01-Fundamentals Command Reference

HomeSupportReference GuidesCommand ReferencesH3C S12500-X & S12500X-AF Switch Series Command References-Release 113x-6W10101-Fundamentals Command Reference
Table of Contents
Related Documents
01-Text
Title Size Download
01-Text 1.24 MB

Contents

Basic CLI commands· 1

alias· 1

display | { begin | exclude | include } 2

display | by-linenum·· 3

display >· 4

display >>· 5

display alias· 6

display history-command· 7

display history-command all 7

display hotkey· 8

hotkey· 9

quit 10

return· 10

screen-length disable· 11

system-view· 12

Login management commands· 13

activation-key· 13

authentication-mode· 14

auto-execute command· 15

command accounting· 17

command authorization· 17

databits· 18

display line· 19

display telnet client 20

display user-interface· 21

display users· 22

escape-key· 23

flow-control 25

free line· 25

free user-interface· 26

history-command max-size· 27

idle-timeout 28

line· 29

line class· 30

lock· 31

parity· 32

protocol inbound· 32

screen-length· 34

send· 34

set authentication password· 35

shell 36

speed· 37

stopbits· 38

telnet 38

telnet client source· 39

telnet server acl 40

telnet server dscp· 41

telnet server enable· 42

terminal type· 42

user-interface· 43

user-interface class· 44

user-role· 45

RBAC commands· 47

description· 47

display role· 47

display role feature· 49

display role feature-group· 53

feature· 53

interface policy deny· 54

permit interface· 55

permit vlan· 57

permit vpn-instance· 58

role· 59

role default-role enable· 60

role feature-group· 61

rule· 62

super 66

super authentication-mode· 66

super default role· 67

super password· 68

vlan policy deny· 69

vpn-instance policy deny· 70

FTP commands· 72

FTP server commands· 72

display ftp-server 72

display ftp-user 72

free ftp user 73

free ftp user-ip· 74

ftp server acl 74

ftp server dscp· 75

ftp server enable· 76

ftp timeout 76

FTP client commands· 77

append· 77

ascii 77

binary· 78

bye· 79

cd· 79

cdup· 80

close· 81

debug· 81

delete· 82

dir 82

disconnect 83

display ftp client source· 84

ftp· 84

ftp client source· 85

get 86

help· 87

lcd· 88

ls· 89

mkdir 89

newer 90

open· 91

passive· 91

put 92

pwd· 93

quit 94

reget 94

rename· 95

reset 96

restart 96

rhelp· 97

rmdir 98

rstatus· 99

status· 100

system·· 101

user 102

verbose· 102

?· 103

TFTP commands· 105

tftp· 105

tftp client source· 106

tftp-server acl 107

File system management commands· 109

cd· 109

copy· 111

delete· 112

dir 114

fdisk· 116

file prompt 117

fixdisk· 118

format 119

gunzip· 119

gzip· 120

md5sum·· 121

mkdir 121

more· 122

mount 123

move· 124

pwd· 125

rename· 125

reset recycle-bin· 126

rmdir 126

sha256sum·· 127

tar create· 128

tar extract 128

tar list 129

umount 130

undelete· 131

Configuration file management commands· 133

backup startup-configuration· 133

configuration commit 133

configuration commit delay· 134

configuration encrypt 135

display current-configuration· 136

display current-configuration diff 137

display default-configuration· 138

display diff 139

display saved-configuration· 140

display startup· 141

display this· 143

reset saved-configuration· 144

restore startup-configuration· 145

save· 146

startup saved-configuration· 149

Software upgrade commands· 151

boot-loader file· 151

boot-loader update· 153

bootrom backup· 154

bootrom restore· 155

bootrom update· 156

bootrom-update security-check enable· 157

display boot-loader 157

version auto-update enable· 159

version check ignore· 159

ISSU commands· 161

display install active· 161

display install committed· 162

display install ipe-info· 164

display install package· 165

display issu rollback-timer 166

display issu state· 166

display version comp-matrix· 168

install activate· 170

install add· 171

install commit 172

install deactivate· 172

issu accept 173

issu commit 173

issu load· 174

issu rollback· 176

issu rollback-timer 176

issu run switchover 177

Device management commands· 179

clock datetime· 179

clock protocol 180

clock summer-time· 180

clock timezone· 182

command· 183

copyright-info enable· 184

diagnostic start test 185

display alarm·· 185

display clock· 187

display copyright 187

display cpu-usage· 188

display cpu-usage configuration· 190

display cpu-usage history· 190

display device· 193

display device manuinfo· 195

display device manuinfo fan· 198

display device manuinfo power 199

display diagnostic content 200

display diagnostic-information· 202

display environment 203

display exception filepath· 204

display fan· 205

display hardware-resource· 206

display memory· 207

display memory-threshold· 209

display power 211

display scheduler job· 211

display scheduler logfile· 212

display scheduler reboot 213

display scheduler schedule· 214

display system stable state· 215

display system-working-mode· 216

display transceiver alarm·· 217

display transceiver diagnosis· 218

display transceiver interface· 219

display transceiver manuinfo· 220

display version· 221

display version-update-record· 221

exception filepath· 222

hardware-resource tcam·· 223

header 224

job· 225

memory-threshold· 226

memory-threshold usage· 227

monitor cpu-usage enable· 228

monitor cpu-usage interval 229

monitor cpu-usage threshold· 230

password-recovery enable· 231

process core· 231

reboot 232

reset scheduler logfile· 235

reset version-update-record· 236

scheduler job· 236

scheduler logfile size· 237

scheduler reboot at 237

scheduler reboot delay· 238

scheduler schedule· 239

shutdown-interval 240

switch-fabric isolate· 241

sysname· 242

system-working-mode· 242

temperature-limit 243

time at 245

time once· 245

time repeating· 247

user-role· 248

MDC commands· 250

MDC commands for the default MDC· 250

allocate interface· 250

display mdc· 252

display mdc interface· 253

display mdc resource· 254

limit-resource cpu· 256

limit-resource memory· 257

location· 258

switchto mdc· 259

mdc· 260

mdc start 260

MDC commands for non-default MDCs· 261

display mdc· 261

display mdc interface· 261

display mdc resource· 262

switchback· 264

Python commands· 265

exit() 265

python· 265

python filename· 266

License management commands· 267

display license· 267

display license feature· 268

display license device-id· 269

license activation-file install 270

license activation-file uninstall 271

license compress· 272

Preprovisioning commands· 274

chassis slot 274

display provision failed-config· 274

provision· 275

slot 276

reset provision failed-config· 276

Index· 278

 


Basic CLI commands

alias

Use alias to configure a command alias.

Use undo alias to remove a command alias.

Syntax

alias alias command

undo alias alias

Default

The system defines a set of command aliases, as listed in Table 1.

Table 1 System-defined command aliases

Alias

Command string

access-list

acl

end

return

erase

delete

exit

quit

hostname

sysname

logging

info-center

no

undo

show

display

write

save

 

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

alias: Specifies an alias, a case-sensitive string of 1 to 20 characters. An alias cannot be alias or contain spaces.

command: Specifies a command string. Make sure the command string meets the syntax requirements.

Usage guidelines

You can configure an alias for a command or the starting keywords of commands, and use the alias to execute the command or commands.

For example, if you configure the alias siprt for display ip routing-table, you can enter siprt to execute the display ip routing-table command. If you configure the alias ship for display ip, you can use ship to execute all commands starting with display ip:

·     Enter ship routing-table to execute the display ip routing-table command.

·     Enter ship interface to execute the display ip interface command.

The command string can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the display ip $1 | include $2 command. Then, to execute the display ip interface | include GigabitEthernet0/0/1 command, you only need to enter shinc interface GigabitEthernet0/0/1.

Examples

# Configure the alias shiprt for the display ip routing-table command and verify the configuration.

<Sysname> system-view

[Sysname] alias shiprt display ip routing-table

[Sysname] shiprt

Destinations : 12        Routes : 12

Destination/Mask   Proto   Pre Cost        NextHop         Interface

0.0.0.0/32         Direct  0   0           127.0.0.1       InLoop0

3.3.3.3/32         Static  60  0           192.168.1.62    GE0/0

127.0.0.0/8        Direct  0   0           127.0.0.1       InLoop0

127.0.0.0/32       Direct  0   0           127.0.0.1       InLoop0

127.0.0.1/32       Direct  0   0           127.0.0.1       InLoop0

127.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

169.254.0.0/24     Direct  0   0           169.254.0.188   GE0/0

169.254.0.0/32     Direct  0   0           169.254.0.188   GE0/0

169.254.0.188/32   Direct  0   0           127.0.0.1       InLoop0

169.254.0.255/32   Direct  0   0           169.254.0.188   GE0/0

192.168.57.0/24    RIP     100 1           192.168.1.62    GE0/0

224.0.0.0/4        Direct  0   0           0.0.0.0         NULL0

224.0.0.0/24       Direct  0   0           0.0.0.0         NULL0

255.255.255.255/32 Direct  0   0           127.0.0.1       InLoop0

# Configure the alias shinc for display ip $1 | include $2.

[Sysname] alias shinc display ip $1 | include $2

# Use the alias shinc to display all static routes.

[Sysname] shinc routing-table Static

3.3.3.3/32         Static  60  0           192.168.1.62    GE0/0

# Use the alias shinc to display all RIP routes.

[Sysname] shinc routing-table RIP

192.168.57.0/24    RIP     100 1           192.168.1.62    GE0/0

Related commands

display alias

display | { begin | exclude | include }

Use display | { begin | exclude | include } to filter the output from a display command with a regular expression.

Syntax

display command | { begin | exclude | include } regular-expression

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

begin: Displays the first line matching the specified regular expression and all subsequent lines.

exclude: Displays all lines not matching the specified regular expression.

include: Displays all lines matching the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Usage guidelines

Use the | { begin | exclude | include } regular-expression option with a display command to filter the command output. For more information about regular expressions, see Fundamentals Configuration Guide.

Examples

# Display the lines that contain "vlan" in the running configuration.

<Sysname> display current-configuration | include vlan

vlan 1

vlan 999

 port access vlan 999

display | by-linenum

Use display | by-linenum to number each output line for a display command.

Syntax

display command | by-linenum

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

Usage guidelines

By numbering each output line from a display command, you can easily identify the lines of interest.

Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen (-). If you specify the | by-linenum option and the | begin regular-expression option for a display command, a hyphen is displayed for all lines that do not match the regular expression.

Examples

# Display VLAN 999 settings, with each output line identified by a number.

<Sysname> display vlan 999 | by-linenum

    1:  VLAN ID: 999

    2:  VLAN type: Static

    3:  Route interface: Configured

    4:  IP address: 192.168.2.1

    5:  Subnet mask: 255.255.255.0

    6:  Description: For LAN Access

    7:  Name: VLAN 0999

    8:  Tagged ports:   None

    9:  Untagged ports:

   10:     FortyGigE1/0/1

# Display the first line that begins with "user-group" in the running configuration and all of the following lines.

<Sysname> display current-configuration | by-linenum begin user-group

  114:  user-group system

  115-  #

  116-  return

display >

Use display > to save the output from a display command to a separate file.

Syntax

display command > filename

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use the display > command to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system overwrites the file.

Examples

# Save VLAN 1 settings to a separate file named vlan.txt.

<Sysname> display vlan 1 > vlan.txt

# Verify the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0001

 Name: VLAN 0001

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

display >>

Use display >> to append the output from a display command to the end of a file.

Syntax

display command >> filename

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.

filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.

Usage guidelines

The display commands show the configuration, statistics, and states of the device. You can use display >> to save the output to a file.

If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system appends the output to the end of the file.

Examples

# Append the VLAN 999 settings to the end of the vlan.txt file.

<Sysname> display vlan 999 >> vlan.txt

# Check the content of the vlan.txt file.

<Sysname> more vlan.txt

VLAN ID: 1

 VLAN type: Static

 Route interface: Not configured

 Description: VLAN 0001

 Name: VLAN 0001

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/2

 

 VLAN ID: 999

 VLAN type: Static

 Route interface: Configured

 IP address: 192.168.2.1

 Subnet mask: 255.255.255.0

 Description: For LAN Access

 Name: VLAN 0999

 Tagged ports:   None

 Untagged ports:

    FortyGigE1/0/1

display alias

Use display alias to display command aliases.

Syntax

display alias [ alias ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

alias: Specifies a command alias. If you do not specify this argument, the command displays all command aliases.

Examples

# Display all command aliases.

<Sysname> display alias

Index     Alias                Command key

1         access-list          acl

2         end                  return

3         erase                delete

4         exit                 quit

5         hostname             sysname

6         logging              info-center

7         no                   undo

8         shinc                display $1 | include $2

9         show                 display

10        sirt                 display ip routing-table

11        write                save

# Display the command alias shinc.

<Sysname> display alias shinc

Alias                Command key

shinc                display $1 | include $2

Related commands

alias

display history-command

Use display history-command to display all commands that are saved in the command history buffer for the current CLI session.

Syntax

display history-command

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again.

By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size.

Examples

# Display all commands saved in the command history buffer for the current CLI session.

<Sysname> display history-command

  system-view

  vlan 2

  quit

Related commands

history-command max-size

display history-command all

Use display history-command all to display all commands saved in the command history buffer for all CLI sessions.

Syntax

display history-command all

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The system automatically saves commands successfully executed by users to the command history buffer for all CLI sessions. Users can view them and execute them again.

Up to 1024 commands can be saved in the command history buffer. When this number is reached, the system deletes the earliest commands to make room for newly executed commands.

Examples

# Display all commands saved in the command history buffer for all CLI sessions.

<Sysname> display history-command all

  Date       Time     Terminal   Ip              User

  03/16/2013 20:03:33 vty0       192.168.1.26    **

  Cmd:dis his all

 

  03/16/2013 20:03:29 vty0       192.168.1.26    **

  Cmd:sys

Related commands

display history-command

display hotkey

Use display hotkey to display hotkey information.

Syntax

display hotkey

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display hotkey information.

<Sysname> display hotkey

----------------- Hotkeys -----------------

           -Defined command hotkeys-

CTRL_G display current-configuration

CTRL_L display ip routing-table

CTRL_O undo debugging all

 

           -Undefined command hotkeys-

CTRL_T NULL

CTRL_U NULL

 

           -System-reserved hotkeys-

CTRL_A  Move the cursor to the beginning of the line.

CTRL_B  Move the cursor one character to the left.

CTRL_C  Stop the current command.

CTRL_D  Erase the character at the cursor.

CTRL_E  Move the cursor to the end of the line.

CTRL_F  Move the cursor one character to the right.

CTRL_H  Erase the character to the left of the cursor.

CTRL_K  Abort the connection request.

CTRL_N  Display the next command in the history buffer.

CTRL_P  Display the previous command in the history buffer.

CTRL_R  Redisplay the current line.

CTRL_V  Paste text from the clipboard.

CTRL_W  Delete the word to the left of the cursor.

CTRL_X  Delete all characters from the beginning of the line to the cursor.

CTRL_Y  Delete all characters from the cursor to the end of the line.

CTRL_Z  Return to the User View.

CTRL_]  Kill incoming connection or redirect connection.

ESC_B   Move the cursor back one word.

ESC_D   Delete all characters from the cursor to the end of the word.

ESC_F   Move the cursor forward one word.

Related commands

hotkey

hotkey

Use hotkey to assign a command to a configurable hotkey.

Use undo hotkey to restore the default.

Syntax

hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command

undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }

Default

·     Ctrl_G: display current-configuration (display the running configuration).

·     Ctrl_L: display ip routing-table (display the IPv4 routing table information).

·     Ctrl_O: undo debugging all (disable all debugging functions).

·     Ctrl_T: No command is assigned to this hotkey.

·     Ctrl_U: No command is assigned to this hotkey.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

CTRL_G: Assigns a command to Ctrl+G.

CTRL_L: Assigns a command to Ctrl+L.

CTRL_O: Assigns a command to Ctrl+O.

CTRL_T: Assigns a command to Ctrl+T.

CTRL_U: Assigns a command to Ctrl+U.

command: Specifies the command to be assigned to the hotkey.

Usage guidelines

The system defines some hotkeys and provides five configurable command hotkeys. Pressing a hotkey executes the command assigned to the hotkey.

To display system-defined and configurable hotkeys, use the display hotkey command.

Examples

# Assign the display tcp status command to the hotkey Ctrl+T.

<Sysname> system-view

[Sysname] hotkey ctrl_t display tcp status

Related commands

display hotkey

quit

Use quit to return to the upper-level view.

Syntax

quit

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Executing this command in user view disconnects you from the device.

Examples

# Return from FortyGigE 1/0/1 interface view to system view and then to user view.

[Sysname-FortyGigE1/0/1] quit

[Sysname] quit

<Sysname>

return

Use return to return to user view from any other view.

Syntax

return

Views

Any view except user view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Pressing Ctrl+Z has the same effect as the return command.

Examples

# Return to user view from FortyGigE 1/0/1 interface view.

[Sysname-FortyGigE1/0/1] return

<Sysname>

screen-length disable

Use screen-length disable to disable pausing between screens of output for the current session.

Use undo screen-length disable to enable pausing between screens of output for the current session.

Syntax

screen-length disable

undo screen-length disable

Default

The default depends on the configuration of the screen-length command in user line view.

The following are default settings for the screen-length command:

·     Pausing between screens of output.

·     Displaying up to 24 lines on a screen.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

If you disable pausing between screens of output, all output is displayed. The screen is refreshed continuously until the final screen is displayed.

This command takes effect only for the current session. When you are logged out, the default is restored.

Examples

# Disable pausing between screens of output for the current session.

<Sysname> screen-length disable

Related commands

screen-length

system-view

Use system-view to enter system view from user view.

Syntax

system-view

Views

User view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Enter system view from user view.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname]


Login management commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

Some login management commands are not supported in some user line views but can be configured in the corresponding user line class views. However, the commands do not take effect. This chapter provides only remarks about commands that are not supported in user line view.

activation-key

Use activation-key to define a shortcut key for starting a terminal session.

Use undo activation-key to restore the default.

Syntax

activation-key character

undo activation-key

Default

Pressing Enter starts a terminal session.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

character: Specifies the shortcut key. It can be a single character, a key sequence, or the ASCII code value (in the range of 0 to 127) of the character or key sequence.

Usage guidelines

This command is not supported in VTY line view or VTY line class view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

To display the shortcut key you have defined, use the display current-configuration | include activation-key command.

Examples

# Configure character s as the shortcut key for starting a terminal session on the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] activation-key s

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

authentication-mode

Use authentication-mode to set the authentication mode for a user line.

Use undo authentication-mode to restore the default.

Syntax

In non-FIPS mode:

authentication-mode { none | password | scheme }

undo authentication-mode

In FIPS mode:

authentication-mode scheme

undo authentication-mode

Default

In non-FIPS mode, the authentication mode is password for VTY lines, and none for AUX lines.

In FIPS mode, the authentication mode is scheme.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

none: Disables authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.

Usage guidelines

When the authentication mode is none, any user can log in without authentication. To improve device security, use the password or scheme authentication mode.

In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable the none authentication mode for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode none

# Enable password authentication for the user line VTY 0 and set the password to 321.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode password

[Sysname-line-vty0] set authentication password simple 321

# Enable scheme authentication for the user line VTY 0, set the username to 123 and the password to 321, and authorize the Telnet service and network-admin user role to the user.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] authentication-mode scheme

[Sysname-line-vty0] quit

[Sysname] local-user 123

[Sysname-luser-manage-123] password simple 321

[Sysname-luser-manage-123] service-type telnet

[Sysname-luser-manage-123] authorization-attribute user-role network-admin

Related commands

set authentication password

auto-execute command

CAUTION

CAUTION:

After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration.

 

Use auto-execute command to specify the command to be automatically executed for login users.

Use undo auto-execute command to delete the configuration.

Syntax

auto-execute command command

undo auto-execute command

Default

Command auto-execution is disabled.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

command: Specifies the command to be automatically executed.

Usage guidelines

This command is not supported in AUX line view or AUX line class view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

The device automatically executes the specified command when a user logs in through the user line, and closes the user connection after the command is executed. If the command triggers another task, the device does not close the user connection until the task is completed.

Typically, you configure the auto-execute command telnet X.X.X.X command on the device so the device redirects a Telnet user to the host at X.X.X.X. In this case, the connection to the current device is closed when the user terminates the Telnet connection to X.X.X.X.

Examples

# Configure the device to automatically Telnet to 192.168.1.41 after a user logs in through user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] auto-execute command telnet 192.168.1.41

% This action will lead to configuration failure through line-vty0. Are you sure?

[Y/N]:y

[Sysname-line-vty0]

# To verify the configuration, Telnet to 192.168.1.40.

The device automatically Telnets to 192.168.1.41, and the following output is displayed:

C:\> telnet 192.168.1.40

******************************************************************************

* * Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

<Sysname>

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

******************************************************************************

* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

<Sysname.41>

This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.

command accounting

Use command accounting to enable command accounting.

Use undo command accounting to restore the default.

Syntax

command accounting

undo command accounting

Default

Command accounting is disabled. The accounting server does not record executed commands.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.

Invalid commands issued by users are not recorded.

If the command accounting command is configured in user line class view, command accounting is enabled on all user lines in the class, and you cannot configure the undo command accounting command in the view of a user line in the class.

Examples

# Enable command accounting for the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command accounting

Related commands

·     accounting command (Security Command Reference)

·     command authorization

command authorization

Use command authorization to enable command authorization.

Use undo command authorization to restore the default.

Syntax

command authorization

undo command authorization

Default

Command authorization is disabled. Logged-in users can execute commands without authorization.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When command authorization is enabled, a command is available only if the user has the commensurate user role and is authorized to use the command by the AAA scheme.

If the command authorization command is configured in user line class view:

·     Command authorization is enabled on all user lines in the class.

·     You cannot configure the undo command authorization command in the view of a user line in the class.

Examples

# Enable command accounting for VTY 0 so its user can execute only authorized commands that are permitted by the user role.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] command authorization

Related commands

authorization command (Security Command Reference)

databits

Use databits to specify the number of data bits for each character.

Use undo databits to restore the default.

Syntax

databits { 5 | 6 | 7 | 8 }

undo databits

Default

Eight data bits are used for each character.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

5: Uses five data bits for each character.

6: Uses six data bits for each character.

7: Uses seven data bits for each character.

8: Uses eight data bits for each character.

Usage guidelines

This command is not supported in VTY line view.

This setting must be the same as that on the configuration terminal.

Examples

# Configure AUX 0 to use five data bits for each character.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] databits 5

display line

Use display line to display user line information.

Syntax

display line [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Examples

# Display user line information.

<Sysname> display line 1

  Idx  Type     Tx/Rx      Modem Auth  Int                                     

F 1    AUX 1    9600       -     N     -                                       

                                                                               

  +    : Line is active.                                                        

  F    : Line is active and in async mode.                                     

  Idx  : Absolute index of line.                                               

  Type : Type and relative index of line.                                      

  Auth : Login authentication mode.                                            

  Int  : Physical port of the line.                                            

  A    : Authentication use AAA.                                               

  N    : No authentication is required.                                        

  P    : Password authentication.

Table 2 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

 

# In IRF mode, display summary information about all user lines.

<Sysname> display line summary

  Line type : [AUX]

           0:XUXX XXXX                                                         

  Line type : [VTY]                                                            

           8:UUXU UUUU UXXX XXXX                                               

          24:XXXX XXXX XXXX XXXX                                               

          40:XXXX XXXX XXXX XXXX                                               

          56:XXXX XXXX XXXX XXXX                                               

                                                                                

   9 lines used.      (U)                                                      

  63 lines not used.  (X)

Table 3 Command output

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "0:XUXX XXXX" is displayed, the user line class has eight user lines. The user lines use the absolute numbers 0 through 7. User line 1 is being used, and the others are not.

 

display telnet client

Use display telnet client to display the source IPv4 address or source line configured for the device to use for outgoing Telnet packets when serving as a Telnet client.

Syntax

display telnet client

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the Telnet client configuration of the device when it serves as a Telnet client.

<Sysname> display telnet client

 The source IP address is 1.1.1.1.

The output shows that the device uses the source IPv4 address 1.1.1.1 for outgoing Telnet packets when it serves as a Telnet client.

Related commands

telnet client source

display user-interface

Use display user-interface to display user line information.

Syntax

display user-interface [ number1 | { aux | vty } number2 ] [ summary ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.

Usage guidelines

This is an older command reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.

Examples

# Display user line information.

<Sysname> display user-interface 1

  Idx  Type     Tx/Rx      Modem Auth  Int                                     

+ 1    VTY 0               -     N     -                                    

                                                                                

  +    : Line is active.                                                       

  F    : Line is active and in async mode.                                     

  Idx  : Absolute index of line.                                               

  Type : Type and relative index of line.                                      

  Auth : Login authentication mode.                                            

  Int  : Physical port of the line.                                            

  A    : Authentication use AAA.                                               

  N    : No authentication is required.                                        

  P    : Password authentication

Table 4 Command output

Field

Description

Modem

Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-).

 

# In IRF mode, display summary information about all user lines.

<Sysname> display user-interface summary

Line type : [AUX]                                                            

           0:XUXX XXXX                                                         

  Line type : [VTY]                                                            

           8:UXXX XXXX XXXX XXXX                                               

          24:XXXX XXXX XXXX XXXX                                               

          40:XXXX XXXX XXXX XXXX                                               

          56:XXXX XXXX XXXX XXXX                                               

                                                                               

   1 lines used.      (U)                                                      

  71 lines not used.  (X)

Table 5 Command output

Fields

Description

number:status

number: Absolute number of the first user line in the user line class.

status: User line status. X is for unused and U is for used.

For example, if "0:XUXX XXXX" is displayed, the user line class has eight user lines. The user lines use the absolute numbers 0 through 7. User line 1 is being used, and the others are not.

 

display users

Use display users to display online CLI user information.

Syntax

display users [ all ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

all: Displays all user lines supported by the device.

Examples

# Display online user information.

<Sysname> display users

  Idx  Line    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

 

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

The output shows that two users have logged in to the device: one is using user line VTY 0 and the other (yourself) is using VTY 1. Your IP address is 192.168.1.26.

Table 6 Command output

Field

Description

Idx

Absolute number of the user line.

Line

Type and relative number of the user line.

Idle

Time elapsed after the user's most recent input, in the hh:mm:ss format.

Time

Login time of the user.

Pid

Process ID of the user session.

Type

User type, such as Telnet, SSH.

+

Indicates the user line you are using.

Location

IP address of the user.

 

escape-key

Use escape-key to set the escape key.

Use undo escape-key to disable the escape key.

Syntax

escape-key { character | default }

undo escape-key [ default ]

Default

The escape key is Ctrl+C.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

character: Specifies the shortcut key. It can be a single character, a key sequence, or the ASCII code value (in the range of 0 to 127) of the character or key sequence.

default: Restores the default escape key sequence Ctrl+C.

Usage guidelines

You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.

Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the description of the command.

As a best practice, use a key sequence as the shortcut key. If you define a single character as the shortcut key, pressing the key while a command is being executed stops the command. If no command is being executed, the result depends on the following:

·     If you are managing the local device, pressing the key enters the character as a common character.

·     If you Telnet to another device and manage the remote device, pressing the key does nothing.

You can execute this command multiple times, but only the most recent configuration takes effect. To view the current shortcut key definition, use the display current-configuration command.

The undo escape-key command disables the current escape key. After you execute this command, no escape key is available.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Define character a as the shortcut key for terminating a task.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] escape-key a

To verify the configuration:

1.     Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.

<Sysname> ping -c 20 192.168.1.49

  PING 192.168.1.49: 56  data bytes, press a to break

    Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

    Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2.     Press a.

The task is terminated, and the system returns to user view.

  --- 192.168.1.49 ping statistics ---

    2 packet(s) transmitted

    2 packet(s) received

    0.00% packet loss

    round-trip min/avg/max = 3/3/3 ms

<Sysname>

flow-control

Use flow-control to configure the flow control mode.

Use undo flow-control to restore the default.

Syntax

flow-control { hardware | none | software }

undo flow-control

Default

The flow control mode is none.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

hardware: Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Usage guidelines

This command is not supported in VTY line view.

The device supports flow control in both the inbound and outbound directions:

·     For flow control in the inbound direction, the local device listens to flow control information from the remote device.

·     For flow control in the outbound direction, the local device sends flow control information to the remote device.

The flow control setting takes effect in both directions.

To communicate, two devices must be configured with the same flow control mode.

Examples

# Configure software flow control in the inbound and outbound directions for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] flow-control software

free line

Use free line to release a user line.

Syntax

free line { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

This command does not release the line you are using.

Examples

# Release the user line VTY 1:

1.     Display online users.

<Sysname> display users

  Idx  Line    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

 

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

2.     If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free line vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

free user-interface

Use free user-interface to release a user line.

Syntax

free user-interface { number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

This command does not release the line you are using.

This is an older command reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.

Examples

# Release the user line VTY 1:

1.     Display online users.

<Sysname> display users

  Idx  LINE    Idle       Time              Pid     Type

  10   VTY 0   00:10:49   Jun 11 11:27:32   320     TEL

+ 11   VTY 1   00:00:00   Jun 11 11:39:40   334     TEL

Following are more details.

VTY 0   :

        Location: 192.168.1.12

VTY 1   :

        Location: 192.168.1.26

 +    : Current operation user.

 F    : Current operation user works in async mode.

2.     If the operations of the user on VTY 1 impact your operations, log out the user.

<Sysname> free user-interface vty 1

Are you sure to free line vty1? [Y/N]:y

 [OK]

history-command max-size

Use history-command max-size to set the size of the command history buffer for a user line.

Use undo history-command max-size to restore the default.

Syntax

history-command max-size size-value

undo history-command max-size

Default

The buffer of a user line saves up to 10 history commands.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.

Usage guidelines

Each user line uses a separate command history buffer to save commands successfully executed by its user. The size of the buffer determines how many history commands the buffer can store.

To view stored history commands on your user line, press the up arrow key or down arrow key or execute the display history-command command.

Terminating a CLI session clears the commands in the history buffer.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the size of the command history buffer to 20 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] history-command max-size 20

idle-timeout

Use idle-timeout to set the CLI connection idle-timeout timer.

Use undo idle-timeout to restore the default.

Syntax

idle-timeout minutes [ seconds ]

undo idle-timeout

Default

The CLI connection idle-timeout timer is 10 minutes.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

minutes: Specifies the number of minutes for the timer, in the range of 0 to 35791. The default is 10 minutes.

seconds: Specifies the number of seconds for the timer, in the range of 0 to 59. The default is 0 seconds.

Usage guidelines

The system automatically terminates the user connection on the user line if there is no information interaction between the device and the user within the idle-timeout interval.

Setting the CLI connection idle-timeout timer to 0 disables the idle-timeout feature.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] idle-timeout 1 30

line

Use line to enter one or multiple user line views.

Syntax

line { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

first-number1: Specifies the absolute number of the first user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

last-number2: Specifies the relative number of the last user line. This number cannot be smaller than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4]

Related commands

line class

line class

Use line class to enter user line class view.

Syntax

line class { aux | vty }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] line class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX 0 line view, restore the default shortcut key for starting a terminal session.

[Sysname] line aux 0

[Sysname-line-aux0] undo activation-key

Alternatively:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

line

lock

Use lock to lock the current user line. This method prevents unauthorized users from using the user line.

Syntax

lock

Default

By default, the system does not lock any user line.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is not supported in FIPS mode.

This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.

To unlock the user line, press Enter and enter the password you set.

Examples

# Lock the current user line and set the password for unlocking the line.

<Sysname> lock

Please input password<1 to 16> to lock current line:

Password:

Again:

 

                   locked !

// The user line is locked. To unlock it, press Enter and enter the password:

Password:

<Sysname>

parity

Use parity to specify a parity check mode.

Use undo parity to restore the default.

Syntax

parity { even | mark | none | odd | space }

undo parity

Default

The setting is none, and no parity check is performed.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

even: Performs even parity check.

mark: Performs mark parity check.

none: Disables parity check.

odd: Performs odd parity check.

space: Performs space parity check.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same parity check mode to communicate.

Examples

# Configure user line AUX 0 to perform odd parity check.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] parity odd

protocol inbound

Use protocol inbound to enable a user line to support Telnet, SSH, or both protocols.

Use undo protocol inbound to restore the default.

Syntax

In non-FIPS mode:

protocol inbound { all | ssh | telnet }

undo protocol inbound

In FIPS mode:

protocol inbound ssh

undo protocol inbound

Default

In non-FIPS mode, both protocols are supported.

In FIPS mode, SSH is supported.

Views

VTY line view, VTY line class view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Supports both protocols.

ssh: Supports SSH only.

telnet: Supports Telnet only.

Usage guidelines

This configuration is effective only for a user who logs in through the user line after the configuration is completed.

Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.

In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for only one of the two commands in VTY line view, the other command uses the default setting, regardless of the setting in VTY line class view.

Examples

# Enable user lines VTY 0 through VTY 4 to support only SSH.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] authentication-mode scheme

[Sysname-line-vty0-4] protocol inbound ssh

# Enable scheme authentication for the VTY line class and enable the line class to support only SSH. Disable authentication for VTY lines 0 through 4.

<Sysname> system-view

[Sysname] line class vty

[Sysname-line-class-vty] authentication-mode scheme

[Sysname-line-class-vty] protocol inbound ssh

[Sysname-line-class-vty] line vty 0 4

[Sysname-line-vty0-4] authentication-mode none

screen-length

Use screen-length to set the maximum number of lines to be displayed on a screen.

Use undo screen-length to restore the default.

Syntax

screen-length screen-length

undo screen-length

Default

Up to 24 lines are displayed on a screen.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

screen-length: Specifies the maximum number of lines to be displayed on a screen, in the range of 0 to 512. Setting this argument to 0 disables pausing between screens of output.

Usage guidelines

This command sets the maximum number of lines that can be displayed on one screen when the screen pause feature is enabled. If the screen pause feature is disabled, the system displays command output without any pause.

The actual number of lines that can be displayed on a screen is restricted by the display specification of the configuration terminal. For example, if you set the maximum number of lines for a screen to 40 when the display specification is 24 lines, the device sends 40 lines to the screen at a time, but only the last 24 lines are displayed on the screen. To view the previous 16 lines, you must press PgUp.

The screen pause feature is enabled by default. To disable this feature, use the screen-length 0 or screen-length disable command. The screen-length disable command is available in user view.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the maximum number of lines to be displayed on a screen to 30 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] screen-length 30

Related commands

screen-length disable

send

Use send to send messages to user lines.

Syntax

send { all | number1 | { aux | vty } number2 }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Specifies all user lines.

number1: Specifies the absolute number of a user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

number2: Specifies the relative number of a user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

Usage guidelines

To end a message, press Enter. To cancel a message and return to user view, press Ctrl+C.

Examples

# Before you restart the device, send a notification to VTY 1 to inform the user.

<Sysname> send vty 1

Input message, end with Enter; abort with CTRL+C:

Your attention, please. I will reboot the system in 3 minutes.

Send message? [Y/N]:y

The message should appear on the screen of the user's configuration terminal, as shown in the following example:

[Sysname]

 

***

***

***Message from vty0 to vty1

***

Your attention, please. I will reboot the system in 3 minutes.

set authentication password

Use set authentication password to set a password for password authentication.

Use undo set authentication password to delete the password.

Syntax

set authentication password { hash | simple } password

undo set authentication password

Default

No password is set for password authentication.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

hash: Sets a hashed password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If hash is specified, it must be a string of 1 to 110 characters.

Usage guidelines

This command is not supported in FIPS mode.

For security purposes, the password is hashed before being saved, whether you specify the hash or simple keyword.

This command is available in both user line view and user line class view:

·     If the setting in user line view is not the default setting, the setting in user line view takes effect.

·     If the setting in user line view is the default setting but the setting in user line class view is not, the setting in user line class view takes effect.

Examples

# Set the password for password authentication on the user line AUX 0 to hello.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] authentication-mode password

[Sysname-line-aux0] set authentication password simple hello

When you log in again through user line AUX 0, you must enter the password hello to pass authentication.

Related commands

authentication-mode

shell

Use shell to enable the terminal service for a user line.

Use undo shell to disable the terminal service for a user line.

Syntax

shell

undo shell

Default

The terminal service is enabled on all user lines.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The undo shell command is not supported in AUX line view or AUX line class view.

You cannot disable the terminal service on the user line you are using.

When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.

If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.

Examples

# Disable the terminal service for the user line VTY 0 through VTY 4 so no user can log in to the device through the user lines.

<Sysname> system-view

[Sysname] line vty 0 4

[Sysname-line-vty0-4] undo shell

Disable line-vty0-4 , are you sure? [Y/N]:y

[Sysname-line-vty0-4]

speed

Use speed to set the transmission rate (also called the "baud rate") on a user line.

Use undo speed to restore the default.

Syntax

speed speed-value

undo speed

Default

The transmission rate is 9600 bps on a user line.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

speed-value: Transmission rate in bps. The transmission rates available for asynchronous serial interfaces include: 300 bps, 600 bps, 1200 bps, 2400 bps, 4800 bps, 9600 bps, 19200 bps, 38400 bps, 57600 bps, and 115200 bps. The transmission rate varies with devices and configuration environments.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured with the same transmission rate to communicate.

Examples

# Set the transmission rate to 19200 bps for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] speed 19200

stopbits

Use stopbits to specify the number of stop bits for a character.

Use undo stopbits to restore the default.

Syntax

stopbits { 1 | 1.5 | 2 }

undo stopbits

Default

One stop bit is used.

Views

User line view

Predefined user roles

network-admin

mdc-admin

Parameters

1: Uses one stop bit.

1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.

2: Uses two stop bits.

Usage guidelines

This command is not supported in VTY line view.

The configuration terminal and the device must be configured to use the same number of stop bits to communicate.

Examples

# Set the number of stop bits to 1 for the user line AUX 0.

<Sysname> system-view

[Sysname] line aux 0

[Sysname-line-aux0] stopbits 1

telnet

Use telnet to Telnet to a host in an IPv4 network.

Syntax

telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

source: Specifies a source IPv4 address or source interface for outgoing Telnet packets.

interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.

dscp dscp-value: Specifies the DSCP value for IP to use in outgoing Telnet packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 48.

Usage guidelines

This command is not supported in FIPS mode.

To terminate the current Telnet connection, press Ctrl+K or execute the quit command.

The source IPv4 address or source interface that is specified by this command is only applicable to the current Telnet connection.

Examples

# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.

<Sysname> telnet 1.1.1.2 source ip 1.1.1.1

Related commands

telnet client source

telnet client source

Use telnet client source to specify a source IPv4 address or source interface for outgoing Telnet packets when the device serves as a Telnet client.

Use undo telnet client source to delete the configuration.

Syntax

telnet client source { interface interface-type interface-number | ip ip-address }

undo telnet client source

Default

No source IPv4 address or source interface is specified for outgoing Telnet packets. The source IPv4 address is the primary IPv4 address of the outbound interface.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.

ip ip-address: Specifies a source IPv4 address.

Usage guidelines

This command is not supported in FIPS mode.

The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.

Examples

# Set the source IPv4 address for outgoing Telnet packets to 1.1.1.1 when the device serves as a Telnet client.

<Sysname> system-view

[Sysname] telnet client source ip 1.1.1.1

Related commands

display telnet client configuration

telnet server acl

Use telnet server acl to apply an ACL to filter Telnet logins.

Use undo telnet server acl to restore the default.

Syntax

telnet server acl acl-number

undo telnet server acl

Default

No ACL is used to filter Telnet logins.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

·     Basic ACL2000 to 2999.

·     Advanced ACL3000 to 3999.

·     Ethernet frame header ACL4000 to 4999.

Usage guidelines

This command is not supported in FIPS mode.

Only one ACL can be used to filter Telnet logins, and only users permitted by the ACL can Telnet to the device.

This command does not take effect on existing Telnet connections.

You can specify an ACL that has not been created yet in this command. The command takes effect after the ACL is created.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Permit only the user at 1.1.1.1 to Telnet to the device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2001] quit

[Sysname] telnet server acl 2001

telnet server dscp

Use telnet server dscp to set the DSCP value for IPv4 to use for outgoing Telnet packets on a Telnet server.

Use undo telnet server dscp to restore the default.

Syntax

telnet server dscp dscp-value

undo telnet server dscp

Default

IPv4 uses the DSCP value 48 for outgoing Telnet packets on a Telnet server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

This command is not supported in FIPS mode.

The DSCP value is carried in the ToS field of an IP packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.

<Sysname> system-view

[Sysname] telnet server dscp 30

telnet server enable

Use telnet server enable to enable the Telnet server feature.

Use undo telnet server enable to disable the Telnet server feature.

Syntax

telnet server enable

undo telnet server enable

Default

The Telnet server feature is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is not supported in FIPS mode.

Administrators can Telnet to the device only when the Telnet server feature is enabled.

Examples

# Enable the Telnet server feature.

<Sysname> system-view

[Sysname] telnet server enable

terminal type

Use terminal type to specify the terminal display type.

Use undo terminal type to restore the default.

Syntax

terminal type { ansi | vt100 }

undo terminal type

Default

The terminal display type is ANSI.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

ansi: Specifies the terminal display type ANSI.

vt100: Specifies the terminal display type VT100.

Usage guidelines

The device supports two terminal display types: ANSI and VT100. As a best practice, set the display type to VT100 on both the device and the configuration terminal. If either side uses the ANSI type, a display problem such as cursor positioning error might occur when a command line has more than 80 characters.

