The device displays detailed information about FTP operations.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The verbose command takes effect only for the current FTP session. It is lost after the session is disconnected.

Examples

# Disable the device from displaying detailed information about FTP operations.

ftp> verbose

Verbose mode off.

# Execute the get command.

ftp> verbose

Verbose mode off.

ftp> get a.txt

# Enable the device to display detailed information about FTP operations.

ftp> verbose

Verbose mode on.

# Execute the get command.

ftp> get a.txt

227 Entering Passive Mode (10,153,116,114,12,17)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to

send (6324 bytes) in IMAGE / Binary mode

226 Transfer finished successfully.

6324 bytes received in 0.0104 seconds (594.7 kbyte/s)ftp> get a.cfg 2.cfg

227 Entering Passive Mode (192,168,1,58,68,14)

150-Accepted data connection

150 The computer is your friend. Trust the computer

226 File successfully transferred

3796 bytes received in 0.00762 seconds (486.5 kbyte/s)

?

Use ? to display all commands supported by an FTP client.

Use ? command-name to display the help information for a specific command.

Syntax

? [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, entering ? is the same as executing the help command.

Examples

# Display all commands supported by the FTP client.

ftp> ?

Commands may be abbreviated.  Commands are:

 

append           delete          ls              quit            rmdir         

ascii            debug           mkdir           reget           status        

binary           dir             newer           rstatus         system        

bye              disconnect      open            rhelp           user          

cd               get             passive         rename          verbose       

cdup             help            put             reset           ?             

close            lcd             pwd             restart

# Display the help information for the dir command.

ftp> ? dir

dir              list contents of remote directory

Related commands

help

 


TFTP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

TFTP is not supported in FIPS mode.

tftp

Use tftp to download a file from the TFTP server to the local device or upload a local file to the TFTP server in an IPv4 network.

Syntax

tftp tftp-server { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies the IPv4 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).

get: Downloads a file and writes the file directly to the destination folder. If the destination folder already has a file using the same name, the system deletes the existing file before starting the download operation. The existing file is permanently deleted even if the download operation fails.

put: Uploads a file.

sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file using the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.

source-filename: Specifies the source file name, a case-insensitive string of 1 to 1 to 255 characters.

destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

dscp dscp-value: Specifies the DSCP value for IPv4 to use for outgoing TFTP packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address for outgoing TFTP packets. If this keyword is not specified, the device uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address of outgoing TFTP packets.

·     interface interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of this interface will be used as the source IPv4 address for outgoing TFTP packets. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

·     ip source-ip-address: Specifies an IPv4 address. This address must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Download the new.bin file from the TFTP server at 192.168.1.1 and save it as new.bin.

<Sysname> tftp 192.168.1.1 get new.bin

Press CTRL+C to abort.

   % Total    % Received % Xferd  Average Speed   Time    Time     Time   Current

                                  Dload  Upload   Total   Spent    Left   Speed

100 13.9M  100 13.9M    0     0  1206k      0  0:00:11  0:00:11  --:--:-- 1206k

<System>

Table 16 Command output

Field

Description

%

Percentage of file transmission progress.

Total

Size of files to be transmitted, in bytes.

%

Percentage of received file size to total file size.

Received

Received file size, in bytes.

%

Percentage of sent file size to total file size.

Xferd

Sent file size, in bytes.

Average Dload

Average download speed, in bps.

Speed Upload

Average upload speed, in bps.

 

Related commands

tftp client source

tftp client source

Use tftp client source to specify the source IPv4 address for TFTP packets sent by the TFTP client.

Use undo tftp client source to restore the default.

Syntax

tftp client source { interface interface-type interface-number | ip source-ip-address }

undo tftp client source

Default

No source IPv4 address is specified for outgoing TFTP packets. The device uses the primary IPv4 address of the output interface for the route to the server as the source IP address.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies the source interface for establishing TFTP connections. The primary IPv4 address of the source interface is used as the source IPv4 address for packets sent to a TFTP server. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

ip source-ip-address: Specifies the source IPv4 address for outgoing TFTP packets. It must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Specify the source IP address of sent TFTP packets as 192.168.20.222.

<Sysname> system-view

[Sysname] tftp client source ip 192.168.20.222

Related commands

tftp

tftp-server acl

Use tftp-server acl to use an ACL to control the device's access to TFTP servers in an IPv4 network.

Use undo tftp-server acl to restore the default.

Syntax

tftp-server acl acl-number

undo tftp-server acl

Default

No ACL is used to control the device's access to TFTP servers.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.

Usages guidelines

You can use an ACL to deny or permit the device's access to specific TFTP servers.

Examples

# Allow the device to access only the TFTP server at 1.1.1.1.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] tftp-server acl 2000

 


File system management commands

IMPORTANT

IMPORTANT:

·     Before managing storage media, files, and directories, make sure you know the possible impacts.

·     A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not give a common file or directory a name that starts with a period.

·     Some system files and directories are hidden.

 

A file name must be specified in one of the file name formats allowed. For more information, see Fundamentals Configuration Guide.

Before you use the copy, delete, fixdisk, format, gunzip, gzip, mkdir, move, rename, rmdir, or undelete command on a USB disk, make sure the disk is not write protected.

cd

Use cd to change the current working directory.

Syntax

cd { directory | .. }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the destination directory, in the format [drive:/]path. For more information about how to enter the drive and path arguments, see Fundamentals Configuration Guide. If no drive information is provided, the argument represents a folder or subfolder in the current directory.

..: Specifies the parent directory. If the current working directory is the root directory, or if no upper directory exists, the system displays an error message when you execute the cd .. command. No online help information is available for this keyword.

Examples

# Access the test folder after logging in to the device.

<Sysname> cd test

# Return to the upper directory.

<Sysname> cd ..

# In standalone mode, change the current working directory:

1.     View the slot number of the standby MPU.

<Sysname> display device

Slot No. Brd Type         Brd Status   Subslot Num  Sft Ver          Patch Ver

 0       NONE             Absent       0            NONE             None

 1       NONE             Absent       0            NONE             None

 2       NONE             Absent       0            NONE             None

 3       NONE             Absent       0            NONE             None

 4       NONE             Absent       0            NONE             None

 5       NONE             Absent       0            NONE             None

 6       NONE             Absent       0            NONE             None

 7       NONE             Absent       0            NONE             None

 8       NONE             Absent       0            NONE             None

 9       LSX1TGS48FC1     Normal       0            S12510-X-1105    None

 10      LSX1FAB10B1      Normal       0            S12510-X-1105    None

 11      LSX1FAB10B1      Normal       0            S12510-X-1105    None

 12      NONE             Absent       0            NONE             None

 13      NONE             Absent       0            NONE             None

 14      NONE             Absent       0            NONE             None

 15      NONE             Absent       0            NONE             None

 16      LSX1SUP10B1      Standby      0            S12510-X-1105    None

 17      LSX1SUP10B1      Master       0            S12510-X-1105    None

The output shows that the standby MPU is in slot 16.

2.     Change to the root directory of the standby MPU's flash memory.

<Sysname> cd slot16#flash:/

3.     Change back to the test folder of the active MPU's flash memory.

<Sysname> cd flash:/test

# In IRF mode, change the current working directory:

4.     View the chassis numbers and slot numbers of MPUs.

<Sysname> display irf

 Member   Slot   Role    Priority    CPU-Mac

   2      0      Standby 20          00e0-fc0f-8c0f

   2      1      Standby 20          00e0-fc0f-8c1f

 *+3      5      Master  20          00e0-fc0f-8c22

   3      6      Standby 20          00e0-fc0f-8c32

 

--------------------------------------------------

 * indicates the device is the master.

 + indicates the device through which the user logs in.

 The Bridge MAC of the IRF is: 00e0-fc00-0a00

 Auto upgrade                  : yes

 Mac persistent                : 6 min

The output shows that the IRF fabric has two members:

¡     The global active MPU is in slot 5 of member device 3.

¡     The global standby MPUs are in slots 0 and 1 of member device 2, and slot 6 of member device 3.

5.     Change to the test folder of the global active MPU's flash memory.

<Sysname> cd flash:/test

6.     Change to the root directory of the flash memory on the global standby MPU that resides in slot 16 of member device 2.

<Sysname> cd chassis2#slot16#flash:/

7.     Change back to the root directory of the global active MPU's flash memory.

<Sysname> cd flash:/

copy

Use copy to copy a file.

Syntax

copy fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name or URL of the file to be copied. If the file resides on an FTP or TFTP server rather than on the device, specify the URL of the file. Whether a URL is case sensitive depends on the server.

fileurl-dest: Specifies the name or URL of the destination file or directory. To copy the source file to an FTP or TFTP server, specify a URL. If you specify a directory, the device copies the specified file to the directory and saves it with its original file name. Whether a URL is case sensitive depends on the server.

Usage guidelines

You can use the copy command to perform the following operations:

·     Copy a local file and save it locally.

·     Copy a local file and save it to an IPv4 FTP or TFTP server.

·     Copy a file on an IPv4 FTP or TFTP server and save it locally.

To specify a file or directory, use the following guidelines:

 

Location

Name format

Remarks

On the device

Use the file name guidelines in Fundamentals Configuration Guide.

N/A

On an FTP server

Enter the URL in the format ftp://FTP username[:password]@server address[:port number]/file path[/file name].

The username and password must be the same as those configured on the FTP server. If the server authenticates users only by the username, you are not required to enter the password.

For example, to use the username 1 and password 1 and specify the startup.cfg file in the authorized working directory on FTP server 1.1.1.1, enter the URL ftp://1:1@1.1.1.1/startup.cfg.