Examples

# Set the terminal display type to VT100.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] terminal type vt100

user-interface

Use user-interface to enter one or multiple user line views.

Syntax

user-interface { first-number1 [ last-number1 ] | { aux | vty } first-number2 [ last-number2 ] }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

first-number1: Specifies the absolute number of the first user line. The value range is 0 to 65 in standalone mode and 0 to 71 in IRF mode.

last-number1: Specifies the absolute number of the last user line. This number cannot be smaller than first-number1.

aux: Specifies the AUX line.

vty: Specifies the VTY line.

first-number2: Specifies the relative number of the first user line. The value ranges are as follows:

·     AUX line—0 to 1 in standalone mode and 0 to 7 in IRF mode.

·     VTY line—0 to 63.

last-number2: Specifies the relative number of the last user line. This number cannot be smaller than first-number2.

Usage guidelines

To configure settings for a single user line, use this command to enter the user line view.

To configure the same settings for multiple user lines, use this command to enter multiple user line views.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.

Examples

# Enter the view of user line AUX 0.

<Sysname> system-view

[Sysname] user-interface aux 0

[Sysname-line-aux0]

# Enter the views of user lines VTY 0 to VTY 4.

<Sysname> system-view

[Sysname] user-interface vty 0 4

[Sysname-line-vty0-4]

Related commands

user-interface class

user-interface class

Use user-interface class to enter user line class view.

Syntax

user-interface class { aux | vty }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

aux: Specifies the AUX line class view.

vty: Specifies the VTY line class view.

Usage guidelines

To configure the same settings for all user lines of a line class, use this command to enter the user line class view.

Some login management commands are available in both user line view and user line class view:

·     A setting in user line view is applied only to the user line. A setting in user line class view is applied to all user lines of the class.

·     A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.

·     A setting in user line view takes effect immediately and affects the online user. A setting in user line class view does not affect online users and takes effect only for users who log in after the configuration is completed.

This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.

Examples

# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.

<Sysname> system-view

[Sysname] user-interface class vty

[Sysname-line-class-vty] idle-timeout 15

# In AUX line class view, configure character s as the shortcut key for starting a terminal session.

<Sysname> system-view

[Sysname] user-interface class aux

[Sysname-line-class-aux] activation-key s

[Sysname-line-class-aux] quit

# In AUX 0 line view, restore the default shortcut key for starting a terminal session.

[Sysname] user-interface aux 0

[Sysname-line-aux0] undo activation-key

Alternatively:

[Sysname-line-aux0] activation-key 13

To verify the configuration:

1.     Exit the console session.

[Sysname-line-aux0] return

<Sysname> quit

2.     Log in again through the AUX line.

The following message appears:

Press ENTER to get started.

3.     Press Enter.

Pressing Enter does not start a session.

4.     Enter s.

A terminal session is started.

<Sysname>

Related commands

user-interface

user-role

Use user-role to assign a user role to a user line so users logged in through the user line get the user role at login.

Use undo user-role to remove a user role or restore the default.

Syntax

user-role role-name

undo user-role [ role-name ]

Default

A console line user of the default MDC is assigned the user role network-admin. Users of other user lines on the default MDC are assigned the user role network-operator.

A non-default MDC user switched from the default device by using the switchto mdc command is assigned the user role mdc-admin. Other non-default MDC users are assigned the user role mdc-operator.

Views

User line view, user line class view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined (network-admin, network-operator, mdc-admin, mdc-operator, or level-0 to level-15). If you do not specify this argument, the undo user-role command restores the default user role.

Usage guidelines

This command is not supported in FIPS mode.

You can assign up to 64 user roles to a user line. A user logged in through the user line gets all the user roles.

For more information about user roles, see "Configuring RBAC."

Examples

# Assign user role network-admin through the user line VTY 0.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] user-role network-admin


RBAC commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

description

Use description to configure a description for a user role.

Use undo description to delete the description of a user role.

Syntax

description text

undo description

Default

A user role does not have a description.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a user role description, a case-sensitive string of 1 to 128 characters.

Examples

# Configure the description as labVIP for the user role role1.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] description labVIP

Related commands

·     display role

·     role

display role

Use display role to display user role information.

Syntax

display role [ name role-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles.

Examples

# Display information about the user role 123.

<Sysname> display role name 123

Role: 123

  Description: new role

  VLAN policy: deny

  Permitted VLANs: 1 to 5, 7 to 8

  Interface policy: deny

  Permitted interfaces: FortyGigE1/0/1 to FortyGigE1/0/3, Vlan-interface1 to Vlan-interface20

  VPN instance policy: deny

  Permitted VPN instances: vpn, vpn1, vpn2

  -------------------------------------------------------------------

  Rule    Perm   Type  Scope         Entity

  -------------------------------------------------------------------

  1       permit RWX   feature-group abc

  2       deny   -W-   feature       ldap

  3       permit       command       system ; radius sc *

  4       permit R--   xml-element   -

  5       permit RW-   oid           1.2.1

  R:Read W:Write X:Execute

Table 7 Command output

Field

Description

Role

User role name.

Predefined user role names include:

·     network-admin.

·     network-operator.

·     mdc-admin.

·     mdc-operator.

·     level-n (where n represents an integer in the range of 0 to 15).

Description

User role description you have configured for easy identification.

VLAN policy

VLAN policy of the user role:

·     deny—Denies access to any VLAN except permitted VLANs.

·     permit (default)—Default VLAN policy, which enables the user role to access any VLAN.

Permitted VLANs

VLANs accessible to the user role.

Interface policy

Interface policy of the user role:

·     denyDenies access to any interface except permitted interfaces.

·     permit (default)—Default interface policy, which enables the user role to access any interface.

Permitted interfaces

Interfaces accessible to the user role.

VPN instance policy

VPN instance policy of the user role:

·     denyDenies access to any VPN except permitted VPNs.

·     permit (default)—Default VPN instance policy, which enables the user role to access any VPN instance.

Permitted VPN instances

VPNs accessible to the user role.

Rule

User role rule number.

A user role rule specifies the access permission for items, including commands, feature-specific commands, XML elements, and MIB nodes.

Predefined user role rules are identified by sys-n, where n represents an integer.

Perm

Access control criterion:

·     permit—User role has access to the specified items.

·     deny—User role does not have access to the specified items.

Type

Item category:

·     R—Read-only.

·     W—Write.

·     X—Execute.

Scope

Rule control scope:

·     command—Controls access to the command or commands, as specified in the Entity field.

·     feature—Controls access to the commands of the feature, as specified in the Entity field.

·     feature-group—Controls access to the commands of the features in the feature group, as specified in the Entity field.

·     xml-elementControls access to XML elements.

·     oidControls access to MIB nodes.

Entity

Command string, feature name, feature group, XML element, or OID specified in the user role rule:

·     An en dash (–) represents any feature.

·     An asterisk (*) represents zero or more characters.

 

Related commands

role

display role feature

Use display role feature to display features available in the system.

Syntax

display role feature [ name feature-name | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name feature-name: Displays the commands of a feature. The feature-name argument specifies the feature name, and all letters must be in lower case.

verbose: Displays the commands of each feature.

Usage guidelines

If you specify neither name feature-name nor verbose, the display role feature command displays only the list of features available in the system.

Examples

# Display the list of feature names.

<Sysname> display role feature

Feature: device          (Device configuration related commands)

Feature: interface       (Interface related commands)

Feature: syslog          (Syslog related commands)

Feature: process         (Process related commands)

# Display the commands of each feature.

<Sysname> display role feature verbose

Feature: device          (Device configuration related commands)

  display clock    (R)

  debugging dev    (W)

  display debugging dev    (R)

  display device *    (R)

  display diagnostic-information *    (R)

  display environment *    (R)

  display fan *    (R)

  display alarm *    (R)

  display power *    (R)

  display system-working-mode    (R)

  display current-configuration *    (R)

  display saved-configuration *    (R)

  display default-configuration *    (R)

  display startup    (R)

  display this *    (R)

  display archive configuration    (R)

  display bootrom-access    (R)

  clock datetime *    (W)

  reboot *    (W)

  save *    (W)

  archive configuration    (W)

  backup startup-configuration to *    (W)

  restore startup-configuration from *    (W)

  reset saved-configuration *    (W)

  startup saved-configuration *    (W)

  display transceiver *    (R)

  bootrom *    (W)

  bootrom-access *    (W)

  system-view ; temperature-limit *    (W)

  system-view ; sysname *    (W)

  system-view ; clock timezone *    (W)

  system-view ; clock summer-time *    (W)

  system-view ; configuration replace file *    (W)

  system-view ; transceiver *    (W)

  system-view ; system-working-mode *    (W)

  system-view ; archive configuration *    (W)

  system-view ; configuration encrypt *    (W)

  system-view ; version check ignore    (W)

  system-view ; version auto-update enable    (W)

  system-view ; bootrom-update security-check enable    (W)

  system-view ; clock protocol *    (W)

  system-view ; password-recovery *    (W)

  system-view ; switch-fabric removal-signal-suppression    (W)

  system-view ; rtm *    (W)

  system-view ; rtm * ; action *    (W)

  system-view ; rtm * ; running-time *    (W)

  system-view ; rtm * ; commit    (W)

  system-view ; rtm * ; user-role *    (W)

  display rtm *    (R)

  system-view ; probe ;    (W)

  system-view ; probe ; display system internal startup cache    (R)

  system-view ; probe ; view *    (R)

  system-view ; probe ; list *    (R)

  system-view ; probe ; display system internal lipc *    (R)

  system-view ; probe ; lipc *    (W)

  debugging lipc *    (W)

  display debugging lipc    (R)

  system-view ; probe ; display system internal dbm *    (R)

  system-view ; probe ; display hardware internal transceiver *    (R)

Feature: interface       (Interface related commands)

  reset counters interface *    (W)

  reset packet-drop *    (W)

  debugging ifmgr *    (W)

  display debugging ifmgr    (R)

  debugging system-event *    (W)

  display debugging system-event    (R)

  display interface *    (R)

# Display the commands of the aaa feature.

<Sysname> display role feature name aaa

Feature: aaa             (AAA related commands)

  system-view ; domain *    (W)

  system-view ; header *    (W)

  system-view ; aaa *    (W)

  display domain *    (R)

  system-view ; user-group *    (W)

  system-view ; local-user *    (W)

  display local-user *    (R)

  display user-group *    (R)

  display debugging local-server    (R)

  debugging local-server *    (W)

  super *    (X)

  display password-control *    (R)

  reset password-control *    (W)

  system-view ; password-control *    (W)

Table 8 Command output (display role feature name aaa)

Field

Description

Feature

Displays the name and brief function description of the feature.

system-view ; domain *

All the commands that start with domain in system view and all the commands in ISP domain view.

system-view ; header *

All the commands that start with header in system view.

system-view ; aaa *

All the commands that start with aaa in system view.

display domain *

All the commands that start with display domain in user view.

system-view ; user-group *

All the commands that start with user-group in system view, and all the commands in user group view.

system-view ; local-user *

All the commands that start with local-user in system view, and all the commands in local user view.

display user-group *

All the commands that start with display user-group in user view.

display debugging local-server

All the commands that start with display debugging local-server in user view.

debugging local-server *

All the commands that start with debugging local-server in user view.

super *

All the commands that start with super in user view.

display password-control *

All the commands that start with display password-control in user view.

reset password-control *

All the commands that start with reset password-control in user view.

system-view ; password-control *

All the commands that start with password-control in system view.

(W)

Command type is Write. A write command configures the system.

(R)

Command type is Read. A read command displays configuration or maintenance information.

(X)

Command type is Execute. An execute command executes a specific function.

 

Related commands

feature

display role feature-group

Use display role feature-group to display feature group information.

Syntax

display role feature-group [ name feature-group-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name feature-group-name: Specifies a feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups.

verbose: Displays the commands of each feature in the specified feature group. If you do not specify a feature group, this keyword enables displaying the commands of each feature in every feature group. If you do not specify this keyword, the command displays only the feature lists of feature groups.

Usage guidelines

Feature groups L2 and L3 are predefined feature groups.

Examples

# Display the feature list of the feature group L3.

<Sysname> display role feature-group name L3

Feature group: L3

Feature: route           (Route management related commands)

Feature: usr             (Unicast static route related commands)

Feature: ospf            (Open Shortest Path First protocol related commands)

Feature: rip             (Routing Information Protocol related commands)

Feature: isis            (ISIS protocol related commands)

Feature: bgp             (Border Gateway Protocol related commands)

Related commands

·     feature

·     role feature-group

feature

Use feature to add a feature to a feature group.

Use undo feature to remove a feature from a feature group.

Syntax

feature feature-name

undo feature feature-name

Default

A user-defined feature group does not have any features.

Views

Feature group view

Predefined user roles

network-admin

mdc-admin

Parameters

feature-name: Specifies a feature name. You must enter the feature name as the feature name is displayed, including the case.

Usage guidelines

Repeat the feature command to add multiple features to a feature group.

Examples

# Add the security features AAA and ACL to the security group security-features.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features] feature aaa

[Sysname-featuregrp-security-features] feature acl

Related commands

·     display role feature

·     display role feature-group

·     role feature-group

interface policy deny

Use interface policy deny to enter user role interface policy view.

Use undo interface policy deny to restore the default user role interface policy.

Syntax

interface policy deny

undo interface policy deny

Default

A user role has access to any interface.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the interface access of a user role to a set of interfaces, perform the following tasks:

1.     Use interface policy deny to enter user role interface policy view.

2.     Use permit interface to specify accessible interfaces.

 

 

NOTE:

The interface policy deny command denies the access of the user role to all interfaces if the permit interface command is not configured.

 

To configure an interface, make sure the interface is permitted by the user role interface policy in use. You can perform the following tasks on an accessible interface:

·     Create, remove, or configure the interface.

·     Enter the interface view.

·     Specify the interface in feature commands.

The create and remove operations are available only for logical interfaces.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role interface policy view of role1, and deny role1 to access any interface.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] quit

# Enter user role interface policy view of role1, and deny role1 to access any interface except FortyGigE 1/0/1 to FortyGigE 1/0/5.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface fortygige 1/0/1 to fortygige 1/0/5

Related commands

·     display role

·     permit interface

·     role

permit interface

Use permit interface to configure a list of interfaces accessible to a user role.

Use undo permit interface to disable the access of a user role to specific interfaces.

Syntax

permit interface interface-list

undo permit interface [ interface-list ]

Default

No permitted interfaces are configured in user role interface policy view.

Views

User role interface policy view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-list: Specifies a space-separated list of up to 10 interface items. Each interface item specifies one interface in the interface-type interface-number form or a range of interfaces in the interface-type interface-number to interface-type interface-number form. If you specify an interface range, the end interface must meet the following requirements:

·     Be the same type as the start interface.

·     Have a higher interface number than the start interface.

Usage guidelines

To permit a user role to access an interface after you configure the interface policy deny command, you must add the interface to the permitted interface list of the policy. With the user role, you can perform the following operations to the interfaces in the permitted interface list:

·     Create, remove, or configure the interfaces.

·     Enter the interface views.

·     Specify the interfaces in feature commands.

The create and remove operations are available only for logical interfaces.

You can repeat the permit interface command to add permitted interfaces to a user role interface policy.

The undo permit interface command removes the entire list of permitted interfaces if you do not specify any interfaces.

Any change to a user role interface policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access FortyGigE 1/0/1, and FortyGigE 1/0/5 to FortyGigE 1/0/7.

[Sysname-role-role1] interface policy deny

[Sysname-role-role1-ifpolicy] permit interface fortygige 1/0/1 fortygige 1/0/5 to fortygige 1/0/7

[Sysname-role-role1-ifpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any interfaces except FortyGigE 1/0/1 and FortyGigE 1/0/5 to FortyGigE 1/0/7:

# Verify that you can enter FortyGigE 1/0/1 interface view.

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] quit

# Verify that you can assign FortyGigE 1/0/5 to VLAN 10. In this example, the user role can access any VLAN because the default VLAN policy of the user role is used.

[Sysname] vlan 10

[Sysname-vlan10] port fortygige 1/0/5

[Sysname-vlan10] quit

# Verify that you cannot enter FortyGigE 1/0/2 interface view.

[Sysname] interface fortygige 1/0/2

Permission denied.

Related commands

·     display role

·     interface policy deny

·     role

permit vlan

Use permit vlan to configure a list of VLANs accessible to a user role.

Use undo permit vlan to remove the permission for a user role to access specific VLANs.

Syntax

permit vlan vlan-id-list

undo permit vlan [ vlan-id-list ]

Default

No permitted VLANs are configured in user role VLAN policy view.

Views

User role VLAN policy view

Predefined user roles

network-admin

mdc-admin

Parameters

vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, vlan-id2 must be greater than vlan-id1.

Usage guidelines

To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the following tasks on the VLANs in the permitted VLAN list:

·     Create, remove, or configure the VLANs.

·     Enter the VLAN views.

·     Specify the VLANs in feature commands.

You can repeat the permit vlan command to add permitted VLANs to a user role VLAN policy.

The undo permit vlan command removes the entire list of permitted VLANs if you do not specify any VLANs.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in interface view and VLAN view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; interface *

[Sysname-role-role1] rule 2 permit command system-view ; vlan *

# Permit the user role to access VLANs 2, 4, and 50 to 100.

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100

[Sysname-role-role1-vlanpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any VLAN except VLANs 2, 4, and 50 to 100:

# Verify that you can create VLAN 100 and enter the VLAN view.

[Sysname] vlan 100

[Sysname-vlan100] quit

# Verify that you can add port FortyGigE 1/0/1 to VLAN 100 as an access port.

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] port access vlan 100

[Sysname-FortyGigE1/0/1] quit

# Verify that you cannot create VLAN 101 or enter the VLAN view.

[Sysname] vlan 101

Permission denied.

Related commands

·     display role

·     role

·     vlan policy deny

permit vpn-instance

Use permit vpn-instance to configure a list of VPNs accessible to a user role.

Use undo permit vpn-instance to disable the access of a user role to specific VPNs.

Syntax

permit vpn-instance vpn-instance-name&<1-10>

undo permit vpn-instance [ vpn-instance-name&<1-10> ]

Default

No permitted VPNs are configured in user role VPN instance policy.

Views

User role VPN instance policy view

Predefined user roles

network-admin

mdc-admin

Parameters

vpn-instance-name&<1-10>: Specifies a space-separated list of up to 10 MPLS L3VPN names. Each name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

To permit a user role to access an MPLS L3VPN after you configure the vpn-instance policy deny command, you must add the VPN to the permitted VPN list of the policy. With the user role, you can perform the following tasks on the VPNs in the permitted VPN list:

·     Create, remove, or configure the VPNs.

·     Enter the VPN instance views.

·     Specify the VPNs in feature commands.

You can repeat the permit vpn-instance command to add permitted MPLS L3VPNs to a user role VPN instance policy.

The undo permit vpn-instance command removes the entire list of permitted VPNs if you do not specify any VPNs.

Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.

Examples

1.     Configure user role role1:

# Permit the user role to execute all commands available in system view and in the child views of system view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command system-view ; *

# Permit the user role to access VPN vpn1.

[Sysname-role-role1] vpn policy deny

[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1

[Sysname-role-role1-vpnpolicy] quit

[Sysname-role-role1] quit

2.     Verify that you cannot use the user role to work on any VPN except vpn1:

# Verify that you can enter the view of vpn1.

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] quit

# Verify that you can assign the primary accounting server at 10.110.1.2 to the VPN in the RADIUS scheme radius1.

[Sysname] radius scheme radius1

[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1

[Sysname-radius-radius1] quit

# Verify that you cannot create the VPN vpn2 or enter its view.

[Sysname] ip vpn-instance vpn2

Permission denied.

Related commands

·     display role

·     role

·     vpn-instance policy deny

role

Use role to create a user role and enter user role view. If the user role has been created, you directly enter the user role view.

Use undo role to delete a user role.

Syntax

role name role-name

undo role name role-name

Default

The system has the following predefined user roles: network-admin, network-operator, mdc-admin, mdc-operator, and level-n (where n represents an integer in the range of 0 to 15).

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can create a maximum of 64 user roles in addition to the predefined user roles.

To change the permissions assigned to a user role, you must first enter the user role view.

You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, mdc-admin, mdc-operator, or level-15.

Level-0 to level-14 users can modify their own permissions for any commands except for the display history-command all command.

Examples

# Create the user role role1 and enter the user role view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1]

Related commands

·     display role

·     interface policy deny

·     rule

·     vlan policy deny

·     vpn-instance policy deny

role default-role enable

Use role default-role enable to enable the default user role feature for remote AAA users.

Use undo role default-role enable to restore the default.

Syntax

role default-role enable [ role-name ]

undo role default-role enable

Default

The default user role feature is disabled. AAA users who do not have a user role cannot log in to the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role by its name for the default user role. The user role must already exist. The argument is a case-sensitive string of 1 to 63 characters. If you do not specify a user role, the following default user role settings apply:

·     For login to the default MDC, the default user role is network-operator.

·     For login to a non-default MDC, the default user role is mdc-operator.

Usage guidelines

The default user role feature assigns the default user role to AAA-authenticated users if the authentication server does not assign any user roles to the users. These users are allowed to access the system with the default user role.

If AAA users have been assigned user roles, they log in with the user roles.

Examples

# Enable the default user role feature.

<Sysname> system-view

[Sysname] role default-role enable

Related commands

role

role feature-group

Use role feature-group to create a user role feature group and enter user role feature group view.

Use undo role feature-group to delete a user role feature group.

Syntax

role feature-group name feature-group-name

undo role feature-group name feature-group-name

Default

Two user role feature groups, L2 and L3, are created.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

name feature-group-name: Specifies a feature group name. The feature-group-name argument is a case-sensitive string of 1 to 31 characters.

Usage guidelines

The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all Layer 3 feature commands. These predefined feature groups are not user configurable.

In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role feature groups.

After you create a user role feature group, you can use the display role feature command to display the features available in the system. Then you can use the feature command to add features to the feature group.

Examples

# Create the feature group security-features.

<Sysname> system-view

[Sysname] role feature-group name security-features

[Sysname-featuregrp-security-features]

Related commands

·     display role feature-group

·     display role feature

·     feature

rule

Use rule to create or change a user role rule for controlling command, XML element, or MIB node access.

Use undo rule to delete a user role rule.

Syntax

rule number { deny | permit } { command command-string | { execute | read | write } * { feature [ feature-name ] | feature-group feature-group-name | oid oid-string | xml-element [ xml-string ] } }

undo rule { number | all }

Default

A user-defined user role does not have any rules and cannot use any command, XML element, or MIB node.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies a rule number in the range of 1 to 256.

deny: Denies access to any specified command, XML element, or MIB node.

permit: Permits access to any specified command, XML element, or MIB node.

command command-string: Specifies a command string. The command-string argument is a case-sensitive string of 1 to 128 characters, including the following characters:

·     The wildcard asterisk (*).

·     The delimiters space and tab.

·     All printable characters.

execute: Specifies the execute commands, XML elements, or MIB nodes. An execute command (for example, ping) , XML element, or MIB node executes a specific function or program.

read: Specifies the read commands, XML elements, or MIB nodes. A read command (for example, display, dir, more, or pwd), XML element, or MIB node displays configuration or maintenance information.

write: Specifies the write commands, XML elements, or MIB nodes. A write command (for example, ssh server enable), XML element, or MIB node configures the system.

feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature name. If you do not specify a feature name, you specify all the features in the system. When you specify a feature, you must enter the feature name as the name is displayed by display role feature, including the case.

feature-group feature-group-name: Specifies a user-defined or predefined feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If the feature group has not been created, the rule takes effect after the group is created. To display the feature groups that have been created, use the display role feature-group command.

oid oid-string: Specifies an OID of a MIB node. The oid-string argument represents the OID, a case-insensitive string of 1 to 512 characters. The OID is a dotted numeric string that uniquely identifies the path from the root node to this node. For example, 1.3.6.1.4.1.25506.8.35.14.19.1.1.

xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the XPath of the XML element, a case-insensitive string of 1 to 512 characters. Use the forward slash (/) to separate Xpath items, for example, Interfaces/Index/Name. If you do not specify an XML element, the rule applies to all XML elements.

all: Deletes all the user role rules.

Usage guidelines

You can define the following types of rules for different access control granularities:

·     Command rule—Controls access to a command or a set of commands that match a regular expression.

·     Feature rule—Controls access to the commands of a feature by command type.

·     Feature group ruleControls access to the commands of a group of features by command type.

·     XML element rule—Controls access to XML elements by element type.

·     OID rule—Controls access to the specified MIB node and its child nodes by node type.

A user role can access the set of permitted commands, XML elements, and MIB nodes specified in the user role rules. User role rules include predefined (identified by sys-n) and user-defined rules.

The following guidelines apply to non-OID rules:

·     If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For example, a user role can use the tracert command but not the ping command if the user role contains rules configured by using the following commands:

¡     rule 1 permit command ping

¡     rule 2 permit command tracert

¡     rule 3 deny command ping

·     If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule takes effect.

The following guidelines apply to OID rules:

·     The system compares an OID with the OIDs specified in rules, and it uses the longest match principle to select a rule for the OID. For example, a user role cannot access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

¡     rule 1 permit read write oid 1.3.6

¡     rule 2 deny read write oid 1.3.6.1.4.1

¡     rule 3 permit read write oid 1.3.6.1.4

·     If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:

¡     rule 1 permit read write oid 1.3.6

¡     rule 2 deny read write oid 1.3.6.1.4.1

¡     rule 3 permit read write oid 1.3.6.1.4.1

You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024.

Any rule modification, addition, or removal for a user role takes effect only on the users who log in with the user role after the change.

Access to the file system commands is controlled by both the file system command rules and the file system feature rule.

A command with output redirection to the file system is permitted only when the command type write is assigned to the file system feature.

When you specify a command string, follow the guidelines in Table 9.

Table 9 Command string configuration rules

Rule

Guidelines

Semicolon (;) is the delimiter.

Use a semicolon to separate the command of each view that you must enter before you access a command or a set of commands. However, do not use a semicolon to separate commands available in user view or any view, for example, display and dir.

Each semicolon-separated segment must have a minimum of one printable character.

To specify the commands in a view but not the commands in the view's subviews, use a semicolon as the last printable character in the last segment. To specify the commands in a view and the view's subviews, the last printable character in the last segment must not be a semicolon.

For example, you must enter system view before you enter interface view. To specify all commands starting with ip in any interface view, you must use the "system ; interface * ; ip * ;" command string.

For another example, the "system ; radius scheme * ;" command string represents all the commands that start with radius scheme in system view. The "system ; radius scheme *" command string represents all the commands that start with radius scheme in system view and all the commands in RADIUS scheme view.

Asterisk (*) is the wildcard.

An asterisk represents zero or multiple characters.

In a non-last segment, you can use an asterisk only at the end of the segment.

In the last segment, you can use an asterisk in any position of the segment. If the asterisk appears at the beginning, you cannot specify any printable characters behind the asterisk.

For example, the "system ; *" command string represents all commands available in system view and all subviews of the system view. The "debugging * event" command string represents all event debugging commands available in user view.

Keyword abbreviation is allowed.

You can specify a keyword by entering the first few characters of the keyword. Any command that starts with this character string matches the rule.

For example, "rule 1 deny command dis arp source *" denies access to the commands display arp source-mac interface and display arp source-suppression.

To control the access to a command, you must specify the command immediately after the view that has the command.

To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command.

For example, the "rule 1 deny command system ; interface * ; *" command string disables access to any command that is assigned to interface view. However, you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl *;".

Do not include the vertical bar (|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule.

The system does not treat the redirect signs and the parameters that follow the signs as part of command lines. However, in user role command rules, these redirect signs and parameters are handled as part of command lines. As a result, no rule that includes any of these signs can find a match.

For example, "rule 1 permit command display debugging > log" can never find a match. This is because the system has a display debugging command but not a display debugging > log command.

 

Examples

# Permit the user role role1 to execute the display acl command.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command display acl

# Permit the user role role1 to execute all commands that start with display.

[Sysname-role-role1] rule 2 permit command display *

# Permit the user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view.

[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa

# Deny the access of role1 to any read or write command of any feature.

[Sysname-role-role1] rule 4 deny read write feature

# Deny the access of role1 to any read command of the feature aaa.

[Sysname-role-role1] rule 5 deny read feature aaa

# Permit role1 to access all read, write, and execute commands of the feature group security-features.

[Sysname-role-role1] rule 6 permit read write execute feature-group security-features

# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.

[Sysname-role-role1] rule 7 permit read write oid 1.1.2

Related commands

·     display role

·     display role feature

·     display role feature-group

·     role

super

Use super to obtain another user role without reconnecting to the device.

Syntax

super [ rolename ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

rolename: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system. If you do not specify a user role, you obtain the default target user role.

Usage guidelines

The obtained user role is a temporary user role, because this command is effective only on the current login. The next time you are logged in with the user account, the original user role settings take effect.

To enable users to obtain another user roles without reconnecting to the device, you must configure user role authentication.

·     If no local password is configured in the local password authentication (local), an AUX user can obtain the user role by either entering a string or not entering anything.

·     If no local password is configured in the local-then-remote authentication (local scheme):

¡     A VTY user performs remote authentication.

¡     An AUX user can obtain user role authorization by either entering a string or not entering anything.

Examples

# Obtain the user role network-operator.

<Sysname> super network-operator

Password:

User privilege role is network-operator, and only those commands can be used that authorized to the role.

Related commands

·     authentication super (Security Command Reference)

·     super authentication-mode

·     super password

super authentication-mode

Use super authentication-mode to set an authentication mode for temporary user role authorization.

Use undo super authentication-mode to restore the default.

Syntax

super authentication-mode { local | scheme } *

undo super authentication-mode

Default

Local password authentication applies.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

local: Enables local password authentication.

scheme: Enables remote AAA authentication.

Usage guidelines

For local password authentication, use the super password command to set a password.

For remote AAA authentication, set the username and password on the RADIUS or HWTACACS server.

If you specify both local and scheme keywords, the keyword first entered in the command takes precedence, as follows:

·     scheme local—Enables remote-then-local authentication mode. The device first performs AAA authentication for temporary user role authorization. If the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the device is invalid, local password authentication is performed.

·     local scheme—Enables local-then-remote authentication mode. The device first performs local password authentication. If no password is configured for the user role, the device performs remote authentication.

For more information about AAA, see Security Configuration Guide.

Examples

# Enable local-only authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode local

# Enable remote-then-local authentication for temporary user role authorization.

<Sysname> system-view

[Sysname] super authentication-mode scheme local

Related commands

·     authentication super (Security Command Reference)

·     super password

super default role

Use super default role to specify the default target user role for temporary user role authorization.

Use undo super default role to restore the default.

Syntax

super default role rolename

undo super default role

Default

If you log in to the default MDC, the default target user role is network-admin.

If you log in to a non-default MDC, the default target user role is mdc-admin.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

rolename: Specifies the name of the default target user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system.

Usage guidelines

The default target user role is applied to the super or super password command when you do not specify a user role for the command.

Examples

# Specify the default target user role as network-operator for temporary user role authorization.

<Sysname> system-view

[Sysname] super default role network-operator

Related commands

·     super

·     super password

super password

Use super password to set a password for a user role.

Use undo super password to restore the default.

Syntax

In non-FIPS mode:

super password [ role rolename ] [ { hash | simple } password ]

undo super password [ role rolename ]

In FIPS mode:

super password [ role rolename ]

undo super password [ role rolename ]

Default

No password is set for a user role.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

role rolename: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system. If you do not specify a user role, this command sets a password for the default target user role.

hash: Sets a hashed password.

simple: Sets a plaintext password. This password will be saved in hashed text for security purpose.

password: Specifies the password string. This argument is case sensitive.

·     In non-FIPS mode:

¡     If simple is specified, the password must be a string of 1 to 63 characters.

¡     If hash is specified, the password must be a string of 1 to 110 characters.

·     In FIPS mode, the password must be a string of 15 to 63 characters. The string must contain four character types including digits, uppercase letters, lowercase letters, and special characters.

Usage guidelines

If you do not specify any parameters, you specify a plaintext password in the interactive mode.

The FIPS mode supports only the interactive mode for setting a password.

Set a password if you configure local password authentication for temporary user role authorization.

It is a good practice to specify different passwords for different user roles.

Examples

# Set the password to 123456TESTplat&! for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator simple 123456TESTplat&!

# Set the password to 123456TESTplat&! in the interactive mode for the user role network-operator.

<Sysname> system-view

[Sysname] super password role network-operator

Password:

Confirm :

Related commands

·     super authentication-mode

·     super default role

vlan policy deny

Use vlan policy deny to enter the user role VLAN policy view.

Use undo vlan policy deny to restore the default user role VLAN policy.

Syntax

vlan policy deny

undo vlan policy deny

Default

A user role has access to any VLAN.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:

1.     Use vlan policy deny to enter user role VLAN policy view.

2.     Use permit vlan to specify accessible VLANs.

 

 

NOTE:

The vlan policy deny command denies the access of the user role to all VLANs if the permit vlan command is not configured.

 

To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can perform the following tasks on an accessible VLAN:

·     Create, remove, or configure the VLAN.

·     Enter the VLAN view.

·     Specify the VLAN in feature commands.

Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] quit

# Enter user role VLAN policy view of role1, and deny the access of role1 to any VLAN except VLANs 50 to 100.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vlan policy deny

[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100

Related commands

·     display role

·     permit vlan

·     role

vpn-instance policy deny

Use vpn-instance policy deny to enter user role VPN instance policy view.

Use undo vpn-instance policy deny to restore the default user role VPN instance policy.

Syntax

vpn-instance policy deny

undo vpn-instance policy deny

Default

A user role has access to any VPN.

Views

User role view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To restrict the VPN access of a user role to a set of VPNs, perform the following tasks:

1.     Use vpn-instance policy deny to enter user role VPN instance policy view.

2.     Use permit vpn-instance to specify accessible VPNs.

 

 

NOTE:

The vpn-instance policy deny command denies the access of the user role to all VPNs if the permit vpn-instance command is not configured.

 

To configure a VPN, make sure the VPN is permitted by the user role VPN instance policy in use. You can perform the following tasks on an accessible VPN:

·     Create, remove, or configure the VPN.

·     Enter the VPN instance view.

·     Specify the VPN in feature commands.

Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.

Examples

# Enter user role VPN instance policy view of role1, and deny the access of role1 to any VPN.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vpn-instance policy deny

[Sysname-role-role1-vpnpolicy] quit

# Enter user role VPN instance policy view of role1, and deny the access of role1 to any VPN except vpn2.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] vpn-instance policy deny

[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2

Related commands

·     display role

·     permit vpn-instance

·     role


FTP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

FTP is not supported in FIPS mode.

FTP server commands

display ftp-server

Use display ftp-server to display FTP server configuration and status information.

Syntax

display ftp-server

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display FTP server configuration and status information.

<Sysname> display ftp-server

FTP server is running.

User count:                        1

Idle-timeout timer (in minutes):  30

Table 10 Command output

Field

Description

User count

Number of the current logged-in users.

Idle-timeout timer (in minutes)

If no packet is exchanged between the FTP server and client during this period, the FTP connection is closed.

 

Related commands

·     ftp server enable

·     ftp timeout

display ftp-user

Use display ftp-user to display detailed information about logged-in FTP users.

Syntax

display ftp-user

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display detailed information about logged-in FTP users.

<Sysname> display ftp-user

UserName     HostIP             Port     HomeDir

root         192.168.20.184     46539    flash:

If a username exceeds 10 characters, a host IP address exceeds 15 bits, or a directory name exceeds 37 bits, the exceeded part is displayed in the next line and right justified, as shown below.

<Sysname> display ftp-user

UserName     HostIP             Port     HomeDir

user2        2000:2000:2000:    1499     flash:/user2

             2000:2000:2000:

                  2000:2000

administra   100.100.100.100    10001    flash:/123456789/123456789/123456789/

       tor                               123456789/123456789/123456789/1234567

                                                                  89/123456789

Table 11 Command output

Field

Description

UserName

Name of the user.

HostIP

IP address of the user.

Port

Port number of the user.

HomeDir

Authorized directory for the user.

 

free ftp user

Use free ftp user to manually release the FTP connections established by using a specific user account.

Syntax

free ftp user username

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies a username. You can use the display ftp-user command to display FTP user information.

Examples

# Release the FTP connections established by using the user account ftpuser.

<Sysname> free ftp user ftpuser

Are you sure to free FTP connection? [Y/N]:y

<Sysname>

free ftp user-ip

Use free ftp user-ip to manually release the FTP connections established from a specific IPv4 address.

Syntax

free ftp user-ip ipv4-address [ port port ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4-address: Specifies the source IP address of an FTP connection. You can use the display ftp-user command to view the source IP addresses of FTP connections.

port port: Specifies the source port of an FTP connection. You can use the display ftp-user command to view the source ports of FTP connections.

Examples

# Release the FTP connections established from IP address 192.168.20.184.

<Sysname> free ftp user-ip 192.168.20.184

Are you sure to free FTP connection? [Y/N]:y

<Sysname>

ftp server acl

Use ftp server acl to use an ACL to control FTP clients' access to the FTP server.

Use undo ftp server acl to restore the default.

Syntax

ftp server acl { acl-number }

undo ftp server acl

Default

No ACL is used to control FTP clients' access to the FTP server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an IPv4 ACL number in the range of 2000 to 3999.

Usage guidelines

You can use this command to permit only FTP requests from specific FTP clients. This configuration takes effect only for FTP connections to be established. It does not impact existing FTP connections. If you execute the command multiple times, the most recently specified ACL takes effect.

Examples

# Use ACL 2001 to allow only client 1.1.1.1 to access the FTP server.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule 0 permit source 1.1.1.1 0

[Sysname-acl-basic-2001] rule 1 deny source any

[Sysname-acl-basic-2001] quit

[Sysname] ftp server acl 2001

ftp server dscp

Use ftp server dscp to set the DSCP value for IPv4 to use for outgoing FTP packets on an FTP server.

Use undo ftp server dscp to restore the default.

Syntax

ftp server dscp dscp-value

undo ftp server dscp

Default

IPv4 uses the DSCP value 0 for outgoing FTP packets on an FTP server.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value is carried in the ToS field of an IP packet, and it indicates the transmission priority of the packet.

Examples

# Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server.

<Sysname> system-view

[Sysname] ftp server dscp 30

ftp server enable

Use ftp server enable to enable the FTP server.

Use undo ftp server enable to disable the FTP server.

Syntax

ftp server enable

undo ftp server enable

Default

The FTP server is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the FTP server.

<Sysname> system-view

[Sysname] ftp server enable

ftp timeout

Use ftp timeout to set the FTP connection idle-timeout timer.

Use undo ftp timeout to restore the default.

Syntax

ftp timeout minute

undo ftp timeout

Default

The FTP connection idle-timeout timer is 30 minutes.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

minute: Specifies an idle-timeout interval in the range of 1 to 35791 minutes.

Usage guidelines

If no data transfer occurs on an FTP connection within the idle-timeout interval, the FTP server closes the FTP connection to release resources.

Examples

# Set the FTP connection idle-timeout timer to 36 minutes.

<Sysname> system-view

[Sysname] ftp timeout 36

FTP client commands

Before executing FTP client configuration commands, make sure you have configured authorization settings for users on the FTP server. Authorized operations include viewing the files in the working directory, reading/downloading/uploading/renaming/removing files, and creating directories.

The FTP client commands in this section are supported by the device, but whether they can be executed successfully depends on the FTP server.

The output in the examples of this section varies with FTP server types.

append

Use append to add the content of a file on the FTP client to a file on the FTP server.

Syntax

append localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

localfile: Specifies a local file on the FTP client.

remotefile: Specifies a remote file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Append the content of the local a.txt file to the b.txt file on the FTP server.

ftp> append a.txt b.txt                                                        

227 Entering Passive Mode (10,153,116,114,10,184)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to

 receive in IMAGE / Binary mode                                                 

226 Transfer finished successfully.                                            

4987 bytes sent in 0.00104 seconds (4.56 Mbyte/s)                              

ascii

Use ascii to set the file transfer mode to ASCII.

Syntax

ascii

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The carriage return characters vary with operating systems. For example, H3C and Windows use /r/n, and Linux uses /n. To transfer files between two systems that use different carriage return characters, select the FTP transfer mode according to the file type.

FTP transfers files in either of the following modes:

·     Binary modeTransfers image files or pictures. This mode is also called "flow mode."

·     ASCII modeTransfers text files.

Examples

# Set the file transfer mode to ASCII.

ftp> ascii

200 TYPE is now ASCII

Related commands

binary

binary

Use binary to set the file transfer mode to binary, which is also called the "flow mode."

Syntax

binary

Default

The file transfer mode is binary.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The carriage return characters vary with operating systems. For example, H3C and Windows use /r/n, and Linux uses /n. To transfer files between two systems that use different carriage return characters, determine FTP transfer mode according to the file type.

FTP transfers files in the following modes:

·     Binary modeTransfers program file or pictures. This mode is also called "flow mode."

·     ASCII modeTransfers text files.

Examples

# Set the file transfer mode to binary.

ftp> binary

200 TYPE is now 8-bit binary

Related commands

ascii

bye

Use bye to terminate the connection to the FTP server and return to user view.

If no connection is established between the device and the FTP server, use this command to return to user view.

Syntax

bye

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Terminate the connection to the FTP server and return to user view.

ftp> bye

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname>

Related commands

quit

cd

Use cd to change the current working directory to another directory on the FTP server.

Syntax

cd { directory | .. | / }

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the target directory in the [drive:][/]path format, where drive represents the storage medium name, typically flash or cf. If the target directory does not exist, the cd command does not change the current working directory. If no drive information is provided, the argument represents a folder or subfolder in the current directory. For more information about the drive and path arguments, see Fundamentals Configuration Guide.

..: Returns to the upper directory. Executing the cd .. command is the same as executing the cdup command. If the current working directory is the FTP root directory, the cd .. command does not change the current working directory.

/: Returns to the FTP root directory.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The directory that can be accessed must be authorized by the FTP server.

Examples

# Change the working directory to the subdirectory logfile of the current directory.

ftp> cd logfile

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\logfile " is current directory

# Change the working directory to the subdirectory diagfile in the FTP root directory.

ftp> cd /diagfile

250 "C:\diagfile " is current directory

# Change the working directory to the upper directory of the current directory.

ftp> cd ..

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X" is current directory

# Change the working directory to the FTP root directory.

ftp> cd /

250 "C:\" is current directory

Related commands

·     cdup

·     pwd

cdup

Use cdup to enter the upper directory of the FTP server.

This command does not change the working directory if the current directory is the FTP root directory.

Syntax

cdup

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Change the working directory to the upper directory.

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X" is current directory

ftp> cdup

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk" is current directory

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk" is current directory

Related commands

·     cd

·     pwd

close

Use close to terminate the connection to the FTP server without exiting FTP client view.

Syntax

close

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> close

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye.

ftp>

Related commands

disconnect

debug

Use debug to enable or disable FTP client debugging.

Syntax

debug

Default

FTP client debugging is disabled.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When FTP client debugging is enabled, executing this command disables FTP client debugging.

When FTP client debugging is disabled, executing this command enables FTP client debugging.

Examples

# Enable and then disable FTP client debugging.

ftp> debug

Debugging on (debug=1).

ftp> debug

Debugging off (debug=0).

delete

Use delete to permanently delete a file on the FTP server.

Syntax

delete remotefile

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of a file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Examples

# Delete file b.txt.

ftp> delete b.txt

250 File deleted from remote host.

dir

Use dir to display detailed information about the files and subdirectories in the current directory on the FTP server.

Use dir remotefile to display detailed information about a specific file or directory on the FTP server.

Use dir remotefile localfile to save detailed information about a specific file or directory on the FTP server to a local file.

Syntax

dir [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of a file or directory on the FTP server.

localfile: Specifies the name of the local file used for saving the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the dir command is the same as executing the ls command.

Examples

# Display detailed information about the files and subdirectories in the current directory on the FTP server.

ftp> dir

227 Entering Passive Mode (10,153,116,114,11,9)

150 File Listing Follows in ASCII mode

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:15 .

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:15 ..

-rwxrwxrwx   1 noone    nogroup     6324 Apr  8 14:48 1.txt

-rwxrwxrwx   1 noone    nogroup 97401856 Feb 27 12:28 125X.ipe

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Compatiable

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Incompatiable

drwxrwxrwx   1 noone    nogroup        0 Apr  1 15:34 aa

226 Transfer finished successfully.

# Save detailed information about file a.txt to s.txt.

ftp> dir a.txt s.txt

output to local-file: s.txt ? [Y/N]y

227 Entering Passive Mode (10,153,116,114,11,34)

150 File Listing Follows in ASCII mode

226 Transfer finished successfully.

# Display the content of file s.txt.

ftp> bye

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname> more s.txt

-rwxr-xr-x    1 0          0                1481 Jul  7 12:34 a.txt

Related commands

ls

disconnect

Use disconnect to terminate the connection to the FTP server without exiting FTP client view.

Syntax

disconnect

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Terminate the connection to the FTP server without exiting the FTP client view.

ftp> disconnect

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

ftp>

Related commands

close

display ftp client source

Use display ftp client source to display the source address settings on the FTP client.

Syntax

display ftp client source

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the source address settings on the FTP client.

<Sysname> display ftp client source

The source IP address of the FTP client is 1.1.1.1.

ftp

Use ftp to log in to an FTP server and enter FTP client view.

Syntax

ftp [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] ] *

Views

User view

Parameters

ftp-server: Specifies the IPv4 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address used to establish the FTP connection.

·     interface interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of this interface will be used as the source address for outgoing FTP packets. If no primary IPv4 address is configured on the source interface, the connection cannot be established.

·     ip source-ip-address: Specifies an IPv4 address. This address must have been configured on the device.

Usage guidelines

This command is only applicable to IPv4 networks.

If no parameters are specified, this command enters the FTP client view without logging in to the FTP server.

If the server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.

Examples

# Log in to the FTP server 10.153.86.57, and specify the source IPv4 address for outgoing FTP packets as 10.153.116.114.

<Sysname>ftp 10.153.116.114 source ip 10.153.86.57                                 

Press CTRL+C to abort.                                                          

Connected to 10.153.116.114 (10.153.116.114).                                  

220-                                                                           

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user          

User (10.153.116.114:(none)): cs                                               

331 Give me your password, please                                              

Password:                                                                      

230 Logged in successfully                                                     

Remote system type is MSDOS.                                                   

200 Type is Image (Binary)                                                     

ftp>

ftp client source

Use ftp client source to specify the source IPv4 address for outgoing FTP packets.

Use undo ftp client source to restore the default.

Syntax

ftp client source { interface interface-type interface-number | ip source-ip-address }

undo ftp client source

Default

No source IPv4 address is configured for outgoing FTP packets. The device uses the primary IPv4 address of the output interface for the route to the server as the source IP address.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies the source interface for establishing FTP connections. The primary IPv4 address of the source interface is used as the source IP address of packets sent to a FTP server. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

ip source-ip-address: Specifies the source IP address for outgoing FTP packets. It must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the ftp command takes precedence over the source address specified with the ftp client source command.

The source address specified with the ftp client source command applies to all FTP connections. The source address specified with the ftp command applies only to the current FTP connection.

Examples

# Specify the source IPv4 address for outgoing FTP packets as 192.168.20.222.

<Sysname> system-view

[Sysname] ftp client source ip 192.168.20.222

Related commands

ftp

get

Use get to download a file from the FTP server and save the file.

Syntax

get remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of the file to be downloaded.

localfile: Specifies a name for the downloaded file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To save the downloaded file to the working directory accessed by the ftp command, the localfile argument must specify a file name such as a.cfg. If you do not provide the localfile argument, the downloaded file uses its original name.

To save the downloaded file to some other directory, the localfile argument must specify the target directory plus the file name such as flash:/subdirectory/a.cfg. Otherwise, the command fails to take effect.

Examples

# Download file a.txt and save it as b.txt in the working directory accessed by the ftp command.

ftp> get a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,126)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (1 bytes) in IMAGE / Binary mode                                              

226 Transfer finished successfully.                                            

1 bytes received in 0.00325 seconds (308 byte/s)

# Download file a.txt to the folder test from the working directory accessed by the ftp command.

ftp> get a.txt flash:/test/b.txt

227 Entering Passive Mode (10,153,116,114,11,151)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (6324 bytes) in IMAGE / Binary mode                                           

226 Transfer finished successfully.                                            

6324 bytes received in 0.0237 seconds (260.6 kbyte/s)

# In IRF mode, download file a.txt to the Flash root directory of the MPU that resides in slot 17 of member device 1. Save the file as c.txt.

ftp> get a.txt chassis1#slot17#flash:/c.txt

227 Entering Passive Mode (10,153,116,114,11,151)                              

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (6324 bytes) in IMAGE / Binary mode                                           

226 Transfer finished successfully.                                            

6324 bytes received in 0.0237 seconds (260.6 kbyte/s)

Related commands

put

help

Use help to display all commands supported by an FTP client.

Use help command-name to display the help information of a specific command.

Syntax

help [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, executing the help command is the same as entering?.

Examples

# Display all commands supported by the FTP client.

ftp> help

Commands may be abbreviated.  Commands are:

 

append           delete          ls              quit            rmdir         

ascii            debug           mkdir           reget           status        

binary           dir             newer           rstatus         system        

bye              disconnect      open            rhelp           user          

cd               get             passive         rename          verbose       

cdup             help            put             reset           ?             

close            lcd             pwd             restart

# Display the help information for the dir command.

ftp> help dir

dir              list contents of remote directory

Related commands

?

lcd

Use lcd to display the local working directory of the FTP client.

Use lcd directory to change the local working directory of the FTP client to the specified directory.

Use lcd / to change the local working directory of the FTP client to the local root directory.

Syntax

lcd [ directory | / ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies a local directory of the FTP client. There must be a slash sign (/) before the name of the storage medium, for example, /flash:/logfile.

/: Specifies the root directory of the FTP client.

Examples

# Display the local working directory.

ftp> lcd

Local directory now /flash:

# Change the local working directory to flash:/logfile.

ftp> lcd /flash:/logfile

Local directory now /flash:/logfile

ls

Use ls to display detailed information about the files and subdirectories under the current directory on the FTP server.

Use ls remotefile to display detailed information about a specific file or directory on the FTP server.

Use ls remotefile localfile to save detailed information about a specific file or directory on the FTP server to a local file.

Syntax

ls [ remotefile [ localfile ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the file name or directory on the FTP server.

localfile: Specifies the local file used to save the displayed information.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

In FTP client view, executing the ls command is the same as executing the dir command.

Examples

# Display detailed information about the files and subdirectories under the current directory on the FTP server.

ftp> ls

227 Entering Passive Mode (10,153,116,114,11,181)

150 File Listing Follows in ASCII mode

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:19 .

drwxrwxrwx   1 noone    nogroup        0 Apr  8 15:19 ..

-rwxrwxrwx   1 noone    nogroup     6324 Apr  8 14:48 1.txt

-rwxrwxrwx   1 noone    nogroup 97401856 Feb 27 12:28 10500.ipe

-rwxrwxrwx   1 noone    nogroup        1 Apr  8 15:20 3.txt

-rwxrwxrwx   1 noone    nogroup        1 Apr  8 15:20 4.txt

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Compatiable

drwxrwxrwx   1 noone    nogroup        0 Mar 26 14:30 Incompatiable

drwxrwxrwx   1 noone    nogroup        0 Apr  1 15:34 aa

226 Transfer finished successfully

Related commands

dir

mkdir

Use mkdir to create a subdirectory in the current directory on the FTP server.

Syntax

mkdir directory

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the directory to be created.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

You must have permission to perform this operation on the FTP server.

Examples

# Create subdirectory newdir in the current directory of the remote FTP server.

ftp> mkdir newdir

257 "newdir" directory created

newer

Use newer to update a local file by using a remote file on the FTP server.

Syntax

newer remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies the name of the remote file on the FTP server.

localfile: Specifies the name of the local file to be updated.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If the local file does not exist, this command downloads the file from the FTP server and saves it locally.

If the remote file on the FTP server is not newer than the local file, this command does not update the local file.

Examples

# Update the local file with the file a.txt on the FTP server.

ftp> newer a.txt

227 Entering Passive Mode (10,153,116,114,11,190)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to send

 (1 bytes) in IMAGE / Binary mode

226 Transfer finished successfully.

1 bytes received in 0.00268 seconds (374 byte/s)

open

Use open to log in to the FTP server in FTP client view.

Syntax

open server-address [ service-port ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

server-address: Specifies the IP address or host name of the FTP server.

service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default value is 21.

Usage guidelines

After you issue this command, the system will prompt you to enter the username and password.

After you log in to one FTP server, you must disconnect from the server before you can use the open command to log in to another server.

Examples

# In FTP client view, log in to the FTP server 192.168.40.7.

<Sysname>ftp

ftp: No control connection for command.

ftp> open 10.153.116.114

Press CTRL+C to abort.

Connected to 10.153.116.114 (10.153.116.114).

220-

220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user

User (10.153.116.114:(none)): cs

331 Give me your password, please

Password:

230 Logged in successfully

Remote system type is MSDOS.

ftp>

passive

Use passive to set the FTP operation mode to passive.

Syntax

passive

Default

The FTP operation mode is passive.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

FTP can operate in either of the following modes:

·     Active mode—The FTP server initiates the TCP connection.

·     Passive mode—The FTP client initiates the TCP connection.

You can use this command multiple times to change between active and passive modes.

This command is mainly used together with a firewall to control FTP session establishment between private network users and public network users.

Examples

# Set the FTP operation mode to passive.

ftp> passive

Passive mode on.

ftp> passive

Passive mode off.

put

Use put to upload a file on the client to the remote FTP server.

Syntax

put localfile [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

localfile: Specifies the name of the local file to be uploaded.

remotefile: Specifies the file name for saving the uploaded file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To upload a file in the working directory accessed by the ftp command, the localfile argument must specify a file name such as a.cfg.

To upload a file in some other directory, the localfile argument must specify the target directory plus the file name such as flash:/subdirectory/a.cfg. Otherwise, the command fails to take effect.

Examples

# Upload the file a.txt in the working directory accessed by the ftp command and save the file as b.txt on the FTP server.

ftp> put a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,196)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

 in ASCII mode

226 Transfer finished successfully.

45925 bytes sent in 0.00714 seconds (6.13 Mbyte/s)

# Upload the file a.txt in the folder test from the working directory accessed by the ftp command. Save the file as b.txt on the FTP server.

ftp> put flash:/test/a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,201)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

in ASCII mode

226 Transfer finished successfully.

1 bytes sent in 0.000522 seconds (1.9 kbyte/s)

# In IRF mode, upload the file a.txt in the Flash root directory of the MPU that resides in slot 17 of member device 1. Save the file as b.txt on the FTP server.

ftp> put chassis1#slot17#flash:/test/a.txt b.txt

227 Entering Passive Mode (10,153,116,114,11,201)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\b.txt" file ready to receive

in ASCII mode

226 Transfer finished successfully.

1 bytes sent in 0.000522 seconds (1.9 kbyte/s)

Related commands

get

pwd

Use pwd to display the currently accessed directory on the FTP server.

Syntax

pwd

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the currently accessed directory on the remote FTP server.

ftp> cd subdir

250 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\subdir" is current directory

ftp> pwd

257 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\subdir" is current directory

quit

Use quit to terminate the connection to the FTP server and return to user view.

Syntax

quit

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Terminate the connection to the FTP server and return to user view

ftp> quit

221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye

<Sysname>

Related commands

bye

reget

Use reget to get the missing part of a file from the FTP server.

Syntax

reget remotefile [ localfile ]

Views

FTP client view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

remotefile: Specifies the name of the file on the FTP server.

localfile: Specifies the name of the local file.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

If a file download is not completed due to network problems or insufficient storage space, you can use the reget command to get the missing part of the file from the FTP server after you solve the problem.

Examples

# Get the part of the s.bin file that is missing due to transmission interruption.

ftp> reget s.bin

local: s.bin remote: s.bin

350 Restarting at 1749706

150-Connecting to port 47429

150 38143.3 kbytes to download

226 File successfully transferred

39058742 bytes received in 66.2 seconds (576.1 kbyte/s)

rename

Use rename to rename a file.

Syntax

rename [ oldfilename [ newfilename ] ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

oldfilename: Specifies the original file name.

newfilename: Specifies the new file name.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Rename the file a.txt as b.txt:

·     Method 1

ftp> rename

(from-name) a.txt

(to-name) b.txt

350 Enter the name to rename it to...

250 File renamed successfully

·     Method 2

ftp> rename a.txt

(to-name) b.txt

350 Enter the name to rename it to...

250 File renamed successfully

·     Method 3

ftp> rename a.txt b.txt

350 Enter the name to rename it to...

250 File renamed successfully

reset

Use reset to clear the reply information received from the FTP server in the buffer.

Syntax

reset

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear the reply information received from the FTP server.

ftp> reset

restart

Use restart to specify the marker to retransmit a file.

Syntax

restart marker

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

marker: Specifies the retransmit marker.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command varies with FTP servers.

Examples

# Retransmit the file h.c (82 bytes) from 2 bytes.

ftp> restart 2

restarting at 2. execute get, put or append to initiate transfer

ftp> put h.c h.c

local: h.c remote: h.c

350 Restart position accepted (2).

150 Ok to send data.

226 File receive OK.

80 bytes sent in 0.000445 seconds (175.6 kbyte/s)

ftp> dir

150 Here comes the directory listing.

-rw-r--r--    1 0        0              80 Jul 18 02:58 h.c

rhelp

Use rhelp to display the FTP-related commands supported by the FTP server.

Use rhelp protocol-command to display the help information of an FTP-related command supported by the FTP server.

Syntax

rhelp [ protocol-command ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

protocol-command: Specifies an FTP-related command.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the FTP-related commands supported by the FTP.

ftp> rhelp

214-The following FTP commands are recognized

 USER PASS NOOP QUIT SYST TYPE

 HELP CWD  XCWD PWD  CDUP XCUP

 XPWD LIST NLST MLSD PORT EPRT

 PASV EPSV REST RETR STOR APPE

 DELE MKD  XMKD RMD  XRMD ABOR

 SIZE RNFR RNTO

4 UNIX Type: L8

Table 12 Command output

Field

Description

USER

Username, corresponding to the xx command in FTP client view.

PASS

Password.

NOOP

Null operation.

SYST

System parameters.

TYPE

Request type.

CWD

Changes the current working directory.

XCWD

Extended command with the meaning of CWD.

PWD

Prints the working directory.

CDUP

Changes the directory to the upper directory.

XCUP

Extended command with the meaning of CDUP.

XPWD

Extended command with the meaning of PWD.

LIST

Lists files.

NLST

Lists brief file description.

MLSD

Lists file content.

PORT

Active mode.

PASV

Passive mode.

REST

Restarts.

RETR

Downloads files.

STOR

Uploads files.

APPE

Appends uploading.

DELE

Deletes files.

MKD

Creates folders.

XMKD

Extended command with the meaning of MKD.

RMD

Deletes folders.

XRMD

Extended command with the meaning of RMD.

ABOR

Aborts the transmission.

SIZE

Size of the transmission file.

RNFR

Original name.

RNTO

New name.

 

rmdir

Use rmdir to permanently delete a directory from the FTP server.

Syntax

rmdir directory

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of a directory on the remote FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

To perform this operation, you must have delete permission on the FTP server.

Delete all files and subdirectories in a directory before you delete the directory. For more information about how to delete files, see the delete command.

Executing the rmdir command also deletes the files in the recycle bin of the specified directory.

Examples

# Delete the empty directory subdir1.

ftp>rmdir subdir1

200 Directory subdir1 removed

Related commands

delete

rstatus

Use rstatus to display FTP server status.

Use rstatus remotefile to display detailed information about a specific directory or file on the FTP server.

Syntax

rstatus [ remotefile ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

remotefile: Specifies a directory or file on the FTP server.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Support for this command varies with FTP servers.

Examples

# Display FTP server status.

ftp> rstatus

211-FTP server status:

     Connected to 192.168.20.177

     Logged in as root

     TYPE: ASCII

     No session bandwidth limit

     Session timeout in seconds is 300

     Control connection is plain text

     Data connections will be plain text

     At session startup, client count was 1

     vsFTPd 2.0.6 - secure, fast, stable

211 End of status

Table 13 Command output

Filed

Description

211-FTP server status:

Beginning of the display of FTP server status, where 211 specifies the FTP command.

Connected to 192.168.20.177

IP address of the FTP client.

Logged in as root

Login username root.

TYPE: ASCII

File transfer mode ASCII.

Session timeout in seconds is 300

Timeout interval is 300 seconds.

Control connection is plain text

Control connection type is plain text.

Data connections will be plain text

Data connection type is plain text.

At session startup, client count was 1

FTP connection number is 1.

vsFTPd 2.0.6 - secure, fast, stable

FTP version is 2.0.6.

211 End of status

End of the display of FTP server status.

 

# Display file a.txt.

ftp> rstatus a.txt

213-Status follows:

-rw-r--r--    1 0        0              80 Jul 18 02:58 a.txt

213 End of status

Table 14 Command output

Field

Description

213-Status follows:

Beginning of the display of the file, where 213 specifies the FTP command.

-rw-r--r--

The first bit specifies the file type:

·     -—Common.

·     B—Block.

·     c—Character.

·     d—Directory.

·     l—Symbol connection file.

·     p—Pipe.

·     s—socket.

The second bit through the tenth bit are divided into three groups. Each group contains three characters, representing the access permission of the owner, group, and other users.

·     -—No permission.

·     r—Read permission.

·     w—Write permission.

·     x—Execution permission.

1

Number of connections.

0

Name of the file owner.

0

Group number of the file owner.

80

File size, in bytes.

Jul 18 02:58

Date and time when the file was most recently modified.

a.txt

File name.

213 End of status

End of the display of the file information.

 

status

Use status to display FTP status.

Syntax

status

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Examples

# Display FTP status.

ftp> status

Connected to 192.168.1.56.

No proxy connection.

Not using any security mechanism.

Mode: stream; Type: ascii; Form: non-print; Structure: file

Verbose: on; Bell: off; Prompting: on; Globbing: off

Store unique: off; Receive unique: off

Case: off; CR stripping: on

Ntrans: off

Nmap: off

Hash mark printing: off; Use of PORT cmds: on

Table 15 Command output

Field

Description

Connected to 192.168.1.56.

IP address of the FTP server that is connected to the FTP client.

Verbose: on; Bell: off; Prompting: on; Globbing: off

Displays debugging information.

Store unique: off; Receive unique: off

The name of the file on the FTP server is unique and the name of the local file is unique.

Case: off; CR stripping: on

Does not support obtaining multiple files once and deletes "\r" when downloading text files.

Ntrans: off

Does not use the input-output transmission table.

Nmap: off

The file name does not use the input-to-output mapping template.

Hash mark printing: off; Use of PORT cmds: on

Does not end with a pound sign (#) and uses "PORT" data transmission.

 

system

Use system to display the system information of the FTP server.

Syntax

system

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can perform this operation only after you log in to the FTP server.

Examples

# Display the system information of the FTP server.

ftp> system

5 UNIX Type: L8

user

Use user to change to another user account after login.

Syntax

user username [ password ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies the username of the target user account.

password: Specifies the password of the target user account.

Usage guidelines

You can perform this operation only after you log in to the FTP server.

The username and password of the target user account must have been configured. Otherwise, the user account change operation fails and the FTP connection is closed.

Examples

# After logging in to the FTP server, use the username ftp and password 123456 to re-log in to the FTP server (the output might vary by the FTP server):

·     Method 1

ftp> user ftp 123456

331 Password required for ftp.

230 User logged in.

·     Method 2

ftp> user ftp

331 Give me your password, please

Password:

230 Logged in successfully

verbose

Use verbose to enable or disable the device to display detailed information about FTP operations.

Syntax

verbose

Default

The device displays detailed information about FTP operations.

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The verbose command takes effect only for the current FTP session. It is lost after the session is disconnected.

Examples

# Disable the device from displaying detailed information about FTP operations.

ftp> verbose

Verbose mode off.

# Execute the get command.

ftp> verbose

Verbose mode off.

ftp> get a.txt

# Enable the device to display detailed information about FTP operations.

ftp> verbose

Verbose mode on.

# Execute the get command.

ftp> get a.txt

227 Entering Passive Mode (10,153,116,114,12,17)

150 "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\desk\125X\a.txt" file ready to

send (6324 bytes) in IMAGE / Binary mode

226 Transfer finished successfully.

6324 bytes received in 0.0104 seconds (594.7 kbyte/s)ftp> get a.cfg 2.cfg

227 Entering Passive Mode (192,168,1,58,68,14)

150-Accepted data connection

150 The computer is your friend. Trust the computer

226 File successfully transferred

3796 bytes received in 0.00762 seconds (486.5 kbyte/s)

?

Use ? to display all commands supported by an FTP client.

Use ? command-name to display the help information for a specific command.

Syntax

? [ command-name ]

Views

FTP client view

Predefined user roles

network-admin

mdc-admin

Parameters

command-name: Specifies a command supported by the FTP client.

Usage guidelines

In FTP client view, entering ? is the same as executing the help command.

Examples

# Display all commands supported by the FTP client.

ftp> ?

Commands may be abbreviated.  Commands are:

 

append           delete          ls              quit            rmdir         

ascii            debug           mkdir           reget           status        

binary           dir             newer           rstatus         system        

bye              disconnect      open            rhelp           user          

cd               get             passive         rename          verbose       

cdup             help            put             reset           ?             

close            lcd             pwd             restart

# Display the help information for the dir command.

ftp> ? dir

dir              list contents of remote directory

Related commands

help

 


TFTP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

TFTP is not supported in FIPS mode.

tftp

Use tftp to download a file from the TFTP server to the local device or upload a local file to the TFTP server in an IPv4 network.

Syntax

tftp tftp-server { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies the IPv4 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).

get: Downloads a file and writes the file directly to the destination folder. If the destination folder already has a file using the same name, the system deletes the existing file before starting the download operation. The existing file is permanently deleted even if the download operation fails.

put: Uploads a file.

sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file using the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.

source-filename: Specifies the source file name, a case-insensitive string of 1 to 1 to 255 characters.

destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.

vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.

dscp dscp-value: Specifies the DSCP value for IPv4 to use for outgoing TFTP packets to indicate the packet transmission priority, in the range of 0 to 63. The default is 0.

source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address for outgoing TFTP packets. If this keyword is not specified, the device uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address of outgoing TFTP packets.

·     interface interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of this interface will be used as the source IPv4 address for outgoing TFTP packets. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

·     ip source-ip-address: Specifies an IPv4 address. This address must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Download the new.bin file from the TFTP server at 192.168.1.1 and save it as new.bin.

<Sysname> tftp 192.168.1.1 get new.bin

Press CTRL+C to abort.

   % Total    % Received % Xferd  Average Speed   Time    Time     Time   Current

                                  Dload  Upload   Total   Spent    Left   Speed

100 13.9M  100 13.9M    0     0  1206k      0  0:00:11  0:00:11  --:--:-- 1206k

<System>

Table 16 Command output

Field

Description

%

Percentage of file transmission progress.

Total

Size of files to be transmitted, in bytes.

%

Percentage of received file size to total file size.

Received

Received file size, in bytes.

%

Percentage of sent file size to total file size.

Xferd

Sent file size, in bytes.

Average Dload

Average download speed, in bps.

Speed Upload

Average upload speed, in bps.

 

Related commands

tftp client source

tftp client source

Use tftp client source to specify the source IPv4 address for TFTP packets sent by the TFTP client.

Use undo tftp client source to restore the default.

Syntax

tftp client source { interface interface-type interface-number | ip source-ip-address }

undo tftp client source

Default

No source IPv4 address is specified for outgoing TFTP packets. The device uses the primary IPv4 address of the output interface for the route to the server as the source IP address.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface interface-type interface-number: Specifies the source interface for establishing TFTP connections. The primary IPv4 address of the source interface is used as the source IPv4 address for packets sent to a TFTP server. Make sure the interface is up and has the primary IPv4 address configured. Otherwise, the transmission fails.

ip source-ip-address: Specifies the source IPv4 address for outgoing TFTP packets. It must be the IPv4 address of an interface in up state. Otherwise, the transmission fails.

Usages guidelines

If you execute this command multiple times, the most recent configuration takes effect.

The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.

The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.

Examples

# Specify the source IP address of sent TFTP packets as 192.168.20.222.

<Sysname> system-view

[Sysname] tftp client source ip 192.168.20.222

Related commands

tftp

tftp-server acl

Use tftp-server acl to use an ACL to control the device's access to TFTP servers in an IPv4 network.

Use undo tftp-server acl to restore the default.

Syntax

tftp-server acl acl-number

undo tftp-server acl

Default

No ACL is used to control the device's access to TFTP servers.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.

Usages guidelines

You can use an ACL to deny or permit the device's access to specific TFTP servers.

Examples

# Allow the device to access only the TFTP server at 1.1.1.1.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule permit source 1.1.1.1 0

[Sysname-acl-basic-2000] quit

[Sysname] tftp-server acl 2000

 


File system management commands

IMPORTANT

IMPORTANT:

·     Before managing storage media, files, and directories, make sure you know the possible impacts.

·     A file or directory whose name starts with a period (.) is considered a hidden file or directory. Do not give a common file or directory a name that starts with a period.

·     Some system files and directories are hidden.

 

A file name must be specified in one of the file name formats allowed. For more information, see Fundamentals Configuration Guide.

Before you use the copy, delete, fixdisk, format, gunzip, gzip, mkdir, move, rename, rmdir, or undelete command on a USB disk, make sure the disk is not write protected.

cd

Use cd to change the current working directory.

Syntax

cd { directory | .. }

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of the destination directory, in the format [drive:/]path. For more information about how to enter the drive and path arguments, see Fundamentals Configuration Guide. If no drive information is provided, the argument represents a folder or subfolder in the current directory.

..: Specifies the parent directory. If the current working directory is the root directory, or if no upper directory exists, the system displays an error message when you execute the cd .. command. No online help information is available for this keyword.

Examples

# Access the test folder after logging in to the device.

<Sysname> cd test

# Return to the upper directory.

<Sysname> cd ..

# In standalone mode, change the current working directory:

1.     View the slot number of the standby MPU.

<Sysname> display device

Slot No. Brd Type         Brd Status   Subslot Num  Sft Ver          Patch Ver

 0       NONE             Absent       0            NONE             None

 1       NONE             Absent       0            NONE             None

 2       NONE             Absent       0            NONE             None

 3       NONE             Absent       0            NONE             None

 4       NONE             Absent       0            NONE             None

 5       NONE             Absent       0            NONE             None

 6       NONE             Absent       0            NONE             None

 7       NONE             Absent       0            NONE             None

 8       NONE             Absent       0            NONE             None

 9       LSX1TGS48FC1     Normal       0            S12510-X-1105    None

 10      LSX1FAB10B1      Normal       0            S12510-X-1105    None

 11      LSX1FAB10B1      Normal       0            S12510-X-1105    None

 12      NONE             Absent       0            NONE             None

 13      NONE             Absent       0            NONE             None

 14      NONE             Absent       0            NONE             None

 15      NONE             Absent       0            NONE             None

 16      LSX1SUP10B1      Standby      0            S12510-X-1105    None

 17      LSX1SUP10B1      Master       0            S12510-X-1105    None

The output shows that the standby MPU is in slot 16.

2.     Change to the root directory of the standby MPU's flash memory.

<Sysname> cd slot16#flash:/

3.     Change back to the test folder of the active MPU's flash memory.

<Sysname> cd flash:/test

# In IRF mode, change the current working directory:

4.     View the chassis numbers and slot numbers of MPUs.

<Sysname> display irf

 Member   Slot   Role    Priority    CPU-Mac

   2      0      Standby 20          00e0-fc0f-8c0f

   2      1      Standby 20          00e0-fc0f-8c1f

 *+3      5      Master  20          00e0-fc0f-8c22

   3      6      Standby 20          00e0-fc0f-8c32

 

--------------------------------------------------

 * indicates the device is the master.

 + indicates the device through which the user logs in.

 The Bridge MAC of the IRF is: 00e0-fc00-0a00

 Auto upgrade                  : yes

 Mac persistent                : 6 min

The output shows that the IRF fabric has two members:

¡     The global active MPU is in slot 5 of member device 3.

¡     The global standby MPUs are in slots 0 and 1 of member device 2, and slot 6 of member device 3.

5.     Change to the test folder of the global active MPU's flash memory.

<Sysname> cd flash:/test

6.     Change to the root directory of the flash memory on the global standby MPU that resides in slot 16 of member device 2.

<Sysname> cd chassis2#slot16#flash:/

7.     Change back to the root directory of the global active MPU's flash memory.

<Sysname> cd flash:/

copy

Use copy to copy a file.

Syntax

copy fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name or URL of the file to be copied. If the file resides on an FTP or TFTP server rather than on the device, specify the URL of the file. Whether a URL is case sensitive depends on the server.

fileurl-dest: Specifies the name or URL of the destination file or directory. To copy the source file to an FTP or TFTP server, specify a URL. If you specify a directory, the device copies the specified file to the directory and saves it with its original file name. Whether a URL is case sensitive depends on the server.

Usage guidelines

You can use the copy command to perform the following operations:

·     Copy a local file and save it locally.

·     Copy a local file and save it to an IPv4 FTP or TFTP server.

·     Copy a file on an IPv4 FTP or TFTP server and save it locally.

To specify a file or directory, use the following guidelines:

 

Location

Name format

Remarks

On the device

Use the file name guidelines in Fundamentals Configuration Guide.

N/A

On an FTP server

Enter the URL in the format ftp://FTP username[:password]@server address[:port number]/file path[/file name].

The username and password must be the same as those configured on the FTP server. If the server authenticates users only by the username, you are not required to enter the password.

For example, to use the username 1 and password 1 and specify the startup.cfg file in the authorized working directory on FTP server 1.1.1.1, enter the URL ftp://1:1@1.1.1.1/startup.cfg.

On a TFTP server

Enter the URL in the format tftp://server address[:port number]/file path[/file name].

For example, to specify the startup.cfg file in the working directory on TFTP server 1.1.1.1, enter the URL tftp://1.1.1.1/startup.cfg.

 

Examples

# Copy the test.cfg file in the current folder and save it to the current folder as testbackup.cfg.

<Sysname> copy test.cfg testbackup.cfg

Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to flash:/testbackup.cfg...Done.

# Copy 1.cfg from the Flash's test folder to the USB disk's first partition, and save it to the testbackup folder as 1backup.cfg.

<Sysname> copy flash:/test/1.cfg usb0:/testbackup/1backup.cfg

Copy flash:/test/1.cfg to usb0:/testbackup/1backup.cfg?[Y/N]:y

Copying file flash:/test/1.cfg to usb0:/testbackup/1backup.cfg...Done.

# Copy test.cfg from the working directory on FTP server 1.1.1.1 and save it to the local current folder as testbackup.cfg. In this example, the FTP username and password are user and private.

<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg

Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.

# Copy test.cfg from the current folder and save it to the working directory on FTP server 1.1.1.1 as testbackup.cfg. In this example, the FTP username and password are user and private.

<Sysname> copy test.cfg ftp://user:private@1.1.1.1/testbackup.cfg

Copy flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg... Done.

# Copy test.cfg from the working directory on TFTP server 1.1.1.1 and save it to the local current folder as testbackup.cfg.

<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg

Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg?[Y/N]:y

Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.

# Copy test.cfg from the current folder and save it to the working directory on TFTP server 1.1.1.1 as testbackup.cfg.

<Sysname> copy test.cfg tftp://1.1.1.1/testbackup.cfg

Copy flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg?[Y/N]:y

Copying file flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg... Done.

# In standalone mode, copy the active MPU's configuration file test.cfg to the root directory of the standby MPU's flash memory.

<Sysname> copy test.cfg slot16#flash:/

Copy flash:/test.cfg to slot16#flash:/test.cfg?[Y/N]:y

Copying file flash:/test.cfg to slot16#flash:/test.cfg...Done.

# In IRF mode, copy the global active MPU's configuration file test.cfg to the root directory of a global standby MPU's flash memory. The global standby MPU resides in slot 16 of member device 2.

<Sysname> copy chassis1#slot16#flash:/test.cfg chassis2#slot16#flash:/

Copy chassis1#slot16#flash:/test.cfg to chassis2#slot16#flash:/test.cfg?[Y/N]:y

Copying file chassis1#slot16#flash:/test.cfg to chassis2#slot16#flash:/test.cfg...Done.

delete

Use delete to delete a file.

Syntax

delete [ /unreserved ] file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

/unreserved: Permanently deletes the specified file. If you do not specify this keyword, the command moves the file to the recycle bin.

file-url: Specifies the name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the .txt extension in the current directory, enter delete *.txt.

Usage guidelines

Use the delete /unreserved file-url command with caution. You cannot restore a file that was deleted with this command.

The delete file-url command (without the /unreserved option) moves the specified file to the recycle bin unless the device is running out of storage space. If the device is running out of storage space, the file is permanently deleted.

A file moved to the recycle bin can be restored by using the undelete command.

Do not use the delete command to delete files from the recycle bin. To delete files from the recycle bin, use the reset recycle-bin command.

If you delete two files that have the same name but reside in different directories, both files are retained in the recycle bin. If you successively delete two files that have the same name from the same directory, only the file deleted last is retained in the recycle bin.

Examples

# In standalone mode, remove file 1.cfg from the active MPU's flash root directory.

<Sysname> delete 1.cfg

Delete flash:/1.cfg? [Y/N]:y

Deleting file flash:/1.cfg...Done.

# In standalone mode, permanently delete file 1.cfg from the active MPU's flash root directory.

<Sysname> delete /unreserved 1.cfg

The file cannot be restored. Delete flash:/1.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

Deleting file flash:/1.cfg...Done.

# In standalone mode, remove file 1.cfg from the flash root directory of the standby MPU (in slot 17):

·     Method 1

<Sysname> delete slot17#flash:/1.cfg

Delete slot17#flash:/1.cfg?[Y/N]:y

Deleting file slot17#flash:/1.cfg...Done.

·     Method 2

<Sysname> cd slot17#flash:/

<Sysname> delete 1.cfg

Delete slot17#flash:/1.cfg?[Y/N]:y

Deleting file slot17#flash:/1.cfg...Done.

# In IRF mode, remove file 1.cfg from the global active MPU's flash root directory.

<Sysname> delete 1.cfg

Delete flash:/1.cfg?[Y/N]:y

Deleting file flash:/1.cfg...Done.

# In IRF mode, permanently delete file 1.cfg from the global active MPU's flash root directory.

<Sysname> delete /unreserved 1.cfg

The file cannot be restored. Delete flash:/1.cfg?[Y/N]:y

Deleting the file permanently will take a long time. Please wait...

# In IRF mode, remove file 1.cfg from the flash root directory of the global standby MPU that resides in slot 16 of member device 1:

·     Method 1

<Sysname> delete chassis1#slot16#flash:/1.cfg

Delete chassis1#slot16#flash:/1.cfg?[Y/N]:y

Deleting file chassis1#slot16#flash:/1.cfg...Done.

·     Method 2

<Sysname> cd chassis1#slot16#flash:/

<Sysname> delete 1.cfg

Delete chassis1#slot16#flash:/1.cfg?[Y/N]:y

Deleting file chassis1#slot16#flash:/1.cfg...Done.

Related commands

·     reset recycle-bin

·     undelete

dir

Use dir to display files or folders.

Syntax

dir [ /all ] [ file-url | /all-filesystems ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

/all: Displays all files and folders in the current directory, visible or hidden. If you do not specify this option, only visible files and folders are displayed.

file-url: Displays a specific file or folder. The file-url argument can use the asterisk (*) as a wildcard. For example, to display files with the .txt extension in the current directory, enter dir *.txt.

/all-filesystems: Displays files and folders in the root directory of all storage media on the device.

Usage guidelines

If no option is specified, the command displays all visible files and folders in the current directory.

The folder name of the recycle bin is .trash. To display files in the recycle bin, use either of the following methods:

·     Execute the dir /all .trash command.

·     Execute the cd .trash command and then the dir command.

Examples

# In standalone mode, display all files and folders in the current directory.

<Sysname> dir /all

Directory of flash:/

...

# In standalone mode, display files and folders in the root directories of all storage media on the device.

<Sysname> dir /all-filesystems

Directory of flash:/

...

Directory of usb0:/

...

Directory of slot7#flash:/

...

Directory of slot7#usb0:/

...

# In standalone mode, display files and folders in the root directory of the flash memory on the standby MPU (in slot 16).

<Sysname> cd slot16#flash:/

<Sysname> dir /all

...

# In IRF mode, display information about all files and folders on the global active MPU's storage media.

<Sysname> dir /all

Directory of flash:/

...

# In IRF mode, display files and folders in the root directories of every storage medium in the IRF fabric.

<Sysname> dir /all-filesystems

Directory of flash:/

...

 

Directory of chassis1#slot1#flash:/

...

# In IRF mode, display information about all files and folders in the storage medium of the global standby MPU that resides in slot 16 of member device 1:

·     Method 1

<Sysname> dir /all chassis1#slot16#flash:/

Directory of chassis1#slot16#flash:/

...

·     Method 2

<Sysname> cd chassis1#slot16#flash:/

<Sysname> dir /all

...

Table 17 Command output

Field

Description

Directory of

Current directory.

0     -rwh      3144  Apr 26 2008 13:45:28   xx.xx

File or folder information:

·     0File or folder number, which is automatically allocated by the system.

·     -rwhAttributes of the file or folder. The first character is the folder indicator (d for folder and for file). The second character indicates whether the file or folder is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The fourth character indicates whether the file or directory is hidden (h for hidden, - for visible). Modifying, renaming, or deleting hidden files might affect functions.

·     3144—File size in bytes. For a folder, a hyphen (-) is displayed.

·     Apr 26 2008 13:45:28—Last date and time when the file or folder was modified.

·     xx.xx—File or folder name.

 

fdisk

Use fdisk to partition a storage medium.

Syntax

fdisk medium-name [ partition-number ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of the storage medium to be partitioned.

partition-number: Specifies the number of partitions, in the range of 1 to 4.

Usage guidelines

The Flash cannot be partitioned.

If the partition-number argument is specified, the storage medium is divided into the specified number of partitions. Otherwise, partitioning is performed in an interactive way.

It is normal that the specified partition size and the actual partition size have an error less than 5% of the total memory.

A partition cannot be partitioned.