On a TFTP server

Enter the URL in the format tftp://server address[:port number]/file path[/file name].

For example, to specify the startup.cfg file in the working directory on TFTP server 1.1.1.1, enter the URL tftp://1.1.1.1/startup.cfg.

 

Examples

# Copy the test.cfg file in the current folder and save it to the current folder as testbackup.cfg.

<Sysname> copy test.cfg testbackup.cfg

Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to flash:/testbackup.cfg...Done.

# Copy 1.cfg from the Flash's test folder to the USB disk's first partition, and save it to the testbackup folder as 1backup.cfg.

<Sysname> copy flash:/test/1.cfg usb0:/testbackup/1backup.cfg

Copy flash:/test/1.cfg to usb0:/testbackup/1backup.cfg?[Y/N]:y

Copying file flash:/test/1.cfg to usb0:/testbackup/1backup.cfg...Done.

# Copy test.cfg from the working directory on FTP server 1.1.1.1 and save it to the local current folder as testbackup.cfg. In this example, the FTP username and password are user and private.

<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg

Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.

# Copy test.cfg from the current folder and save it to the working directory on FTP server 1.1.1.1 as testbackup.cfg. In this example, the FTP username and password are user and private.

<Sysname> copy test.cfg ftp://user:private@1.1.1.1/testbackup.cfg

Copy flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg... Done.

# Copy test.cfg from the working directory on TFTP server 1.1.1.1 and save it to the local current folder as testbackup.cfg.

<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg

Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.

# Copy test.cfg from the current folder and save it to the working directory on TFTP server 1.1.1.1 as testbackup.cfg.

<Sysname> copy test.cfg tftp://1.1.1.1/testbackup.cfg

Copy flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg... Done.

# In standalone mode, copy the active MPU's configuration file test.cfg to the root directory of the standby MPU's flash memory.

<Sysname> copy test.cfg slot16#flash:/

Copy flash:/test.cfg to slot16#flash:/test.cfg?[Y/N]:y

Copying file flash:/test.cfg to slot16#flash:/test.cfg...Done.

# In IRF mode, copy the global active MPU's configuration file test.cfg to the root directory of a global standby MPU's flash memory. The global standby MPU resides in slot 16 of member device 2.

<Sysname> copy chassis1#slot16#flash:/test.cfg chassis2#slot16#flash:/

Copy chassis1#slot16#flash:/test.cfg to chassis2#slot16#flash:/test.cfg?[Y/N]:y

Copying file chassis1#slot16#flash:/test.cfg to chassis2#slot16#flash:/test.cfg...Done.

delete

Use delete to delete a file.

Syntax

delete [ /unreserved ] file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

/unreserved: Permanently deletes the specified file. If you do not specify this keyword, the command moves the file to the recycle bin.

file-url: Specifies the name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the .txt extension in the current directory, enter delete *.txt.

Usage guidelines

Use the delete /unreserved file-url command with caution. You cannot restore a file that was deleted with this command.

The delete file-url command (without the /unreserved option) moves the specified file to the recycle bin unless the device is running out of storage space. If the device is running out of storage space, the file is permanently deleted.

A file moved to the recycle bin can be restored by using the undelete command.

Do not use the delete command to delete files from the recycle bin. To delete files from the recycle bin, use the reset recycle-bin command.

If you delete two files that have the same name but reside in different directories, both files are retained in the recycle bin. If you successively delete two files that have the same name from the same directory, only the file deleted last is retained in the recycle bin.

Examples

# In standalone mode, remove file 1.cfg from the active MPU's flash root directory.

<Sysname> delete 1.cfg

Delete flash:/1.cfg? [Y/N]:y

Deleting file flash:/1.cfg...Done.

# In standalone mode, permanently delete file 1.cfg from the active MPU's flash root directory.

<Sysname> delete /unreserved 1.cfg

The file cannot be restored. Delete flash:/1.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file flash:/1.cfg...Done.

# In standalone mode, remove file 1.cfg from the flash root directory of the standby MPU (in slot 17):

·     Method 1

<Sysname> delete slot17#flash:/1.cfg

Delete slot17#flash:/1.cfg?[Y/N]:y

Deleting file slot17#flash:/1.cfg...Done.

·     Method 2

<Sysname> cd slot17#flash:/

<Sysname> delete 1.cfg

Delete slot17#flash:/1.cfg?[Y/N]:y

Deleting file slot17#flash:/1.cfg...Done.

# In IRF mode, remove file 1.cfg from the global active MPU's flash root directory.

<Sysname> delete 1.cfg

Delete flash:/1.cfg?[Y/N]:y

Deleting file flash:/1.cfg...Done.

# In IRF mode, permanently delete file 1.cfg from the global active MPU's flash root directory.

<Sysname> delete /unreserved 1.cfg

The file cannot be restored. Delete flash:/1.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

# In IRF mode, remove file 1.cfg from the flash root directory of the global standby MPU that resides in slot 16 of member device 1:

·     Method 1

<Sysname> delete chassis1#slot16#flash:/1.cfg

Delete chassis1#slot16#flash:/1.cfg?[Y/N]:y

Deleting file chassis1#slot16#flash:/1.cfg...Done.

·     Method 2

<Sysname> cd chassis1#slot16#flash:/

<Sysname> delete 1.cfg

Delete chassis1#slot16#flash:/1.cfg?[Y/N]:y

Deleting file chassis1#slot16#flash:/1.cfg...Done.

Related commands

·     reset recycle-bin

·     undelete

dir

Use dir to display files or folders.

Syntax

dir [ /all ] [ file-url | /all-filesystems ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

/all: Displays all files and folders in the current directory, visible or hidden. If you do not specify this option, only visible files and folders are displayed.

file-url: Displays a specific file or folder. The file-url argument can use the asterisk (*) as a wildcard. For example, to display files with the .txt extension in the current directory, enter dir *.txt.

/all-filesystems: Displays files and folders in the root directory of all storage media on the device.

Usage guidelines

If no option is specified, the command displays all visible files and folders in the current directory.

The folder name of the recycle bin is .trash. To display files in the recycle bin, use either of the following methods:

·     Execute the dir /all .trash command.

·     Execute the cd .trash command and then the dir command.

Examples

# In standalone mode, display all files and folders in the current directory.

<Sysname> dir /all

Directory of flash:/

...

# In standalone mode, display files and folders in the root directories of all storage media on the device.

<Sysname> dir /all-filesystems

Directory of flash:/

...

Directory of usb0:/

...

Directory of slot7#flash:/

...

Directory of slot7#usb0:/

...

# In standalone mode, display files and folders in the root directory of the flash memory on the standby MPU (in slot 16).

<Sysname> cd slot16#flash:/

<Sysname> dir /all

...

# In IRF mode, display information about all files and folders on the global active MPU's storage media.

<Sysname> dir /all

Directory of flash:/

...

# In IRF mode, display files and folders in the root directories of every storage medium in the IRF fabric.

<Sysname> dir /all-filesystems

Directory of flash:/

...

 

Directory of chassis1#slot1#flash:/

...

# In IRF mode, display information about all files and folders in the storage medium of the global standby MPU that resides in slot 16 of member device 1:

·     Method 1

<Sysname> dir /all chassis1#slot16#flash:/

Directory of chassis1#slot16#flash:/

...

·     Method 2

<Sysname> cd chassis1#slot16#flash:/

<Sysname> dir /all

...

Table 17 Command output

Field

Description

Directory of

Current directory.

0     -rwh      3144  Apr 26 2008 13:45:28   xx.xx

File or folder information:

·     0File or folder number, which is automatically allocated by the system.

·     -rwhAttributes of the file or folder. The first character is the folder indicator (d for folder and for file). The second character indicates whether the file or folder is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The fourth character indicates whether the file or directory is hidden (h for hidden, - for visible). Modifying, renaming, or deleting hidden files might affect functions.

·     3144—File size in bytes. For a folder, a hyphen (-) is displayed.

·     Apr 26 2008 13:45:28—Last date and time when the file or folder was modified.

·     xx.xx—File or folder name.

 

fdisk

Use fdisk to partition a storage medium.

Syntax

fdisk medium-name [ partition-number ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of the storage medium to be partitioned.

partition-number: Specifies the number of partitions, in the range of 1 to 4.

Usage guidelines

The Flash cannot be partitioned.

If the partition-number argument is specified, the storage medium is divided into the specified number of partitions. Otherwise, partitioning is performed in an interactive way.

It is normal that the specified partition size and the actual partition size have an error less than 5% of the total memory.

A partition cannot be partitioned.

Before partitioning a USB disk:

·     Back up the files in the storage medium. The partition operation clears all data in the medium.

·     If you are partitioning a USB disk, make sure the disk is not write protected. Otherwise, the partition operation will fail, and you must remount or reinstall the disk to restore access to the USB disk.

·     Make sure no other users are accessing the medium. Otherwise, the partition operation fails.

Examples

# Divide the USB disk on the device evenly into three partitions in simple mode.

<Sysname> fdisk usb: 3

Capacity of usb: : 256M bytes

usb: will be divided into the following partitions:

DeviceName      Capacity

usb0:            85MB

usb1:            85MB

usb2:            86MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

# Divide the USB disk on the device into one partition in an interactive way.

<Sysname> fdisk usb:

The capacity of usb: : 256M bytes

Partition 1 (32MB~224MB, 256MB. Press CTRL+C to quit or Enter to use all available space):

// Press Enter or enter 256.

usb: will be divided into the following partition(s):

DeviceName    Capacity

usb0:          256MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

# Divide the USB disk on the device into three partitions and specify the size for each partition:

<Sysname> fdisk usb:

The capacity of usb: : 256M bytes

Partition 1 (32MB~224MB, 256MB, Press CTRL+C to quit or Enter to use all available space):128

// Enter 128 to set the size of the first partition to 128 MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):31

// Enter 31 to set the size of the second partition to 31 MB.