Before partitioning a USB disk:

·     Back up the files in the storage medium. The partition operation clears all data in the medium.

·     If you are partitioning a USB disk, make sure the disk is not write protected. Otherwise, the partition operation will fail, and you must remount or reinstall the disk to restore access to the USB disk.

·     Make sure no other users are accessing the medium. Otherwise, the partition operation fails.

Examples

# Divide the USB disk on the device evenly into three partitions in simple mode.

<Sysname> fdisk usb: 3

Capacity of usb: : 256M bytes

usb: will be divided into the following partitions:

DeviceName      Capacity

usb0:            85MB

usb1:            85MB

usb2:            86MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

# Divide the USB disk on the device into one partition in an interactive way.

<Sysname> fdisk usb:

The capacity of usb: : 256M bytes

Partition 1 (32MB~224MB, 256MB. Press CTRL+C to quit or Enter to use all available space):

// Press Enter or enter 256.

usb: will be divided into the following partition(s):

DeviceName    Capacity

usb0:          256MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

# Divide the USB disk on the device into three partitions and specify the size for each partition:

<Sysname> fdisk usb:

The capacity of usb: : 256M bytes

Partition 1 (32MB~224MB, 256MB, Press CTRL+C to quit or Enter to use all available space):128

// Enter 128 to set the size of the first partition to 128 MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):31

// Enter 31 to set the size of the second partition to 31 MB.

The partition size must be greater than or equal to 32MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):1000

// Enter 1000 to set the size of the second partition to 1000 MB.

The partition size must be less than or equal to 128MB.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):127

// Enter 127 to set the size of the second partition to 127 MB.

The remaining space is less than 32MB. Please enter the size of partition 2 again.

Partition 2 (32MB~96MB, 128MB, Press CTRL+C to quit or Enter to use all available space):

// Enter 56 to set the size of the second partition to 56 MB.

Partition 3 (32MB~40MB, 72MB, Press CTRL+C to quit or Enter to use all available space):

// Press Enter to assign the remaining space to the third partition.

usb: will be divided into the following partition(s):

DeviceName     Capacity

usb0:            128MB

usb1:            56MB

usb2:            72MB

All data on usb: will be lost, continue? [Y/N]:y

Partitioning usb:...Done.

file prompt

Use file prompt to set the operation mode for files and folders.

Use undo file prompt to restore the default.

Syntax

file prompt { alert | quiet }

undo file prompt

Default

The alert mode is activated and the system prompts for confirmation when you perform a destructive file or folder operation.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

alert: Prompts for confirmation when a destructive file or folder operation is being performed.

quiet: Gives no confirmation prompt for file or folder operations.

Usage guidelines

In quiet mode, the system does not prompt for confirmation when a user performs a file or folder operation. The alert mode provides an opportunity to cancel a disruptive operation.

Examples

# Set the file and folder operation mode to alert.

<Sysname> system-view

[Sysname] file prompt alert

fixdisk

Use fixdisk to check a storage medium for damage and repair any damage.

Syntax

fixdisk medium-name

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium name.

Usage guidelines

Use this command to fix a storage medium when space on the medium cannot be used or released due to abnormal operations.

Before you repair a storage medium, make sure no other users are accessing the medium. Otherwise, the repair operation fails.

Examples

# Restore the space of the Flash.

<Sysname> fixdisk flash:

Restoring flash: may take some time...

Restoring flash:...Done.

format

Use format to format a storage medium.

Syntax

format medium-name

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

Formatting a storage medium permanently deletes all files on the storage medium. If a startup configuration file exists on the storage medium, back it up if necessary.

To format a partitioned storage medium, you must format the partitions individually. You cannot use the format usb command to format the medium as a whole.

You can format a storage medium only when no one is accessing the medium.

Examples

# Format the Flash.

<Sysname> format flash:

All data on flash: will be lost, continue? [Y/N]:y

Formatting flash:... Done.

# Format the third partition of the USB disk.

<Sysname> format usb2:

All data on usb2: will be lost, continue? [Y/N]:y

Formatting usb2:... Done.

gunzip

Use gunzip to decompress a file.

Syntax

gunzip filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of the file to be decompressed. This argument must have .gz as the extension.

Usage guidelines

This command deletes the specified file after decompressing it.

Examples

# Decompress the file system.bin.gz.

1.     Before decompressing the file, you can display files whose names start with the system. string.

<Sysname> dir system.*

Directory of flash:

   1 -rw-          20 Jun 14 2012 10:18:53   system.bin.gz

472972 KB total (472840 KB free)

2.     Decompress the file system.bin.gz.

<Sysname> gunzip system.bin.gz

Decompressing file system.bin.gz... Done.

3.     Verify the decompress operation.

<Sysname> dir system.*

Directory of flash:

   1 -rw-           0 May 30 2012 11:42:25   system.bin

472972 KB total (472844 KB free)

gzip

Use gzip to compress a file.

Syntax

gzip filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of the file to be compressed. The compressed file will be saved to file filename.gz.

Usage guidelines

This command deletes the specified file after compressing it.

Examples

# Compress the file system.bin.

1.     Before compressing the file, you can display files whose names start with system.

<Sysname> dir system.*

Directory of flash:

   1 -rw-           0 May 30 2012 11:42:24   system.bin

472972 KB total (472844 KB free)

2.     Compress the file system.bin.

<Sysname> gzip system.bin

Compressing file system.bin... Done.

3.     Verify the compress operation.

<Sysname> dir system.*

Directory of flash:

   1 -rw-          20 Jun 14 2012 10:18:53   system.bin.gz

472972 KB total (472840 KB free)

md5sum

Use md5sum to use the MD5 algorithm to calculate the digest of a file.

Syntax

md5sum file-url

Views

User view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

file-url: Specifies the name of a file.

Usage guidelines

The digest can be used to verify the integrity of the file. For example, you can use this command to calculate the digest of a software image file and compare it with that provided on the H3C website to identify whether the file has been tampered with.

Examples

# Use the MD5 algorithm to calculate the digest of file system.bin.

<Sysname> md5sum system.bin

MD5 digest:

4f22b6190d151a167105df61c35f0917

Related commands

sha256sum

mkdir

Use mkdir to create a folder in the current directory.

Syntax

mkdir directory

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the name of a folder.

Usage guidelines

The name of the folder to be created must be unique in the specified directory.

To use this command to create a folder, the specified directory must exist. For example, to create the flash:/test/mytest folder, the test folder must exist. Otherwise, the mytest folder is not created.

Examples

# Create the test folder in the current directory.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Create the test/subtest folder in the current directory.

<Sysname> mkdir test/subtest

Creating directory flash:/test/subtest... Done.

# In standalone mode, create the test folder on the flash memory of the standby MPU (in slot 16).

<Sysname> mkdir slot16#flash:/test

Creating directory slot16#flash:/test... Done.

# In IRF mode, create the test folder on the global active MPU.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# In IRF mode, create the test folder on the flash memory of the global standby MPU that resides in slot 16 of member device 2.

<Sysname> mkdir chassis2#slot16#flash:/test

Creating directory chassis2#slot16#flash:/test... Done.

more

Use more to display the contents of a text file.

Syntax

more file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies a file name.

Examples

# Display the contents of the test.txt file.

<Sysname> more test.txt

Have a nice day.

# Display the contents of the testcfg.cfg file.

<Sysname> more testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In standalone mode, display the contents of the testcfg.cfg file on the standby MPU (in slot 16).

<Sysname> more slot16#flash:/testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In IRF mode, display the contents of the testcfg.cfg file on the global active MPU.

<Sysname> more testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

# In IRF mode, display the contents of the testcfg.cfg file on a global standby MPU.

<Sysname> more chassis2#slot16#flash:/testcfg.cfg

#

version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

---- More ----

mount

Use mount to mount a hot swappable storage medium.

Syntax

mount medium-name

Default

A storage medium is automatically mounted and in mounted state after being connected to the device, and you can use it without mounting it.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

To avoid file system corruption, do not perform the following operations while the system is mounting a storage medium:

·     Installing or removing storage media or cards.

·     Performing an active/standby switchover in standalone mode.

·     Performing a switchover between the global active MPU and a global standby MPU in IRF mode.

To mount a partitioned storage medium, you must mount all the partitions individually, instead of mounting the storage medium as a whole.

Examples

# In standalone mode, mount a USB disk on the active MPU.

<Sysname> mount usb0:

# In standalone mode, mount a USB disk on the standby MPU (in slot 16).

<Sysname> mount slot16#usb0:

# In IRF mode, mount a USB disk on the global active MPU.

<Sysname> mount usb0:

# In IRF mode, mount a USB disk on the global standby MPU that resides in slot 17 of member device 2.

<Sysname> mount chassis2#slot17#usb0:

Related commands

umount

move

Use move to move a file.

Syntax

move fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name of the source file.

fileurl-dest: Specifies the name of the destination file or folder.

Usage guidelines

If you specify a destination folder, the system moves the source file to the specified folder without changing the file name.

Examples

# Move the flash:/test/sample.txt file to flash:/, and save it as 1.txt.

<Sysname> move test/sample.txt 1.txt

Move flash:/test/sample.txt to flash:/1.txt?[Y/N]:y

Moving file flash:/test/sample.txt to flash:/1.txt ...Done.

# Move the b.cfg file to the folder test2.

<Sysname> move b.cfg test2

Move flash:/b.cfg to flash:/test2/b.cfg?[Y/N]:y

Moving file flash:/b.cfg to flash:/test2/b.cfg... Done.

pwd

Use pwd to display the current working directory.

Syntax

pwd

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Display the current working directory.

<Sysname> pwd

flash:

rename

Use rename to rename a file or folder.

Syntax

rename fileurl-source fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

fileurl-source: Specifies the name of the source file or folder.

fileurl-dest: Specifies the name of the destination file or folder.

Usage guidelines

If the destination file or folder name is the same as the name of an existing file or folder in the current working directory, this command is not executed.

Examples

# Rename the copy.cfg file as test.cfg.

<Sysname> rename copy.cfg test.cfg

Rename flash:/copy.cfg as flash:/test.cfg?[Y/N]:y

Renaming flash:/copy.cfg as flash:/test.cfg... Done.

reset recycle-bin

Use reset recycle-bin to delete files from the recycle bin.

Syntax

reset recycle-bin [ /force ]

Views

User view

Parameters

/force: Deletes all files in the recycle bin without prompting for confirmation. If you do not specify this option, the command prompts you to confirm the deletion.

Usage guidelines

The delete file-url command only moves a file to the recycle bin. To permanently delete the file, use the reset recycle-bin command to clear the recycle bin.

If a file is corrupted, you might not be able to delete the file by using the reset recycle-bin command. In this case, use the reset recycle-bin /force command.

Examples

# Empty the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg?[Y/N]:y

Clearing file flash:/a.cfg... Done.

Clear flash:/b.cfg?[Y/N]:y

Clearing file flash:/b.cfg... Done.

# Delete the b.cfg file from the recycle bin. (In this example there are two files in the recycle bin.)

<Sysname> reset recycle-bin

Clear flash:/a.cfg?[Y/N]:n

Clear flash:/b.cfg?[Y/N]:y

Clearing file flash:/b.cfg... Done.

Related commands

delete

rmdir

Use rmdir to delete a folder.

Syntax

rmdir directory

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies a folder name.

Usage guidelines

To delete a directory, you must delete all files and subfolders in the directory permanently or move them to the recycle bin. If you move them to the recycle bin, executing the rmdir command permanently deletes them.

Examples

# Delete the subtest folder.

<Sysname>rmdir subtest/

Remove directory flash:/test/subtest and the files in the recycle-bin under this directory will be deleted permanently. Continue?[Y/N]:y

Removing directory flash:/test/subtest... Done.

sha256sum

Use sha256sum to use the SHA-256 algorithm to calculate the digest of a file.

Syntax

sha256sum file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies the name of a file.

Usage guidelines

The digest can be used to verify the integrity of the file. For example, you can use this command to calculate the digest of a software image file and compare it with that provided on the H3C website to identify whether the file has been tampered with.

Examples

# Use the SHA-256 algorithm to calculate the digest of file system.bin.

<Sysname> sha256sum system.bin

SHA256 digest:

0851e0139f2770e87d01ee8c2995ca9e59a8f5f4062e99af14b141b1a36ca152

Related commands

md5sum

tar create

Use tar create to archive files and folders.

Syntax

tar create [ gz ] archive-file fileurl-dest [ verbose ] source fileurl-source-list&<1-5>

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

gz: Uses gzip to compress the files and folders before archiving them.

archive-file fileurl-dest: Specifies the archive file name. If you specified the gz keyword, the suffix of this argument must be .tar.gz. If you did not specify the gz keyword, the suffix of this argument must be .tar.

verbose: Displays the names of the successfully archived files and folders.

source fileurl-source-list&<1-5>: Specifies the files and folders to be archived. The fileurl-source-list argument can be a space-separated list of up to five items. Each item can be a file or folder name.

Examples

# Archive file a.cfg to file a.tar.

<Sysname> tar create archive-file a.tar source a.cfg

Creating archive a.tar …… Done.

# Compress file a.cfg and archive the file to a.tar.gz.

<Sysname> tar create gz archive-file a.tar.gz source a.cfg

Creating archive a.tar.gz Done.

# Compress and archive files and folders, and display the successfully archived files and folders.

<Sysname> tar create gz archive-file a.tar.gz verbose source a.cfg a.dbm ./core

a.cfg

a.dbm

./core

Related commands

·     tar extract

·     tar list

tar extract

Use tar extract to extract files and folders.

Syntax

tar extract archive-file fileurl-dest [ verbose ] [ screen | to directory-name ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

archive-file fileurl-dest: Specifies the archive file name. The suffix can be .tar or .tar.gz.

verbose: Displays the names of the successfully extracted files and folders.

screen: Displays the content of the extracted files and folders on the screen. The extracted files are not saved.

to directory-name: Saves the extracted files and folders to a path.

Usage guidelines

If you do not specify the screen keyword or the to directory-name option, the command extracts the archived files and folders and saves them to the same folder as the archive file.

Examples

# Extract files and folders, and save them to the same folder as the archive file.

<Sysname> tar extract archive-file a.tar.gz

Extracting archive a.tar.gz …… Done.

# Extract files and folders, and display their content on the screen.

<Sysname> tar extract archive-file a.tar.gz verbose screen

a.cfg

#

version 7.1.045, Ess 1105

#

sysname H3C

#

# Extract files and folders, save them to the same folder as the archive file, and display the names of the archived files and folders.

<Sysname> tar extract archive-file a.tar.gz verbose

a.txt

# Extract files and folders, and save them to the path flash:/a.

<Sysname> tar extract archive-file a.tar.gz to flash:/a

Extracting archive a.tar.gz ......Done.

Related commands

·     tar create

·     tar list

tar list

Use tar list to display the names of archived files and folders.

Syntax

tar list archive-file fileurl-dest

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

archive-file fileurl-dest: Specifies the archive file name. The suffix can be .tar or .tar.gz.

Examples

# Display the names of archived files and folders.

<Sysname> tar list archive-file a.tar.gz

a.cfg

Related commands

·     tar create

·     tar extract

umount

Use umount to unmount a hot swappable storage medium.

Syntax

umount medium-name

Default

A storage medium is automatically mounted and placed in mounted state.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

medium-name: Specifies the name of a storage medium.

Usage guidelines

Before you remove a mounted storage medium from the system, first unmount it to avoid damaging the medium.

Before you unmount a storage medium, make sure no other users are accessing the medium. Otherwise, the unmount operation fails.

When a storage medium is connected to a lower version system, the system might not be able to automatically recognize the device. In this case, you must first execute the mount command for the storage medium to operate correctly.

To avoid file system corruption, do not perform the following operations while the system is unmounting a storage medium:

·     Installing or removing storage media or cards.

·     Performing an active/standby switchover in standalone mode.

·     Performing a switchover between the global active MPU and a global standby MPU in IRF mode.

Examples

# In standalone mode, unmount a USB disk from the active MPU.

<Sysname> umount usb0:

# In standalone mode, unmount a USB disk from the standby MPU (in slot 16).

<Sysname> umount slot16#usb0:

# In IRF mode, unmount a USB disk from the global active MPU.

<Sysname> umount usb0:

# In IRF mode, unmount a USB disk from the global standby MPU that resides in slot 17 of member device 2.

<Sysname> umount chassis2#slot17# usb0:

Related commands

mount

undelete

Use undelete to restore a file from the recycle bin.

Syntax

undelete file-url

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Specifies the name of the file to be restored.

Usage guidelines

If another file that has the same name exists in the directory, the system prompts you about whether to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.

Examples

# Restore the copy.cfg file, which was moved from the flash: directory to the recycle bin.

<Sysname>undelete copy.cfg

Undelete flash:/copy.cfg?[Y/N]:y

Undeleting file flash:/copy.cfg... Done.

# Restore the startup.cfg file, which was moved from the flash:/seclog directory to the recycle bin:

·     Method 1

<Sysname>undelete seclog/startup.cfg

Undelete flash:/seclog/startup.cfg?[Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.

·     Method 2

<Sysname> cd seclog

<Sysname> undelete startup.cfg

Undelete flash:/seclog/startup.cfg?[Y/N]:y

Undeleting file flash:/seclog/startup.cfg... Done.


Configuration file management commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

backup startup-configuration

Use backup startup-configuration to back up the main next-startup configuration file to a TFTP server.

Syntax

backup startup-configuration to tftp-server [ dest-filename ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

dest-filename: Specifies the target file name used for saving the file on the server. The file name must use the .cfg extension. If you do not specify a target file name, the source file name is used.

Usage guidelines

This command is not supported in FIPS mode.

Examples

# Back up the main next-startup configuration file to the TFTP server at 2.2.2.2, and set the target file name to 192-168-1-26.cfg.

<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg

Backup next startup-configuration file to 2.2.2.2, please wait…finished

Related commands

restore startup-configuration

configuration commit

Use configuration commit to commit the settings configured after the configuration commit delay command was executed.

Syntax

configuration commit

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

You must execute the configuration commit delay command before executing this command.

As a best practice, enable the information center and configure the information center to output logs to the console. Determine whether to commit the settings depending on the logs. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Set the allowed delay time to 10 minutes for a manual commit to keep the settings configured subsequently in effect.

<Sysname> system-view

[Sysname] configuration commit delay 10

# Commit the settings configured after the configuration commit delay command was executed.

[Sysname] configuration commit

# Commit the settings configured after the configuration commit delay command was executed. In this example, the commit operation fails, because the allowed delay time has expired. The device is rolling back the configuration to the settings before the configuration commit delay command was executed.

[Sysname] configuration commit

The system is rolling back configuration. Please wait…

configuration commit delay

Use configuration commit delay to set the allowed delay time for a manual commit to keep the settings configured subsequently in effect.

Syntax

configuration commit delay delay-time

Views

System view

Predefined user roles

network-admin

Parameters

delay-time: Sets the allowed delay time in the range of 1 to 65535 minutes.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Configure this command in a single-user environment.

If you do not execute the configuration commit command within the delay time, the device rolls back the configuration to the settings before the configuration commit delay command was executed. The device outputs logs to notify the user of the rollback operation. The user cannot perform other operations before the rollback is finished.

As a best practice, set the allowed delay time in the following situations:

·     The user configures the device remotely. The user might be disconnected from the device because of a setting. If the configuration commit delay command is configured and the setting is not committed, the user can reconnect to the device after the delay time expires.

·     The user is not familiar with the device configuration. If any parameters are configured incorrectly, the rollback mechanism can remove the incorrect settings after the delay time expires.

You can change the allowed delay time before the previous configured delay time expires. The new delay time configuration overwrites the previous delay time configuration after you enter Y to confirm the change. The allowed delay time is re-set.

Examples

# Set the allowed delay time to 10 minutes for a manual commit to keep the settings configured subsequently in effect.

<Sysname> system-view

[Sysname] configuration commit delay 10

# Re-set the allowed delay time to 60 minutes for a manual commit to keep the settings configured subsequently in effect.

[Sysname] configuration commit delay 60

The commit delay already set 10 minutes, overwrite it? [Y/N]:y

# Re-set the allowed delay time to 20 minutes for a manual commit to keep the settings configured subsequently in effect. In this example, the configuration fails, because the previous configured delay time has expired. The device is rolling back the configuration to the settings before the configuration commit delay command was executed the previous time.

[Sysname] configuration commit delay 20

The system is rolling back configuration. Please wait…

configuration encrypt

Use configuration encrypt to enable configuration encryption.

Use undo configuration encrypt to restore the default.

Syntax

configuration encrypt { private-key | public-key }

undo configuration encrypt

Default

Configuration encryption is disabled. The running configuration is saved to a configuration file without encryption.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

private-key: Encrypts configuration with a private key. All H3C devices running Comware V7 software use the same private key.

public-key: Encrypts configuration with a public key. All H3C devices running Comware V7 software use the same public key.

Usage guidelines

Configuration encryption enables the device to automatically encrypt a configuration file when saving the running configuration to the file.

Examples

# Enable the public-key method for configuration encryption.

<Sysname> system-view

[Sysname] configuration encrypt public-key

display current-configuration

Use display current-configuration to display the running configuration.

Syntax

display current-configuration [ configuration [ module-name ] | interface [ interface-type [ interface-number ] ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

configuration [ module-name ]: Displays feature configuration. The module-name argument specifies a feature module. If no feature module is specified, this command displays all feature settings you have made. Available feature modules depend on your configuration.

interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the interface-type argument represents the interface type and the interface-number argument represents the interface number.

Usage guidelines

Use this command to verify the running configuration you have made.

If the system has automatically changed the setting you have made for a parameter, this command displays the effective setting instead of the configured one. An automatic change typically occurs because of system restrictions.

Typically, this command does not display parameters that are using the default settings.

Examples

# Display local user configuration.

<Sysname> display current-configuration configuration local-user

#

local-user root class manage

 password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==

 service-type ssh telnet terminal

 authorization-attribute user-role network-admin

 authorization-attribute user-role network-operator

#

return

# Display Ethernet interface configuration.

<Sysname> display current-configuration interface fortygige 1/0/1

#

interface FortyGigE1/0/1

 port link-mode route

#

return

display current-configuration diff

Use display current-configuration diff to display the configuration differences between the running configuration and the next-startup configuration file.

Syntax

display current-configuration diff

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

This command compares the running configuration with the settings in the next-startup configuration file in the following steps:

1.     Compares the running configuration with the settings in the main next-startup configuration file.

2.     If the main next-startup configuration file is unavailable or corrupt, this command compares the running configuration with the settings in the backup next-startup configuration file.

If both the main and backup next-startup configuration files are unavailable or corrupt, the system displays a message indicating that the next-startup configuration file does not exist.

Examples

# Display the configuration differences between the running configuration and the next-startup configuration file.

<TEST1>display current-configuration diff

--- Startup configuration

+++ Current configuration

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

Table 18 Command output

Field

Description

- - - A

+++ B

·     A displays Startup configuration, Current configuration, or the name of the source configuration file with its directory information.

·     B displays Current configuration, Startup configuration, or the name of the target configuration file with its directory information.

@@ -linenumber1,number1 +linenumber2,number2 @@

Location summary for a command line difference:

·     -linenumber1,number1—A total number of number1 lines are excerpted from line number linenumber1 in A. These lines contain a command line difference.

·     +linenumber2,number2—A total number of number2 lines are excerpted from line number linenumber2 in B. These lines contain a command line difference.

cmd1

- cmd2

+ cmd3

cmd4

Command line difference:

·     cmd1 and cmd4 provide a context for locating the different command lines.

·     - cmd2 represents the different command line in A.

·     + cmd3 represents the different command line in B.

 

Related commands

·     display current-configuration

·     display diff

·     display saved-configuration

display default-configuration

Use display default-configuration to display the factory defaults.

Syntax

display default-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The device does not have factory defaults. When you execute this command, the device displays nothing.

Examples

# Display the factory defaults.

<Sysname> display default-configuration

display diff

Use display diff to display the configuration differences between two configuration files or between a configuration file and the running configuration.

Syntax

display diff configfile file-name-s { configfile file-name-d | current-configuration | startup-configuration }

display diff current-configuration { configfile file-name-d | startup-configuration }

display diff startup-configuration { configfile file-name-d | current-configuration }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

configfile file-name-s: Specifies the source configuration file for comparison.

configfile file-name-d: Specifies the target configuration file for comparison.

current-configuration: Specifies the running configuration. In the display diff current-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff startup-configuration commands, this keyword specifies the target configuration.

startup-configuration: Specifies the next-startup configuration file. In the display diff startup-configuration command, this keyword specifies the source configuration file for comparison. In the display diff configfile file-name-s and display diff current-configuration commands, this keyword specifies the target configuration file.

Usage guidelines

If you specify the startup-configuration keyword, the system searches for the next-startup configuration file for comparison in the following order:

1.     The main next-startup configuration file.

2.     The backup next-startup configuration file if the main next-startup configuration file is unavailable or corrupt.

If both the main and backup next-startup configuration files are unavailable or corrupt, the system displays a message indicating that the next-startup configuration file does not exist.

Examples

# Display the configuration differences between test.cfg and testsys.cfg.

<Sysname> display diff configfile test.cfg configfile testsys.cfg

--- flash:/test.cfg

+++ flash:/testsys.cfg

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname test

+ sysname test1

 #

  telnet server enable

 #

# Display the configuration differences between test.cfg and testsys.cfg on the master and subordinate devices in an IRF fabric.

<Sysname>display diff configfile chassis1#slot17#flash:/test.cfg configfile chassis2#slot17#flash:/testsys.cfg

--- flash:/test.cfg

+++ chassis2#slot17#flash:/testsys.cfg

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

# Display the configuration differences between the running configuration and the next-startup configuration file.

<TEST> display diff current-configuration startup-configuration

--- Current configuration

+++ Startup configuration

 

@@ -6,7 +6,7 @@

#

  stp global enable

 #

- sysname TEST

+ sysname TEST1

 #

  telnet server enable

 #

For command output, see Table 18.

Related commands

·     display current-configuration

·     display current-configuration diff

·     display saved-configuration

display saved-configuration

Use display saved-configuration to display the contents of the configuration file for the next system startup.

Syntax

display saved-configuration

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Use this command to verify that important settings have been saved to the configuration file for the next system startup.

This command selects the configuration file to display in the following order:

1.     If the main startup configuration file is available, this command displays the contents of the main startup configuration file.

2.     If the main startup configuration file is not available but the backup startup configuration file is available, this command displays the contents of the backup file.

3.     If both the main and backup startup configuration files are not available, this command does not display anything.

Examples

# Display the contents of the configuration file for the next system startup.

<Sysname> display saved-configuration

#

 Version 7.1.045, Ess 1105

#

 sysname Sysname

#

 telnet server enable

#

  ---- More ----

Related commands

·     reset saved-configuration

·     save

display startup

Use display startup to display the current startup configuration file and the next-startup configuration files.

Syntax

display startup

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Current startup configuration file is the configuration file that has been loaded. Next-startup configuration file is the configuration file used at the next startup.

In standalone mode:

The standby MPU always uses the same current startup configuration file as the active MPU. After an active/standby switchover, it is normal that the current startup configuration files on them are displayed as NULL, because the new active MPU continues to run with the running configuration rather than rebooting with the previous current startup configuration file.

In IRF mode:

The standby MPUs in the IRF fabric always use the same current startup configuration file as the global active MPU. After an active/standby switchover, it is normal that the current startup configuration files on them are displayed as NULL, because the new global active MPU continues to run with the running configuration rather than rebooting with the previous current startup configuration file.

Examples

# (In standalone mode.) Display startup configuration files.

<Sysname> display startup

MainBoard:

 Current startup saved-configuration file: flash:/startup.cfg

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: NULL

Slot 16:

 Current startup saved-configuration file: flash:/startup.cfg

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: NULL

Table 19 Command output

Field

Description

MainBoard

Displays the startup configuration files on the active MPU.

Current startup saved-configuration file

Configuration file that the active MPU has started up with.

Next main startup saved-configuration file

Primary startup configuration file to be used at the next startup.

Next backup startup saved-configuration file

Backup startup configuration file to be used at the next startup.

Slot n

Displays the startup configuration files on the standby MPU in slot n.

 

# (In IRF mode.) Display startup configuration files.

<Sysname> display startup

MainBoard:

 Current startup saved-configuration file: NULL

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: flash:/startup2.cfg

Chassis 2 Slot 16:

 Current startup saved-configuration file: NULL

 Next main startup saved-configuration file: flash:/startup.cfg

 Next backup startup saved-configuration file: flash:/startup2.cfg

Table 20 Command output

Field

Description

MainBoard

Displays the startup configuration files on the global active MPU.

Current startup saved-configuration file

Configuration file that the global active MPU has started up with.

Next main startup saved-configuration file

Primary configuration file to be used at the next startup.

Next backup startup saved-configuration file

Backup configuration file to be used at the next startup.

(This file does not exist.)

If the specified next-startup configuration file has been deleted, this comment appears next to the file name.

Chassis x Slot n

Displays the startup configuration files on the MPU in slot n of IRF member x.

 

Related commands

startup saved-configuration

display this

Use display this to display the running configuration in the current view.

Syntax

display this

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Use this command to verify the configuration you have made in a certain view.

Typically, this command does not display parameters that are set to their default settings.

For some parameters that can be successfully set even if their dependent features are not enabled, this command displays their settings after the dependent features are enabled.

This command can be executed in any user line view to display the running configuration of all user lines.

Examples

# Display the running configuration on interface FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] display this

#

interface FortyGigE1/0/1

 port link-mode route

#

return

# Display the running configuration on user lines.

<Sysname> system-view

[Sysname] line vty 0

[Sysname-line-vty0] display this

#

line aux 0

 user-role network-admin

#

line vty 0 63

 authentication-mode none

 user-role network-admin

 user-role network-operator

#

return

reset saved-configuration

Use reset saved-configuration to delete next-startup configuration files.

Syntax

reset saved-configuration [ backup | main ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

backup: Deletes the backup next-startup configuration file.

main: Deletes the main next-startup configuration file.

Usage guidelines

CAUTION:

Use this command with caution. In standalone mode, this command permanently deletes the next-startup configuration files from both MPUs. In IRF mode, this command permanently deletes the next-startup configuration files on all MPUs in the IRF fabric.

 

Delete a next-startup configuration file if it is corrupted or does not match the software version.

You can delete the main, the backup, or both.

To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.

For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL, but the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.

If no configuration file attribute is specified, the reset saved-configuration command deletes the main next-startup configuration file.

Examples

# (In standalone mode.) Delete the main next-startup configuration file.

<Sysname> reset saved-configuration

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in flash is being cleared.

Please wait ...

..

MainBoard:

 Configuration file is cleared.

Slot 16:

 Erase next configuration file successfully

# (In IRF mode.) Delete the backup next-startup configuration file.

<Sysname> reset saved-configuration backup

The saved configuration file will be erased. Are you sure? [Y/N]:y

Configuration file in flash is being cleared.

Please wait ...

..

MainBoard:

 Configuration file is cleared.

Chassis 2 Slot 16:

 Erase next configuration file successfully

Related commands

display saved-configuration

restore startup-configuration

Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the main next-startup configuration file.

Syntax

restore startup-configuration from tftp-server src-filename

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

tftp-server: Specifies a TFTP server's IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).

src-filename: Specifies the file name of the configuration file to be downloaded.

Usage guidelines

This command is not supported in FIPS mode.

Before restoring the configuration file for the next startup, make sure the following requirements are met:

·     The server is reachable.

·     The server is enabled with TFTP service.

·     You have read and write permissions to the server.

This command provides an easy method for configuration file restoration by automatically performing all operations required for restoring the main next-startup configuration file.

This command downloads the configuration file to the root directory of the default storage medium on each MPU and specifies the file as the main next-startup configuration file.

If the USB disk is used and partitioned, the configuration file is saved on the first partition.

This command assumes that all MPUs use the same type of default storage medium. If a standby MPU uses a different type of default storage medium than the active MPU, the command cannot propagate the configuration file to the standby MPU. For example, the standby MPU uses a USB disk, but the active MPU uses a flash memory. In this situation, you must manually restore the next-startup configuration file on the standby MPU.

Examples

# (In standalone mode.) Download the configuration file config.cfg from the TFTP server at 2.2.2.2, and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 config.cfg

Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.

Now restoring the next startup-configuration file from main board to backup board. Please wait...finished.

# (In IRF mode.) Download the configuration file config.cfg from the TFTP server at 2.2.2.2 and specify the file as the main next-startup configuration file.

<Sysname> restore startup-configuration from 2.2.2.2 config.cfg

Restoring the next startup-configuration file from 2.2.2.2. Please wait...finished.

Now restoring the next startup-configuration file from main board to backup board. Please wait...finished.

Related commands

backup startup-configuration

save

In standalone mode:

Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.

Use save [ safely ] [ backup | main ] [ force ] to save the running configuration to a file in the root directory of the default storage medium. This command applies to both the active and standby MPUs. It specifies the file as a next-startup configuration file at the same time.

In IRF mode:

Use save file-url [ all | chassis chassis-number slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.

Use save [ safely ] [ backup | main ] [ force ] to save the running configuration to a file in the root directory of the default storage medium. This command applies to each MPU in the IRF fabric. It specifies the file as a next-startup configuration file at the same time.

Syntax

In standalone mode:

save file-url [ all | slot slot-number ]

save [ safely ] [ backup | main ] [ force ]

In IRF mode:

save file-url [ all | chassis chassis-number slot slot-number ]

save [ safely ] [ backup | main ] [ force ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

file-url: Saves the running configuration to the specified file, without specifying the file as a next-startup configuration file. The file name must use the extension .cfg and can include path information. If the keyword all or an MPU is specified, the file path cannot include any chassis number or slot number. If the file path includes a folder name, the folder must already exist.

all: Saves the running configuration to both MPUs. If you do not specify this keyword or the slot slot-number option, the command saves the running configuration only to the active MPU. (In standalone mode.)

all: Saves the running configuration to all MPUs. If you do not specify this keyword or the chassis chassis-number slot slot-number option, the command saves the running configuration only to the global active MPU in the IRF fabric. (In IRF mode.)

slot slot-number: Saves the running configuration to the standby MPU. If you do not specify this option or the all keyword, the command saves the running configuration only to the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Saves the running configuration to an MPU. If you do not specify this option or the all keyword, the command saves the running configuration only to the global active MPU. (In IRF mode.)

safely: Saves the configuration file in safe mode. If this keyword is not specified, the device saves the configuration file in fast mode. Safe mode is slower than fast mode, but more secure. In safe mode, the system saves configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot, power failure, or out of memory event occurs during the save operation, the next-startup configuration file is retained. In fast mode, the device directly overwrites the target next-startup configuration file. If a reboot, power failure, or out of memory event occurs during this process, the next-startup configuration file is lost. As a best practice, specify the safely keyword for the command.

backup: Saves the running configuration to a configuration file, and specifies the file as the backup next-startup configuration file. If you do not specify this keyword or the main keyword, the command specifies the saved file as the main next-startup configuration file.

main: Saves the running configuration to a configuration file, and specifies the file as the main next-startup configuration file. If you do not specify this keyword or the backup keyword, the command specifies the saved file as the main next-startup configuration file.

force: Saves the running configuration without prompting for confirmation. Without this keyword, the system prompts you to confirm the operation. If you do not confirm the operation within 30 seconds, the system automatically aborts the operation. If you enter Y within the time limit, you can continue the save process and change the next-startup configuration file during this process.

Usage guidelines

If the file specified for the command does not exist, the system creates the file before saving the configuration. If the file already exists, the system prompts you to confirm whether to overwrite the file. If you choose to not overwrite the file, the system cancels the save operation.

If you do not specify the file-url option for the command, the command saves the running configuration to an .mdb binary file as well as a .cfg text file. The two files use the same file name. An .mdb file takes less time to load than a .cfg file.

If you specify the file-url option for the command, the command only saves the running configuration to the specified .cfg file.

Examples

# Save the running configuration to the configuration file backup.cfg, without specifying the file as the next-startup configuration file.

<Sysname> save backup.cfg

The current configuration will be saved to flash:/backup.cfg. Continue? [Y/N]:y

Now saving current configuration to the device.

Saving configuration

flash:/backup.cfg. Please wait...

Configuration is saved to flash successfully.

# Save the running configuration to the main next-startup configuration file without any confirmation required.

<Sysname> save force

Validating file. Please wait....

Configuration is saved to device successfully.

# (In standalone mode.) Save the running configuration to a file in the root directory of the default storage medium on each MPU, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Slot 16:

Save next configuration file successfully.

# (In IRF mode.) Save the running configuration to a file in the root directory of the default storage medium on each MPU, and specify the file as the main next-startup configuration file.

<Sysname> save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

Chassis 1 Slot 16:

Save next configuration file successfully.

Related commands

·     display current-configuration

·     display saved-configuration

startup saved-configuration

In standalone mode:

Use startup saved-configuration to specify a file as a next-startup configuration file for both active and standby MPUs.

Use undo startup saved-configuration to set the active and standby MPUs to start up with initial settings at the next startup.

In IRF mode:

Use startup saved-configuration to specify a file as a next-startup configuration file for all MPUs in the IRF fabric.

Use undo startup saved-configuration to set all MPUs to start up with initial settings at the next startup.

Syntax

startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration

Default

No configuration file is specified for the next startup.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

cfgfile: Specifies the name of a .cfg file. This .cfg file must already exist in the root directory of the default storage medium.

backup: Specifies the configuration file as the backup next-startup configuration file.

main: Specifies the configuration file as the main next-startup configuration file. This is the primary configuration file that the device attempts to load at startup. If the loading attempt fails, the device tries the backup next-startup configuration file.

Usage guidelines

CAUTION:

In an IRF fabric, use the undo startup saved-configuration command with caution. This command can cause an IRF split after the IRF fabric or an IRF member reboots.

 

The startup saved-configuration command applies to each MPU. To successfully configure the command, follow these guidelines:

·     Make sure the specified configuration file is valid and saved to the root directory of the default storage medium on each MPU.

·     Make sure all MPUs use the same type of storage medium as the default storage medium. You can access the BootWare menus to specify the built-in flash memory or the USB disk as the default storage medium.

If the USB disk is used to store the startup configuration files, make sure the specified file is saved to the root directory of the first partition on the USB disk. Do not remove the USB disk during the startup process. If you remove the USB disk on a device, one of the following consequences occurs:

·     In standalone mode, the device starts up with the initial settings.

·     In an IRF fabric, the device leaves the IRF fabric at startup and runs the initial settings.

If neither backup nor main is specified, the startup saved-configuration command specifies the main next-startup configuration file.

Even though the main and backup next-startup configuration files can be the same one, specify them as separate files for high availability.

The undo startup saved-configuration command changes the file attribute of the main and backup next-startup configuration files to NULL, but it does not delete the two configuration files.

You can also specify a configuration file as a next startup file when you use the save command to save the running configuration to it.

Examples

# Specify the main next-startup configuration file.

<Sysname> startup saved-configuration testcfg.cfg

Please wait ....

... Done!

Related commands

display startup


Software upgrade commands

boot-loader file

Use boot-loader file to specify startup software image files.

Syntax

In standalone mode:

boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | slot slot-number } { backup | main }

boot-loader file ipe-filename { all | slot slot-number } { backup | main }

In IRF mode:

boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | chassis chassis-number slot slot-number } { backup | main }

boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main }

Views

User view

Predefined user roles

network-admin

Parameters

boot boot-package: Specifies the file path of a .bin boot image file, a case-insensitive string. The file path specified for the boot-package argument uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

system system-package: Specifies the file path of a .bin system image file, a case-insensitive string. The file path specified for the system-package argument uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

feature feature-package: Specifies a space-separated list of up to 30 .bin feature image files. Each feature image file name must be a case-insensitive string. The file names must use the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

ipe-filename: Specifies an .ipe Comware image file name, a case-insensitive. The file path must use the flash:/base-filename.ipe format. The file path must not include the chassis ID or slot ID.

all: Specifies startup images for all cards. If you specify this keyword, the system copies the card-specific images automatically to the root directory of the storage medium on each card. For a successful upgrade, make sure the specified files include the upgrade images for all cards.

slot slot-number: Specifies the slot number of the MPU for which the startup images are specified. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies the MPU for which the startup images are specified in the IRF fabric. The chassis-number argument represents the IRF member ID of the device that holds the card, and the slot-number argument represents the slot number of the card. (In IRF mode.)

backup: Specifies the files as backup startup files. Backup startup images are used only when main images are not available.

main: Specifies the files as main startup files. The device always first attempts to start up with main startup files.

Usage guidelines

Use this command to upgrade startup software images for all MPUs. To upgrade only standby MPUs, you can also use the boot-loader update command.

Before specifying startup software images, you can save the upgrade file to the switch.

·     In standalone mode, save the file to the root directory of the flash memory on the active MPU.

·     In IRF mode, save the file to the root directory of the flash memory on the global active MPU.

Alternatively, you can save the upgrade file to a USB disk.

If the storage medium is partitioned, save the files to the root directory of the first partition. The flash memory allows file paths or names of up to 56 characters. A USB disk allows file paths or names of up to 57 characters.

If a standby MPU is specified, the system automatically copies the upgrade file to the flash memory on the specified MPU, and sets images in the file as startup images. If a file with the same name as the upgrade file already exists, you must choose whether to overwrite the existing file.

The boot-loader file command overwrites the entire startup software image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup software image list. The new startup software image list will contain only the feature image files that are specified in the command.

Examples

# In standalone mode, specify flash:/all.ipe as the backup startup image file for the MPU in slot 17.

<Sysname> boot-loader file flash:/all.ipe slot 17 backup

Verifying image file......Done.

Images in IPE:

  boot.bin

  system.bin

ssh.bin

This command will set the backup startup software images. Continue? [Y/N]:Y

Add images to target slot.

  flash:/boot.bin already exists on slot 17.

  flash:/system.bin already exists on slot 17.

  flash:/ssh.bin already exists on slot 17.

Overwrite it? [Y/N]:y

Decompressing file boot.bin to flash:/boot.bin....................................Done.

Decompressing file system.bin to flash:/system.bin................................Done.

The images that have passed all examinations will be used as the backup startup software images at the next reboot on slot 17.

# In IRF mode, specify flash:/all.ipe as the backup startup image file for the MPU in slot 17 on IRF member device 1.

<Sysname> boot-loader file flash:/all.ipe chassis 1 slot 17 backup

Verifying image file......Done.

Images in IPE:

  boot.bin

  system.bin

  ssh.bin

This command will set the backup startup software images. Continue? [Y/N]:Y

Add images to target slot.

  flash:/boot.bin already exists on chassis 1 slot 17.

  flash:/system.bin already exists on chassis 1 slot 17.

  flash:/ssh.bin already exists on chassis 1 slot 17.

Overwrite it? [Y/N]:y

Decompressing file boot.bin to flash:/boot.bin....................................Done.

Decompressing file system.bin to flash:/system.bin................................Done.

The images that have passed all examinations will be used as the backup startup software images at the next reboot on chassis 1 slot 17.

Related commands

display boot-loader

boot-loader update

In standalone mode:

Use boot-loader update to synchronize startup images from the active MPU to the standby MPU.

In IRF mode:

Use boot-loader update to synchronize startup images from the global active MPU to a standby MPU.

Syntax

In standalone mode:

boot-loader update { all | slot slot-number }

In IRF mode:

boot-loader update { all | chassis chassis-number slot slot-number }

Views

User view

Predefined user roles

network-admin

Parameters

all: Upgrades the standby MPU. (In standalone mode.)

all: Upgrades all standby MPUs in the IRF fabric. (In IRF mode.)

slot slot-number: Specifies the slot number of the standby MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a standby MPU. The chassis-number argument represents the IRF member ID of the device that holds the standby MPU. The slot-number argument represents the slot number of the standby MPU. (In IRF mode.)

Usage guidelines

You can use this command to synchronize startup images after adding new MPUs.

The images used for synchronization are in the main or backup startup software images list instead of the current software images list (see the display boot-loader command).

·     The main images list is used if the active MPU or global active MPU started up with the main startup images.

·     The backup image list is used if the active MPU or global active MPU started up with the main startup images.

The startup images synchronized to the standby MPU are set as main startup images, regardless of whether the source startup images are main or backup.

To avoid problems, make sure the image list used for synchronization is the same as the current software images list.

Startup image synchronization fails if any software image being synchronized is not available or is corrupted.

Examples

# In standalone mode, synchronize startup images from the active MPU to the standby MPU in slot 16.

<Sysname> boot-loader update slot 16

This command will update the specified standby MPU. Continue? [Y/N]:y

Updating. Please wait...

Copying main startup software images to slot 16. Please wait...

Done.

Setting copied images as main startup software images for slot 16...

Done.

Successfully updated the startup software images of slot 16.

# In IRF mode, synchronize startup images from the global active MPU to the MPU in slot 16 on IRF member device 1.

<Sysname> boot-loader update chassis 1 slot 16

This command will update the specified standby MPU. Continue? [Y/N]:y

Updating. Please wait...

Copying main startup software images to chassis 1 slot 16. Please wait...

Done.

Setting copied images as main startup software images for chassis 1 slot 16...

Done.

Successfully updated the startup software images of chassis 1 slot 16.

Related commands

display boot-loader

bootrom backup

Use bootrom backup to back up the BootWare image in the Normal area to the Backup area on a BootWare.

Syntax

In standalone mode:

bootrom backup slot slot-number-list

In IRF mode:

bootrom backup chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Usage guidelines

A BootWare is divided into a Normal area and a Backup area. The BootWare image is stored in the Normal area and backed up to the Backup area. At startup, the system reads the BootWare image automatically from the Normal area. If the image is inaccessible, the system reads the BootWare image from the Backup area.

If the BootWare image in the Normal area is corrupted or requires a version rollback, use the bootrom restore command to copy the BootWare image in the Backup area to the Normal area.

Examples

# Back up the entire BootWare image from the Normal area to the Backup area.

<Sysname> bootrom backup chassis 1 slot 16

  Now backuping the Boot ROM, please wait...

......Done.

Related commands

bootrom restore

bootrom restore

Use bootrom restore to replace the BootWare image in the Normal area with the BootWare image in the Backup area for image restoration or version rollback.

Syntax

In standalone mode:

bootrom restore slot slot-number-list

In IRF mode:

bootrom restore chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Examples

# In standalone mode, restore the entire BootWare image.

<Sysname> bootrom restore slot 17

  This command will restore the Boot ROM file, Continue? [Y/N]:y

  Now restoring the Boot ROM, please wait...

......Done.

# In IRF mode, restore the entire BootWare image.

<Sysname> bootrom restore chassis 1 slot 17

  This command will restore the Boot ROM file, Continue? [Y/N]:y

  Now restoring the Boot ROM, please wait...

......Done.

Related commands

bootrom backup

bootrom update

Use bootrom update to load the BootWare image in a storage medium to the Normal area of BootWare.

Syntax

In standalone mode:

bootrom update file file-url slot slot-number-list

In IRF mode:

bootrom update file file-url chassis chassis-number slot slot-number-list

Views

User view

Predefined user roles

network-admin

Parameters

file file-url: Specifies the file path of a .bin BootWare image file, a case-insensitive string of 1 to 256 characters. The file path uses the flash:/base-filename.bin format. The file path must not include the chassis ID or slot ID.

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. For example, slot 0 to 1 2. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number-list: Specifies a space-separated list of up to seven slot number items. Each item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. For example, slot 0 to 1 2. (In IRF mode.)

Usage guidelines

If a software upgrade requires upgrading the BootWare image, you can use this command to preload the new BootWare image to the BootWare before upgrading Comware images. This command helps shorten the subsequent upgrade time, reducing the risk of upgrade failure caused by unexpected electricity failure.

To complete the upgrade, reboot the device.

To save space, you can delete the BootWare image in the storage medium after completing the BootWare image upgrade.

Examples

# In standalone mode, use the file a.bin to upgrade the BootWare image.

<Sysname> bootrom update file flash:/a.bin slot 17

   This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

   Now updating the Boot ROM, please wait...

.............Done.

# In IRF mode, use the file a.bin to upgrade the BootWare image.

<Sysname> bootrom update file flash:/a.bin chassis 1 slot 17

   This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y

   Now updating the Boot ROM, please wait...

.............Done.

Related commands

boot-loader file

bootrom-update security-check enable

Use bootrom-update security-check enable to enable BootWare image validity check.

Use undo bootrom-update security-check enable to disable BootWare image validity check.

Syntax

bootrom-update security-check enable

undo bootrom-update security-check enable

Default

BootWare image validity check is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Before a BootWare image upgrade starts, this feature examines the upgrade BootWare image for file validity and incompatibility with hardware. If the BootWare image passes the check, the upgrade process starts. If the check fails, the system does not perform the upgrade.

Examples

# Enable BootWare image validity check.

<Sysname> system-view

[Sysname] bootrom-update security-check enable

display boot-loader

Use display boot-loader to display current software images and startup software images.

Syntax

In standalone mode:

display boot-loader [ slot slot-number ]

In IRF mode:

display boot-loader [ chassis chassis-number [ slot slot-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies the slot number of an MPU. If you do not specify an MPU, this command displays the software images on each MPU. (In standalone mode.)

chassis chassis-number [slot slot-number ]: Specifies an IRF member device or an MPU in an IRF member device. The chassis-number argument represents the IRF member ID of the device. The slot-number argument represents the slot number of the MPU on the device. If you do not specify an IRF member device, this command displays the software images on each MPU in the IRF fabric. If you specify an IRF member device without specifying an MPU, this command displays the software images on each MPU on the specified member device. (In IRF mode.)

Examples

# In standalone mode, display current software images and startup software images.

<Sysname> display boot-loader

Software images on slot 17:

Current software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Main startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

  flash:/S12500X-CMW710-SSH.bin

Backup startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

# In IRF mode, displays current software images and startup software images.

<Sysname> display boot-loader

Software images on chassis 0 slot 16:

Current software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Main startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

  flash:/S12500X-CMW710-SSH.bin

Backup startup software images:

  flash:/S12500X-CMW710-BOOT.bin

  flash:/S12500X-CMW710-SYSTEM.bin

Table 21 Command output

Field

Description

Software images on slot slot-number

In standalone mode, this field displays the Comware images on the MPU in a specific slot.

Software images on chassis chassis-id slot slot-number

In IRF mode, this field displays the Comware images on a specific MPU. The chassis ID represents the IRF member ID, and the slot number represents the MPU's slot number.

Current software images

Comware images that have been loaded.

Main startup software images

Main Comware images for the next startup.

Backup startup software images

Backup Comware images for the next startup.

 

Related commands

boot-loader file

version auto-update enable

Use version auto-update enable to enable software synchronization from the active MPU to the standby MPU at startup.

Use undo version auto-update enable to disable this feature.

Syntax

version auto-update enable

undo version auto-update enable

Default

If software inconsistency is detected at startup, the standby MPU loads the current software images of the active MPU.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in standalone mode.

To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.

The startup software version check function examines the standby MPU's startup software images for version inconsistency with the active MPU's current software images at startup. If their software versions are different, the standby MPU copies the current software images of the active MPU, specifies them as main startup software images, and reboots with these images.

To ensure a successful synchronization in a multi-user environment, make sure no one reboots or swaps MPUs during the software synchronization process. You can configure the information center to output the synchronization status to configuration terminals (see Network Management and Monitoring Configuration Guide).

Examples

# Enable software auto-update for the standby MPU.

<Sysname> system-view

[Sysname] version auto-update enable

Related commands

version check ignore

version check ignore

Use version check ignore to disable startup software version check for the standby MPU at startup.

Use undo version check ignore to enable this feature.

Syntax

version check ignore

undo version check ignore

Default

The startup software images on the standby MPU are checked for version inconsistency with the current software images on the active MPU.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is available in standalone mode.

When the standby MPU starts up, this command disables the system to examine the standby MPU's startup software images for version inconsistency with the active MPU's current software images. The standby MPU can start up with a different software version than the active MPU.

The startup software version check function might fail to work because the software versions of the MPUs are incompatible.

To avoid problems, do not disable startup software version check for the standby MPU unless for software upgrade.

To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.

Examples

# Enable startup software version check for the standby MPU.

<Sysname> system-view

[Sysname] undo version check ignore

Related commands

version auto-update enable


ISSU commands

display install active

Use display install active to display active software images.

Syntax

display install active [ chassis chassis-number slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number slot slot-number: Specifies a card on an IRF member. If you do not specify this option, the command is applied to all cards in the IRF fabric.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only the names of the active software images.

Examples

# Display active software images.

<Sysname> display install active

Active packages on chassis 1 slot 17:

  flash:/boot.bin

  flash:/system.bin

# Display detailed information about active software images.

<Sysname> display install active verbose

Active packages on chassis 1 slot 17:   

  flash:/BOOT-E1133.bin

  [Package]                                                                     

  Vendor: H3C

  Product: S12500

  Service name: boot                                                           

  Platform version: 7.1.045                                                 

  Product version: ESS 1133

  Supported board: mpu lpu                                                     

  [Component]                                                                  

  Component: boot                                                               

  Description: boot package                                                    

                                                                               

  flash:/SYSTEM-E1133.bin

  [Package]                                                                     

  Vendor: H3C

  Product: S12500

  Service name: system                                                         

  Platform version: 7.1.045                                                    

  Product version: ESS 1133

  Supported board: mpu lpu                                                     

  [Component]                                                                  

  Component: system                                                            

  Description: system package

 

flash:/SYSTEM-Feature-E1133.bin.bin

[Package]

Vendor: H3C

Product: S12500

Service name: system-patch

Platform version: 7.1.045

Product version: ESS 1133

Supported board: mpu lpu

[Component]

Component: system-patch

Description: system-patch package

Table 22 Command output

Field

Description

Active packages on chassis m slot n

Active software images on the card in the specified slot of the specified member.

[Package]

Detailed information about the software image.

Service name

Image type:

·     boot—Boot image.

·     system—System image.

·     boot-patch—Patch image for the boot image.

·     system-patch—Patch image for the system image.

Supported board

Cards supported by the software image (the values vary with device models):

·     mpu—MPU.

·     lpuService card.

[Component]

Information about components included in the image file.

 

Related commands

install active

display install committed

Use display install committed to display main startup software images.

Syntax

display install committed [ chassis chassis-number slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number slot slot-number: Specifies a card on an IRF member. If you do not specify this option, the command is applied to all cards in the IRF fabric.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only the names of the software images.

Usage guidelines

The boot-loader file command can also change the main startup software image set.

For more information about main and backup startup software images and image sets, see Fundamental Configuration Guide.

Examples

# Display the main startup software images.

<Sysname> display install committed

Committed packages on chassis 1 slot 17:

 flash:/boot-E1133.bin

 flash:/system-E1133.bin

# Display detailed information about main startup software images.

<Sysname> display install committed verbose

Committed packages on chassis 1 slot 17:

 flash:/boot-E1133.bin

 [Package]

 Vendor: H3C

 Product: S12500

 Service name: boot

 Platform version: 7.1.045

 Product version: ESS 1133

 Supported board: mr, lc, sfc

 Version type: debug

 [Component]

 Component: boot

 Description: boot package

 

 flash:/system-E1133.bin

 [Package]

 Vendor: H3C

 Product: S12500

 Service name: system

 Platform version: 7.1.045

 Product version: ESS 1133

 Supported board: mr, lc, sfc

 Version type: debug

 [Component]

 Component: system

 Description: system package

 

flash:/SYSTEM-Feature-E1133.bin.bin

[Package]

Vendor: H3C

Product: S12500

Service name: system-patch

Platform version: 7.1.045

Product version: ESS 1133

Supported board: mpu lpu

[Component]

Component: system-patch

Description: system-patch package

For more information about the command output, see Table 22.

Related commands

boot-loader file

display install ipe-info

Use display install ipe-info to display the software images included in an .ipe file.

Syntax

display install ipe-info ipe-filename

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipe-filename: Specifies the name of an .ipe file in the global active MPU's Flash root directory in the format flash:/xxx.ipe or the name of an .ipe file in a global standby MPU's Flash root directory in the format chassismslotn#flash:/xxx.ipe, for example, chassis1slot17#flash:/a.ipe. It can be a case-insensitive string of 1 to 63 characters.

Usage guidelines

An .ipe file contains one or more software images. You can use the software images for a software upgrade.

Examples

# Display information about the .ipe file flash:/test.ipe.

<Sysname> display install ipe-info flash:/test.ipe

Verifying image file...Done.

Images in IPE:

  boot.bin

  system.bin

Related commands

display install package

display install package

Use display install package to display software image file information.

Syntax

display install package { filename | all } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

filename: Specifies the name of a software image file in the global MPU's Flash root directory in the format flash:/xxx.bin or the name of a software image file in a global standby MPU's Flash root directory in the format chassismslotn#flash:/xxx.bin, for example, chassis1slot17#flash:/a.bin. It can be a case-insensitive string of 1 to 63 characters.

all: Specifies all software image files in the root directories of the storage media on the master's active MPU.

verbose: Displays detailed information. If you do not specify this keyword, the command displays only basic software image information.

Examples

# Display information about software image file system.bin.

<Sysname> display install package flash:/system.bin

  flash:/system.bin

  [Package]

  Vendor: H3C

  Product: S12500

  Service name: system

  Platform version: 7.1.045

  Product version: ESS 1133

  Supported board: mpu

  Version type: debug

# Display detailed information about software image file system.bin.

<Sysname> display install package flash:/system.bin verbose

  flash:/system.bin

  [Package]

  Vendor: H3C

  Product: S12500

  Service name: system

  Platform version: 7.1.045

  Product version: ESS 1133

  Supported board: mpu

  Version type: debug

  [Component]

  Component: system

  Description: system package

For more information about the command output, see Table 22.

display issu rollback-timer

Use display issu rollback-timer to display automatic rollback timer information.

Syntax

display issu rollback-timer

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Change to the automatic rollback interval does not take effect on the ongoing ISSU process. The current remaining rollback time might be greater than the configured automatic rollback interval.

Examples

# Display automatic rollback timer information after the issu run switchover command is executed.

<Sysname> display issu rollback-timer

Rollback timer: Working

Rollback interval: 45 minutes

Rollback time remaining : 40 minutes

# Display automatic rollback timer information after the issu accept command is executed.

<Sysname> display issu rollback-timer

Rollback timer: Not working

Rollback interval: 30 minutes

# Display automatic rollback timer information when no ISSU process is taking place.

<Sysname> display issu rollback-timer

Rollback timer: Not working

Rollback interval: 45 minutes

Related commands

issu rollback-timer

display issu state

Use display issu state to display ISSU status information.

Syntax

display issu state

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

The key to an ISSU is to follow the correct upgrade procedure. By using this command to view the ISSU status, you can determine what to do next.

Examples

# Display ISSU status information when no upgrade is going on.

<Sysname> display issu state

ISSU state: Init

Compatibility: Unknown

Work state: Normal

Upgrade method: Card by card

Upgraded slot: None

Current upgrading slot: None

Current version list:

  boot: 7.1.045, E1133

  system: 7.1.045, E1133

Current software images:

  flash:/boot.bin

  flash:/system.bin

Table 23 Command output

Field

Description

ISSU state

ISSU status:

·     Init—The ISSU process has not started or has finished.

·     Loading—The system is executing the issu load command.

·     Loaded—The issu load command is completed.

·     Switching—The system is executing the issu run switchover command.

·     Switchover—The issu run switchover command is completed.

·     Accepted—The issu accept command is completed.

·     Committing—The system is executing the issu commit command.

·     Rollbacking—A rollback is going on.

·     Unknown—An upgrade is going on. This field might appear when you execute the command on an original standby MPU.

Compatibility

Version compatibility:

·     Incompatible.

·     compatible.

·     Unknown—No upgrade is going on.

Work state

Operating state of the device:

·     Normal—The device is operating correctly.

·     Independent active—When you perform an ISSU, the standby MPU that is upgraded first enters this mode.

Upgrade method

Upgrade mode:

·     Chassis by chassis—One subordinate member is upgraded first, and then the original master is upgraded. This mode is available only for a multichassis IRF fabric.

Upgraded slot

Upgraded cards.

Upgraded chassis

Upgraded members.

Current upgrading chassis

Members that are being upgraded.

Previous version list

Software versions running on the device before the ISSU.

If you execute this command on an original standby MPU during an ISSU for an incompatible version, the value of this field is Unknown.

Previous software images

Software images running on the device before the ISSU.

If you execute this command on an original standby MPU during an ISSU for an incompatible version, the value of this field is Unknown.

Upgrade version list

Software versions to upgrade to.

If you execute this command on an original standby MPU during an ISSU for an incompatible version, the value of this field is Unknown.

Upgrade software images

Software images used for the upgrade.

If you execute this command on an original standby MPU during an ISSU for an incompatible version, the value of this field is Unknown.

 

Related commands

·     issu load

·     issu run switchover

display version comp-matrix

Use display version comp-matrix to display version compatibility information.

Syntax

display version comp-matrix

display version comp-matrix file { boot filename | system filename } *

display version comp-matrix file ipe ipe-filename

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

boot: Specifies a boot image file.

system: Specifies a system image file.

filename: Specifies the name of a software image file in the root directory of the global active MPU's Flash, in the format flash:/xxx.bin. It can be a case-insensitive string of 1 to 63 characters and cannot contain slot or chassis information.

ipe-filename: Specifies the name of an .ipe file in the root directory of the global active MPU's Flash, in the format flash:/xxx.ipe. It can be a case-insensitive string of 1 to 63 characters and cannot contain slot or chassis information.

Usage guidelines

If you do not specify any file, the command displays the compatibility information of the running software versions.

If you specify one or more file names, the command displays the compatibility information of the specified software images.

Examples

# Display the compatibility information of flash:/boot-e1133.bin, flash:/system-e1133.bin.

<Sysname> display version comp-matrix file boot flash:/boot-e1133.bin system flash:/system-e1133.bin feature flash:/feature-e1133.bin

Verifying the file flash:/boot-e1133.bin on chassis 1 slot 16.....Done.

Verifying the file flash:/system-e1133.bin on chassis 1 slot 16.............Done.

Boot image: flash:/boot-e1133.bin

  Version:

  7.1.045

 

System image: flash:/system-e1133.bin

  Version:

  7.1.045-ESS 1133

  Version compatibility list:

  7.1.045-1132

  Version dependency boot list:

  7.1.045

 

  Chassis   Slot              Upgrade Way

  1         16                Reboot

  1         17                Reboot

 

Feature image: flash:/feature-e1133.bin

  Version:

  7.1.045-ESS 1133

  Version compatibility list:

  7.1.045-1132

  Version dependency system list:

  7.1.045

 

  Chassis   Slot              Upgrade Way

  1         16                Reboot

  1         17                Reboot

Table 24 Command output

Field

Description

Verifying the file

The system was verifying the validity of the file.

Version compatibility list

·     Under a system image, this field shows all system image versions that are compatible with the system image.

·     Under a feature image, this field shows all feature image versions that are compatible with the feature image.

Version dependency boot list

Boot image versions that support the system image. To install the system image, you must install one of the boot image versions that are in the list.

Version dependency system list

System image versions that support the feature image. To install the feature image, you must install one of the system image versions that is in the list.

Chassis

Member ID of the device in the IRF fabric. This field is displayed only for compatible versions in IRF mode.

Slot

Slot number of the card. This field is displayed only for compatible versions.

Upgrade Way

ISSU method to be used for a compatible version:

·     Service Upgrade—Service-level incremental upgrade.

·     File Upgrade—File-level incremental upgrade.

·     ISSU RebootReboots CPUs to complete the upgrade.

·     Reboot—Reboots the entire device to complete the upgrade.

·     Sequence Reboot—Upgrades the switching fabric modules one by one. This method is available only for switching fabric modules. Support for this value depends on the switching fabric module model.

This field is displayed only for compatible versions.

For more information about ISSU methods, see Fundamentals Configuration Guide.

 

Related commands

issu load

install activate

Use install activate to activate patch images.

Syntax

In standalone mode:

install activate patch filename { all | slot slot-number }

In IRF mode:

install activate patch filename { all | chassis chassis-number slot slot-number }

Views

User view

Predefined user roles

network-admin

Parameters

patch: Specifies a patch image file.

filename: Specifies the file path of a .bin patch image file, a case-insensitive string. The file must be stored in the root directory of a storage medium on an MPU. The maximum length is 63 characters for the storage-medium:/base-filename.bin segments of the file path. For more information about specifying a file path, see "Managing the file system."

all: Specifies all MPUs.

slot slot-number: Specifies an MPU by its slot number. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the MPU. (In IRF mode.)

Usage guidelines

An image runs in memory immediately after it is activated. For an activated image to run after a reboot, you must commit the software change by using the install commit command.

After activating patch images, you must terminate your connection to the device and log in again.

If the specified files are not saved on the MPU to be upgraded, the command copies the images to the MPU automatically. If the specified files are not saved on the security engine to be upgraded, the command copies the images to the security engine automatically.

In standalone mode, follow these guidelines:

·     If you specify the active MPU, the command takes effect on the active MPU and all LPUs.

·     If you specify the standby MPU, the command takes effect only on the standby MPU.

In IRF mode, follow these guidelines:

·     If you specify the global active MPU, the command takes effect on the global active MPU and all LPUs.

·     If you specify a standby MPU, the command takes effect on the standby MPU.

Examples

# (In standalone mode.) Activate the boot image boot-patch.bin and system patch image system-patch.bin on the active MPU (in slot 17).

<Sysname> install activate boot-patch.bin slot 17

This operation maybe take several minutes, please wait..........................Done.

<Sysname> install activate system-patch.bin slot 17

This operation maybe take several minutes, please wait..........................Done.

# (In IRF mode.) Activate the boot image boot-patch.bin and system patch image system-patch.bin on the global active MPU (in slot 17 of member device 1).

<Sysname> install activate boot-patch.bin chassis 1 slot 17

This operation maybe take several minutes, please wait..........................Done.

<Sysname> install activate system-patch.bin chassis 1 slot 17

This operation maybe take several minutes, please wait..........................Done.

Related commands

·     install commit

·     install deactivate

install add

Use install add to decompress an .ipe file.

Syntax

install add ipe-filename medium-name:

Views

User view

Predefined user roles

network-admin

Parameters

ipe-filename: Specifies the name of an .ipe file in the root directory of the global active MPU's Flash, in the format flash:/xxx.ipe. It can be a case-insensitive string of 1 to 63 characters and cannot contain slot or chassis information.

medium-name: Specifies the name of a storage medium on the master's active MPU in the format storage medium name: (for example, flash:), or the name of a storage medium on any other MPU in the format chassism#slotn#storage medium name:, (for example, chassis1#slot1#flash:).

Usage guidelines

The software images decompressed from the .ipe file will be saved to the root directory of the specified medium.

To view which software images are included in an .ipe file, use the display install ipe-info command.

Examples

# Decompress the .ipe file version.ipe to the Flash.

<Sysname> install add flash:/version.ipe flash:

install commit

Use install commit to commit software changes.

Syntax

install commit

Views

User view

Predefined user roles

network-admin

Usage guidelines

The install activate or install deactivate command runs patch images or stops patch images from running in memory. For the software change to take effect at the next startup, you must execute the install commit command to change the startup software image list.

For more information about the startup software image list, see Fundamental Configuration Guide.

Examples

# Commit software changes.

<Sysname> install commit

Related commands

·     install activate

·     install deactivate

install deactivate

Use install deactivate to deactivate patch images.

Syntax

In standalone mode:

install deactivate patch filename { all | slot slot-number }

In IRF mode:

install deactivate patch filename { all | chassis chassis-number slot slot-number }

Views

User view

Predefined user roles

network-admin

Parameters

patch: Specifies a patch image file.

filename: Specifies the file path of a .bin patch image file, a case-insensitive string. The file must be stored in the root directory of a storage medium on an MPU. The maximum length is 63 characters for the storage-medium:/base-filename.bin segments of the file path. For more information about specifying a file path, see "Managing the file system."

all: Specifies all MPUs.

slot slot-number: Specifies an MPU by its slot number. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the MPU. (In IRF mode.)

Usage guidelines

You can deactivate only an active patch image.

Patch images stop running in memory after being deactivated. To prevent a deactivated image from running after a reboot, you must commit the software change by using the install commit command.

Examples

# Deactivate the patch images in route-patch.bin on slot 17.

<Sysname> install deactivate patch flash:/route-patch.bin slot 17

issu accept

Use issu accept to accept the upgrade and delete the automatic rollback timer.

Syntax

issu accept

Views

User view

Predefined user roles

network-admin

Usage guidelines

You can execute the issu commit command to finish the ISSU process without executing this command.

Examples

# Accept the upgrade.

<Sysname> issu accept

Related commands

·     issu load

·     issu run switchover

issu commit

Use issu commit to complete an ISSU upgrade.

Syntax

issu commit chassis chassis-number

Views

User view

Predefined user roles

network-admin

Parameters

chassis chassis-number: Specifies the member ID of the original master.

Usage guidelines

This command ends the ISSU process. After this command is completed, the ISSU status changes to Init and the ISSU process cannot be rolled back.

Examples

# Upgrade the original active MPU.

<Sysname> issu commit chassis 1

flash:/BOOT-E1133.bin

  Running Version             New Version

  Release 1132                E1133

 

flash:/SYSTEM-e1133.bin

  Running Version             New Version

Release 1132                  E1133

 

  Chassis   Slot              Upgrade Way

  1         16                Reboot

  1         17                Reboot

Upgrading software images to compatible versions. Continue? [Y/N]:y

For information about the command output, see Table 24.

Related commands

·     issu accept

·     issu load

·     issu run switchover

issu load

Use issu load to upgrade the boot and system images of the subordinate member and configure the upgrade images as the main startup software images for the subordinate member.

Syntax

issu load file { boot filename | system filename } * chassis chassis-number

issu load file ipe ipe-filename chassis chassis-number

Views

User view

Predefined user roles

network-admin

Parameters

boot: Specifies a boot image file.

system: Specifies a system image file.

filename: Specifies the name of a software image file in the root directory of the global active MPU's Flash, in the format flash:/xxx.bin. It can be a case-insensitive string of 1 to 63 characters and cannot contain slot or chassis information.

ipe-filename: Specifies the name of an .ipe file in the root directory of the global active MPU's Flash, in the format flash:/xxx.ipe. It can be a case-insensitive string of 1 to 63 characters and cannot contain slot or chassis information.

chassis chassis-number: Specifies the member ID of a subordinate member.

Usage guidelines

To check the synchronization progress, use the display device and display system internal ha service-group commands. The synchronization is completed if the following conditions are met:

·     All cards of the subordinate device are in normal state.

·     The Action field of the display system internal ha service-group command is 0 for each service.

For more information about ISSU methods, see Fundamentals Configuration Guide.

Examples

# Upgrade member device 2 (a subordinate member) with the .ipe file flash:/version-e1133.ipe.

<Sysname> issu load file ipe flash:/version-e1133.ipe chassis 2

This operation will delete the rollback point information for the previous upgrade and maybe get unsaved configuration lost. Continue? [Y/N]:y

Verifying image file flash:/version-e1133.ipe on slot 16.................Done.

Decompressing file BOOT-E1133.bin to flash:/BOOT-E1133.bin.............Done.

Decompressing file SYSTEM-E1133.bin to flash:/SYSTEM-E1133.bin...........Done.

Decompression completed.

Do you want to delete flash:/version-e1133.ipe now? [Y/N]:n

Upgrade summary according to following table:

 

flash:/BOOT-E1133.bin

  Running Version                        New Version

Release 1132                           E1133

 

flash:/SYSTEM-e1133.bin

  Running Version                        New Version

Release 1132                           E1133

 

  Chassis    Slot                        Upgrade Way

  2          16                          Reboot

  2          17                          Reboot

Upgrading software images to compatible versions. Continue? [Y/N]:y

Table 25 Command output

Field

Description

Verifying the file

The system was verifying the validity of the file.

Chassis

Member ID of the device in the IRF fabric.

Slot

Slot number of the card.

 

issu rollback

Use issu rollback to cancel the ISSU and roll back to the original software versions.

Syntax

issu rollback

Views

User view

Predefined user roles

network-admin

Usage guidelines

The device supports automatic rollback and manual rollback. This command performs a manual rollback.

You can perform a manual rollback while an ISSU is in one of the following states:

·     Loaded.

·     Switching.

·     Switchover.

·     Accepted.

If you perform a manual rollback while an ISSU is in Loading state, the rollback might fail. After the rollback is completed, use the display version command to examine the rollback result.

If a rollback occurs while an ISSU is in Switching state, the entire system reboots automatically.

When an ISSU is in Committing state, rollback is not supported.

A rollback performed for a multichassis IRF fabric after you execute the issu run switchover command cancels only the upgrades. The master/subordinate switchover operation is not canceled.

Examples

# Roll back to the original software versions.

<Sysname> issu rollback

This command will quit the ISSU process and roll back to the previous version. Continue? [Y/N]:y

Related commands

·     issu accept

·     issu commit

·     issu load

·     issu run switchover

issu rollback-timer

Use issu rollback-timer to set the automatic rollback timer.

Use undo issu rollback-timer to restore the default.

Syntax

issu rollback-timer minutes

undo issu rollback-timer

Default

The automatic rollback interval is 45 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the automatic rollback interval in minutes, in the range of 0 to 120. Setting it to 0 disables automatic rollback.

Usage guidelines

The system starts the automatic rollback timer when it executes the issu run switchover command. If you do not execute the issu accept or issu commit command before the timer expires, the system automatically rolls back to the software versions before the ISSU.

Change to the automatic rollback interval does not take effect on the ongoing ISSU process. The current remaining rollback time might be greater than the configured automatic rollback interval.

Examples

# Set the automatic rollback timer to 50 minutes.

<Sysname> system-view

[Sysname] issu rollback-timer 50

Related commands

issu rollback

issu run switchover

Use issu run switchover to perform a master/subordinate switchover.

Syntax

issu run switchover

Views

User view

Predefined user roles

network-admin

Usage guidelines

The issu load command splits the IRF fabric into two fabrics, with the upgraded member forming a new fabric. The issu run switchover command reboots and upgrades the old IRF fabric. After startup, the old fabric's member join the new IRF fabric as the subordinate member and the ISSU process ends.

To check the synchronization progress, use the display device and display system internal ha service-group commands. The synchronization is completed if the following conditions are met:

·     All cards of the subordinate device are in normal state.

·     The Action field of the display system internal ha service-group command is 0 for each service.

Examples

# Perform a master/subordinate switchover during an ISSU.

<Sysname> issu run switchover

Upgrade summary according to following table:

 

flash:/BOOT-E1133.bin

  Running Version             New Version

Release 1132                E1133

 

flash:/SYSTEM-e1133.bin

  Running Version             New Version

Release 1132                E1133

 

  Chassis   Slot              Switchover Way

  2         16                Global active standby MPU switchover

Upgrading software images to compatible versions. Continue? [Y/N]:y

Table 26 Command output

Field

Description

Switchover Way

Switchover method:

·     Active standby process switchover—Switch from the active process to the standby process.

·     Global active standby MPU switchover—Switch from the global active MPU to a global standby MPU.

 

For more information about the command output, see Table 24.

Related commands

issu load


Device management commands

clock datetime

Use clock datetime to set the UTC time.

Syntax

clock datetime time date

Default

The factory default UTC time is used.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies a time in the hh:mm:ss format. The hh value is in the range of 0 to 23, the mm value is in the range of 0 to 59, and the ss value is in the range of 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

date: Specifies a date in the MM/DD/YYYY or YYYY/MM/DD format. The YYYY value is in the range of 2000 to 2035, the MM value is in the range of 1 to 12, and the value range for DD depends on the month value.

Usage guidelines

The UTC time, together with the local time zone and daylight saving time, determines the system time. You can use the display clock command to view the system time.

A correct system time setting is essential to network management and communication. Set the system time correctly or use NTP to synchronize your device with a trusted time source before you run it on the network.

Examples

# Set the UTC time to 08:08:08 01/01/2012.

<Sysname> clock datetime 8:8:8 1/1/2012

# Set the UTC time to 08:10:00 01/01/2012.

<Sysname> clock datetime 8:10 2012/1/1

Related commands

·     clock protocol

·     clock summer-time

·     clock timezone

·     display clock

clock protocol

Use clock protocol to specify the system time source.

Use undo clock protocol to restore the default.

Syntax

clock protocol { none | ntp mdc mdc-id }

undo clock protocol

Default

The device uses NTP to get the system time.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

none: Uses the local clock. After you specify this keyword, you can use the clock datetime, clock timezone, or clock summer-time command to change the system time.

ntp: Uses the time protocol NTP. If you specify this keyword, you cannot change the system time at the CLI. You must configure NTP to get the system time. For more information about NTP, see Network Management and Monitoring Configuration Guide.

mdc mdc-id: Specifies the MDC to be used for time synchronization.

Usage guidelines

All MDCs on the device share the same time source and use the same system time. The shared time source can be one of the following items:

·     Local system time—The time signal is generated by the local crystal oscillator.

·     Remote time source—The time signal is obtained by the specified MDC from another device on the network.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to use the NTP time source.

<Sysname> system-view

[Sysname] clock protocol ntp

clock summer-time

Use clock summer-time to configure the device to use daylight saving time during a specific period of time.

Use undo clock summer-time to cancel the configuration.

Syntax

clock summer-time name start-time start-date end-time end-date add-time

undo clock summer-time

Default

Daylight saving time is disabled.

Views

System view

Pre-defined user roles

network-admin

mdc-admin

Parameters

name: Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32 characters.

start-time: Specifies the start time in the hh:mm:ss format. The hh value is in the range of 0 to 23, the mm value is in the range of 0 to 59, and the ss value is in the range of 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

start-date: Specifies the start date in one of the following formats:

·     MM/DD. The MM value is in the range of 1 to 12, and the value range for DD depends on the month value.

·     month week date, where:

¡     month—Takes January, February, March, April, May, June, July, August, September, October, November or December.

¡     week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.

¡     day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.

end-time: Specifies the end time in the hh:mm:ss format. The hh value is in the range of 0 to 23, the mm value is in the range of 0 to 59, and the ss value is in the range of 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

end-date: Specifies the end date in one of the following formats:

·     MM/DD. The MM value is in the range of 1 to 12, and the value range for DD depends on the month value.

·     month week date, where:

¡     month—Takes January, February, March, April, May, June, July, August, September, October, November or December.

¡     week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.

¡     day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.

add-time: Specifies the time to be added to the standard time, in the hh:mm:ss format. The hh value is in the range of 0 to 23, the mm value is in the range of 0 to 59, and the ss value is in the range of 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

Usage guidelines

The daylight saving time, together with the UTC time and local time zone, determines the system time. You can use the display clock command to view the system time.

A correct system time setting is essential to network management and communication. Set the system time correctly or use NTP to synchronize your device with a trusted time source before you run it on the network.

Examples

# Set the system time ahead 1 hour for the period between 06:00:00 on 08/01 and 06:00:00 on 09/01.

<Sysname> system-view

[Sysname] clock summer-time PDT 6 08/01 6 09/01 1

Related commands

·     clock protocol

·     clock timezone

·     display clock

clock timezone

Use clock timezone to set the local time zone.

Use undo clock timezone to restore the default.

Syntax

clock timezone zone-name { add | minus } zone-offset

undo clock timezone

Default

The local time zone is the UTC time zone.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

zone-name: Specifies a time zone by its name, a case-sensitive string of 1 to 32 characters.

add: Adds an offset to the UTC time.

minus: Decreases the UTC time by an offset.

zone-offset: Specifies an offset to the UTC time, in the hh:mm:ss format. The hh value is in the range of 0 to 23, the mm value is in the range of 0 to 59, and the ss value is in the range of 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.

Usage guidelines

The local time zone, together with the UTC time and daylight saving time, determines the system time. You can use the display clock command to view the system time.

A correct system time setting is essential to network management and communication. Set the system time correctly or use NTP to synchronize your device with a trusted time source before you run it on the network.

Examples

# Set the name of the local time zone to Z5, and add 5 hours to the UTC time.

<Sysname> system-view

[Sysname] clock timezone Z5 add 5

Related commands

·     clock datetime

·     clock protocol

·     clock summer-time

·     display clock

command

Use command to assign a command to a job.

Use undo command to revoke a command.

Syntax

command id command

undo command id

Default

No command is assigned to a job.

Views

Job view

Predefined user roles

network-admin

mdc-admin

Parameters

id: Specifies a command ID in the range of 0 to 4294967295.

command: Specifies the command to be assigned to the job.

Usage guidelines

A job can have multiple commands. Commands in a job are uniquely identified by their IDs. A command with a smaller ID is executed earlier.

If a command uses the ID of an existing command, the existing command is replaced.

A job cannot contain any of these commands: telnet, ftp, ssh2, or monitor process.

The system does not check the validity of the command argument. You must make sure the command is supported by the device, is input in the correct format, and uses valid values. Otherwise, the command cannot be executed automatically.

Examples

# Assign commands to job backupconfig to back up configuration file startup.cfg to the TFTP server at 192.168.100.11.

<Sysname> system-view

[Sysname] scheduler job backupconfig

[Sysname-job-backupconfig] command 2 tftp 192.168.100.11 put flash:/startup.cfg backup.cfg

Related commands

scheduler job

copyright-info enable

Use copyright-info enable to enable displaying the copyright statement.

Use undo copyright-info enable to disable displaying the copyright statement.

Syntax

copyright-info enable

undo copyright-info enable

Default

The copyright statement is displayed.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable displaying the copyright statement.

<Sysname> system-view

[Sysname] copyright-info enable

·     When a Telnet user logs in, the following statement appears:

**************************************************************************

* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                               *

* no decompiling or reverse-engineering shall be allowed.                  *

****************************************************************************

 

<Sysname>

·     When a console user quits user view, the following message appears (the device automatically tries to restart the console session):

**************************************************************************

* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                               *

* no decompiling or reverse-engineering shall be allowed.                  *

****************************************************************************

 

User interface aux0 is available.

 

 

 

Press ENTER to get started.

# Disable displaying the copyright statement.

<Sysname> system-view

[Sysname] undo copyright-info enable

·     When a Telnet user logs in, the user view prompt appears:

<Sysname>

·     When a console user quits user view, the following message appears (the device automatically tries to restart the console session):

User interface aux0 is available.

 

 

 

Press ENTER to get started.

diagnostic start test

Use diagnostic start test to run a global on-demand diagnostic test.

Syntax

diagnostic start test test-name

Views

User view

Predefined user roles

network-admin

Parameters

test test-name: Specifies a test by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

This command is available only when the device operates in standalone mode.

Before you execute this command, start the device with factory defaults and verify that no service ports are connected to any cables and transceiver modules.