The partition size must be greater than or equal to 32MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):1000

// Enter 1000 to set the size of the second partition to 1000 MB.

The partition size must be less than or equal to 128MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):127

// Enter 127 to set the size of the second partition to 127 MB.

The remaining space is less than 32MB. Please enter the size of partition 2 again.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):

// Enter 56 to set the size of the second partition to 56 MB.

Partition 3 (32MB~40MB, 72MB, Press CTRL+C to quit or Enter to use all available space):

// Press Enter to assign the remaining space to the third partition.

usb: will be divided into the following partition(s):

DeviceName     Capacity

usb0:            128MB

usb1:            56MB

usb2:            72MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

file prompt

Use file prompt to set the operation mode for files and folders.

Use undo file prompt to restore the default.

Syntax

file prompt { alert | quiet }

undo file prompt

Default

The alert mode is activated and the system prompts for confirmation when you perform a destructive file or folder operation.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

alert: Prompts for confirmation when a destructive file or folder operation is being performed.

quiet: Gives no confirmation prompt for file or folder operations.

Usage guidelines

In quiet mode, the system does not prompt for confirmation when a user performs a file or folder operation. The alert mode provides an opportunity to cancel a disruptive operation.

Examples

# Set the file and folder operation mode to alert.

<Sysname> system-view

[Sysname] file prompt alert

fixdisk

Use fixdisk to check a storage medium for damage and repair any damage.

Syntax

fixdisk medium-name

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium name.

Usage guidelines

Use this command to fix a storage medium when space on the medium cannot be used or released due to abnormal operations.

Before you repair a storage medium, make sure no other users are accessing the medium. Otherwise, the repair operation fails.

Examples

# Restore the space of the Flash.

<Sysname> fixdisk flash:

Restoring flash: may take some time...

Restoring flash:...Done.

format

Use format to format a storage medium.

Syntax

format medium-name

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

Formatting a storage medium permanently deletes all files on the storage medium. If a startup configuration file exists on the storage medium, back it up if necessary.

To format a partitioned storage medium, you must format the partitions individually. You cannot use the format usb command to format the medium as a whole.

You can format a storage medium only when no one is accessing the medium.

Examples

# Format the Flash.

<Sysname> format flash:

All data on flash: will be lost, continue? [Y/N]:y

Formatting flash:... Done.

# Format the third partition of the USB disk.

<Sysname> format usb2:

All data on usb2: will be lost, continue? [Y/N]:y

Formatting usb2:... Done.

gunzip

Use gunzip to decompress a file.

Syntax

gunzip filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of the file to be decompressed. This argument must have .gz as the extension.

Usage guidelines

This command deletes the specified file after decompressing it.

Examples

# Decompress the file system.bin.gz.

1.     Before decompressing the file, you can display files whose names start with the system. string.

<Sysname> dir system.*

Directory of flash:

   1 -rw-          20 Jun 14 2012 10:18:53   system.bin.gz

472972 KB total (472840 KB free)

2.     Decompress the file system.bin.gz.

<Sysname> gunzip system.bin.gz

Decompressing file system.bin.gz... Done.

3.     Verify the decompress operation.

<Sysname> dir system.*

Directory of flash:

   1 -rw-           0 May 30 2012 11:42:25   system.bin

472972 KB total (472844 KB free)

gzip

Use gzip to compress a file.

Syntax

gzip filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of the file to be compressed. The compressed file will be saved to file filename.gz.

Usage guidelines

This command deletes the specified file after compressing it.

Examples

# Compress the file system.bin.

1.     Before compressing the file, you can display files whose names start with system.

<Sysname> dir system.*

Directory of flash:

   1 -rw-           0 May 30 2012 11:42:24   system.bin

472972 KB total (472844 KB free)

2.     Compress the file system.bin.

<Sysname> gzip system.bin

Compressing file system.bin... Done.

3.     Verify the compress operation.

<Sysname> dir system.*

Directory of flash:

   1 -rw-          20 Jun 14 2012 10:18:53   system.bin.gz

472972 KB total (472840 KB free)

md5sum

Use md5sum to use the MD5 algorithm to calculate the digest of a file.

Syntax

md5sum file-url

Views

User view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

file-url: Specifies the name of a file.

Usage guidelines

The digest can be used to verify the integrity of the file. For example, you can use this command to calculate the digest of a software image file and compare it with that provided on the H3C website to identify whether the file has been tampered with.

Examples

# Use the MD5 algorithm to calculate the digest of file system.bin.

<Sysname> md5sum system.bin

MD5 digest:

4f22b6190d151a167105df61c35f0917

Related commands

sha256sum

mkdir

Use mkdir to create a folder in the current directory.

Syntax

mkdir directory

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of a folder.

Usage guidelines

The name of the folder to be created must be unique in the specified directory.

To use this command to create a folder, the specified directory must exist. For example, to create the flash:/test/mytest folder, the test folder must exist. Otherwise, the mytest folder is not created.

Examples

# Create the test folder in the current directory.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Create the test/subtest folder in the current directory.

<Sysname> mkdir test/subtest

Creating directory flash:/test/subtest... Done.

# In standalone mode, create the test folder on the flash memory of the standby MPU (in slot 16).

<Sysname> mkdir slot16#flash:/test

Creating directory slot16#flash:/test... Done.

# In IRF mode, create the test folder on the global active MPU.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# In IRF mode, create the test folder on the flash memory of the global standby MPU that resides in slot 16 of member device 2.

<Sysname> mkdir chassis2#slot16#flash:/test

Creating directory chassis2#slot16#flash:/test... Done.

more

Use more to display the contents of a text file.

Syntax

more file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies a file name.

Examples

# Display the contents of the test.txt file.

<Sysname> more test.txt

Have a nice day.

# Display the contents of the testcfg.cfg file.

<Sysname> more testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In standalone mode, display the contents of the testcfg.cfg file on the standby MPU (in slot 16).

<Sysname> more slot16#flash:/testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In IRF mode, display the contents of the testcfg.cfg file on the global active MPU.

<Sysname> more testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In IRF mode, display the contents of the testcfg.cfg file on a global standby MPU.

<Sysname> more chassis2#slot16#flash:/testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

mount

Use mount to mount a hot swappable storage medium.

Syntax

mount medium-name

Default

A storage medium is automatically mounted and in mounted state after being connected to the device, and you can use it without mounting it.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

To avoid file system corruption, do not perform the following operations while the system is mounting a storage medium:

·     Installing or removing storage media or cards.

·     Performing an active/standby switchover in standalone mode.

·     Performing a switchover between the global active MPU and a global standby MPU in IRF mode.

To mount a partitioned storage medium, you must mount all the partitions individually, instead of mounting the storage medium as a whole.

Examples

# In standalone mode, mount a USB disk on the active MPU.

<Sysname> mount usb0:

# In standalone mode, mount a USB disk on the standby MPU (in slot 16).

<Sysname> mount slot16#usb0:

# In IRF mode, mount a USB disk on the global active MPU.

<Sysname> mount usb0:

# In IRF mode, mount a USB disk on the global standby MPU that resides in slot 17 of member device 2.

<Sysname> mount chassis2#slot17#usb0:

Related commands

umount

move

Use move to move a file.

Syntax

move fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name of the source file.

fileurl-dest: Specifies the name of the destination file or folder.

Usage guidelines

If you specify a destination folder, the system moves the source file to the specified folder without changing the file name.

Examples

# Move the flash:/test/sample.txt file to flash:/, and save it as 1.txt.

<Sysname> move test/sample.txt 1.txt

Move flash:/test/sample.txt to flash:/1.txt?[Y/N]:y

Moving file flash:/test/sample.txt to flash:/1.txt ...Done.

# Move the b.cfg file to the folder test2.

<Sysname> move b.cfg test2

Move flash:/b.cfg to flash:/test2/b.cfg?[Y/N]:y

Moving file flash:/b.cfg to flash:/test2/b.cfg... Done.

pwd

Use pwd to display the current working directory.

Syntax

pwd

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Display the current working directory.

<Sysname> pwd

flash:

rename

Use rename to rename a file or folder.

Syntax

rename fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name of the source file or folder.

fileurl-dest: Specifies the name of the destination file or folder.

Usage guidelines

If the destination file or folder name is the same as the name of an existing file or folder in the current working directory, this command is not executed.

Examples

# Rename the copy.cfg file as test.cfg.

<Sysname> rename copy.cfg test.cfg

Rename flash:/copy.cfg as flash:/test.cfg?[Y/N]:y

Renaming flash:/copy.cfg as flash:/test.cfg... Done.

reset recycle-bin

Use reset recycle-bin to delete files from the recycle bin.

Syntax

reset recycle-bin [ /force ]

Views

User view

Parameters

/force: Deletes all files in the recycle bin without prompting for confirmation. If you do not specify this option, the command prompts you to confirm the deletion.

Usage guidelines

The delete file-url command only moves a file to the recycle bin. To permanently delete the file, use the reset recycle-bin command to clear the recycle bin.

If a file is corrupted, you might not be able to delete the file by using the reset recycle-bin command. In this case, use the reset recycle-bin /force command.

Examples

# Empty the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg?[Y/N]:y

Clearing file flash:/a.cfg... Done.

Clear flash:/b.cfg?[Y/N]:y

Clearing file flash:/b.cfg... Done.

# Delete the b.cfg file from the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg?[Y/N]:n

Clear flash:/b.cfg?[Y/N]:y

Clearing file flash:/b.cfg... Done.

Related commands

delete

rmdir

Use rmdir to delete a folder.

Syntax

rmdir directory

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies a folder name.

Usage guidelines

To delete a directory, you must delete all files and subfolders in the directory permanently or move them to the recycle bin. If you move them to the recycle bin, executing the rmdir command permanently deletes them.

Examples

# Delete the subtest folder.

<Sysname>rmdir subtest/

Remove directory flash:/test/subtest and the files in the recycle-bin under this directory will be deleted permanently. Continue?[Y/N]:y

Removing directory flash:/test/subtest... Done.

sha256sum

Use sha256sum to use the SHA-256 algorithm to calculate the digest of a file.

Syntax

sha256sum file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies the name of a file.

Usage guidelines

The digest can be used to verify the integrity of the file. For example, you can use this command to calculate the digest of a software image file and compare it with that provided on the H3C website to identify whether the file has been tampered with.

Examples

# Use the SHA-256 algorithm to calculate the digest of file system.bin.

<Sysname> sha256sum system.bin

SHA256 digest:

0851e0139f2770e87d01ee8c2995ca9e59a8f5f4062e99af14b141b1a36ca152

Related commands

md5sum

tar create

Use tar create to archive files and folders.

Syntax

tar create [ gz ] archive-file fileurl-dest [ verbose ] source fileurl-source-list&<1-5>

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

gz: Uses gzip to compress the files and folders before archiving them.

archive-file fileurl-dest: Specifies the archive file name. If you specified the gz keyword, the suffix of this argument must be .tar.gz. If you did not specify the gz keyword, the suffix of this argument must be .tar.

verbose: Displays the names of the successfully archived files and folders.

source fileurl-source-list&<1-5>: Specifies the files and folders to be archived. The fileurl-source-list argument can be a space-separated list of up to five items. Each item can be a file or folder name.

Examples

# Archive file a.cfg to file a.tar.

<Sysname> tar create archive-file a.tar source a.cfg

Creating archive a.tar …… Done.

# Compress file a.cfg and archive the file to a.tar.gz.

<Sysname> tar create gz archive-file a.tar.gz source a.cfg

Creating archive a.tar.gz Done.

# Compress and archive files and folders, and display the successfully archived files and folders.

<Sysname> tar create gz archive-file a.tar.gz verbose source a.cfg a.dbm ./core

a.cfg

a.dbm

./core

Related commands

·     tar extract

·     tar list

tar extract

Use tar extract to extract files and folders.

Syntax

tar extract archive-file fileurl-dest [ verbose ] [ screen | to directory-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

archive-file fileurl-dest: Specifies the archive file name. The suffix can be .tar or .tar.gz.

verbose: Displays the names of the successfully extracted files and folders.

screen: Displays the content of the extracted files and folders on the screen. The extracted files are not saved.

to directory-name: Saves the extracted files and folders to a path.

Usage guidelines

If you do not specify the screen keyword or the to directory-name option, the command extracts the archived files and folders and saves them to the same folder as the archive file.

Examples

# Extract files and folders, and save them to the same folder as the archive file.

<Sysname> tar extract archive-file a.tar.gz

Extracting archive a.tar.gz …… Done.

# Extract files and folders, and display their content on the screen.

<Sysname> tar extract archive-file a.tar.gz verbose screen

a.cfg

#

version 7.1.045, Ess 1105

#

sysname H3C

#

# Extract files and folders, save them to the same folder as the archive file, and display the names of the archived files and folders.

<Sysname> tar extract archive-file a.tar.gz verbose

a.txt

# Extract files and folders, and save them to the path flash:/a.

<Sysname> tar extract archive-file a.tar.gz to flash:/a

Extracting archive a.tar.gz ......Done.

Related commands

·     tar create

·     tar list

tar list

Use tar list to display the names of archived files and folders.

Syntax

tar list archive-file fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

archive-file fileurl-dest: Specifies the archive file name. The suffix can be .tar or .tar.gz.

Examples

# Display the names of archived files and folders.

<Sysname> tar list archive-file a.tar.gz

a.cfg

Related commands

·     tar create

·     tar extract

umount

Use umount to unmount a hot swappable storage medium.

Syntax

umount medium-name

Default

A storage medium is automatically mounted and placed in mounted state.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

Before you remove a mounted storage medium from the system, first unmount it to avoid damaging the medium.

Before you unmount a storage medium, make sure no other users are accessing the medium. Otherwise, the unmount operation fails.

When a storage medium is connected to a lower version system, the system might not be able to automatically recognize the device. In this case, you must first execute the mount command for the storage medium to operate correctly.

To avoid file system corruption, do not perform the following operations while the system is unmounting a storage medium:

·     Installing or removing storage media or cards.

·     Performing an active/standby switchover in standalone mode.

·     Performing a switchover between the global active MPU and a global standby MPU in IRF mode.

Examples

# In standalone mode, unmount a USB disk from the active MPU.

<Sysname> umount usb0:

# In standalone mode, unmount a USB disk from the standby MPU (in slot 16).

<Sysname> umount slot16#usb0:

# In IRF mode, unmount a USB disk from the global active MPU.

<Sysname> umount usb0:

# In IRF mode, unmount a USB disk from the global standby MPU that resides in slot 17 of member device 2.

<Sysname> umount chassis2#slot17# usb0:

Related commands

mount

undelete

Use undelete to restore a file from the recycle bin.

Syntax

undelete file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies the name of the file to be restored.

Usage guidelines

If another file that has the same name exists in the directory, the system prompts you about whether to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.

Examples

# Restore the copy.cfg file, which was moved from the flash: directory to the recycle bin.

<Sysname>undelete copy.cfg

Undelete flash:/copy.cfg?[Y/N]:y

Undeleting file flash:/copy.cfg... Done.

# Restore the startup.cfg file, which was moved from the flash:/seclog directory to the recycle bin:

·     Method 1

<Sysname>undelete seclog/startup.cfg

Undelete flash:/seclog/startup.cfg?[Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.

·     Method 2

<Sysname> cd seclog

<Sysname> undelete startup.cfg

Undelete flash:/seclog/startup.cfg?[Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.


Configuration file management commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

backup startup-configuration

Use backup startup-configuration to back up the main next-startup configuration file to a TFTP server.

Syntax

backup startup-configuration to tftp-server [ dest-filename ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

dest-filename: Specifies the target file name used for saving the file on the server. The file name must use the .cfg extension. If you do not specify a target file name, the source file name is used.

Usage guidelines

This command is not supported in FIPS mode.

Examples

# Back up the main next-startup configuration file to the TFTP server at 2.2.2.2, and set the target file name to 192-168-1-26.cfg.

<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg

Backup next startup-configuration file to 2.2.2.2, please wait…finished

Related commands

restore startup-configuration

configuration commit

Use configuration commit to commit the settings configured after the configuration commit delay command was executed.

Syntax

configuration commit

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

You must execute the configuration commit delay command before executing this command.

As a best practice, enable the information center and configure the information center to output logs to the console. Determine whether to commit the settings depending on the logs. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Set the allowed delay time to 10 minutes for a manual commit to keep the settings configured subsequently in effect.

<Sysname> system-view

[Sysname] configuration commit delay 10

# Commit the settings configured after the configuration commit delay command was executed.

[Sysname] configuration commit

# Commit the settings configured after the configuration commit delay command was executed. In this example, the commit operation fails, because the allowed delay time has expired. The device is rolling back the configuration to the settings before the configuration commit delay command was executed.

[Sysname] configuration commit

The system is rolling back configuration. Please wait…

configuration commit delay

Use configuration commit delay to set the allowed delay time for a manual commit to keep the settings configured subsequently in effect.

Syntax

configuration commit delay delay-time

Views

System view

Predefined user roles

network-admin

Parameters

delay-time: Sets the allowed delay time in the range of 1 to 65535 minutes.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Configure this command in a single-user environment.

If you do not execute the configuration commit command within the delay time, the device rolls back the configuration to the settings before the configuration commit delay command was executed. The device outputs logs to notify the user of the rollback operation. The user cannot perform other operations before the rollback is finished.

As a best practice, set the allowed delay time in the following situations:

·     The user configures the device remotely. The user might be disconnected from the device because of a setting. If the configuration commit delay command is configured and the setting is not committed, the user can reconnect to the device after the delay time expires.

·     The user is not familiar with the device configuration. If any parameters are configured incorrectly, the rollback mechanism can remove the incorrect settings after the delay time expires.

You can change the allowed delay time before the previous configured delay time expires. The new delay time configuration overwrites the previous delay time configuration after you enter Y to confirm the change. The allowed delay time is re-set.

Examples

# Set the allowed delay time to 10 minutes for a manual commit to keep the settings configured subsequently in effect.

<Sysname> system-view

[Sysname] configuration commit delay 10

# Re-set the allowed delay time to 60 minutes for a manual commit to keep the settings configured subsequently in effect.

[Sysname] configuration commit delay 60

The commit delay already set 10 minutes, overwrite it? [Y/N]:y

# Re-set the allowed delay time to 20 minutes for a manual commit to keep the settings configured subsequently in effect. In this example, the configuration fails, because the previous configured delay time has expired. The device is rolling back the configuration to the settings before the configuration commit delay command was executed the previous time.

[Sysname] configuration commit delay 20

The system is rolling back configuration. Please wait…

configuration encrypt

Use configuration encrypt to enable configuration encryption.

Use undo configuration encrypt to restore the default.