After you execute this command, you must reboot the device.

Examples

# Run a global on-demand diagnostic test.

<Sysname>diagnostic start test EquipSelfCheck                                      

This command requires null configuration and reboot device aferwards. Continue?

[Y/N]:y                                                                         

=================================================                              

  ===============display clock===================                              

10:55:19 UTC Fri 06/27/2014                                                     

  ===============system-view=====================                              

System View: return to User View with Ctrl+Z.                                  

  ===============undo stp enable=====================                          

  ===============probe-view=====================                               

  ===========undo monitor inner-channel=================                       

display alarm

Use display alarm to display alarm information.

Syntax

In standalone mode:

display alarm [ slot slot-number ]

In IRF mode:

display alarm [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays the alarm information of all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command displays the alarm information for all cards in the IRF fabric. (In IRF mode.)

Examples

# (In standalone mode.) Display alarm information.

<Sysname> display alarm

Slot Level   Info                                                               

-    ERROR   Fan 1 is absent.                                                  

-    INFO    Power 1 is absent.                                                

Table 27 Command output

Field

Description

Slot

Slot number of the card with an alarm. If the value is a hyphen (-), the alarm was generated by the chassis. (In standalone mode.)

Level

Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in descending order.

Info

Detailed alarm information.

faulty

The card is starting up or is faulty.

 

# In IRF mode, display alarm information.

<Sysname> display alarm

Chassis Slot Level   Info                                                      

1       -    ERROR   Chassis 1 fan 1 is faulty                                  

1       -    INFO    Chassis 1 power 6 is absent.

1       1    ERROR   Chassis 1 slot 11 temperature is too high, above the warning limit.

2       -    ERROR   Chassis 2 fan 1 is faulty                                 

2       -    INFO    Chassis 2 power 6 is absent.

2       1    ERROR   Chassis 2 slot 11 temperature is too high, above the warning limit.

Table 28 Command output

Field

Description

Chassis

ID of the IRF member device with an alarm.

Slot

Slot number of the card.

Level

Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in descending order.

Info

Detailed alarm information.

 

display clock

Use display clock to display the system time, date, local time zone, and daylight saving time.

Syntax

display clock

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the system time and date when the local time zone is not specified.

<Sysname> display clock

10:09:00 UTC Fri 03/16/2012

# Display the system time and date when the local time zone Z5 is specified.

<Sysname> display clock

15:10:00 Z5 Fri 03/16/2012

Time Zone : Z5 add 05:00:00

# Display the system time and date when the local time zone Z5 and daylight saving time PDT are specified.

<Sysname> display clock

15:11:00 Z5 Fri 03/16/2012

Time Zone : Z5 add 05:00:00

Summer Time : PDT 06:00:00 08/01 06:00:00 09/01 01:00:00

Related commands

·     clock datetime

·     clock summer-time

·     clock timezone

display copyright

Use display copyright to display the copyright statement, including software and hardware copyright statements.

Syntax

display copyright

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the copyright statement.

<Sysname> display copyright

display cpu-usage

Use display cpu-usage to display CPU usage statistics.

Syntax

In standalone mode:

display cpu-usage [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display cpu-usage [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays the CPU usage statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command displays the CPU usage statistics for all cards in the IRF fabric. (In IRF mode.)

cpu cpu-number: Displays the CPU usage statistics. The cpu-number argument can only be 0.

Usage guidelines

The system regularly (typically at 60-second intervals) collects CPU usage statistics and saves the statistical results in the history record area.

Examples

# In standalone mode, display the current CPU usage.

<Sysname> display cpu-usage

Slot 4 CPU 0 CPU usage:                                              

      10% in last 5 seconds                                                    

      10% in last 1 minute                                                     

      10% in last 5 minutes                                                     

                                                                               

Slot 10 CPU 0 CPU usage:                                             

       9% in last 5 seconds                                                     

       9% in last 1 minute                                                     

       9% in last 5 minutes                                                    

                                                                                

Slot 11 CPU 0 CPU usage:                                             

       9% in last 5 seconds                                                    

       9% in last 1 minute                                                     

       9% in last 5 minutes                                                    

                                                                               

Slot 17 CPU 0 CPU usage:                                             

       0% in last 5 seconds                                                     

       0% in last 1 minute                                                     

       0% in last 5 minutes

# In IRF mode, display the current CPU usage statistics for all cards.

<Sysname> display cpu-usage

Chassis 1 Slot 4 CPU 0 CPU usage:                                              

      10% in last 5 seconds                                                    

      10% in last 1 minute                                                     

      10% in last 5 minutes                                                    

                                                                               

Chassis 1 Slot 10 CPU 0 CPU usage:                                             

       9% in last 5 seconds                                                    

       9% in last 1 minute                                                     

       9% in last 5 minutes                                                    

                                                                                

Chassis 1 Slot 11 CPU 0 CPU usage:                                             

       9% in last 5 seconds                                                    

       9% in last 1 minute                                                      

       9% in last 5 minutes                                                    

                                                                               

Chassis 1 Slot 17 CPU 0 CPU usage:                                              

       0% in last 5 seconds                                                    

       0% in last 1 minute                                                     

       0% in last 5 minutes

Table 29 Command output

Field

Description

10% in last 5 seconds

Average CPU usage during the last 5 seconds.

10% in last 1 minute

Average CPU usage during the last minute.

10% in last 5 minutes

Average CPU usage during the last 5 minutes.

Slot x CPU y CPU usage

Usage statistics for CPU y of the card in slot x. (In standalone mode.)

Chassis x Slot y CPU z CPU usage

Usage statistics for CPU z of the card in slot y on member device x. (In IRF mode.)

 

display cpu-usage configuration

Use display cpu-usage configuration to display CPU usage monitoring configuration.

Syntax

In standalone mode:

display cpu-usage configuration [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display cpu-usage configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays the CPU usage monitoring configuration on the active MPU. (In standalone mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument can only be 0.

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (In IRF mode.)

Examples

# Display the CPU usage monitoring configuration on the active MPU.

<Sysname> display cpu-usage configuration

CPU usage monitor is enabled.

Current monitor interval is 60 seconds.

Current monitor threshold is 99%.

Related commands

·     monitor cpu-usage enable

·     monitor cpu-usage interval

·     monitor cpu-usage threshold

display cpu-usage history

Use display cpu-usage history to display the historical CPU usage statistics in charts.

Syntax

In standalone mode:

display cpu-usage history [ job job-id ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display cpu-usage history [ job job-id ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

job job-id: Specifies a process by its ID. If you do not specify this option, the command displays the historical CPU usage statistics for the entire system, which is the sum of the historical CPU usage statistics for all processes in the system. To view the IDs and names of the running processes, use the display process command. For more information, see Network Management and Monitoring Configuration Guide.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays the historical CPU usage statistics for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, this command displays the historical CPU usage statistics for all cards in the IRF fabric. (In IRF mode.)

cpu cpu-number: Displays the historical CPU usage statistics. The cpu-number argument can only be 0.

Usage guidelines

The system regularly collects CPU usage statistics and saves the statistics in the history record area. This command displays the CPU usage statistics for the last 60 minutes in axes as follows:

·     The vertical axis represents the CPU usage. If a statistic is not a multiple of the usage step, it is rounded up or down to the closest multiple of the usage step, whichever is closer. For example, if the CPU usage step is 5%, the statistic 53% is rounded up to 55%, and the statistic 52% is rounded down to 50%.

·     The horizontal axis represents the time.

·     Consecutive pound signs (#) indicate the CPU usage at a specific time. The value on the vertical axis for the topmost pound sign at a specific time represents the CPU usage at that time.

Examples

# Display the historical CPU usage statistics for the entire system.

<Sysname> display cpu-usage history

100%|

 95%|

 90%|

 85%|

 80%|

 75%|

 70%|

 65%|

 60%|

 55%|

 50%|

 45%|

 40%|

 35%|

 30%|

 25%|

 20%|

 15%|             #

 10%|            ###  #

  5%|           ########

     ------------------------------------------------------------

              10        20        30        40        50        60  (minutes)

                      cpu-usage (Slot 6 CPU 0) last 60 minutes (SYSTEM)

---- More ----

The output shows the historical CPU usage statistics for the entire system (with the name SYSTEM) in the last 60 minutes:

·     5%: 12 minutes ago

·     10%: 13 minutes ago

·     15%: 14 minutes ago

·     10%: 15 minutes ago

·     5%: 16 and 17 minutes ago

·     10%: 18 minutes ago

·     5%: 19 minutes ago

·     2% or lower than 2%: Other time

# Display the historical CPU usage statistics for process 1.

<Sysname> display cpu-usage history job 1

100%|

 95%|

 90%|

 85%|

 80%|

 75%|

 70%|

 65%|

 60%|

 55%|

 50%|

 45%|

 40%|

 35%|

 30%|

 25%|

 20%|

 15%|

 10%|

  5%|                   #

     ------------------------------------------------------------

              10        20        30        40        50        60  (minutes)

                      cpu-usage (Slot 16 CPU 0) last 60 minutes (scmd)

---- More ----

The output shows the historical CPU usage statistics of process 1 (with the process name scmd) in the last 60 minutes. A process name with square brackets ([ ]) means that the process is a kernel process.

·     5%: 20 minutes ago

·     2% or lower than 2%: Other time

display device

Use display device to display device information.

Syntax

In standalone mode:

display device [ flash ] [ slot slot-number [ subslot subslot-number ] | verbose ]

In IRF mode:

display device [ flash ] [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

flash: Specifies a Flash. If you do not specify this keyword, the command displays information about all cards on the device.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify this option, the command displays hardware information about all IRF member devices in the IRF fabric. (In IRF mode.)

subslot subslot-number: Specifies a subcard by its subslot number. The switch does not support subcards.

verbose: Displays detailed hardware information. If you do not specify this keyword, the command displays brief information.

Examples

# In standalone mode, display device information.

<Sysname> display device

Slot No. Brd Type         Brd Status   Subslot Sft Ver              Patch Ver

 0       NONE             Absent       0        NONE                 None     

 1       NONE             Absent       0        NONE                 None     

 2       NONE             Absent       0        NONE                 None     

 3       NONE             Absent       0        NONE                 None     

 4       LSX1TGS48FC1     Normal       0        S12510-X-1130        None     

 5       NONE             Absent       0        NONE                 None     

 6       NONE             Absent       0        NONE                 None     

 7       NONE             Absent       0        NONE                 None     

 8       NONE             Absent       0        NONE                 None     

 9       NONE             Absent       0        NONE                 None     

 10      LSX1FAB10B1      Normal       0        S12510-X-1130        None     

 11      LSX1FAB10B1      Normal       0        S12510-X-1130        None     

 12      NONE             Absent       0        NONE                 None     

 13      NONE             Absent       0        NONE                 None     

 14      NONE             Absent       0        NONE                 None     

 15      NONE             Absent       0        NONE                 None     

 16      NONE             Absent       0        NONE                 None     

 17      LSX1SUP10B1      Master       0        S12510-X-1130        None

The output shows that the device has one MPU (in slot 17), one LPU (in slot 4), and two switching fabric modules (in slots 10 and 11).

Table 30 Command output

Field

Description

Slot No.

Slot number of the card.

Brd Type

Hardware type of the card.

Brd State

Card status:

·     Standby—The card is the standby MPU.

·     MasterThe card is the active MPU.

·     AbsentThe slot is not installed with a card.

·     FaultThe card is faulty and cannot start up.

·     NormalThe card is operating correctly.

Subslot

Maximum number of subcards that the card supports. The switch does not support subcards.

Sft Ver

Software version of the card.

Patch Ver

Patch version of the card.

 

# In IRF mode, display device information about all IRF member devices.

<Sysname> display device

Slot   Type             State    Subslot  Soft Ver             Patch Ver

1/0    NONE             Absent   0        NONE                 None     

1/1    NONE             Absent   0        NONE                 None     

1/2    NONE             Absent   0        NONE                 None     

1/3    NONE             Absent   0        NONE                 None     

1/4    LSX1TGS48FC1     Normal   0        S12510-X-1130        None     

1/5    NONE             Absent   0        NONE                 None     

1/6    NONE             Absent   0        NONE                 None     

1/7    NONE             Absent   0        NONE                 None     

1/8    NONE             Absent   0        NONE                 None     

1/9    NONE             Absent   0        NONE                 None     

1/10   LSX1FAB10B1      Normal   0        S12510-X-1130        None     

1/11   LSX1FAB10B1      Normal   0        S12510-X-1130        None     

1/12   NONE             Absent   0        NONE                 None     

1/13   NONE             Absent   0        NONE                 None     

1/14   NONE             Absent   0        NONE                 None     

1/15   NONE             Absent   0        NONE                 None     

1/16   NONE             Absent   0        NONE                 None     

1/17   LSX1SUP10B1      Master   0        S12510-X-1130        None

2/0    NONE             Absent   0        NONE                 None     

2/1    NONE             Absent   0        NONE                 None     

2/2    NONE             Absent   0        NONE                 None     

2/3    NONE             Absent   0        NONE                 None     

2/4    LSX1TGS48FC1     Normal   0        S12510-X-1130        None     

2/5    NONE             Absent   0        NONE                 None     

2/6    NONE             Absent   0        NONE                 None     

2/7    NONE             Absent   0        NONE                 None     

2/8    NONE             Absent   0        NONE                 None     

2/9    NONE             Absent   0        NONE                 None      

2/10   LSX1FAB10B1      Normal   0        S12510-X-1130        None     

2/11   LSX1FAB10B1      Normal   0        S12510-X-1130        None     

2/12   NONE             Absent   0        NONE                 None     

2/13   NONE             Absent   0        NONE                 None     

2/14   NONE             Absent   0        NONE                 None     

2/15   NONE             Absent   0        NONE                 None     

2/16   NONE             Absent   0        NONE                 None     

2/17   LSX1SUP10B1      Standby  0        S12510-X-1130        None

The output shows that the IRF fabric has two member devices. The card in slot 17 on member device 1 is the global active MPU. The card in slot 17 on member device 2 is the global standby MPU.

Table 31 Command output

Field

Description

Slot

Member ID of the device and slot number of the card.

Type

Card type.

State

Card state:

·     AbsentNo card is inserted in the slot.

·     Master—The card is the global active MPU.

·     Standby—The card is a global standby MPU.

·     Normal—The card is operating correctly.

·     Fault—The card is faulty.

Subslot

Maximum number of subcards that the card supports.

Soft Ver

Software version of the card.

Patch Ver

Patch version of the card. If no patch is installed, the value of this field is None.

 

display device manuinfo

Use display device manuinfo to display electronic label information for the device.

Syntax

In standalone mode:

display device manuinfo [ slot slot-number ]

In IRF mode:

display device manuinfo [ chassis chassis-number [ slot slot-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number: Specifies a card by its slot number.

Usage guidelines

In standalone mode, the command displays electronic label information for all cards if you do not specify the slot slot-number option.

In IRF mode, the command displays electronic label information for all members if you do not specify the chassis chassis-number option. If you specify the chassis chassis-number option but do not specify the slot slot-number option, the command displays electronic label information for all cards on the specified member.

An electronic label is a profile for a device or card and contains the permanent configuration including the serial number, manufacturing date, MAC address, and vendor name. The data is written to the storage component during debugging or testing.

Examples

# In standalone mode, display electronic label information for the device.

<Sysname> display device manuinfo

Chassis self

DEVICE_NAME          : S12510-X

DEVICE_SERIAL_NUMBER : 02A0WU0128000055

MAC_ADDRESS          : 0004-7679-C101

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

 Slot 1 CPU 0:

DEVICE_NAME          : LSX1TGS48FC1

DEVICE_SERIAL_NUMBER : 210231A73SA07B000075

MAC_ADDRESS          : 000F-E26A-581B

MANUFACTURING_DATE   : 2012-11-10

VENDOR_NAME          : H3C

 Slot 2 CPU 0:

DEVICE_NAME          : LSX1TGS48FC1

DEVICE_SERIAL_NUMBER : 210231A76VX081000020

MAC_ADDRESS          : 000F-0123-4565

MANUFACTURING_DATE   : 2012-12-2

VENDOR_NAME          : H3C

 Slot 10 CPU 0:

DEVICE_NAME          : LSX1FAB10A1

DEVICE_SERIAL_NUMBER : 210231A76VX081000020

MAC_ADDRESS          : 1231-2312-3123

MANUFACTURING_DATE   : 2012-12-2

VENDOR_NAME          : H3C

 Slot 16 CPU 0:

DEVICE_NAME          : LSX1SUP10B1

DEVICE_SERIAL_NUMBER : 210231S12500XSUP1002

MAC_ADDRESS          : 000F-0123-4565

MANUFACTURING_DATE   : 2012-12-2

VENDOR_NAME          : H3C

Fan 2

DEVICE_NAME          : LSXE110FAN

DEVICE_SERIAL_NUMBER : 210231S125X047679F02

MAC_ADDRESS          : 0004-7679-0A20

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

Power 1

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : 210231A0HHN128000169

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

Power 3

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : LBLNPW12CS15009116

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

Power 5

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : LBLNPW12CS25012311

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

# In IRF mode, display electronic label information for the IRF fabric.

<Sysname> display device manuinfo

Chassis 1:

Chassis self

DEVICE_NAME          : S12510-X

DEVICE_SERIAL_NUMBER : 02A0WU0128000055

MAC_ADDRESS          : 0004-7679-C101

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

 Slot 1 CPU 0:

DEVICE_NAME          : LSX1TGS48FC1

DEVICE_SERIAL_NUMBER : 210231A73SA07B000075

MAC_ADDRESS          : 000F-E26A-581B

MANUFACTURING_DATE   : 2012-11-10

VENDOR_NAME          : H3C

 Slot 10 CPU 0:

DEVICE_NAME          : LSX1FAB10A1

DEVICE_SERIAL_NUMBER : 210231A76VX081000020

MAC_ADDRESS          : 1231-2312-3123

MANUFACTURING_DATE   : 2012-12-2

VENDOR_NAME          : H3C

 Slot 16 CPU 0:

DEVICE_NAME          : LSX1SUP10B1

DEVICE_SERIAL_NUMBER : 210231S12500XSUP1002

MAC_ADDRESS          : 000F-0123-4565

MANUFACTURING_DATE   : 2012-12-2

VENDOR_NAME          : H3C

Fan 2

DEVICE_NAME          : LSXE110FAN

DEVICE_SERIAL_NUMBER : 210231S125X047679F02

MAC_ADDRESS          : 0004-7679-0A20

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

Power 1

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : 210231A0HHN128000169

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

Power 3

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : LBLNPW12CS15009116

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

Power 5

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : LBLNPW12CS25012311

MAC_ADDRESS          : 0000-FE91-3456

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

display device manuinfo fan

Use display device manuinfo fan to display the electronic label information for a fan.

Syntax

In standalone mode:

display device manuinfo fan fan-id

In IRF mode:

display device manuinfo chassis chassis-number fan fan-id

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

fan-id: Specifies a fan by its ID. The value range for the ID depends on the device model.

Examples

# In standalone mode, display the electronic label information of fan 2.

<Sysname> display device manuinfo fan 2

Fan 2:

DEVICE_NAME          : LSXE110FAN

DEVICE_SERIAL_NUMBER : 210231S125X047679F02

MAC_ADDRESS          : 0004-7679-0A20

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

# In IRF mode, display the electronic label information of fan 2 on IRF member device 1.

<Sysname> display device manuinfo chassis 1 fan 2

 Chassis 1:

Fan 2:

DEVICE_NAME          : LSXE110FAN

DEVICE_SERIAL_NUMBER : 210231S125X047679F02

MAC_ADDRESS          : 0004-7679-0A20

MANUFACTURING_DATE   : 2013-05-06

VENDOR_NAME          : H3C

display device manuinfo power

Use display device manuinfo power to display the electronic label information of a power supply.

Syntax

In standalone mode:

display device manuinfo power power-id

In IRF mode:

display device manuinfo chassis chassis-number power power-id

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

power-id: Specifies a power supply by its ID.

Examples

# In standalone mode, display the electronic label information of power supply 2.

<Sysname> display device manuinfo power 2

Power 2:

DEVICE_NAME          : LSTM2PSRA

DEVICE_SERIAL_NUMBER : 210231A0HHN128000169

MANUFACTURING_DATE   : 2012-08-14

VENDOR_NAME          : H3C

# In IRF mode, display the electronic label information of power supply 2 on IRF member device 1.

<Sysname> display device manuinfo chassis 1 power 2

 Chassis 1:

Power 2:

DEVICE_NAME            : LSTM2PSRA

DEVICE_SERIAL_NUMBER   : 210231A0HHN128000008

MANUFACTURING_DATE     : 2012-08-11

VENDOR_NAME            : H3C

display diagnostic content

Use display diagnostic content to display global on-demand diagnostic test configuration.

Syntax

In standalone mode:

display diagnostic content [ slot slot-number ] [ verbose ]

In IRF mode:

display diagnostic content [ chassis chassis-number [ slot slot-number ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number-list: Specifies a card by its slot number.

chassis chassis-number: Specifies an IRF member device. (In IRF mode.)

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information about diagnostic tests.

Usage guidelines

In standalone mode, the command displays the test settings for all cards if you do not specify the slot slot-number option.

In IRF mode, the command displays the test settings for all members if you do not specify the chassis chassis-number option. If you specify the chassis chassis-number option but do not specify the slot slot-number option, the command displays the test settings for all cards on the specified member.

Examples

# In standalone mode, display detailed configuration information for global on-demand diagnostic tests on slot 16.

<sysname> display diagnostic content slot 16 verbose

Diagnostic test suite attributes:                                              

#B/*: Bootup test/NA                                                            

#O/*: Ondemand test/NA                                                         

#M/*: Monitoring test/NA                                                       

#D/*: Disruptive test/Non-disruptive test                                      

#P/*: Per port test/NA                                                         

#A/I/*: Monitoring test is active/Monitoring test is inactive/NA               

                                                                                

Slot 16:                                                                       

Test name        : IPCMonitor                                                  

Test attributes  : **M*PA                                                       

Test interval    : 00:01:00                                                    

Min interval     : 00:01:00                                                    

Correct-action   : -NA-                                                         

Description      : A Real-time test, disabled by default that checks ipc between

 switch units.                                                                 

exec             : -NA-                                                        

                                                                               

Test name        : BoardStatusMonitor                                          

Test attributes  : **M*PA                                                      

Test interval    : 00:00:06                                                    

Min interval     : 00:00:06                                                    

Correct-action   : -NA-                                                        

Description      : A Real-time test, disabled by default that checks board statu

s between local master and other local boards.                                 

---- More ----

# In IRF mode, display brief configuration information for global on-demand diagnostic tests on slot 16 of IRF member device 1.

<sysname> display diagnostic content chassis 1 slot 16

Diagnostic test suite attributes:                                              

#B/*: Bootup test/NA                                                           

#O/*: Ondemand test/NA                                                         

#M/*: Monitoring test/NA                                                       

#D/*: Disruptive test/Non-disruptive test                                      

#P/*: Per port test/NA                                                          

#A/I/*: Monitoring test is active/Monitoring test is inactive/NA               

                                                                               

Chassis 1 slot 16:

Name                            Attributes             Interval

IPCMonitor                      **M*PA                 00:01:00                

BoardStatusMonitor              **M*PA                 00:00:06                

TaskMonitor                     **M*PA                 00:00:10                

PortMonitor                     **M*PA                 00:00:10                

ComponentMonitor                **M*PA                 00:00:30                

HGMonitor                       **M*PI                 00:00:10                 

EquipSelfCheck                  *O****                 -NA-

display diagnostic-information

Use display diagnostic-information to display or save operating statistics for features and hardware modules.

Syntax

display diagnostic-information [ hardware | infrastructure | l2 | l3 | service ] [ filename ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

hardware: Displays hardware-related operating statistics.

infrastructure: Displays operating statistics for the fundamental modules.

l2: Displays operating statistics for the Layer 2 features.

l3: Displays operating statistics for the Layer 3 features.

service: Displays operating statistics for upper-layer features.

filename: Specifies a .tar.gz file to save the statistics to the file.

Usage guidelines

You can use one of the following methods to collect operating statistics for diagnostics and troubleshooting:

·     Use separate display commands to collect operating information feature by feature or module by module.

·     Use the display diagnostic-information command to collect operating information for multiple or all features and hardware modules.

This display command does not support the | by-linenum option, the > filename option, or the >> filename option. However, this command asks you whether you want to save the output to a file or display the output on the screen. The file used to save the output is automatically compressed to save storage space.

To successfully save the statistics to a file, make sure the directory for saving core files on the active MPU or global active MPU is not NULL and is accessible. To display the directory, use the display exception filepath command.

Examples

# Display the operating statistics for multiple feature modules in the system.

<Sysname> display diagnostic-information

Save or display diagnostic information (Y=save, N=display)? [Y/N]:n

===============================================

  ===============display clock===============

14:03:55 UTC Thu 01/05/2013

=================================================

  ===============display version=============== 

...

Related commands

display exception filepath

display environment

Use display environment to display temperature information, including the temperature thresholds and the current temperature values.

Syntax

In standalone mode:

display environment [ slot slot-number ]

In IRF mode:

display environment [ chassis chassis-number [ slot slot-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number: Specifies a card by its slot number.

Usage guidelines

In standalone mode, the command displays information about all temperature sensors on the device if you do not specify the slot slot-number option.

In IRF mode, the command displays information about all temperature sensors in the IRF fabric if you do not specify the chassis chassis-number option. If you specify the chassis chassis-number option but do not specify the slot slot-number option, the command displays information about all temperature sensors on the specified member.

If the temperature exceeds the high-temperature alarming threshold, verify that the device ventilation system is operating correctly and all empty slots are installed with a blank panel.

Examples

# In standalone mode, display information about all temperature sensors on the device.

<Sysname> display environment

System temperature information (degree centigrade):                           

 ----------------------------------------------------------------------        

 Slot  Sensor    Temperature  Lower  Warning  Alarm  Shutdown                  

 4     hotspot 1 40           0      75       90     95               

 4     hotspot 2 46           0      75       90     95               

 4     hotspot 3 43           0      75       90     95               

 10    hotspot 1 43           0      75       90     95               

 10    hotspot 2 40           0      75       90     95               

 10    hotspot 3 42           0      75       90     95               

 17    inflow  1 42           0      57       72     77               

 17    hotspot 1 43           0      76       88     93               

 17    hotspot 2 40           0      76       88     93

# In IRF mode, display information about all temperature sensors in the IRF fabric.

<Sysname> display environment

System temperature information (degree centigrade):                            

 ----------------------------------------------------------------------        

Chassis  Slot  Sensor    Temperature  Lower  Warning  Alarm  Shutdown                  

1        4     hotspot 1 40           0      75       90     95                

1        4     hotspot 2 46           0      75       90     95               

1        4     hotspot 3 43           0      75       90     95               

1        10    hotspot 1 43           0      75       90     95               

1        10    hotspot 2 40           0      75       90     95               

1        10    hotspot 3 42           0      75       90     95               

1        17    inflow  1 42           0      57       72     77               

1        17    hotspot 1 43           0      76       88     93               

1        17    hotspot 2 40           0      76       88     93

2        4     hotspot 1 40           0      75       90     95               

2        4     hotspot 2 46           0      75       90     95               

2        4     hotspot 3 43           0      75       90     95               

2        10    hotspot 1 43           0      75       90     95               

2        10    hotspot 2 40           0      75       90     95                

2        10    hotspot 3 42           0      75       90     95               

2        17    inflow  1 42           0      57       72     77               

2        17    hotspot 1 43           0      76       88     93               

2        17    hotspot 2 40           0      76       88     93

Table 32 Command output

Field

Description

Temperature

Current temperature.

Lower

Low-temperature threshold.

Warning

High-temperature warning threshold.

Alarm

High-temperature alarming threshold.

Shutdown

High-temperature shutdown threshold. When the sensor temperature reaches the limit, the system shuts down automatically.

 

display exception filepath

Use display exception filepath to display the directory for saving core files on an MPU.

Syntax

In standalone mode:

display exception filepath [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display exception filepath [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the directory for saving core files on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the MPU. If you do not specify this option, the command displays the directory for saving core files on the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number.

Examples

# In standalone mode, display the directory for saving core files on the active MPU.

<Sysname> display exception filepath

The exception filepath on slot 0 is flash:.

# In standalone mode, display the directory for saving core files on the standby MPU.

<Sysname> display exception filepath slot 1

The exception filepath on slot 1 is flash:.

# In IRF mode, display the directory for saving core files on the global active MPU.

<Sysname> display exception filepath

The exception filepath on chassis 1 slot 1 is flash:.

display fan

Use display fan to display the operating states of fans.

Syntax

In standalone mode:

display fan [ fan-id ]

In IRF mode:

display fan [ chassis chassis-number [ fan-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify this option, the command displays the operating states of fans on all IRF member devices. (In IRF mode.)

fan-id: Specifies a fan by its ID.

Examples

# Display the operating states of all fans.

<Sysname> display fan

Fan-tray 1:                                                                     

 Status    : Absent                                                            

Fan-tray 2:                                                                    

 Status    : Normal                                                             

 Fan number: 5                                                                 

 Fan mode  : Auto                                                              

 Airflow Direction: Back-to-front                                               

 Fan  Status      Speed(rpm)                                                   

 ---  ----------  ----------                                                   

  1   Normal      7142                                                          

  2   Fault       3546                                                         

  3   Normal      1665                                                         

  4   Fault       3578                                                         

  5   Normal      1660

display hardware-resource

Use display hardware-resource to display hardware resource mode information.

Syntax

display hardware-resource [ tcam | vxlan ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

tcam: Displays mode information about ternary content addressable memory (TCAM) hardware resources.

vxlan: Displays mode information about VXLAN hardware resources.

Usage guidelines

This command is available in Release 1138P01 and later versions.

If you do not specify the tcam or vxlan keyword, this command displays mode information about TCAM and VXLAN hardware resources.

Examples

# Display hardware resource mode information.

<Sysname> display hardware-resource

Tcam resource(tcam), all supported modes:

  routing           The routing working mode

  normal            The normal working mode

  acl               The acl working mode

  -----------------------------------------------

  Default         Current         Next

  routing         routing         routing

 

Vxlan resource(vxlan), all supported modes:

  normal            The normal mode

  mac               The mac mode

  -----------------------------------------------

  Default         Current         Next

  normal          normal          normal

Table 33 Command output

Field

Description

Default

Default mode.

Current

Current mode.

Next

Mode for the next startup.

 

Related commands

·     hardware-resource tcam

·     hardware-resource vxlan (VXLAN Command Reference)

display memory

Use display memory to display memory usage.

Syntax

In standalone mode:

display memory [ slot slot-number  [ cpu cpu-number ] ]

In IRF mode:

display memory [ chassis chassis-number slot slot-number  [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory usage for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command displays memory usage for all cards in the IRF fabric. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument must be 0.

Examples

# In standalone mode, display memory usage.

<Sysname> display memory

The statistics about memory is measured in KB:                                 

Slot 4:                                                               

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       3415304    830292   2585012         0         0     13132       75.7%

-/+ Buffers/Cache:    817160   2598144                                          

Swap:           0         0         0                                          

                                                                               

Slot 10:                                                              

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       1366400    506312    860088         0         0     13132       62.9%

-/+ Buffers/Cache:    493180    873220                                         

Swap:           0         0         0                                          

                                                                               

Slot 17:                                                             

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       8143312   1168820   6974492         0        68    304148       85.6%

-/+ Buffers/Cache:    864604   7278708                                         

Swap:           0         0         0

# In IRF mode, display memory usage.

<Sysname> display memory

The statistics about memory is measured in KB:                                 

Chassis 1 Slot 4:                                                              

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       3415304    830292   2585012         0         0     13132       75.7%

-/+ Buffers/Cache:    817160   2598144                                         

Swap:           0         0         0                                          

                                                                               

Chassis 1 Slot 10:                                                             

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       1366400    506312    860088         0         0     13132       62.9%

-/+ Buffers/Cache:    493180    873220                                         

Swap:           0         0         0                                           

                                                                               

Chassis 1 Slot 17:                                                             

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       8143312   1168820   6974492         0        68    304148       85.6%

-/+ Buffers/Cache:    864604   7278708                                         

Swap:           0         0         0

Chassis 2 Slot 4:                                                               

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       3415304    830292   2585012         0         0     13132       75.7%

-/+ Buffers/Cache:    817160   2598144                                         

Swap:           0         0         0                                          

                                                                               

Chassis 2 Slot 10:                                                             

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       1366400    506312    860088         0         0     13132       62.9%

-/+ Buffers/Cache:    493180    873220                                         

Swap:           0         0         0                                          

                                                                               

Chassis 2 Slot 17:                                                              

             Total      Used      Free    Shared   Buffers    Cached   FreeRatio

Mem:       8143312   1168820   6974492         0        68    304148       85.6%

-/+ Buffers/Cache:    864604   7278708                                          

Swap:           0         0         0

Table 34 Command output

Field

Description

Mem

Memory usage information.

Total

Total size of the physical memory space that can be allocated.

The memory space is virtually divided into two parts. Part 1 is solely used for kernel codes, and kernel management. Part 2 can be allocated and used for such tasks as running service modules and storing files. The size of part 2 equals the total size minus the size of part 1.

Used

Used physical memory.

Free

Free physical memory.

Shared

Physical memory shared by processes.

Buffers

Physical memory used for buffers.

Cached

Physical memory used for caches.

FreeRatio

Free memory ratio.

-/+ Buffers/Cache

-/+ Buffers/Cache:Used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the physical memory used by applications.

-/+ Buffers/Cache:Free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the physical memory available for applications.

Swap

Swap memory.

 

display memory-threshold

Use display memory-threshold to display memory alarm thresholds and statistics.

Syntax

In standalone mode:

display memory-threshold [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display memory-threshold [ chassis chassis-number slot slot-number  [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays the memory alarm thresholds and statistics for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command displays the memory alarm thresholds and statistics for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument must be 0.

Usage guidelines

For more information about memory alarms, see log information containing MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD.

Examples

# Display memory alarm thresholds and statistics.

<Sysname> display memory-threshold

Memory usage threshold: 100%                                                   

Free memory threshold:

    Minor: 96M

    Severe: 64M

    Critical: 48M

    Normal: 128M

Current memory state: Normal

Event statistics:

 [Back to normal state]

    First notification: 0.0

    Latest notification: 0.0

    Total number of notifications sent: 0

 [Enter minor low-memory state]

    First notification at: 0.0

    Latest notification at: 0.0

    Total number of notifications sent: 0

 [Back to minor low-memory state]

    First notification at: 0.0

    Latest notification at: 0.0

    Total number of notifications sent: 0

 [Enter severe low-memory state]

    First notification at: 0.0

    Latest notification at: 0.0

    Total number of notifications sent: 0

 [Back to severe low-memory state]

    First notification at: 0.0

    Latest notification at: 0.0

    Total number of notifications sent: 0

 [Enter critical low-memory state]

    First notification at: 0.0

    Latest notification at: 0.0

    Total number of notifications sent: 0

display power

Use display power to display power supply information.

Syntax

In standalone mode:

display power [ power-id ]

In IRF mode:

display power [ chassis chassis-number [ power-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify this option, the command displays power supply information on all IRF member devices. (In IRF mode.)

power-id: Specifies a power supply by its ID. If you do not specify this option, the command displays information about all power supplies.

Examples

# Display power supply information.

<Sysname> display power

PowerID State    Current(A)  Voltage(V)  Power(W)                             

 1       Normal    10.40       54.00      561.60                               

 2       Fault       --          --          --                                

 3       Absent      --          --          --                                

 4       Absent      --          --          --                                

 5       Absent      --          --          --                                 

 6       Absent      --          --          --                                

 7       Absent      --          --          --                                

 8       Absent      --          --          --

display scheduler job

Use display scheduler job to display job configuration information.

Syntax

display scheduler job [ job-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

job-name: Specifies a job by its name, a case-sensitive string of 1 to 47 characters. If you do not specify this option, the command displays the configuration information for all jobs.

Examples

# Display the configuration information for all jobs.

<Sysname> display scheduler job

Job name: saveconfig

 copy startup.cfg backup.cfg

 

Job name: backupconfig

 

Job name: creat-VLAN100

 system-view

 vlan 100

// The output shows that the device has three jobs: the first has one command, the second has no command, and the third has two commands. Jobs are separated by blank lines.

display scheduler logfile

Use display scheduler logfile to display job execution log information.

Syntax

display scheduler logfile

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display job execution log information.

<Sysname> display scheduler logfile

Logfile Size: 1902 Bytes.

 

Job name        : shutdown

Schedule name   : shutdown

Execution time  : Tue Dec 27 10:44:42 2013

Completion time : Tue Dec 27 10:44:47 2013

--------------------------------- Job output -----------------------------------

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]interface range fortygige 1/0/1 to fortygige 1/0/3

[Sysname-if-range]shutdown

Table 35 Command output

Field

Description

Logfile Size

Size of the log file, in bytes.

Schedule name

Schedule to which the job belongs.

Execution time

Time when the job was started.

Completion time

Time when the job was completed. If the job has never been executed or the job has no commands, this field is blank.

Job output

Commands in the job and their output.

 

Related commands

reset scheduler logfile

display scheduler reboot

Use display scheduler reboot to display the automatic reboot schedule.

Syntax

display scheduler reboot

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the automatic reboot schedule.

<Sysname> display scheduler reboot

System will reboot at 16:32:00 05/23/2013 (in 1 hours and 39 minutes).

Related commands

·     scheduler reboot at

·     scheduler reboot delay

display scheduler schedule

Use display scheduler schedule to display schedule information.

Syntax

display scheduler schedule [ schedule-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

schedule-name: Specifies a schedule by its name, a case-sensitive string of 1 to 47 characters. If you do not specify this option, the command displays information about all schedules.

Examples

# Display information about all schedules.

<Sysname> display scheduler schedule

Schedule name        : shutdown

Schedule type        : Run once after 0 hours 2 minutes

Start time           : Tue Dec 27 10:44:42 2011

Last execution time  : Tue Dec 27 10:44:42 2011

Last completion time : Tue Dec 27 10:44:47 2011

Execution counts     : 1

-----------------------------------------------------------------------

Job name                                          Last execution status

shutdown                                          Successful

Table 36 Command output

Field

Description

Schedule type

Execution time setting of the schedule. If no execution time is specified, this field is not displayed.

Start time

Time to execute the schedule for the first time. If no execution time is specified, this field is not displayed.

Last execution time

Last time when the schedule was executed. If no execution time is specified, this field is not displayed. If the schedule has never been executed, "Yet to be executed" is displayed for this field.

Last completion time

Last time when the schedule was completed. If no execution time is specified, this field is not displayed.

Execution counts

Number of times the schedule has been executed. If the schedule has never been executed, this field is not displayed.

Job name

Name of a job under the schedule.

Last execution status

Result of the most recent execution:

·     Successful.

·     Failed.

·     Waiting—The device is executing the schedule and the job is waiting to be executed.

·     In process—The job is being executed.

·     -NA-—The execution time has not arrived yet.

To view information about whether the commands in the job has been executed and the execution results, execute the display scheduler logfile command.

 

display system stable state

Use display system stable state to display system stability and status information.

Syntax

display system stable state [ mdc { id | all } ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

mdc { id | all }: Specifies an MDC by its ID or specifies all MDCs. If you do not specify this option, the command displays stability information for the system.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Before performing an ISSU or a switchover, execute this command multiple times to identify whether the system is operating stably. If the value of the System State field is not Stable, you cannot perform an ISSU. If the value of the Redundancy Stable field is not Stable, you cannot perform a switchover.

The system takes some time to start up. If the values of the status fields do not change to Stable, execute this command multiple times to identify the device or a card or MDC that is not in Stable state. You can also use other commands to identify the faulty components.

Examples

# (In standalone mode.) Display system stability and status information.

<Sysname> display system stable state

System state    : Stable

Redundancy state: Stable

  Slot   CPU   Role      State

* 1      0     Active    Stable

Table 37 Command output

Field

Description

System state

System status:

·     Stable—The system is operating stably.

·     Not ready—The system is not operating stably. You cannot perform an ISSU when the system is in this state.

Redundancy state

System redundancy status:

·     Stable—Both MPUs are operating stably. You can perform a switchover.

·     No Redundance—The system has only one MPU. You cannot perform a switchover.

·     Not Ready—The system is not operating stably. You cannot perform a switchover.

Role

Role of the card in the system:

·     Active—The card is the active MPU.

·     Standby—The card is the standby MPU.

·     Other—The card is not an MPU.

State

Card status:

·     Stable—The card is operating stably.

·     Board Inserted—The card has just been installed.

·     Kernel Init—Card kernel is being initialized.

·     Service Starting—Services are starting.

·     Service Stopping—Services are stopping.

·     HA Batch Backup—An HA batch backup is going on.

·     Interface Data Batch Backup—An interface data batch backup is in progress.

·     MDC Starting—MDCs are starting.

·     MDC Stopping—MDCs are stopping.

*

The object is not operating stably.

 

Related commands

·     display device

·     display mdc

display system-working-mode

Use display system-working-mode to display system working mode information.

Syntax

display system-working-mode

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display system working mode information.

<Sysname> display system-working-mode

The current system working mode is standard.

The next system working mode is standard.

display transceiver alarm

Use display transceiver alarm to display transceiver alarms.

Syntax

display transceiver alarm interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the alarms present on every transceiver module.

Usage guidelines

Table 38 describes some common transceiver alarms. If no error occurs, "None" is displayed.

Table 38 Common transceiver alarms

Field

Remarks

REFCLK

Reference clock.

RX …

Received …

TX …

Transmitted …

TX bias high

The transmitted bias current is high.

TX bias low

The transmitted bias current is low.

Temp high

The temperature is high.

Temp low

The temperature is low.

Transceiver type and port configuration mismatch

The type of the transceiver module does not match the port configuration.

 

Examples

# Display the alarms present on the transceiver module in interface FortyGigE 1/0/1.

<Sysname> display transceiver alarm interface fortygige 1/0/1

FortyGigE1/0/1 transceiver current alarm information:

  RX loss of signal(channel 1)                                                                                                     

  RX loss of signal(channel 2)                                                                                                     

  RX loss of signal(channel 3)                                                                                                     

  RX loss of signal(channel 4)                                                                                                     

  RX power low(channel 1)                                                                                                          

  RX power low(channel 2)                                                                                                          

  RX power low(channel 3)                                                                                                           

  RX power low(channel 4)

Table 39 Command output

Field

Description

transceiver current alarm information

Alarms present on the transceiver module.

RX loss of signal

Received signals are lost.

RX power low

Received power is low.

 

display transceiver diagnosis

Use display transceiver diagnosis to display the current values of the digital diagnosis parameters on transceiver modules.

Syntax

display transceiver diagnosis interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the current values of the digital diagnosis parameters on every transceiver module.

Usage guidelines

This command cannot display information about some transceiver modules.

Examples

# Display the current values of the digital diagnosis parameters on the transceiver module in interface FortyGigE 1/0/1.

<Sysname> display transceiver diagnosis interface fortygige 1/0/1

FortyGigE1/0/1 transceiver diagnostic information:

  Current diagnostic parameters:

[module]  Temp.(°C) Voltage(V)                                                                                                     

          33         3.29                                                                                                          

[channel] Bias(mA)  RX power(dBm)  TX power(dBm)                                                                                    

    1     7.96      -1.03          -0.64                                                                                           

    2     7.69      -0.83          -0.56                                                                                            

    3     7.79      -0.42          -0.59                                                                                           

    4     8.08      -0.55          -0.47                                                                                            

  Alarm thresholds:                                                                                                                

          Temp.(°C) Voltage(V)  Bias(mA)  RX power(dBm)  TX power(dBm)                                                            

    High  75         3.63        10.00     3.40           N/A                                                                      

    Low   -5         2.97        0.50      -13.51         N/A

Table 40 Command output

Field

Description

transceiver diagnostic information

Digital diagnosis information of the transceiver module in the interface.

Temp.(°C)

Temperature in °C, accurate to 1°C.

Voltage(V)

Voltage in V, accurate to 0.01 V.

Bias(mA)

Bias current in mA, accurate to 0.01 mA.

RX power(dBm)

RX power in dBm, accurate to 0.01 dBm.

TX power(dBm)

TX power in dBm, accurate to 0.01 dBm.

 

display transceiver interface

Use display transceiver interface to display the key parameters of transceiver modules.

Syntax

display transceiver interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command displays the key parameters of every transceiver module.

Examples

# Display the key parameters of the transceiver module in interface FortyGigE 1/0/1.

<Sysname> display transceiver interface fortygige 1/0/1

FortyGigE1/0/1 transceiver information:

  Transceiver Type              : 40G_BASE_SR4_QSFP_PLUS

  Connector Type                : MPO

  Wavelength(nm)                : 850

  Transfer Distance(m)          : 100(OM3)

  Digital Diagnostic Monitoring : YES

  Vendor Name                   : H3C

Table 41 Command output

Field

Description

transceiver information

Transceiver information.

Transceiver Type

Transceiver type.

Connector Type

Connector type options:

·     MPO—Multi-fiber Push On.

·     RJ-45.

Wavelength(nm)

·     Fiber transceiver—Central wavelength (in nm) of the transmit laser. If the transceiver supports multiple wavelengths, every two wavelength values are separated by a comma.

·     Copper cable—Displayed as N/A.

Transfer Distance(xx)

Transfer distance, with "xx" representing the distance unit: km (kilometers) for single-mode transceiver modules and m (meters) for other transceiver modules.

If the transceiver module supports multiple transfer media, the transfer distances are separated by commas. The transfer medium is included in the bracket following the transfer distance value. The following are the transfer media:

·     9 um9/125 um single-mode fiber.

·     50 um50/125 um multi-mode fiber.

·     62.5 um62.5/125 um multi-mode fiber.

·     TPTwisted pair.

Digital Diagnostic Monitoring

Support for digital diagnosis:

·     YES—Supported.

·     NO—Not supported.

 

display transceiver manuinfo

Use display transceiver manuinfo to display the electronic label information for transceiver modules.

Syntax

display transceiver manuinfo interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the electronic label information for the transceiver modules on all interfaces.

Usage guidelines

This command displays only part of the electronic label information.

Examples

# Display the electronic label information for the transceiver module in interface FortyGigE 1/0/1.

<Sysname> display transceiver manuinfo interface fortygige 1/0/1

FortyGigE1/0/1 transceiver manufacture information:

  Manu. Serial Number  : 213410A0000054000251

  Manufacturing Date   : 2012-09-01

  Vendor Name          : H3C

Table 42 Command output

Field

Description

Manu. Serial Number

Serial number generated during production of the transceiver module.

Manufacturing Date

Date when the electronic label information was written to the transceiver module.

 

display version

Use display version to display system version information.

Syntax

display version

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display system version information.

<Sysname> display version

display version-update-record

Use display version-update-record to display the startup software image upgrade history records of the active MPU. (In standalone mode.)

Use display version-update-record to display the startup software image upgrade history records of the global active MPU. (In IRF mode.)

Syntax

display version-update-record

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

The device records its current startup software version information and all subsequent version update information. Such information can survive reboots.

A maximum of 10 records can be saved.

Examples

# Display the startup software image upgrade history records.

<Sysname> display version-update-record

Name                                   Version                 Compile time       

Record 1  (updated on Sep 10 2014 at 18:06:28):                                

* S12500-X-CMW710-BOOT-R1130.bin          7.1.045 Release 1130   Aug 14 2014 16:33:12

* S12500-X-CMW710-SYSTEM-R1130.bin        7.1.045 Release 1130   Aug 14 2014 16:33:12

Table 43 Command output

Field

Description

Name

Software image file name.

*

The new software image is different from the old one.

 

Related commands

reset version-update-record

exception filepath

Use exception filepath to specify the directory for saving core files on an MPU.

Use undo exception filepath to remove the directory setting (set the directory to NULL) on an MPU.

Syntax

exception filepath directory

undo exception filepath directory

Default

The directory for saving core files is flash: on an MPU.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

directory: Specifies the root directory of a storage medium on an MPU.

Usage guidelines

The system will save core files to the core folder in the core file directory on the active MPU (in standalone mode) or the global active MPU (in IRF mode).

·     If the core folder does not exist, the system creates the folder.

·     If the specified directory is not accessible or is NULL, the system cannot save core files or the diagnostic information collected by using the display diagnostic-information command.

Examples

# Specify the directory for saving core files as flash:.

<Sysname> exception filepath flash:

Related commands

·     display exception filepath

·     process core

hardware-resource tcam

Use hardware-resource tcam to set the TCAM hardware resource mode.

Use undo hardware-resource tcam to restore the default.

Syntax

hardware-resource tcam { acl | normal | routing }

undo hardware-resource tcam

Default

The TCAM operating mode is routing.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl: Uses the TCAM on the FE card for Layer 2 ACLs and IPv4 ACLs to extend the storage capacity for the ACLs.

normal: Does not use the TCAM on the FE card.

routing: Uses the TCAM on the FE card for ARP entries and IPv4 routing entries to extend the storage capacity for the entries.

Usage guidelines

This command is available in Release 1138P01 and later versions.

This command takes effect only for the FE card.

For a TCAM hardware resource mode change to take effect, perform the following tasks:

·     Save the running configuration to the next-startup configuration file.

·     Delete the .mdb binary file for the next-startup configuration file.

·     Reboot the device.

Examples

# Set the TCAM hardware resource mode to routing.

<Sysname> system-view

[Sysname] hardware-resource tcam routing

Do you want to change the specified hardware resource working mode? [Y/N]:y  

The hardware resource working mode is changed, please save the configuration and reboot the system to make it effective.

Related commands

display hardware-resource

header

Use header to create a banner.

Use undo header to delete a banner.

Syntax

header { legal | login | motd | shell } text

undo header { legal | login | motd | shell }

Default

The default settings depend on the device model.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

legal: Configures the banner to be displayed before a user inputs the username and password to access the CLI.

login: Configures the banner to be displayed before password or scheme authentication is performed for a login user.

motd: Configures the greeting banner to be displayed before the legal banner appears. Support for the keyword depends on the device model.

shell: Configures the banner to be displayed before a non-modem dial-in user accesses user view.

text: Specifies the banner message, which can be entered in two formats. For more information, see Fundamentals Configuration Guide.

Examples

# Create the legal banner, login banner, MOTD banner, and shell banner.

<Sysname> system-view

[Sysname] header legal

Please input banner content, and quit with the character '%'.

Welcome to legal (header legal)%

[Sysname] header login

Please input banner content, and quit with the character '%'.

Welcome to login(header login)%

[Sysname] header motd

Please input banner content, and quit with the character '%'.

Welcome to motd(header motd)%

[Sysname] header shell

Please input banner content, and quit with the character '%'.

Welcome to shell(header shell)%

In this example, the percentage sign (%) is the starting and ending character of the text argument. Entering the percentage sign after the text quits the header command. Because it is the starting and ending character, the percentage sign is not included in the banner.

# Test the configuration by using Telnet. The login banner appears only when password or scheme login authentication has been configured.

******************************************************************************

* Copyright (c) 2004-2014 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

 

Welcome to legal (header legal)

 Press Y or ENTER to continue, N to exit.

 

 

Welcome to login(header login)

 

Password:

 

 

Welcome to motd(header motd)

 

 

 

Welcome to shell(header shell)

job

Use job to assign a job to a schedule.

Use undo job to revoke a job.

Syntax

job job-name

undo job job-name

Default

No job is assigned to a schedule.

Views

Schedule view

Predefined user roles

network-admin

mdc-admin

Parameters

job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

You can assign multiple jobs to a schedule. The jobs in a schedule are executed concurrently.

The jobs to be assigned to a schedule must already exist. To create a job, use the scheduler job command.

Examples

# Assign job save-job to schedule saveconfig.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] job save-job

Related commands

·     scheduler job

·     scheduler schedule

memory-threshold

Use memory-threshold to set free-memory thresholds.

Use undo memory-threshold to restore the defaults.

Syntax

In standalone mode:

memory-threshold [ slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value critical critical-value normal normal-value

undo memory-threshold [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value critical critical-value normal normal-value

undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

·     Minor alarm threshold—96 MB.

·     Severe alarm threshold—64 MB.

·     Critical alarm threshold—48 MB.

·     Normal state threshold—128 MB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

minor minor-value: Specifies the minor alarm threshold. This threshold must be equal to or less than the memory size of the specified card. Setting this threshold to 0 disables the minor alarm feature.

severe severe-value: Specifies the severe alarm threshold. This threshold must be equal to or less than the minor alarm threshold. Setting this threshold to 0 disables the severe alarm feature.

critical critical-value: Specifies the critical alarm threshold. This threshold must be equal to or less than the severe alarm threshold. Setting this threshold to 0 disables the critical alarm feature.

normal normal-value: Specifies the normal state threshold. This threshold must be equal to or greater than the minor alarm threshold.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command sets thresholds for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command sets thresholds for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument must be 0.

Usage guidelines

To ensure correct operation and improve memory efficiency, the system monitors the amount of free memory space in real time. When a free-memory threshold is exceeded, the system sends an alarm notification or an alarm-removed notification to affected feature modules or processes so they can take countermeasures. For more information about the conditions and rules for generating alarm notifications and alarm-removed notifications, see Fundamentals Configuration Guide.

Examples

# Set the minor alarm, severe alarm, critical alarm, and normal state thresholds to 64 MB, 48 MB, 32 MB, and 96 MB, respectively.

<Sysname> system-view

[Sysname] memory-threshold minor 64 severe 48 critical 32 normal 96

Related commands

·     display memory-threshold

·     memory-threshold usage

memory-threshold usage

Use memory-threshold usage to set the memory usage threshold.

Use undo memory-threshold usage to restore the default.

Syntax

In standalone mode:

memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage memory-threshold

undo memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage

In IRF mode:

memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] usage memory-threshold

undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] usage

Default

The memory usage threshold is 100%.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

memory-threshold: Specifies the memory usage threshold in percentage. The value range is 0 to 100.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command sets the memory usage threshold for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command sets the memory usage threshold for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument is fixed at 0.

Usage guidelines

The device samples memory usage at an interval of 1 minute. If the sample is greater than the memory usage threshold, the device sends a trap.

Examples

# Set the memory usage threshold to 80%.

<Sysname> system-view

[Sysname] memory-threshold chassis 1 slot 2 cpu 1 usage 80

Related commands

·     display memory-threshold

·     memory-threshold

monitor cpu-usage enable

Use monitor cpu-usage enable to enable CPU usage monitoring.

Use undo monitor cpu-usage enable to disable CPU usage monitoring.

Syntax

In standalone mode:

monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]

undo monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

monitor cpu-usage enable [ chassis chassis-number slot slot-number  [ cpu cpu-number ] ]

undo monitor cpu-usage enable [ chassis chassis-number slot slot-number  [ cpu cpu-number ] ]

Default

CPU usage monitoring is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command enables CPU usage monitoring on the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command enables CPU usage monitoring for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument must be 0.

Examples

# Enable CPU usage monitoring.

<Sysname> system-view

[Sysname] monitor cpu-usage enable

Related commands

·     display cpu-usage

·     display cpu-usage configuration

·     display cpu-usage history

·     monitor cpu-usage interval

·     monitor cpu-usage threshold

monitor cpu-usage interval

Use monitor cpu-usage interval to configure the interval at which the device samples CPU usage statistics.

Syntax

In standalone mode:

monitor cpu-usage interval interval-value [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

monitor cpu-usage interval interval-value [ chassis chassis-number slot slot-number  [ cpu cpu-number ] ]

Default

The sampling interval is 1 minute.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interval-value: Specifies the CPU usage statistics sampling interval. It can take the value of 5Sec, 1Min, or 5Min. Enter a value in its complete form. Otherwise, the system prompts parameter error.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command sets the interval for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command sets the interval for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument must be 0.

Examples

# Configure the interval at which the device samples CPU usage statistics as 5 seconds.

<Sysname> system-view

[Sysname] monitor cpu-usage interval 5Sec

Related commands

·     display cpu-usage

·     display cpu-usage configuration

·     display cpu-usage history

·     monitor cpu-usage enable

·     monitor cpu-usage threshold

monitor cpu-usage threshold

Use monitor cpu-usage threshold to set the CPU usage threshold.

Use undo monitor cpu-usage threshold to restore the default.

Syntax

In standalone mode:

monitor cpu-usage threshold cpu-threshold [ slot slot-number [ cpu cpu-number ] ]

undo monitor cpu-usage threshold [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

monitor cpu-usage threshold cpu-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor cpu-usage threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

The CPU usage threshold is 99%

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

cpu-threshold: Specifies the CPU usage threshold in percentage. The value range is 0 to 100.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command sets the CPU usage threshold for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device by its slot number and the member ID. If you do not specify this option, the command sets the CPU usage threshold for the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. The cpu-number argument is fixed at 0.

Usage guidelines

The device samples CPU usage at an interval of 1 minute. If the sample is greater than the CPU usage threshold, the device sends a trap.

Examples

# Set the CPU usage threshold to 80%.

<Sysname> system-view

[Sysname] monitor cpu-usage threshold 80

Related commands

·     display cpu-usage

·     display cpu-usage configuration

·     display cpu-usage history

·     monitor cpu-usage enable

·     monitor cpu-usage interval

password-recovery enable

Use password-recovery enable to enable password recovery capability.

Use undo password-recovery enable to disable password recovery capability.

Syntax

password-recovery enable

undo password-recovery enable

Default

Password recovery capability is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Password recovery capability controls console user access to the device configuration and SDRAM from BootWare menus.

If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.

If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.

To enhance system security, disable password recovery capability.

Availability of BootWare menu options varies with the password recovery capability setting. For more information, see the release notes.

Examples

# Disable password recovery capability.

<Sysname> system-view

[Sysname] undo password-recovery enable

process core

Use process core to enable or disable the system to generate core files for exceptions of a process and set the maximum number of core files.

Syntax

In standalone mode:

process core { maxcore value | off } { job job-id | name process-name } [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

process core { maxcore value | off } { job job-id | name process-name } [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Default

The system generates a core file for the first exception of a process and does not generate any core files for subsequent exceptions of the process.

Predefined user roles

network-admin

mdc-admin

Parameters

off: Disables core file generation.

maxcore value: Enables core file generation and sets the maximum number of core files. The value range of the value argument is 1 to 10. The default is 1.

name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.

job job-id: Specifies a process by its job ID. The value range is 1 to 2147483647. The job ID of a process does not change after the process restarts.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command is applied to the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command is applied to the global active MPU. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number.

Usage guidelines

After you enable core file generation for a process, the system generates a core file each time the process crashes until the maximum number of core files is reached. A core file records the exception information.

Core files consume system storage resources. To save storage resources, disable core file generation for processes for which you do not need to review exception information.

This command applies to all instances of a process.

Examples

# Disable core file generation for the process routed.

<Sysname> process core off name routed

# Enable core file generation for the process dbmd and set the maximum number of core files to 5.

<Sysname> process core maxcore 5 name dbmd

Related commands

exception filepath

reboot

Use reboot to reboot a card or the entire system. (In standalone mode.)

Use reboot to reboot an IRF member device or all IRF member devices. (In IRF mode.)

Syntax

In standalone mode:

reboot [ slot slot-number ] [ force ]

In IRF mode:

reboot [ chassis chassis-number [ slot slot-number ] ] [ force ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number: Specifies a card by its slot number.

force: Reboots the device immediately without performing any software check. If this keyword is not specified, the system checks, for example, whether the main system software image file exists and whether the hard disk is not being written. If any circumstance might affect data protection, the system does not reboot the device.

Usage guidelines

CAUTION

CAUTION:

·     Device reboot interrupts network services.

·     Using the force keyword might cause file system corruption. As a best practice, use this keyword only when the system fails or cannot start up.

 

If the main startup software images are corrupted or missing, you must re-specify a set of main startup software images before using the reboot command to reboot the device. Otherwise, the device cannot start up.

For data security, the device does not reboot if you reboot the device while the device is performing file operations.

·     In standalone mode:

¡     To reboot a card, specify the slot number.

¡     To reboot the entire device, do not specify the slot number option.

¡     To reboot the active MPU, perform the following tasks:

-     Identify whether the standby MPU is installed and operating correctly.

-     Use the display system stable state command to display system stability and status information.

If the standby MPU is not installed, the entire device will be rebooted. If the standby MPU is installed and is operating correctly, a switchover will occur.

 

IMPORTANT

IMPORTANT:

To ensure correct operation of the system and cards, do not trigger a switchover by rebooting the active MPU if the status of a card is not Stable.

 

·     In IRF mode:

¡     To reboot a card, specify both the IRF member ID and the slot number.

¡     To reboot an IRF member device, specify only the IRF member ID.

¡     To reboot all IRF member devices, do not specify the member ID or slot number option.

¡     To reboot the global active MPU, perform the following tasks:

-     Identify whether the IRF fabric has global standby MPUs and whether the global standby MPUs are operating correctly.

-     Use the display system stable state command to display system stability and status information.

If the IRF fabric has only one MPU, the IRF fabric will be rebooted. If the IRF fabric has a global standby MPU and the MPU is operating correctly, a switchover will occur.

 

 

NOTE:

To ensure correct operation of the IRF fabric and MPUs, do not trigger a switchover by rebooting the global active MPU if the status of a card is not Stable.

 

Examples

# Reboot the device when no configuration change has occurred since the last time you saved the running configuration.

<Sysname> reboot

 Start to check configuration with next startup configuration file, please wait.........DONE!

 This command will reboot the device. Continue? [Y/N]:y

 Now rebooting, please wait...

# If any configuration has changed, reboot the device and save the configuration.

<Sysname> reboot

 Start to check configuration with next startup configuration file, please wait.........DONE!

 Current configuration may be lost after the reboot, save current configuration? [Y/N]:y

 Please input the file name(*.cfg)[flash:/startup.cfg]

 (To leave the existing filename unchanged, press the enter key):

 flash:/startup.cfg exists, overwrite? [Y/N]:y

 Validating file. Please wait...

  Saved the current configuration to mainboard device successfully.

 This command will reboot the device. Continue? [Y/N]:y

 Now rebooting, please wait...

# If any configuration has changed, reboot the device but do not save the configuration.

<Sysname> reboot

 Start to check configuration with next startup configuration file, please wait.........DONE!

 Current configuration may be lost after the reboot, save current configuration? [Y/N]:n

 This command will reboot the device. Continue? [Y/N]:y

 Now rebooting, please wait...

# Reboot the device immediately without performing any software check.

<Sysname> reboot force

 A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y

 Now rebooting, please wait...

# In standalone mode, reboot the LPU in slot 2.

<Sysname> reboot slot 2

 This command will reboot the specified slot, Continue? [Y/N]:y

 Now rebooting, please wait...

# In standalone mode, reboot the LPU in slot 2 by force.

<Sysname> reboot slot 2 force

 A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y

 Now rebooting, please wait...

# In IRF mode, reboot IRF member device 2.

<Sysname> reboot chassis 2

 This command will reboot the specified chassis, Continue? [Y/N]:y

 Now rebooting, please wait...

# In IRF mode, reboot IRF member device 2 by force.

<Sysname> reboot chassis 2 force

 A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y

 Now rebooting, please wait...

# In IRF mode, reboot the LPU in slot 2 on IRF member device 2.

<Sysname> reboot chassis 2 slot 2

 This command will reboot the specified slot, Continue? [Y/N]:y

 Now rebooting, please wait...

# In IRF mode, reboot the LPU in slot 2 on IRF member device 2 by force.

<Sysname> reboot chassis 2 slot 2 force

 A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y

 Now rebooting, please wait...

Related commands

display system stable state

reset scheduler logfile

Use reset scheduler logfile to clear job execution log information.

Syntax

reset scheduler logfile

Default

None

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear job execution log information.

<Sysname> reset scheduler logfile

Related commands

display scheduler logfile

reset version-update-record

Use reset version-update-record to clear the startup software image upgrade history records of the active MPU. (In standalone mode.)

Use reset version-update-record to clear the startup software image upgrade history records of the global active MPU. (In IRF mode.)

Syntax

reset version-update-record

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear the startup software image upgrade history records.

<Sysname> system-view

[Sysname] reset version-update-record

Related commands

display version-update-record

scheduler job

Use scheduler job to create a job and enter job view. If the job already exists, you enter job view directly.

Use undo scheduler job to delete a job.

Syntax

scheduler job job-name

undo scheduler job job-name

Default

No job exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

A job can be referenced by multiple schedules. In job view, you can assign commands to the job.

Examples

# Create a job named backupconfig and enter job view.

<Sysname> system-view

[Sysname] scheduler job backupconfig

[Sysname-job-backupconfig]

Related commands

·     command

·     scheduler schedule

scheduler logfile size

Use scheduler logfile size to set the size of the job execution log file.

Syntax

scheduler logfile size value

Default

The size of the job execution log file is 16 KB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

value: Sets the size of the job execution log file, in KB. The value range is 16 to 1024.

Usage guidelines

The job execution log file saves the execution information of jobs. If the file is full, old records will be replaced by new records. If the size of the log information to be written to the file is larger than the size of the file, the excessive part is not written to the file.

Examples

# Set the size of the job execution log file to 32 KB.

<Sysname> system-view

[Sysname] scheduler logfile size 32

Related commands

display scheduler logfile

scheduler reboot at

Use scheduler reboot at to specify the reboot date and time.

Use undo scheduler reboot to delete the reboot schedule configuration.

Syntax

scheduler reboot at time [ date ]

undo scheduler reboot

Default

No reboot date or time is specified.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the reboot time in the hh:mm format, where hh is in the range of 0 to 23, and mm is in the range of 0 to 59.

date: Specifies the reboot date in the MM/DD/YYYY or YYYY/MM/DD format. The YYYY value is in the range of 2000 to 2035, the MM value is in the range of 1 to 12, and the value range for DD depends on the month value.

Usage guidelines

CAUTION

CAUTION:

Device reboot interrupts network services.

 

When the date argument is not specified:

·     If the reboot time is later than the current time, a reboot occurs at the reboot time of the current day.

·     If the reboot time is earlier than the current time, a reboot occurs at the reboot time the next day.

For data security, if you are performing file operations at the reboot time, the system does not reboot.

The device supports only one device reboot schedule. If you configure both the schedule reboot delay and schedule reboot delay commands or configure one of the commands multiple times, the most recent configuration takes effect.

Examples

# Configure the device to reboot at 12:00 p.m. This example assumes that the current time is 11:43 a.m. on June 6, 2013.

<Sysname> scheduler reboot at 12:00

Reboot system at 12:00:00 06/06/2013 (in 0 hours and 16 minutes). Confirm? [Y/N]:

Related commands

scheduler reboot delay

scheduler reboot delay

Use scheduler reboot delay to specify the reboot delay time.

Use undo scheduler reboot to delete the reboot schedule configuration.

Syntax

scheduler reboot delay time

undo scheduler reboot

Default

No reboot delay time is specified.

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the reboot delay time in the hh:mm or mm format. This argument can contain up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59.

Usage guidelines

CAUTION

CAUTION:

Device reboot interrupts network services.

 

For data security, if you are performing file operations at the reboot time, the system does not reboot.

The device supports only one device reboot schedule. If you configure both the schedule reboot delay and schedule reboot delay commands or configure one of the commands multiple times, the most recent configuration takes effect.

Examples

# Configure the device to reboot after 88 minutes. This example assumes that the current time is 11:48 a.m. on June 6, 2011.

<Sysname> scheduler reboot delay 88

Reboot system at 13:16 06/06/2011(in 1 hours and 28 minutes). Confirm? [Y/N]:

scheduler schedule

Use scheduler schedule to create a schedule and enter schedule view. If the schedule already exists, you enter schedule view directly.

Use undo scheduler schedule to delete a schedule.

Syntax

scheduler schedule schedule-name

undo scheduler schedule schedule-name

Default

No schedule exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

schedule-name: Specifies the schedule name, a case-sensitive string of 1 to 47 characters.

Usage guidelines

You can schedule a job to have the device automatically run a command or a set of commands without administrative interference.

To configure a schedule:

1.     Use the scheduler job command to create a job.

2.     In job view, use the command command to assign commands to the job.

3.     Use the scheduler schedule command to create a schedule.

4.     In schedule view, use the job command to assign the job to the schedule. You can assign multiple jobs to a schedule. The jobs must already exist.

5.     Use the user-role command to assign user roles to the schedule. You can assign up to 64 user roles to a schedule.

6.     In schedule view, use the time at, time once, or time repeating command to specify an execution time for the schedule. You can specify only one execution time per schedule.

Examples

# Create a schedule named saveconfig.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

Related commands

·     job

·     time at

shutdown-interval

Use shutdown-interval to set the port status detection timer.

Use undo shutdown-interval to restore the default.

Syntax

shutdown-interval time

undo shutdown-interval

Default

The detection interval is 30 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies a detection timer (in seconds) in the range of 0 to 300. Setting the timer to 0 disables port status detection.

Usage guidelines

The device starts a detection timer when a port is shut down by a protocol. If the port is still down when the detection timer expires, the device automatically brings up the port so the port status reflects the port's actual physical status.

If you change the detection timer to T1 during port detection, the interval from when you change the timer to the time when the protocol module shuts down the port is T. If T<T1, the down port will be recovered after T1-T time. If T>=T1, the down port is recovered immediately. For example, if the detection timer is set to 30 seconds and you change it to 10 seconds (T1=10) two seconds after the port is shut down (T=2), this port will be recovered 8 seconds later. If the detection timer is set to 30 seconds and you change it to 2 seconds ten seconds after the port is shut down, this port is recovered immediately.

Examples

# Set the detection timer to 100 seconds.

<Sysname> system-view

[Sysname] shutdown-interval 100

switch-fabric isolate

Use switch-fabric isolate to isolate a switching fabric module or channel.

Use undo switch-fabric isolate to restore the default.

Syntax

In standalone mode:

switch-fabric isolate slot slot-number [ channel channel-number ]

undo switch-fabric isolate slot slot-number [ channel channel-number ]

In IRF mode:

switch-fabric isolate chassis chassis-number slot slot-number [ channel channel-number ]

undo switch-fabric isolate chassis chassis-number slot slot-number [ channel channel-number ]

Default

A switching fabric module is not isolated from the forwarding plane and forwards traffic.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies a switching fabric module by its slot number.

chassis chassis-number slot slot-number: Specifies a switching fabric module on an IRF member device by its slot number and the member ID.

channel channel-number: Specifies a switching fabric channel. If you do not specify this option, the command isolates the entire switching fabric module.

Usage guidelines

You can isolate a switching fabric module or a channel from the forwarding plane. An isolated switching fabric module or channel does not receive any traffic.

Isolating the only switching fabric module of the switch disables the forwarding feature. If the switch has multiple switching fabric modules, isolating a switching fabric module decreases the forwarding bandwidth and reduces the forwarding performance. To minimize impact on forwarding performance, isolate only the failed channels.

Isolating a switching fabric module or channel does not affect operations on the control panel, such as protocol packet resolution and protocol calculation. The switching fabric module or channel can forward traffic immediately after you cancel the isolation.

Examples

# In standalone mode, isolate the switching fabric module in slot 10.

<Sysname> system-view

[Sysname] switch-fabric isolate slot 10

The command will isolate the switch fabric or a channel from the system. Continue? [Y/N]

# In IRF mode, isolate channel 1 on the switching fabric module in slot 10 of member device 1.

<Sysname> system-view

[Sysname] switch-fabric isolate chassis 1 slot 10 channel 1

The command will isolate the switch fabric or a channel from the system. Continue? [Y/N]

sysname

Use sysname to set the device name.

Use undo sysname to restore the default.

Syntax

sysname sysname

undo sysname

Default

The default name is H3C.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

sysname: Specifies a name for the device, a string of 1 to 64 characters.

Usage guidelines

A device name identifies a device in a network and is used as the user view prompt at the CLI. For example, if the device name is Sysname, the user view prompt is <Sysname>.

Examples

# Set the name of the device to R2000.

<Sysname> system-view

[Sysname] sysname R2000

[R2000]

system-working-mode

Use system-working-mode to set the system operating mode.

Use undo system-working-mode to restore the default.

Syntax

system-working-mode { advance | bridgee | standard }

undo system-working-mode

Default

The device operates in standard mode.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

advance: Sets the system operating mode to advanced.

bridgee: Sets the system operating mode to enhanced Layer 2. This keyword is available in Release 1138P01 and later versions.

standard: Sets the system operating mode to standard.

Usage guidelines

CAUTION

CAUTION:

Perform this command with caution. Changing the system operating mode might cause configuration loss.

 

In different operating modes, the device supports different features. For example:

·     The device supports EVI and FCoE only when it operates in advanced mode. For more information about EVI, see EVI Configuration Guide. For more information about FCoE, see FCoE Configuration Guide.

·     The device supports SPBM only when it operates in enhanced Layer 2 mode. For more information about SPBM, see SPB Configuration Guide.

·     The device supports VXLAN only when it operates in standard mode. For more information about VXLAN, see VXLAN Configuration Guide.

For an operating mode change to take effect, you must perform the following tasks:

·     Save the running configuration to the next-startup configuration file.

·     Delete the.mdb file for the next-startup configuration file.

·     Reboot the device.

Examples

# Set the system operating mode to advanced.

<Sysname> system-view

[Sysname] system-working-mode advance

Do you want to change the system working mode? [Y/N]:y

The system working mode is changed, please save the configuration and reboot the system to make it effective.

temperature-limit

Use temperature-limit to set the temperature alarm thresholds for the device.

Use undo temperature-limit to restore the default.

Syntax

In standalone mode:

temperature-limit slot slot-number { hotspot | inflow } sensor-number lowlimit warninglimit [ alarmlimit ]

undo temperature-limit slot slot-number { hotspot | inflow } sensor-number

In IRF mode:

temperature-limit chassis chassis-number { slot slot-number } { hotspot | inflow } sensor-number lowlimit warninglimit [ alarmlimit ]

undo temperature-limit chassis chassis-number { slot slot-number } { hotspot | inflow } sensor-number

Default

To view the default settings, use the undo temperature-limit command to restore the defaults and then execute the display environment command.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. (In IRF mode.)

slot slot-number: Specifies a card by its slot number.

hotspot: Configures temperature alarm thresholds for hotspot sensors. A hotspot sensor is typically near the chip that generates a great amount of heat and used to monitor the chip.

inflow: Configures temperature alarm thresholds for inlet sensors. An inlet sensor is near the air inlet and is used to monitor the ambient temperature.

sensor-number: Specifies a sensor by its number, an integer starting from 1. Each number represents a temperature sensor on the device or card.

lowlimit: Specifies the low-temperature threshold in Celsius degrees.

warninglimit: Specifies the high-temperature warning threshold in Celsius degrees. This threshold must be greater than the low-temperature threshold.

alarmlimit: Specifies the high-temperature alarming threshold in Celsius degrees. This threshold must be greater than the high-temperature warning threshold.

Usage guidelines

Different cards support different types of temperature sensors. To view supported temperature sensor types, use the display environment command.

The sensor number value ranges and threshold value ranges vary by card model. Use the CLI online help system to view the value ranges.

When the device temperature drops below the low-temperature threshold or reaches the high-temperature warning threshold, the device sends a log message and a trap.

When the device temperature reaches the high-temperature alarming threshold, the device sends log messages and traps repeatedly, and sets LEDs on the device panel.

When the temperature of an LPU or switching fabric module reaches the high-temperature shutdown threshold, the device sends a log message and shuts down the LPU.

The shutdown temperature thresholds are not configurable.

Examples

# In standalone mode, set the low-temperature threshold for hotspot sensor 1 on the card in slot 1 to –10°C (14°F), the warning threshold to 70°C (158°F), and the alarming threshold to 90°C (194°F).

<Sysname> system-view

[sysname] temperature-limit slot 1 hotspot 1 -10 70 90

# In IRF mode, set the low-temperature threshold for hotspot sensor 1 on the card in slot 1 on IRF member device 1 to –10°C (14°F), the warning threshold to 70°C (158°F), and the alarming threshold to 90°C (194°F).

<Sysname> system-view

[sysname] temperature-limit chassis 1 slot 1 hotspot 1 -10 70 90

time at

Use time at to specify an execution date and time for a non-periodic schedule.

Use undo time to delete the execution date and time configuration for a non-periodic schedule.

Syntax

time at time date

undo time

Default

No execution time or date is specified for a non-periodic schedule.

Views

Schedule view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the schedule execution time in the hh:mm format, where hh is in the range of 0 to 23, and mm is in the range of 0 to 59.

date: Specifies the schedule execution date in the MM/DD/YYYY or YYYY/MM/DD format. The YYYY value is in the range of 2000 to 2035, the MM value is in the range of 1 to 12, and the value range for DD depends on the month value.

Usage guidelines

The specified time (date plus time) must be later than the current system time.

The time at command, the time once command, and the time repeating command overwrite one another. The most recently configured command takes effect.

Examples

# Configure the device to execute schedule saveconfig at 01:01 a.m. on May 11, 2011.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time at 1:1 2011/05/11

Related commands

scheduler schedule

time once

Use time once to specify one or more execution days and the execution time for a non-periodic schedule.

Use undo time to delete the execution day and time configuration for a non-periodic schedule.

Syntax

time once at time [ month-date month-day | week-day week-day&<1-7> ]

time once delay time

undo time

Default

No execution time or day is specified for a non-periodic schedule.

Views

Schedule view

Predefined user roles

network-admin

mdc-admin

Parameters

at time: Specifies the execution time in the hh:mm format, where hh is in the range of 0 to 23, and mm is in the range of 0 to 59.

month-date month-day: Specifies a day in the current month, in the range of 1 to 31. If you specify a day that does not exist in the current month, the configuration takes effect on that day in the next month.

week-day week-day&<1-7>: Specifies one or more week days for the schedule. Valid values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun. <1-7> means that you can specify 1 to 7 week days. To specify multiple week days, separate the values with spaces.

delay time: Specifies the delay time for executing the schedule, in the hh:mm or mm format. This argument can contain up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59.

Usage guidelines

After you specify an execution day and time for a schedule, the schedule will be executed once at the specified time point or each specified time point. If the specified time, the specified day in the month, or the specified day in a week is already past, the schedule will be executed at the specified time next day, the specified day in the next month, or the specified day in the next week.

The time at command, the time once command, and the time repeating command overwrite one another, whichever is configured most recently takes effect.

Examples

# Configure the device to execute schedule saveconfig once at 15:00.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 15:00

Schedule starts at 15:00 5/11/2011.

# Configure the device to execute schedule saveconfig once at 15:00 on the coming 15th day in a month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 15:00 month-date 15

# Configure the device to execute schedule saveconfig at 12:00 p.m. on the coming Monday and Friday.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once at 12:00 week-day mon fri

# Configure the device to execute schedule saveconfig after 10 minutes.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time once delay 10

Related commands

scheduler schedule

time repeating

Use time repeating to specify an execution time table for a periodic schedule.

Use undo time to delete the execution time table configuration for a periodic schedule.

Syntax

time repeating [ at time [ date ] ] interval interval-time

time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]

undo time

Default

No execution time table is specified for a periodic schedule.

Views

Schedule view

Predefined user roles

network-admin

mdc-admin

Parameters

at time: Specifies the execution time in the hh:mm format, where hh is in the range of 0 to 23, and mm is in the range of 0 to 59. If you do not specify this option, the current system time is used as the execution time.

date: Specifies the start date for the periodic schedule, in the MM/DD/YYYY or YYYY/MM/DD format. The YYYY value is in the range of 2000 to 2035, the MM value is in the range of 1 to 12, and the value range for DD depends on the month value. If you do not specify this argument, the execution start date is the first day when the specified time arrives.

interval interval-time: Specifies the execution time interval in the hh:mm or mm format. This argument can contain up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59. When in the mm format, this argument must be a minimum of 1 minute.

month-date [ month-day | last ]: Specifies a day in a month, in the range 1 to 31. The last keyword indicates the last day of a month. If you specify a day that does not exist in a month, the configuration takes effect on that day in the next month.

week-day week-day&<1-7>: Specifies one or more week days. Valid values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun. <1-7> means that you can specify 1 to 7 week days. To specify multiple week days, separate the values with spaces.

Usage guidelines

The time repeating [ at time [ date ] ] interval interval-time command configures the device to execute a schedule at an interval from the specified time on.

The time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ] command configures the device to execute a schedule at the specified time on every specified day in a month or week.

The time at command, the time once command, and the time repeating command overwrite one another, whichever is configured most recently takes effect.

Examples

# Configure the device to execute schedule saveconfig once an hour from 8:00 a.m. on.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 interval 60

# Configure the device to execute schedule saveconfig at 12:00 p.m. every day.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 12:00

# Configure the device to execute schedule saveconfig at 8:00 a.m. on the 5th of every month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 month-date 5

# Configure the device to execute schedule saveconfig at 8:00 a.m. on the last day of every month.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 month-date last

# Configure the device to execute schedule saveconfig at 8:00 a.m. every Friday and Saturday.

<Sysname> system-view

[Sysname] scheduler schedule saveconfig

[Sysname-schedule-saveconfig] time repeating at 8:00 week-day fri sat

Related commands

scheduler schedule

user-role

Use user-role to assign user roles to a schedule.

Use undo user-role to remove user roles from a schedule.

Syntax

user-role role-name

undo user-role role-name

Default

A schedule has the user roles of the schedule creator.

Views

Schedule view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Predefined user roles include network-admin, network-operator, mdc-admin, mdc-operator, level-0 to level-15, and security-audit).

Usage guidelines

By assigning user roles to and removing user roles from a schedule, you can control the commands to be executed in the schedule.

A schedule must have a minimum of one user role, and can have up to 64 user roles. A command in a schedule can be executed if it is permitted by one or more user roles of the schedule.

You must have the network-admin user role to assign user roles to or remove user roles from a schedule. You can assign only user roles lower than your own user role.

For more information about user roles, see the RBAC configuration in Fundamentals Configuration Guide.

Examples

# Assign user role rolename to schedule test.

<Sysname> system-view

[Sysname] scheduler schedule test

[Sysname-schedule-test] user-role rolename                                      

[Sysname-schedule-test] display this                                             

#                                                                              

scheduler schedule test                                                        

 user-role network-admin                                                        

 user-role network-operator

 user-role rolename                                                            

#                                                                              

return                                                                          

Related commands

·     command

·     scheduler schedule

 


MDC commands

The MDC feature is available in Release 1138P01 and later versions.

MDC requires a license to run on the device. If no license is installed or the license expires, you cannot create, start, or use non-default MDCs. For more information about licenses, see Fundamentals Configuration Guide.