Syntax

configuration encrypt { private-key | public-key }

undo configuration encrypt

Default

Configuration encryption is disabled. The running configuration is saved to a configuration file without encryption.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

private-key: Encrypts configuration with a private key. All H3C devices running Comware V7 software use the same private key.

public-key: Encrypts configuration with a public key. All H3C devices running Comware V7 software use the same public key.

Usage guidelines

Configuration encryption enables the device to automatically encrypt a configuration file when saving the running configuration to the file.

Examples

# Enable the public-key method for configuration encryption.

<Sysname> system-view

[Sysname] configuration encrypt public-key

display current-configuration

Use display current-configuration to display the running configuration.

Syntax

display current-configuration [ configuration [ module-name ] | interface [ interface-type [ interface-number ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

configuration [ module-name ]: Displays feature configuration. The module-name argument specifies a feature module. If no feature module is specified, this command displays all feature settings you have made. Available feature modules depend on your configuration.

interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the interface-type argument represents the interface type and the interface-number argument represents the interface number.

Usage guidelines

Use this command to verify the running configuration you have made.

If the system has automatically changed the setting you have made for a parameter, this command displays the effective setting instead of the configured one. An automatic change typically occurs because of system restrictions.

Typically, this command does not display parameters that are using the default settings.

Examples

# Display local user configuration.

<Sysname> display current-configuration configuration local-user

#

local-user root class manage

 password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==

 service-type ssh telnet terminal

 authorization-attribute user-role network-admin

 authorization-attribute user-role network-operator

#

return

# Display Ethernet interface configuration.

<Sysname> display current-configuration interface fortygige 1/0/1

#

interface FortyGigE1/0/1

 port link-mode route

#

return

display current-configuration diff

Use display current-configuration diff to display the configuration differences between the running configuration and the next-startup configuration file.

Syntax

display current-configuration diff

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

This command compares the running configuration with the settings in the next-startup configuration file in the following steps:

1.     Compares the running configuration with the settings in the main next-startup configuration file.

2.     If the main next-startup configuration file is unavailable or corrupt, this command compares the running configuration with the settings in the backup next-startup configuration file.

If both the main and backup next-startup configuration files are unavailable or corrupt, the system displays a message indicating that the next-startup configuration file does not exist.

Examples

# Display the configuration differences between the running configuration and the next-startup configuration file.

<TEST1>display current-configuration diff

--- Startup configuration

+++ Current configuration

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

Table 18 Command output

Field

Description

- - - A

+++ B

·     A displays Startup configuration, Current configuration, or the name of the source configuration file with its directory information.

·     B displays Current configuration, Startup configuration, or the name of the target configuration file with its directory information.

@@ -linenumber1,number1 +linenumber2,number2 @@

Location summary for a command line difference:

·     -linenumber1,number1—A total number of number1 lines are excerpted from line number linenumber1 in A. These lines contain a command line difference.

·     +linenumber2,number2—A total number of number2 lines are excerpted from line number linenumber2 in B. These lines contain a command line difference.

cmd1

- cmd2

+ cmd3

cmd4

Command line difference:

·     cmd1 and cmd4 provide a context for locating the different command lines.

·     - cmd2 represents the different command line in A.

·     + cmd3 represents the different command line in B.

 

Related commands

·     display current-configuration

·     display diff

·     display saved-configuration

display default-configuration

Use display default-configuration to display the factory defaults.

Syntax

display default-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The device does not have factory defaults. When you execute this command, the device displays nothing.

Examples

# Display the factory defaults.

<Sysname> display default-configuration

display diff

Use display diff to display the configuration differences between two configuration files or between a configuration file and the running configuration.

Syntax

display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration }

display diff current-configuration { configfile file-name-d | startup-configuration }

display diff startup-configuration { configfile file-name-d | current-configuration }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

configfile file-name-s: Specifies the source configuration file for comparison.

configfile file-name-d: Specifies the target configuration file for comparison.

current-configuration: Specifies the running configuration. In the display diff current-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff startup-configuration commands, this keyword specifies the target configuration.

startup-configuration: Specifies the next-startup configuration file. In the display diff startup-configuration command, this keyword specifies the source configuration file for comparison. In the display diff configfile file-name-s and display diff current-configuration commands, this keyword specifies the target configuration file.

Usage guidelines

If you specify the startup-configuration keyword, the system searches for the next-startup configuration file for comparison in the following order:

1.     The main next-startup configuration file.

2.     The backup next-startup configuration file if the main next-startup configuration file is unavailable or corrupt.

If both the main and backup next-startup configuration files are unavailable or corrupt, the system displays a message indicating that the next-startup configuration file does not exist.

Examples

# Display the configuration differences between test.cfg and testsys.cfg.

<Sysname> display diff configfile test.cfg configfile testsys.cfg

--- flash:/test.cfg

+++ flash:/testsys.cfg

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname test

+ sysname test1

 #

  telnet server enable

 #

# Display the configuration differences between test.cfg and testsys.cfg on the master and subordinate devices in an IRF fabric.

<Sysname>display diff configfile chassis1#slot17#flash:/test.cfg configfile chassis2#slot17#flash:/testsys.cfg

--- flash:/test.cfg

+++ chassis2#slot17#flash:/testsys.cfg

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

# Display the configuration differences between the running configuration and the next-startup configuration file.

<TEST> display diff current-configuration startup-configuration

--- Current configuration

+++ Startup configuration

 

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

For command output, see Table 18.

Related commands

·     display current-configuration

·     display current-configuration diff

·     display saved-configuration

display saved-configuration

Use display saved-configuration to display the contents of the configuration file for the next system startup.

Syntax

display saved-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Use this command to verify that important settings have been saved to the configuration file for the next system startup.

This command selects the configuration file to display in the following order:

1.     If the main startup configuration file is available, this command displays the contents of the main startup configuration file.

2.     If the main startup configuration file is not available but the backup startup configuration file is available, this command displays the contents of the backup file.

3.     If both the main and backup startup configuration files are not available, this command does not display anything.

Examples

# Display the contents of the configuration file for the next system startup.

<Sysname> display saved-configuration

#

 Version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

  ---- More ----

Related commands

·     reset saved-configuration

·     save

display startup

Use display startup to display the current startup configuration file and the next-startup configuration files.

Syntax

display startup

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Current startup configuration file is the configuration file that has been loaded. Next-startup configuration file is the configuration file used at the next startup.

In standalone mode:

The standby MPU always uses the same current startup configuration file as the active MPU. After an active/standby switchover, it is normal that the current startup configuration files on them are displayed as NULL, because the new active MPU continues to run with the running configuration rather than rebooting with the previous current startup configuration file.

In IRF mode:

The standby MPUs in the IRF fabric always use the same current startup configuration file as the global active MPU. After an active/standby switchover, it is normal that the current startup configuration files on them are displayed as NULL, because the new global active MPU continues to run with the running configuration rather than rebooting with the previous current startup configuration file.

Examples

# (In standalone mode.) Display startup configuration files.

<Sysname> display startup

MainBoard:

 Current startup saved-configuration file: flash:/startup.cfg

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: NULL

Slot 16:

 Current startup saved-configuration file: flash:/startup.cfg

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: NULL

Table 19 Command output

Field

Description

MainBoard

Displays the startup configuration files on the active MPU.

Current startup saved-configuration file

Configuration file that the active MPU has started up with.

Next main startup saved-configuration file

Primary startup configuration file to be used at the next startup.

Next backup startup saved-configuration file

Backup startup configuration file to be used at the next startup.

Slot n

Displays the startup configuration files on the standby MPU in slot n.

 

# (In IRF mode.) Display startup configuration files.

<Sysname> display startup

MainBoard:

 Current startup saved-configuration file: NULL

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: flash:/startup2.cfg

Chassis 2 Slot 16:

 Current startup saved-configuration file: NULL

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: flash:/startup2.cfg

Table 20 Command output

Field

Description

MainBoard

Displays the startup configuration files on the global active MPU.

Current startup saved-configuration file

Configuration file that the global active MPU has started up with.

Next main startup saved-configuration file

Primary configuration file to be used at the next startup.

Next backup startup saved-configuration file

Backup configuration file to be used at the next startup.

(This file does not exist.)

If the specified next-startup configuration file has been deleted, this comment appears next to the file name.

Chassis x Slot n

Displays the startup configuration files on the MPU in slot n of IRF member x.

 

Related commands

startup saved-configuration

display this

Use display this to display the running configuration in the current view.

Syntax

display this

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Use this command to verify the configuration you have made in a certain view.

Typically, this command does not display parameters that are set to their default settings.

For some parameters that can be successfully set even if their dependent features are not enabled, this command displays their settings after the dependent features are enabled.

This command can be executed in any user line view to display the running configuration of all user lines.

Examples

# Display the running configuration on interface FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode route

#

return

# Display the running configuration on user lines.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] display this

#

line aux 0

 user-role network-admin

#

line vty 0 63

 authentication-mode none

 user-role network-admin

 user-role network-operator

#

return

reset saved-configuration

Use reset saved-configuration to delete next-startup configuration files.

Syntax

reset saved-configuration [ backup | main ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

backup: Deletes the backup next-startup configuration file.

main: Deletes the main next-startup configuration file.

Usage guidelines

CAUTION:

Use this command with caution. In standalone mode, this command permanently deletes the next-startup configuration files from both MPUs. In IRF mode, this command permanently deletes the next-startup configuration files on all MPUs in the IRF fabric.

 

Delete a next-startup configuration file if it is corrupted or does not match the software version.

You can delete the main, the backup, or both.

To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.

For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL, but the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.

If no configuration file attribute is specified, the reset saved-configuration command deletes the main next-startup configuration file.