MDC commands for the default MDC

This section describes the MDC commands that you can use after logging in to the default MDC (the physical device).

Unless otherwise stated, the term "MDC" in this section refers to a non-default MDC.

allocate interface

Use allocate interface to assign a physical interface to an MDC.

Use undo allocate interface to reclaim a physical interface assigned to an MDC.

Syntax

allocate interface interface-list

undo allocate interface interface-list

Default

All physical interfaces on the device belong to the default MDC. A non-default MDC cannot use any physical interfaces.

Views

MDC view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-list: Specifies a space-separated list of up to 24 interface items. Each item specifies an interface by its type and number, or a range of interfaces in the form of interface-type start-interface-number to interface-type end-interface-number. The two interface-type arguments must have the same value. All interfaces in the range must be on the same LPU.

Usage guidelines

You can assign multiple physical interfaces to a non-default MDC. A physical interface must meet the following requirements to be assigned to a non-default MDC:

·     The interface is not the console port. The console port belongs to the default MDC. You cannot assign a console port to a non-default MDC.

·     The interface is not the management Ethernet interface. The physical management Ethernet interface of the device belongs to the default MDC and cannot be assigned to a non-default MDC. When a non-default MDC is created, the system automatically creates virtual management Ethernet interfaces for the MDC, one virtual management Ethernet interface for each physical management Ethernet interface. Each virtual management Ethernet interface uses the same interface number, physical port, and link as the corresponding physical management Ethernet interface. You can assign IP addresses to the virtual management Ethernet interfaces for MDCs so MDC administrators can access and manage their respective MDCs. The IP addresses for virtual management Ethernet interfaces do not need to belong to the same network segment.

·     The interface belongs to the default MDC. To assign a physical interface that belongs to one non-default MDC to another non-default MDC, you must remove the existing assignment by using the undo allocate interface command.

·     The LPU where the interface resides is not assigned to any MDC.

When you assign physical interfaces and LPUs to MDCs, follow these guidelines:

·     For an MDC to use a physical interface, you must perform the following tasks:

a.     Assign the physical interface to the MDC.

b.     Authorize the MDC to use the LPU where the physical interface resides.

·     Interfaces on LPUs are grouped. The interfaces in a group must be assigned to or removed from the same MDC at the same time. Different groups of interfaces on an LPU can be assigned to different MDCs. Table 44 shows the interface grouping information.

Table 44 Interface grouping on LPUs

LPU type

Interface grouping

FC and FX cards

Interfaces are grouped by interface number in ascending order, starting from 1.

·     1G SFP, 10G SFP+, 10/100/1000Base-T, and 10GBase-T card—Each group has 24 interfaces.

·     40G QSFP+ card—Each group has six interfaces.

·     100G CXP and 100G CFP2 card—Each group has two interfaces.

FD and FE cards

Each card has one interface group. All interfaces on the card belong to the group.

 

·     A physical interface can be assigned to only one MDC.

·     Assigning or reclaiming a physical interface restores the settings of the interface to the defaults. If the MDC administrator configures the interface during the assigning or reclaiming operation, settings made before the operation is completed are lost.

·     To configure parameters for a physical interface that has been assigned to an MDC, you must log in to the MDC.

·     To use the shutdown command to shut down the management Ethernet interface, you must be on the default MDC.

When you assign physical interfaces and LPUs to MDCs on an IRF fabric, also follow these guidelines:

·     To remove an LPU that holds the IRF physical interface of a non-default MDC, first complete the following tasks:

a.     Remove the IRF physical interface configuration for the LPU.

b.     Use the save command to save the running configuration.

·     IRF links can belong to the default MDC or non-default MDCs. As a best practice for link availability, establish a minimum of two IRF links by using different LPUs. An IRF link can belong to one or more MDCs. The two IRF physical interfaces of an IRF link can belong to the same MDC or different MDCs.

·     To assign an IRF physical interface to an MDC or reclaim an IRF physical interface from an MDC, complete the following tasks:

c.     Use the shutdown command to shut down the interface.

d.     Use the undo port group interface command to remove the binding of the physical interface to the IRF port. For more information about the undo port group interface command, see Virtual Technologies Command Reference.

e.     Assign or reclaim the IRF physical interface.

f.     Use the save command to save the running configuration.

·     Assigning an IRF physical interface to or reclaiming an IRF physical interface from an MDC causes the following problems:

¡     The IRF configuration on the interface is lost.

¡     The IRF link is closed.

To avoid IRF fabric split, make sure each member device always has a minimum of one IRF link in up state.

Examples

# Assign interfaces Ten-GigabitEthernet 6/0/1 through Ten-GigabitEthernet 6/0/24 to MDC sub1.

<Sysname> system-view

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] allocate interface ten-gigabitethernet 6/0/1 to ten-gigabitethernet 6/0/24

Configuration of the interfaces will be lost. Continue? [Y/N]:y

Execute the location slot command in this view to make the configuration take effect.

display mdc

Use display mdc to display MDCs and their status.

Syntax

display mdc [ name mdc-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name mdc-name: Specifies an MDC by its name, a case-sensitive string of 1 to 15 characters. If you do not specify this option, the command displays all MDCs.

Examples

# Display all MDCs.

<Sysname> display mdc

ID         Name            Status

1          Admin           active

2          sub1            inactive

Table 45 Command output

Field

Description

Status

Status of the MDC:

·     inactive—The MDC is stopped or not started yet.

·     starting—The device is executing the mdc start command to start the MDC.

·     active—The MDC is operating correctly.

·     updating—The device is executing the location command to authorize the MDC to use an LPU.

·     stopping—The device is executing the undo mdc start command to stop the MDC.

 

Related commands

mdc

display mdc interface

Use display mdc interface to display the interfaces of MDCs.

Syntax

display mdc [ name mdc-name ] interface

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name mdc-name: Specifies an MDC by its name, a case-sensitive string of 1 to 15 characters. If you do not specify this option, the command displays the interfaces of all MDCs.

Examples

# Display the interfaces of all MDCs.

<Sysname> display mdc interface

 MDC Admin's interface(s):                                                     

  M-GigabitEthernet0/0/0                                                       

                                                                               

 MDC MDCA's interface(s):                                                       

  M-GigabitEthernet0/0/0               Ten-GigabitEthernet6/0/1                

  Ten-GigabitEthernet6/0/2             Ten-GigabitEthernet6/0/3                

  Ten-GigabitEthernet6/0/4             Ten-GigabitEthernet6/0/5                

  Ten-GigabitEthernet6/0/6             Ten-GigabitEthernet6/0/7                

  Ten-GigabitEthernet6/0/8             Ten-GigabitEthernet6/0/9                

  Ten-GigabitEthernet6/0/10            Ten-GigabitEthernet6/0/11               

  Ten-GigabitEthernet6/0/12            Ten-GigabitEthernet6/0/13               

  Ten-GigabitEthernet6/0/14            Ten-GigabitEthernet6/0/15               

  Ten-GigabitEthernet6/0/16            Ten-GigabitEthernet6/0/17                

  Ten-GigabitEthernet6/0/18            Ten-GigabitEthernet6/0/19               

  Ten-GigabitEthernet6/0/20            Ten-GigabitEthernet6/0/21               

  Ten-GigabitEthernet6/0/22            Ten-GigabitEthernet6/0/23               

  Ten-GigabitEthernet6/0/24                                                    

                                                                               

 MDC MDCB's interface(s):                                                      

  M-GigabitEthernet0/0/0               Ten-GigabitEthernet6/0/25               

  Ten-GigabitEthernet6/0/26            Ten-GigabitEthernet6/0/27               

  Ten-GigabitEthernet6/0/28            Ten-GigabitEthernet6/0/29               

  Ten-GigabitEthernet6/0/30            Ten-GigabitEthernet6/0/31               

  Ten-GigabitEthernet6/0/32            Ten-GigabitEthernet6/0/33               

  Ten-GigabitEthernet6/0/34            Ten-GigabitEthernet6/0/35               

  Ten-GigabitEthernet6/0/36            Ten-GigabitEthernet6/0/37               

  Ten-GigabitEthernet6/0/38            Ten-GigabitEthernet6/0/39               

  Ten-GigabitEthernet6/0/40            Ten-GigabitEthernet6/0/41               

  Ten-GigabitEthernet6/0/42            Ten-GigabitEthernet6/0/43               

  Ten-GigabitEthernet6/0/44            Ten-GigabitEthernet6/0/45               

  Ten-GigabitEthernet6/0/46            Ten-GigabitEthernet6/0/47                

  Ten-GigabitEthernet6/0/48

Related commands

allocate interface

display mdc resource

Use display mdc resource to display the CPU and memory usage of MDCs.

Syntax

In standalone mode:

display mdc [ name mdc-name ] resource [ cpu | memory ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display mdc [ name mdc-name ] resource [ cpu | memory ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name mdc-name: Specifies an MDC by its name, a case-sensitive string of 1 to 15 characters. If you do not specify this option, the command displays the usage of all MDCs.

cpu: Displays the CPU usage.

memory: Displays the memory space usage.

slot slot-number: Specifies a card. If you do not specify this option, the command displays the usage on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the command displays the usage on all cards in the IRF fabric. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. If you do not specify this option, the command displays the usage on CPU 0.

Examples

# In standalone mode, display the CPU and memory usage of all MDCs on all cards.

<Sysname> display mdc resource

Memory usage:                                                                  

Slot 6 CPU 0:                                                                  

Used 26.1MB, Free 3301.2MB, Total 3327.3MB                                     

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  1     Admin            3327.3       19.6         3301.2                      

  2     MDCA             3327.3       6.5          3301.2                      

Slot 16 CPU 0:                                                                 

Used 438.2MB, Free 3496.2MB, Total 3934.5MB                                    

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  1     Admin            3934.5       346.6        3496.2                      

  2     MDCA             3934.5       46.4         3496.2                      

  3     MDCB             3934.5       45.2         3496.2                      

CPU usage:                                                                     

Slot 6 CPU 0:                                                                  

  ID    Name             Weight       Usage(%)                                 

  1     Admin            10           0                                        

  2     MDCA             10           0                                        

Slot 16 CPU 0:                                                                  

  ID    Name             Weight       Usage(%)                                 

  1     Admin            10           0                                        

  2     MDCA             10           0                                        

  3     MDCB             10           0

# In IRF mode, display the CPU and memory space usage of all MDCs on all cards in the IRF fabric.

<Sysname> display mdc resource

Memory usage:                                                                   

Chassis 1 slot 6 CPU 0:                                                        

Used 32.5MB, Free 3294.8MB, Total 3327.3MB                                     

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  1     Admin            3327.3       19.6         3294.8                      

  2     MDCA             3327.3       6.5          3294.8                      

  3     MDCB             3327.3       6.5          3294.8                       

Chassis 1 slot 16 CPU 0:                                                       

Used 433.6MB, Free 3500.8MB, Total 3934.5MB                                    

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  1     Admin            3934.5       341.6        3500.8                      

  2     MDCA             3934.5       45.3         3500.8                      

  3     MDCB             3934.5       46.7         3500.8                      

CPU usage:                                                                      

Chassis 1 slot 6 CPU 0:                                                        

  ID    Name             Weight       Usage(%)                                 

  1     Admin            10           5                                        

  2     MDCA             10           0                                        

  3     MDCB             10           0                                        

Chassis 1 slot 16 CPU 0:                                                       

  ID    Name             Weight       Usage(%)                                 

  1     Admin            10           3                                        

  2     MDCA             10           0                                        

  3     MDCB             10           0

Table 46 Command output

Field

Description

Slot x CPU y

Usage on the specified CPU of the specified card. (In standalone mode.)

Chassis x Slot y CPU z

Usage on the specified CPU of the specified card in the specified IRF member device. (In IRF mode.)

Weight

CPU weight.

Quota (MB)

Maximum amount of memory space for the MDC, in MB.

Available(MB)

Available amount of memory space for the MDC, in MB.

 

limit-resource cpu

Use limit-resource cpu to specify a CPU weight for an MDC.

Use undo limit-resource cpu to restore the default.

Syntax

limit-resource cpu weight weight-value

undo limit-resource cpu

Default

Each MDC has a CPU weight of 10.

Views

MDC view

Predefined user roles

network-admin

mdc-admin

Parameters

weight weight-value: Specifies a CPU weight value in the range of 1 to 10.

Usage guidelines

The CPU weight setting for an MDC applies to all MPUs and all LPUs that the MDC is authorized to use.

All MDCs share the CPU resources on the MPUs in the system. All MDCs that are authorized to use the same LPU share and compete for the CPU resources on the LPU.

The amount of CPU resources an MDC can use depends on the percentage of its CPU weight among the CPU weights of all MDCs that share the same CPU. For example, if three MDCs share the same CPU, setting their weights to 10, 10, and 5 is equivalent to setting their weights to 2, 2, and 1.

·     The two MDCs with the same weight can use the CPU for approximately the same period of time.

·     The third MDC can use the CPU for about half of the time for each of the other two MDCs.

You can use this command to change the CPU weight for a non-default MDC. The CPU weight for the default MDC cannot be changed.

Examples

# Set the CPU weight of MDC sub1 to 2.

<Sysname> system-view

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] limit-resource cpu weight 2

limit-resource memory

Use limit-resource memory to specify an MPU memory space percentage for an MDC.

Use undo limit-resource memory to restore the default.

Syntax

In standalone mode:

limit-resource memory slot slot-number [ cpu cpu-number ] ratio limit-ratio

undo limit-resource memory slot slot-number [ cpu cpu-number ]

In IRF mode:

limit-resource memory chassis chassis-number slot slot-number [ cpu cpu-number ] ratio limit-ratio

undo limit-resource memory chassis chassis-number slot slot-number [ cpu cpu-number ]

Default

All MDCs share the memory space of the MPUs in the system, and an MDC can use all the free memory space.

Views

MDC view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. (In IRF mode.)

ratio limit-ratio: Specifies the ratio of the memory space that an MDC can use on the specified MPU to the total memory space of the MPU. The value range is 1 to 100.

cpu cpu-number: Specifies a CPU by its number. If you do not specify this option, the command specifies a memory space percentage for CPU 0.

Usage guidelines

This command sets the maximum amount of memory space that an MDC can use. Make sure this amount is sufficient for the MDC to operate correctly.

Examples

# In standalone mode, allow MDC sub1 to use up to 30 percent of the memory space on the MPU in slot 16.

<Sysname> system-view

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] limit-resource memory slot 16 ratio 30

# In IRF mode, allow MDC sub1 to use up to 30 percent of the memory space on the MPU in slot 16 on IRF member device 2.

<Sysname> system-view

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] limit-resource memory chassis 2 slot 16 ratio 30

location

Use location to authorize an MDC to use an LPU.

Use undo location to reclaim the authorization.

Syntax

In standalone mode:

location slot slot-number

undo location slot slot-number

In IRF mode:

location chassis chassis-number slot slot-number

undo location chassis chassis-number slot slot-number

Default

All LPUs of the device belong to the default MDC. A non-default MDC cannot use any LPUs.

Views

MDC view

Predefined user roles

network-admin

mdc-admin

Parameters

slot slot-number: Specifies an LPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies an LPU on an IRF member device. (In IRF mode.)

Usage guidelines

You can authorize multiple MDCs to use the same LPU.

After you configure this command for an LPU, performing the following operations removes all authorization configurations for the LPU:

·     Remove the LPU.

·     Save the running configuration.

·     Reboot the device.

If you want to retain the LPU authorization configurations, reconfigure LPU authorization.

Examples

# In standalone mode, authorize the MDC sub1 to use the LPU in slot 3.

<Sysname> system-view

[Sysname] mdc Admin

[Sysname-mdc-1-Admin] undo location slot 3

The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y

[Sysname-mdc-1-Admin] quit

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] location slot 3

# In IRF mode, authorize the MDC sub1 to use the LPU in slot 3 on IRF member device 2.

<Sysname> system-view

[Sysname] mdc Admin

[Sysname-mdc-1-Admin] undo location chassis 2 slot 3

The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] location chassis 2 slot 3

switchto mdc

Use switchto mdc to log in to a non-default MDC from the system view of the default MDC and enter MDC user view.

Syntax

switchto mdc mdc-name

Views

System view

Predefined user roles

network-admin

network-operator

Parameters

mdc-name: Specifies the MDC name, a case-sensitive string of 1 to 15 characters. The MDC must have already been started.

Usage guidelines

You use this command to log in only to an MDC that is in active state.

Examples

# Log in to MDC sub1 from the system view of the default MDC.

<Sysname> system-view

[Sysname] switchto mdc sub1

******************************************************************************

* Copyright (c) 2004-2015 Hangzhou H3C Tech. Co., Ltd. All rights reserved.  *

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

Automatic configuration is running, press CTRL_D to break or press CTRL_B to   

switch back to the default MDC.

<Sysname>

<Sysname> display mdc

ID         Name            Status                                              

2          sub1            active

Related commands

switchback

mdc

Use mdc to create an MDC and enter MDC view. If the MDC already exists, you enter the MDC view directly.

Use undo mdc to delete an MDC.

Syntax

mdc mdc-name [ id mdc-id ]

undo mdc mdc-name

Default

There is a default MDC with the name Admin and the ID 1.

Views

System view

Predefined user roles

network-admin

Parameters

mdc-name: Specifies the MDC name, a case-sensitive string of 1 to 15 characters.

id mdc-id: Specifies the MDC ID in the range of 1 to 9. If you do not specify this option, the system assigns the lowest ID number among the available IDs to the MDC.

Usage guidelines

The default MDC is system predefined. You cannot delete it.

You can create up to eight MDCs.

To enter the view of an existing MDC, you can specify the MDC name, or specify both the MDC name and the MDC ID. If you specify both the MDC name and the MDC ID, make sure the two arguments identify the same MDC.

Delete an MDC with caution. Deleting an MDC removes all configurations and hard disk files of the MDC, and the configurations and files cannot be restored.

Examples

# Create an MDC named sub1.

<Sysname> system-view

[Sysname] mdc sub1

It will take some time to create MDC...

MDC created successfully.

Related commands

display mdc

mdc start

Use mdc start to start an MDC.

Use undo mdc start to stop an MDC.

Syntax

mdc start

undo mdc start

Views

MDC view

Predefined user roles

network-admin

Usage guidelines

After an MDC is started, administrators of the MDC can log in to the MDC for MDC configuration and maintenance.

Stop an MDC with caution. Stopping an MDC interrupts all services on the MDC and logs out all login users on the MDC.

To avoid configuration loss, save the running configuration of an MDC before stopping the MDC.

Examples

# Start MDC sub1.

<Sysname> system-view

[Sysname] mdc sub1

[Sysname-mdc-2-sub1] mdc start

It will take some time to start MDC...

MDC started successfully.

MDC commands for non-default MDCs

This section describes the MDC commands that you can use after logging in to a non-default MDC.

display mdc

Use display mdc to display the ID, name, and status of the current MDC.

Syntax

display mdc

Views

Any view

Predefined user roles

mdc-admin

mdc-operator

Examples

# Display the ID, name, and status of the current MDC.

<sub1> display mdc

ID         Name            Status                                              

2          sub1            active

For information about the command output, see Table 45.

display mdc interface

Use display mdc interface to display the interfaces of the current MDC.

Syntax

display mdc interface

Views

Any view

Predefined user roles

mdc-admin

mdc-operator

Examples

# Display the interfaces of the current MDC.

<sub1> display mdc interface

MDC MDCA's interface(s):                                                      

  M-GigabitEthernet0/0/0               Ten-GigabitEthernet6/0/1                

  Ten-GigabitEthernet6/0/2             Ten-GigabitEthernet6/0/3                

  Ten-GigabitEthernet6/0/4             Ten-GigabitEthernet6/0/5                

  Ten-GigabitEthernet6/0/6             Ten-GigabitEthernet6/0/7                

  Ten-GigabitEthernet6/0/8             Ten-GigabitEthernet6/0/9                

  Ten-GigabitEthernet6/0/10            Ten-GigabitEthernet6/0/11               

  Ten-GigabitEthernet6/0/12            Ten-GigabitEthernet6/0/13               

  Ten-GigabitEthernet6/0/14            Ten-GigabitEthernet6/0/15               

  Ten-GigabitEthernet6/0/16            Ten-GigabitEthernet6/0/17               

  Ten-GigabitEthernet6/0/18            Ten-GigabitEthernet6/0/19               

  Ten-GigabitEthernet6/0/20            Ten-GigabitEthernet6/0/21               

  Ten-GigabitEthernet6/0/22            Ten-GigabitEthernet6/0/23               

  Ten-GigabitEthernet6/0/24

display mdc resource

Use display mdc resource to display the CPU and memory usage of the current MDC.

Syntax

In standalone mode:

display mdc resource [ cpu | memory ] [ slot slot-number [ cpu cpu-number ] ]

In IRF mode:

display mdc resource [ cpu | memory ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

mdc-admin

mdc-operator

Parameters

cpu: Displays the CPU usage.

memory: Displays the memory space usage.

slot slot-number: Specifies a card. If you do not specify this option, the command displays the usage on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the command displays the usage on all cards in the IRF fabric. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. If you do not specify this option, the command displays the usage on CPU 0.

Examples

# In standalone mode, display the CPU and memory space usage of the MDC on all cards.

<sub1> display mdc resource

Memory usage:                                                                   

Slot 6 CPU 0:                                                                  

Used 26.1MB, Free 3301.2MB, Total 3327.3MB                                     

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  2     MDCA             3327.3       6.5          3301.2                      

Slot 16 CPU 0:                                                                 

Used 439.9MB, Free 3494.5MB, Total 3934.5MB                                    

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  2     MDCA             3934.5       48.1         3494.5                      

CPU usage:                                                                      

Slot 6 CPU 0:                                                                  

  ID    Name             Weight       Usage(%)                                 

  2     MDCA             10           0                                        

Slot 16 CPU 0:                                                                 

  ID    Name             Weight       Usage(%)                                 

  2     MDCA             10           0

# In IRF mode, display the CPU and memory space usage of the MDC on all cards in the IRF fabric.

<sub1> display mdc resource

Memory usage:                                                                  

Chassis 1 slot 6 CPU 0:                                                         

Used 32.5MB, Free 3294.8MB, Total 3327.3MB                                     

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  2     MDCA             3327.3       6.5          3294.8                       

Chassis 1 slot 16 CPU 0:                                                       

Used 435.3MB, Free 3499.1MB, Total 3934.5MB                                    

  ID    Name             Quota(MB)    Used(MB)     Available(MB)               

  2     MDCA             3934.5       47.0         3499.1                      

CPU usage:                                                                     

Chassis 1 slot 6 CPU 0:                                                        

  ID    Name             Weight       Usage(%)                                 

  2     MDCA             10           0                                        

Chassis 1 slot 16 CPU 0:                                                       

  ID    Name             Weight       Usage(%)                                 

  2     MDCA             10           0

For information about the command output, see Table 46.

switchback

Use switchback to return from a non-default MDC to the default MDC. This command will bring you from the user view of the non-default MDC to the system view of the default MDC.

Syntax

switchback

Views

User view

Predefined user roles

mdc-admin

mdc-operator

Usage guidelines

You can use this command to return to the default MDC only after you use the switchto command to log in to a non-default MDC. If you log in to a non-default MDC by using any other method (such as Telnet), you cannot use this command to access the default MDC.

Examples

# Return from the current MDC to the default MDC.

<sub1> switchback

[Sysname]

Related commands

switchto mdc


Python commands

exit()

Use exit() to exit the Python shell.

Syntax

exit()

Views

Python shell

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To return to user view from the Python shell, you must use this command. You cannot use the quit command for the purpose.

Examples

# Exit the Python shell.

Python 2.7.3 (default, Apr 10 2014, 16:30:23)

[GCC 4.4.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> 

>>> exit()

<Sysname>

python

Use python to enter the Python shell.

Syntax

python

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

In the Python shell, you can use the following items:

·     Python 2.7 commands.

·     Python 2.7 standard API.

·     Comware V7 extended API.

Examples

# Enter the Python shell.

<Sysname> python

Python 2.7.3 (default, Sep 22 2014, 17:10:05)

[GCC 4.4.1] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>> 

python filename

Use python filename to execute a Python script.

Syntax

python filename [ param ]

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of a Python script on a storage medium (flash memory or USB disk) of the device. The script name is case sensitive and must use the extension .py. The extension .py is case insensitive.

param: Specifies the parameters to be passed to the script. To enter multiple parameters, use spaces as the delimiter.

Usage guidelines

You cannot perform any operation while a Python script is being executed by your command.

Make sure the statements in the script meet the syntax requirements. The system stops executing a Python script if it finds a statement with syntax errors.

When executing a script, the system uses the defaults for interactive statements. The system does not stop for human input.

Examples

# Execute Python script test.py.

<Sysname> python test.py 1 2

['/flash:/test.py', '1', '2']

 


License management commands

All commands in this chapter are supported only on the default MDC. Features licensed to the default MDC are also licensed to non-default MDCs. For information about MDCs, see Fundamentals Configuration Guide.

display license

Use display license to display detailed license information.

Syntax

In standalone mode:

display license [ activation-file ]

In IRF mode:

display license [ activation-file ] [ chassis chassis-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

activation-file: Displays information about activation files. If you do not specify this keyword, the command displays detailed information about all licenses.

chassis chassis-number: Specifies the member ID of an IRF member device. If you do not specify this option, the command displays license information for all IRF member devices.

Examples

# (In standalone mode.) Display detailed information about all licenses.

<Sysname> display license

flash:/license/210231S12500XSUPSUPC2014011718410796570.ak

Feature: LISP EVB evi mdc SPBM TRILL FCoE

Product Description: H3C S12500-X Advanced Data Center License

Registered at: 2015-01-17 18:33:54

License Type: Permanent

Current State: In use

# (In IRF mode.) Display detailed license information for IRF member device 1.

<Sysname> display license chassis 1

Chassis 1:

flash:/license/210231S12500XSUPSUPC2014011718410796570.ak

Feature: LISP EVB evi mdc SPBM TRILL FCoE

Product Description: H3C S12500-X Advanced Data Center License

Registered at: 2015-01-17 18:33:54

License Type: Permanent

Current State: In use

Table 47 Command output

Field

Description

Chassis n

Member ID of the IRF member device. This field is available in IRF mode.

Feature

Feature name.

Switches of this series do not support the LISP or EVB feature in the current software version.

Registered at

Time when the license was installed.

License Type

License type by validity period:

·     NA—The system cannot obtain the license type.

·     Permanent—Purchased license that never expires and is always valid.

·     Days restricted—Purchased license that is valid for a period in days, for example, 30 days.

·     Trial (days restricted)—Free trial license that is valid for a period in days.

Trial Time Left (days)

Remaining days of the trial period. This field is available for a trial license.

Current State

State of the license:

·     In use—The license is being used.

·     Usable—The license is available for use. If multiple days-restricted licenses for one feature are installed, only one license is in In use state and the rest licenses are in Usable state.

·     Expired—The license has expired.

·     Uninstalled—The license has been uninstalled.

·     Unusable—The license cannot be used.

·     Invalid—The license is invalid and cannot be used.

 

display license feature

Use display license feature to display brief license information for features.

Syntax

display license feature

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Feature license information includes the following items:

·     Total number of licenses that the device supports.

·     Number of installed licenses.

·     Features that must be licensed to run on the device.

Examples

# (In standalone mode) Display brief feature license information.

<Sysname> display license feature

Total: 5  Usage: 1

Feature                         Licensed        State

LISP                            Y               Formal

EVB                             Y               Formal

evi                             Y               Formal

mdc                             Y               Formal

SPBM                            Y               Formal

TRILL                           Y               Formal

FCoE                            Y               Formal

# (In IRF mode) Display brief feature license information.

<Sysname> display license feature

Chassis 1:

Total: 5  Usage: 1

Feature                         Licensed        State

LISP                            Y               Formal

EVB                             Y               Formal

evi                             Y               Formal

mdc                             Y               Formal

SPBM                            Y               Formal

TRILL                           Y               Formal

FCoE                            Y               Formal

Table 48 Command output

Field

Description

Chassis n

Member ID of the IRF member device. This field is available in IRF mode.

Total

Total number of licenses that can be installed.

Usage

Number of installed licenses.

Feature

Feature that must be licensed before being used.

Switches of this series do not support the LISP or EVB feature in the current software version.

Licensed

Licensing state of the feature:

·     N—Not licensed.

·     Y—Licensed.

State

License type by purchasing state:

·     Formal—Purchased license.

·     Trial—Trial license.

If the feature is not licensed, this field displays a hyphen (-). To use the feature, you must install a valid license file.

 

display license device-id

Use display license device-id to display device SN and DID information.

Syntax

In standalone mode:

display license device-id

In IRF mode:

display license device-id chassis chassis-number

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

chassis chassis-number: Specifies the member ID of an IRF member device.

Usage guidelines

Each device has a unique SN and DID. When you register a license for a device, you must provide its SN and DID.

The DID changes each time you use the license compress command to compress the license storage. Use the display license device-id command to identify the up-to-date DID each time you register licenses.

Examples

# (In standalone mode) Display the device SN and DID.

<Sysname> display license device-id

SN: 210231S12500XSUPSUPC

Device ID: jFvq-zRGA-DpJy-VK@d-$Zz+-QjA7-$pLP-xvzR

# (In IRF mode) Display the SN and DID of IRF member device 2.

<Sysname> display license device-id chassis 2

SN: 210231S12500XSUPSUPC

Device ID: jFvq-zRGA-DpJy-VK@d-$Zz+-QjA7-$pLP-xvzR

license activation-file install

Use license activation-file install to install a license activation file.

Syntax

In standalone mode:

license activation-file install file-name

In IRF mode:

license activation-file install file-name chassis chassis-number

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

file-name: Specifies the file path, a case-sensitive string of 1 to 127 characters. The activation file must be valid and stored on the device.

chassis chassis-number: Specifies the member ID of an IRF member device.

Usage guidelines

For a successful license activation file installation, make sure the following requirements are met:

·     The SN and DID used for registration match the current SN and DID of the specified device.

·     No one else is installing an activation file on the device you are working with.

You can install a maximum of five activation files on each device.

Activation files are device locked. A licensed feature can run on the device where its activation file is installed even after an MPU replacement.

Examples

# (In standalone mode) Install the activation file 20140824.ak.

<Sysname> system-view

[Sysname] license activation-file install flash:\license\20140824.ak

# (In IRF mode) Install the activation file 20140824.ak on IRF member device 2.

<Sysname> system-view

[Sysname] license activation-file install flash:\license\20140824.ak chassis 2

Related commands

·     display license activation-file

·     display license device-id

·     license activation-file uninstall

license activation-file uninstall

Use license activation-file uninstall to uninstall an activation file.

Syntax

In standalone mode:

license activation-file uninstall file-name

In IRF mode:

license activation-file uninstall file-name chassis chassis-number

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

file-name: Specifies the file path, a case-sensitive string of 1 to 127 characters.

chassis chassis-number: Specifies the member ID of an IRF member device.

Usage guidelines

A feature cannot run on the device after you uninstall all its activation files.

Use this command to revoke an unexpired license if you want to transfer the license from one device to another. For a successful uninstall operation, make sure no one else is uninstalling an activation file on the device you are working with.

When an activation file is uninstalled, the system creates an Uninstall file. Use this file together with the SN and DID of the transfer destination to register the license for the transfer destination.

Trial licenses are not transferrable. When you uninstall the activation file of a trial license, no Uninstall file is created.

Examples

# (In standalone mode) Uninstall the activation file flash:\license\20140824.ak.

<Sysname> system-view

[Sysname] license activation-file uninstall flash:\license\20140824.ak

# (In IRF mode.) Uninstall the activation file flash:\license\20140824.ak from IRF member device 2.

<Sysname> system-view

[Sysname] license activation-file uninstall flash:\license\20140824.ak chassis 2

Uninstall file: flash:\license\20140824.uak

Related commands

·     display license activation-file

·     license activation-file install

license compress

Use license compress to compress the license storage.

Syntax

In standalone mode:

license compress

In IRF mode:

license compress chassis chassis-number

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

chassis chassis-number: Specifies the member ID of an IRF member device.

Usage guidelines

CAUTION

CAUTION:

The DID changes each time the license storage is compressed. Before performing a compression, make sure all activation files generated based on the old DID have been installed. They cannot be installed after the compression.

 

Use this command if the free license storage (see the display license feature command) is not sufficient.

This command clears invalid licenses (expired licenses and uninstalled licenses) and Uninstall files from the license storage area. Back up the Uninstall files before you compress the license storage.

For a successful compress operation, make sure no one else is compressing the license storage on the device you are working with.

Examples

# (In standalone mode.) Compress the license storage.

<Sysname> system-view

[Sysname] license compress

This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.

Are you sure you want to continue? [Y/N]: Y

# (In IRF mode.) Compress the license storage on IRF member device 2.

<Sysname> system-view

[Sysname] license compress chassis 2

This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.

Are you sure you want to continue? [Y/N]: Y

 

 


Preprovisioning commands

The preprovisioning feature is available in Release 1138P01 and later versions.

chassis slot

Use chassis slot to select a slot to provision and enter slot view on an IRF fabric.

Syntax

chassis chassis-number slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

chassis chassis-number slot slot-number: Specifies an interface card slot on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the interface card to be preprovisioned.

Examples

# Enter the slot view of slot 2 in chassis 1.

<Sysname> system-view

[sysname] chassis 1 slot 2

[Sysname-chassis-1-slot-2]

Related commands

provision

display provision failed-config

Use display provision failed-config to display the preprovisioned commands that were not applied to preprovisioned interface cards that came online.

Syntax

display provision failed-config

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Commands prerovisioned for a module are applied when the module comes online. A preprovisioned command cannot be applied if it conflicts with the running configuration.

Use this command to verify the application result of preprovisioned commands except for the following commands:

·     duplex

·     location

·     oc-3

·     speed

·     sflow

·     threshold

·     using oc-3c

This command cannot display the application result of the listed commands correctly. To verify the application result of the listed commands, use the display current-configuration command. If the two commands display different application results, the result displayed by the display current-configuration command is correct.

Examples

# Display preprovisioned commands that were not applied.

<Sysname> display provision failed-config

Configuration applied at: Sat Jun 14 06:06:00 2014

 

Slot information: chassis 1 slot 1

Commands that failed to be applied:

#

interface FortyGigE1/1/0/1

 speed 40000

#

Related commands

provision

provision

Use provision to enable preprovisioning for a slot.

Use undo provision to disable preprovisioning for a slot.

Syntax

provision model model

undo provision model

Default

Preprovisioning is disabled.

Views

Slot view

Predefined user roles

network-admin

Parameters

model model: Specifies the card model to be preprovisioned. To obtain available models, enter provision model ?.

Usage guidelines

This command allows you to preconfigure interfaces on an offline module.

The device automatically creates interfaces when you enable preprovisioning for a module. The display interface command does not display these interfaces until the module comes online.

When you disable preprovisioning for a slot, the device removes all preconfigured settings from the slot.

Examples

# (In standalone mode.) Enable preprovisioning for the SIM3110 module on slot 2.

<Sysname> system-view

[Sysname] slot 2

[Sysname-slot-2] provision model SIM3110

# (In IRF mode.) Enable preprovisioning for the SIM3110 module on slot 2 of chassis 1.

<Sysname> system-view

[Sysname] chassis 1 slot 2

[Sysname-chassis-1-slot-2] provision model SIM3110

Related commands

·     chassis slot

·     display provision failed-config

·     slot

slot

Use slot to select a slot to provision and enter slot view on a standalone device.

Syntax

slot slot-number

Views

System view

Predefined user roles

network-admin

Parameters

slot-number: Specifies a slot number.

Examples

# Enter the slot view of slot 2.

<Sysname> system-view

[sysname] slot 2

[Sysname-slot-2]

Related commands

provision

reset provision failed-config

Use reset provision failed-config to clear application failure records for preprovisioned commands.

Syntax

reset provision failed-config

Views

User view

Predefined user roles

network-admin

Usage guidelines

Installing modules in preprovisioned slots might leave a number of application failure records. Use this command to release the space used by the records.

If you install a module in a preprovisioned slot while this command is being executed, the display provision failed-config command might display some newly generated application failure records.

Examples

# Clear application failure records for preprovisioned commands.

<Sysname> display provision failed-config

 


Index

A B C D E F G H I J L M N O P Q R S T U V


A

activation-key,13

alias,1

allocate interface,250

append,77

ascii,77

authentication-mode,14

auto-execute command,15

B

backup startup-configuration,133

binary,78

boot-loader file,151

boot-loader update,153

bootrom backup,154

bootrom restore,155

bootrom update,156

bootrom-update security-check enable,157

bye,79

C

cd,109

cd,79

cdup,80

chassis slot,274

clock datetime,179

clock protocol,180

clock summer-time,180

clock timezone,182

close,81

command,183

command accounting,17

command authorization,17

configuration commit,133

configuration commit delay,134

configuration encrypt,135

copy,111

copyright-info enable,184

D

databits,18

debug,81

delete,112

delete,82

description,47

diagnostic start test,185

dir,82

dir,114

disconnect,83

display | { begin | exclude | include },2

display | by-linenum,3

display >,4

display >>,5

display alarm,185

display alias,6

display boot-loader,157

display clock,187

display copyright,187

display cpu-usage,188

display cpu-usage configuration,190

display cpu-usage history,190

display current-configuration,136

display current-configuration diff,137

display default-configuration,138

display device,193

display device manuinfo,195

display device manuinfo fan,198

display device manuinfo power,199

display diagnostic content,200

display diagnostic-information,202

display diff,139

display environment,203

display exception filepath,204

display fan,205

display ftp client source,84

display ftp-server,72

display ftp-user,72

display hardware-resource,206

display history-command,7

display history-command all,7

display hotkey,8

display install active,161

display install committed,162

display install ipe-info,164

display install package,165

display issu rollback-timer,166

display issu state,166

display license,267

display license device-id,269

display license feature,268

display line,19

display mdc,261

display mdc,252

display mdc interface,253

display mdc interface,261

display mdc resource,262

display mdc resource,254

display memory,207

display memory-threshold,209

display power,211

display provision failed-config,274

display role,47

display role feature,49

display role feature-group,53

display saved-configuration,140

display scheduler job,211

display scheduler logfile,212

display scheduler reboot,213

display scheduler schedule,214

display startup,141

display system stable state,215

display system-working-mode,216

display telnet client,20

display this,143

display transceiver alarm,217

display transceiver diagnosis,218

display transceiver interface,219

display transceiver manuinfo,220

display user-interface,21

display users,22

display version,221

display version comp-matrix,168

display version-update-record,221

E

escape-key,23

exception filepath,222

exit(),265

F

fdisk,116

feature,53

file prompt,117

fixdisk,118

flow-control,25

format,119

free ftp user,73

free ftp user-ip,74

free line,25

free user-interface,26

ftp,84

ftp client source,85

ftp server acl,74

ftp server dscp,75

ftp server enable,76

ftp timeout,76

G

get,86

gunzip,119

gzip,120

H

hardware-resource tcam,223

header,224

help,87

history-command max-size,27

hotkey,9

I

idle-timeout,28

install activate,170

install add,171

install commit,172

install deactivate,172

interface policy deny,54

issu accept,173

issu commit,173

issu load,174

issu rollback,176

issu rollback-timer,176

issu run switchover,177

J

job,225

L

lcd,88

license activation-file install,270

license activation-file uninstall,271

license compress,272

limit-resource cpu,256

limit-resource memory,257

line,29

line class,30

location,258

lock,31

ls,89

M

md5sum,121

mdc,260

mdc start,260

memory-threshold,226

memory-threshold usage,227

mkdir,89

mkdir,121

monitor cpu-usage enable,228

monitor cpu-usage interval,229

monitor cpu-usage threshold,230

more,122

mount,123

move,124

N

newer,90

O

open,91

P

parity,32

passive,91

password-recovery enable,231

permit interface,55

permit vlan,57

permit vpn-instance,58

process core,231

protocol inbound,32

provision,275

put,92

pwd,125

pwd,93

python,265

python filename,266

Q

quit,10

quit,94

R

reboot,232

reget,94

rename,95

rename,125

reset,96

reset provision failed-config,276

reset recycle-bin,126

reset saved-configuration,144

reset scheduler logfile,235

reset version-update-record,236

restart,96

restore startup-configuration,145

return,10

rhelp,97

rmdir,98

rmdir,126

role,59

role default-role enable,60

role feature-group,61

rstatus,99

rule,62

S

save,146

scheduler job,236

scheduler logfile size,237

scheduler reboot at,237

scheduler reboot delay,238

scheduler schedule,239

screen-length,34

screen-length disable,11

send,34

set authentication password,35

sha256sum,127

shell,36

shutdown-interval,240

slot,276

speed,37

startup saved-configuration,149

status,100

stopbits,38

super,66

super authentication-mode,66

super default role,67

super password,68

switchback,264

switch-fabric isolate,241

switchto mdc,259

sysname,242

system,101

system-view,12

system-working-mode,242

T

tar create,128

tar extract,128

tar list,129

telnet,38

telnet client source,39

telnet server acl,40

telnet server dscp,41

telnet server enable,42

temperature-limit,243

terminal type,42

tftp,105

tftp client source,106

tftp-server acl,107

time at,245

time once,245

time repeating,247

U

umount,130

undelete,131

user,102

user-interface,43

user-interface class,44

user-role,45

user-role,248

V

verbose,102

version auto-update enable,159

version check ignore,159

vlan policy deny,69

vpn-instance policy deny,70


 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网