Examples

# (In standalone mode.) Delete the main next-startup configuration file.

<Sysname> reset saved-configuration

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in flash is being cleared.

Please wait ...

..

MainBoard:

 Configuration file is cleared.

Slot 16:

 Erase next configuration file successfully

# (In IRF mode.) Delete the backup next-startup configuration file.

<Sysname> reset saved-configuration backup

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in flash is being cleared.

Please wait ...

..

MainBoard:

 Configuration file is cleared.

Chassis 2 Slot 16:

 Erase next configuration file successfully

Related commands

display saved-configuration

restore startup-configuration

Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the main next-startup configuration file.

Syntax

restore startup-configuration from tftp-server src-filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies a TFTP server's IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

src-filename: Specifies the file name of the configuration file to be downloaded.

Usage guidelines

This command is not supported in FIPS mode.

Before restoring the configuration file for the next startup, make sure the following requirements are met:

·     The server is reachable.

·     The server is enabled with TFTP service.

·     You have read and write permissions to the server.

This command provides an easy method for configuration file restoration by automatically performing all operations required for restoring the main next-startup configuration file.

This command downloads the configuration file to the root directory of the default storage medium on each MPU and specifies the file as the main next-startup configuration file.

If the USB disk is used and partitioned, the configuration file is saved on the first partition.

This command assumes that all MPUs use the same type of default storage medium. If a standby MPU uses a different type of default storage medium than the active MPU, the command cannot propagate the configuration file to the standby MPU. For example, the standby MPU uses a USB disk, but the active MPU uses a flash memory. In this situation, you must manually restore the next-startup configuration file on the standby MPU.

Examples

# (In standalone mode.) Download the configuration file config.cfg from the TFTP server at 2.2.2.2, and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 config.cfg

Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.

Now restoring the next startup-configuration file from main board to backup board. Please wait...finished.

# (In IRF mode.) Download the configuration file config.cfg from the TFTP server at 2.2.2.2 and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 config.cfg

Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.

Now restoring the next startup-configuration file from main board to backup board. Please wait...finished.

Related commands

backup startup-configuration

save

In standalone mode:

Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.

Use save [ safely ] [ backup | main ] [ force ] to save the running configuration to a file in the root directory of the default storage medium. This command applies to both the active and standby MPUs. It specifies the file as a next-startup configuration file at the same time.

In IRF mode:

Use save file-url [ all | chassis chassis-number slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.

Use save [ safely ] [ backup | main ] [ force ] to save the running configuration to a file in the root directory of the default storage medium. This command applies to each MPU in the IRF fabric. It specifies the file as a next-startup configuration file at the same time.

Syntax

In standalone mode:

save file-url [ all | slot slot-number ]

save [ safely ] [ backup | main ] [ force ]

In IRF mode:

save file-url [ all | chassis chassis-number slot slot-number ]

save [ safely ] [ backup | main ] [ force ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Saves the running configuration to the specified file, without specifying the file as a next-startup configuration file. The file name must use the extension .cfg and can include path information. If the keyword all or an MPU is specified, the file path cannot include any chassis number or slot number. If the file path includes a folder name, the folder must already exist.

all: Saves the running configuration to both MPUs. If you do not specify this keyword or the slot slot-number option, the command saves the running configuration only to the active MPU. (In standalone mode.)

all: Saves the running configuration to all MPUs. If you do not specify this keyword or the chassis chassis-number slot slot-number option, the command saves the running configuration only to the global active MPU in the IRF fabric. (In IRF mode.)

slot slot-number: Saves the running configuration to the standby MPU. If you do not specify this option or the all keyword, the command saves the running configuration only to the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Saves the running configuration to an MPU. If you do not specify this option or the all keyword, the command saves the running configuration only to the global active MPU. (In IRF mode.)

safely: Saves the configuration file in safe mode. If this keyword is not specified, the device saves the configuration file in fast mode. Safe mode is slower than fast mode, but more secure. In safe mode, the system saves configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot, power failure, or out of memory event occurs during the save operation, the next-startup configuration file is retained. In fast mode, the device directly overwrites the target next-startup configuration file. If a reboot, power failure, or out of memory event occurs during this process, the next-startup configuration file is lost. As a best practice, specify the safely keyword for the command.

backup: Saves the running configuration to a configuration file, and specifies the file as the backup next-startup configuration file. If you do not specify this keyword or the main keyword, the command specifies the saved file as the main next-startup configuration file.

main: Saves the running configuration to a configuration file, and specifies the file as the main next-startup configuration file. If you do not specify this keyword or the backup keyword, the command specifies the saved file as the main next-startup configuration file.

force: Saves the running configuration without prompting for confirmation. Without this keyword, the system prompts you to confirm the operation. If you do not confirm the operation within 30 seconds, the system automatically aborts the operation. If you enter Y within the time limit, you can continue the save process and change the next-startup configuration file during this process.

Usage guidelines

If the file specified for the command does not exist, the system creates the file before saving the configuration. If the file already exists, the system prompts you to confirm whether to overwrite the file. If you choose to not overwrite the file, the system cancels the save operation.

If you do not specify the file-url option for the command, the command saves the running configuration to an .mdb binary file as well as a .cfg text file. The two files use the same file name. An .mdb file takes less time to load than a .cfg file.

If you specify the file-url option for the command, the command only saves the running configuration to the specified .cfg file.

Examples

# Save the running configuration to the configuration file backup.cfg, without specifying the file as the next-startup configuration file.

<Sysname> save backup.cfg

The current configuration will be saved to flash:/backup.cfg. Continue? [Y/N]:y

Now saving current configuration to the device.

Saving configuration

flash:/backup.cfg. Please wait...

Configuration is saved to flash successfully.

# Save the running configuration to the main next-startup configuration file without any confirmation required.

<Sysname> save force

Validating file. Please wait....

Configuration is saved to device successfully.

# (In standalone mode.) Save the running configuration to a file in the root directory of the default storage medium on each MPU, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Slot 16:

Save next configuration file successfully.

# (In IRF mode.) Save the running configuration to a file in the root directory of the default storage medium on each MPU, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Chassis 1 Slot 16:

Save next configuration file successfully.

Related commands

·     display current-configuration

·     display saved-configuration

startup saved-configuration

In standalone mode:

Use startup saved-configuration to specify a file as a next-startup configuration file for both active and standby MPUs.

Use undo startup saved-configuration to set the active and standby MPUs to start up with initial settings at the next startup.

In IRF mode:

Use startup saved-configuration to specify a file as a next-startup configuration file for all MPUs in the IRF fabric.

Use undo startup saved-configuration to set all MPUs to start up with initial settings at the next startup.

Syntax

startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration

Default

No configuration file is specified for the next startup.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

cfgfile: Specifies the name of a .cfg file. This .cfg file must already exist in the root directory of the default storage medium.

backup: Specifies the configuration file as the backup next-startup configuration file.

main: Specifies the configuration file as the main next-startup configuration file. This is the primary configuration file that the device attempts to load at startup. If the loading attempt fails, the device tries the backup next-startup configuration file.

Usage guidelines

CAUTION:

In an IRF fabric, use the undo startup saved-configuration command with caution. This command can cause an IRF split after the IRF fabric or an IRF member reboots.

 

The startup saved-configuration command applies to each MPU. To successfully configure the command, follow these guidelines:

·     Make sure the specified configuration file is valid and saved to the root directory of the default storage medium on each MPU.

·     Make sure all MPUs use the same type of storage medium as the default storage medium. You can access the BootWare menus to specify the built-in flash memory or the USB disk as the default storage medium.

If the USB disk is used to store the startup configuration files, make sure the specified file is saved to the root directory of the first partition on the USB disk. Do not remove the USB disk during the startup process. If you remove the USB disk on a device, one of the following consequences occurs:

·     In standalone mode, the device starts up with the initial settings.

·     In an IRF fabric, the device leaves the IRF fabric at startup and runs the initial settings.

If neither backup nor main is specified, the startup saved-configuration command specifies the main next-startup configuration file.

Even though the main and backup next-startup configuration files can be the same one, specify them as separate files for high availability.

The undo startup saved-configuration command changes the file attribute of the main and backup next-startup configuration files to NULL, but it does not delete the two configuration files.

You can also specify a configuration file as a next startup file when you use the save command to save the running configuration to it.

Examples

# Specify the main next-startup configuration file.

<Sysname> startup saved-configuration testcfg.cfg

Please wait ....

... Done!

Related commands

display startup


Software upgrade commands

boot-loader file

Use boot-loader file to specify startup software image files.

Syntax

In standalone mode:

boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | slot slot-number } { backup | main }

boot-loader file ipe-filename { all | slot slot-number } { backup | main }

In IRF mode:

boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | chassis chassis-number slot slot-number } { backup | main }

boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main }

Views

User view

Predefined user roles

network-admin

Parameters

boot boot-package: Specifies the file path of a .bin boot image file, a case-insensitive string. The file path specified for the boot-package argument uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

system system-package: Specifies the file path of a .bin system image file, a case-insensitive string. The file path specified for the system-package argument uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

feature feature-package: Specifies a space-separated list of up to 30 .bin feature image files. Each feature image file name must be a case-insensitive string. The file names must use the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

ipe-filename: Specifies an .ipe Comware image file name, a case-insensitive. The file path must use the flash:/base-filename.ipe format. The file path must not include the chassis ID or slot ID.

all: Specifies startup images for all cards. If you specify this keyword, the system copies the card-specific images automatically to the root directory of the storage medium on each card. For a successful upgrade, make sure the specified files include the upgrade images for all cards.

slot slot-number: Specifies the slot number of the MPU for which the startup images are specified. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies the MPU for which the startup images are specified in the IRF fabric. The chassis-number argument represents the IRF member ID of the device that holds the card, and the slot-number argument represents the slot number of the card. (In IRF mode.)

backup: Specifies the files as backup startup files. Backup startup images are used only when main images are not available.

main: Specifies the files as main startup files. The device always first attempts to start up with main startup files.

Usage guidelines

Use this command to upgrade startup software images for all MPUs. To upgrade only standby MPUs, you can also use the boot-loader update command.

Before specifying startup software images, you can save the upgrade file to the switch.

·     In standalone mode, save the file to the root directory of the flash memory on the active MPU.

·     In IRF mode, save the file to the root directory of the flash memory on the global active MPU.

Alternatively, you can save the upgrade file to a USB disk.

If the storage medium is partitioned, save the files to the root directory of the first partition. The flash memory allows file paths or names of up to 56 characters. A USB disk allows file paths or names of up to 57 characters.

If a standby MPU is specified, the system automatically copies the upgrade file to the flash memory on the specified MPU, and sets images in the file as startup images. If a file with the same name as the upgrade file already exists, you must choose whether to overwrite the existing file.

The boot-loader file command overwrites the entire startup software image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup software image list. The new startup software image list will contain only the feature image files that are specified in the command.

Examples

# In standalone mode, specify flash:/all.ipe as the backup startup image file for the MPU in slot 17.

<Sysname> boot-loader file flash:/all.ipe slot 17 backup

Verifying image file......Done.

Images in IPE:

  boot.bin

  system.bin

ssh.bin

This command will set the backup startup software images. Continue? [Y/N]:Y

Add images to target slot.

  flash:/boot.bin already exists on slot 17.

  flash:/system.bin already exists on slot 17.

  flash:/ssh.bin already exists on slot 17.

Overwrite it? [Y/N]:y

Decompressing file boot.bin to flash:/boot.bin....................................Done.

Decompressing file system.bin to flash:/system.bin................................Done.

The images that have passed all examinations will be used as the backup startup software images at the next reboot on slot 17.

# In IRF mode, specify flash:/all.ipe as the backup startup image file for the MPU in slot 17 on IRF member device 1.

<Sysname> boot-loader file flash:/all.ipe chassis 1 slot 17 backup

Verifying image file......Done.

Images in IPE:

  boot.bin

  system.bin

  ssh.bin

This command will set the backup startup software images. Continue? [Y/N]:Y

Add images to target slot.

  flash:/boot.bin already exists on chassis 1 slot 17.

  flash:/system.bin already exists on chassis 1 slot 17.

  flash:/ssh.bin already exists on chassis 1 slot 17.

Overwrite it? [Y/N]:y

Decompressing file boot.bin to flash:/boot.bin....................................Done.

Decompressing file system.bin to flash:/system.bin................................Done.

The images that have passed all examinations will be used as the backup startup software images at the next reboot on chassis 1 slot 17.

Related commands

display boot-loader

boot-loader update

In standalone mode:

Use boot-loader update to synchronize startup images from the active MPU to the standby MPU.

In IRF mode:

Use boot-loader update to synchronize startup images from the global active MPU to a standby MPU.

Syntax

In standalone mode:

boot-loader update { all | slot slot-number }

In IRF mode:

boot-loader update { all | chassis chassis-number slot slot-number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Upgrades the standby MPU. (In standalone mode.)

all: Upgrades all standby MPUs in the IRF fabric. (In IRF mode.)

slot slot-number: Specifies the slot number of the standby MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a standby MPU. The chassis-number argument represents the IRF member ID of the device that holds the standby MPU. The slot-number argument represents the slot number of the standby MPU. (In IRF mode.)

Usage guidelines

You can use this command to synchronize startup images after adding new MPUs.

The images used for synchronization are in the main or backup startup software images list instead of the current software images list (see the display boot-loader command).

·     The main images list is used if the active MPU or global active MPU started up with the main startup images.

·     The backup image list is used if the active MPU or global active MPU started up with the main startup images.

The startup images synchronized to the standby MPU are set as main startup images, regardless of whether the source startup images are main or backup.

To avoid problems, make sure the image list used for synchronization is the same as the current software images list.

Startup image synchronization fails if any software image being synchronized is not available or is corrupted.

Examples

# In standalone mode, synchronize startup images from the active MPU to the standby MPU in slot 16.

<Sysname> boot-loader update slot 16

This command will update the specified standby MPU. Continue? [Y/N]:y

Updating. Please wait...

Copying main startup software images to slot 16. Please wait...

Done.

Setting copied images as main startup software images for slot 16...

Done.

Successfully updated the startup software images of slot 16.

# In IRF mode, synchronize startup images from the global active MPU to the MPU in slot 16 on IRF member device 1.

<Sysname> boot-loader update chassis 1 slot 16

This command will update the specified standby MPU. Continue? [Y/N]:y

Updating. Please wait...

Copying main startup software images to chassis 1 slot 16. Please wait...

Done.

Setting copied images as main startup software images for chassis 1 slot 16...

Done.

Successfully updated the startup software images of chassis 1 slot 16.

Related commands

display boot-loader

bootrom backup

Use bootrom backup to back up the BootWare image in the Normal area to the Backup area on a BootWare.

Syntax

In standalone mode:

bootrom backup slot slot-number-list

In IRF mode:

bootrom backup chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Usage guidelines

A BootWare is divided into a Normal area and a Backup area. The BootWare image is stored in the Normal area and backed up to the Backup area. At startup, the system reads the BootWare image automatically from the Normal area. If the image is inaccessible, the system reads the BootWare image from the Backup area.

If the BootWare image in the Normal area is corrupted or requires a version rollback, use the bootrom restore command to copy the BootWare image in the Backup area to the Normal area.

Examples

# Back up the entire BootWare image from the Normal area to the Backup area.

<Sysname> bootrom backup chassis 1 slot 16

  Now backuping the Boot ROM, please wait...

......Done.

Related commands

bootrom restore

bootrom restore

Use bootrom restore to replace the BootWare image in the Normal area with the BootWare image in the Backup area for image restoration or version rollback.

Syntax

In standalone mode:

bootrom restore slot slot-number-list

In IRF mode:

bootrom restore chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Examples

# In standalone mode, restore the entire BootWare image.

<Sysname> bootrom restore slot 17

  This command will restore the Boot ROM file, Continue? [Y/N]:y

  Now restoring the Boot ROM, please wait...

......Done.

# In IRF mode, restore the entire BootWare image.

<Sysname> bootrom restore chassis 1 slot 17

  This command will restore the Boot ROM file, Continue? [Y/N]:y

  Now restoring the Boot ROM, please wait...

......Done.

Related commands

bootrom backup

bootrom update

Use bootrom update to load the BootWare image in a storage medium to the Normal area of BootWare.

Syntax

In standalone mode:

bootrom update file file-url slot slot-number-list

In IRF mode:

bootrom update file file-url chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

file file-url: Specifies the file path of a .bin BootWare image file, a case-insensitive string of 1 to 256 characters. The file path uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Usage guidelines

If a software upgrade requires upgrading the BootWare image, you can use this command to preload the new BootWare image to the BootWare before upgrading Comware images. This command helps shorten the subsequent upgrade time, reducing the risk of upgrade failure caused by unexpected electricity failure.

To complete the upgrade, reboot the device.

To save space, you can delete the BootWare image in the storage medium after completing the BootWare image upgrade.

Examples

# In standalone mode, use the file a.bin to upgrade the BootWare image.

<Sysname> bootrom update file flash:/a.bin slot 17

   This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

   Now updating the Boot ROM, please wait...

.............Done.

# In IRF mode, use the file a.bin to upgrade the BootWare image.

<Sysname> bootrom update file flash:/a.bin chassis 1 slot 17

   This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

   Now updating the Boot ROM, please wait...

.............Done.

Related commands

boot-loader file

bootrom-update security-check enable

Use bootrom-update security-check enable to enable BootWare image validity check.

Use undo bootrom-update security-check enable to disable BootWare image validity check.

Syntax

bootrom-update security-check enable

undo bootrom-update security-check enable

Default

BootWare image validity check is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Before a BootWare image upgrade starts, this feature examines the upgrade BootWare image for file validity and incompatibility with hardware. If the BootWare image passes the check, the upgrade process starts. If the check fails, the system does not perform the upgrade.

Examples

# Enable BootWare image validity check.

<Sysname> system-view

[Sysname] bootrom-update security-check enable

display boot-loader

Use display boot-loader to display current software images and startup software images.

Syntax

In standalone mode:

display boot-loader [ slot slot-number ]

In IRF mode:

display boot-loader [ chassis chassis-number [ slot slot-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies the slot number of an MPU. If you do not specify an MPU, this command displays the software images on each MPU. (In standalone mode.)

chassis chassis-number [slot slot-number ]: Specifies an IRF member device or an MPU in an IRF member device. The chassis-number argument represents the IRF member ID of the device. The slot-number argument represents the slot number of the MPU on the device. If you do not specify an IRF member device, this command displays the software images on each MPU in the IRF fabric. If you specify an IRF member device without specifying an MPU, this command displays the software images on each MPU on the specified member device. (In IRF mode.)

Examples

# In standalone mode, display current software images and startup software images.

<Sysname> display boot-loader

Software images on slot 17:

Current software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Main startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

  flash:/S12500X-CMW710-SSH.bin

Backup startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

# In IRF mode, displays current software images and startup software images.

<Sysname> display boot-loader

Software images on chassis 0 slot 16:

Current software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Main startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

  flash:/S12500X-CMW710-SSH.bin

Backup startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Table 21 Command output

Field

Description

Software images on slot slot-number

In standalone mode, this field displays the Comware images on the MPU in a specific slot.

Software images on chassis chassis-id slot slot-number

In IRF mode, this field displays the Comware images on a specific MPU. The chassis ID represents the IRF member ID, and the slot number represents the MPU's slot number.

Current software images

Comware images that have been loaded.

Main startup software images

Main Comware images for the next startup.

Backup startup software images

Backup Comware images for the next startup.

 

Related commands

boot-loader file

version auto-update enable

Use version auto-update enable to enable software synchronization from the active MPU to the standby MPU at startup.

Use undo version auto-update enable to disable this feature.

Syntax

version auto-update enable

undo version auto-update enable

Default

If software inconsistency is detected at startup, the standby MPU loads the current software images of the active MPU.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in standalone mode.

To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.

The startup software version check function examines the standby MPU's startup software images for version inconsistency with the active MPU's current software images at startup. If their software versions are different, the standby MPU copies the current software images of the active MPU, specifies them as main startup software images, and reboots with these images.

To ensure a successful synchronization in a multi-user environment, make sure no one reboots or swaps MPUs during the software synchronization process. You can configure the information center to output the synchronization status to configuration terminals (see Network Management and Monitoring Configuration Guide).

Examples

# Enable software auto-update for the standby MPU.

<Sysname> system-view

[Sysname] version auto-update enable

Related commands

version check ignore

version check ignore

Use version check ignore to disable startup software version check for the standby MPU at startup.

Use undo version check ignore to enable this feature.

Syntax

version check ignore

undo version check ignore

Default

The startup software images on the standby MPU are checked for version inconsistency with the current software images on the active MPU.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in standalone mode.

When the standby MPU starts up, this command disables the system to examine the standby MPU's startup software images for version inconsistency with the active MPU's current software images. The standby MPU can start up with a different software version than the active MPU.

The startup software version check function might fail to work because the software versions of the MPUs are incompatible.

To avoid problems, do not disable startup software version check for the standby MPU unless for software upgrade.

To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.

Examples

# Enable startup software version check for the standby MPU.

<Sysname> system-view

[Sysname] undo version check ignore

Related commands

version auto-update enable


ISSU commands

display install active

Use display install active to display active software images.

Syntax

display install active [ chassis chassis-number slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number slot slot-number: Specifies a card on an IRF member. If you do not specify this option, the command is applied to all cards in the IRF fabric.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only the names of the active software images.

Examples

# Display active software images.

<Sysname> display install active

Active packages on chassis 1 slot 17:

  flash:/boot.bin

  flash:/system.bin

# Display detailed information about active software images.

<Sysname> display install active verbose

Active packages on chassis 1 slot 17:   

  flash:/BOOT-E1133.bin

  [Package]                                                                     

  Vendor: H3C

  Product: S12500

  Service name: boot                                                           

  Platform version: 7.1.045                                                 

  Product version: ESS 1133

  Supported board: mpu lpu                                                     

  [Component]                                                                  

  Component: boot                                                               

  Description: boot package                                                    

                                                                               

  flash:/SYSTEM-E1133.bin

  [Package]                                                                     

  Vendor: H3C

  Product: S12500

  Service name: system                                                         

  Platform version: 7.1.045                                                    

  Product version: ESS 1133

  Supported board: mpu lpu                                                     

  [Component]                                                                  

  Component: system                                                            

  Description: system package

 

flash:/SYSTEM-Feature-E1133.bin.bin

[Package]

Vendor: H3C

Product: S12500

Service name: system-patch

Platform version: 7.1.045

Product version: ESS 1133

Supported board: mpu lpu

[Component]

Component: system-patch

Description: system-patch package

Table 22 Command output

Field

Description

Active packages on chassis m slot n

Active software images on the card in the specified slot of the specified member.

[Package]

Detailed information about the software image.

Service name

Image type:

·     boot—Boot image.

·     system—System image.

·     boot-patch—Patch image for the boot image.

·     system-patch—Patch image for the system image.

Supported board

Cards supported by the software image (the values vary with device models):

·     mpu—MPU.

·     lpuService card.

[Component]

Information about components included in the image file.

 

Related commands

install active

display install committed

Use display install committed to display main startup software images.

Syntax

display install committed [ chassis chassis-number slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number slot slot-number: Specifies a card on an IRF member. If you do not specify this option, the command is applied to all cards in the IRF fabric.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only the names of the software images.

Usage guidelines

The boot-loader file command can also change the main startup software image set.

For more information about main and backup startup software images and image sets, see Fundamental Configuration Guide.

Examples

# Display the main startup software images.

<Sysname> display install committed

Committed packages on chassis 1 slot 17:

 flash:/boot-E1133.bin

 flash:/system-E1133.bin

# Display detailed information about main startup software images.

<Sysname> display install committed verbose

Committed packages on chassis 1 slot 17:

 flash:/boot-E1133.bin

 [Package]

 Vendor: H3C

 Product: S12500

 Service name: boot

 Platform version: 7.1.045

 Product version: ESS 1133

 Supported board: mr, lc, sfc

 Version type: debug

 [Component]

 Component: boot

 Description: boot package

 

 flash:/system-E1133.bin

 [Package]

 Vendor: H3C

 Product: S12500

 Service name: system

 Platform version: 7.1.045

 Product version: ESS 1133

 Supported board: mr, lc, sfc

 Version type: debug

 [Component]

 Component: system

 Description: system package

 

flash:/SYSTEM-Feature-E1133.bin.bin

[Package]

Vendor: H3C

Product: S12500

Service name: system-patch

Platform version: 7.1.045

Product version: ESS 1133

Supported board: mpu lpu

[Component]

Component: system-patch

Description: system-patch package

For more information about the command output, see Table 22.

Related commands

boot-loader file

display install ipe-info

Use display install ipe-info to display the software images included in an .ipe file.

Syntax

display install ipe-info ipe-filename

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipe-filename: Specifies the name of an .ipe file in the global active MPU's Flash root directory in the format flash:/xxx.ipe or the name of an .ipe file in a global standby MPU's Flash root directory in the format chassismslotn#flash:/xxx.ipe, for example, chassis1slot17#flash:/a.ipe. It can be a case-insensitive string of 1 to 63 characters.

Usage guidelines

An .ipe file contains one or more software images. You can use the software images for a software upgrade.

Examples

# Display information about the .ipe file flash:/test.ipe.

<Sysname> display install ipe-info flash:/test.ipe

Verifying image file...Done.

Images in IPE:

  boot.bin

  system.bin

Related commands

display install package

display install package

Use display install package to display software image file information.

Syntax

display install package { filename | all } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

filename: Specifies the name of a software image file in the global MPU's Flash root directory in the format flash:/xxx.bin or the name of a software image file in a global standby MPU's Flash root directory in the format chassismslotn#flash:/xxx.bin, for example, chassis1slot17#flash:/a.bin. It can be a case-insensitive string of 1 to 63 characters.

all: Specifies all software image files in the root directories of the storage media on the master's active MPU.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only basic software image information.

Examples

# Display information about software image file system.bin.

<Sysname> display install package flash:/system.bin

  flash:/system.bin

  [Package]

  Vendor: H3C

  Product: S12500

  Service name: system

  Platform version: 7.1.045

  Product version: ESS 1133

  Supported board: mpu

  Version type: debug

# Display detailed information about software image file system.bin.

<Sysname> display install package flash:/system.bin verbose

  flash:/system.bin

  [Package]

  Vendor: H3C

  Product: S12500

  Service name: system

  Platform version: 7.1.045

  Product version: ESS 1133

  Supported board: mpu

  Version type: debug

  [Component]

  Component: system

  Description: system package

For more information about the command output, see Table 22.

display issu rollback-timer

Use display issu rollback-timer to display automatic rollback timer information.

Syntax

display issu rollback-timer

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Change to the automatic rollback interval does not take effect on the ongoing ISSU process. The current remaining rollback time might be greater than the configured automatic rollback interval.

Examples

# Display automatic rollback timer information after the issu run switchover command is executed.

<Sysname> display issu rollback-timer

Rollback timer: Working

Rollback interval: 45 minutes

Rollback time remaining : 40 minutes

# Display automatic rollback timer information after the issu accept command is executed.

<Sysname> display issu rollback-timer

Rollback timer: Not working

Rollback interval: 30 minutes

# Display automatic rollback timer information when no ISSU process is taking place.

<Sysname> display issu rollback-timer

Rollback timer: Not working

Rollback interval: 45 minutes

Related commands

issu rollback-timer

display issu state

Use display issu state to display ISSU status information.

Syntax

display issu state

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The key to an ISSU is to follow the correct upgrade procedure. By using this command to view the ISSU status, you can determine what to do next.

Examples

# Display ISSU status information when no upgrade is going on.

<Sysname> display issu state

ISSU state: Init

Compatibility: Unknown

Work state: Normal

Upgrade method: Card by card

Upgraded slot: None

Current upgrading slot: None

Current version list:

  boot: 7.1.045, E1133

  system: 7.1.045, E1133

Current software images:

  flash:/boot.bin

  flash:/system.bin

Table 23 Command output

Field

Description

ISSU state

ISSU status:

·     Init—The ISSU process has not started or has finished.

·     Loading—The system is executing the issu load command.

·     Loaded—The issu load command is completed.

·     Switching—The system is executing the issu run switchover command.

·     Switchover—The issu run switchover command is completed.

·     Accepted—The issu accept command is completed.

·     Committing—The system is executing the issu commit command.

·     Rollbacking—A rollback is going on.

·     Unknown—An upgrade is going on. This field might appear when you execute the command on an origin