- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 1.84 MB |
Contents
display | { begin | exclude | include }
telnet server acl-deny-log enable
ftp server acl-deny-log enable
File system management commands
auto-copy destination-directory
Configuration file management commands
archive configuration interval
archive configuration location
display current-configuration diff
reset install log-history oldest
reset install log-history oldest
Automatic configuration commands
security-zone intra-zone default permit
display cpu-usage configuration
display diagnostic-information
license activation-file install
license activation-file uninstall
Basic CLI commands
alias
Use alias to configure a command alias.
Use undo alias to delete a command alias.
Syntax
Default
The device has a set of system-defined command aliases, as listed in Table 1.
Table 1 System-defined command aliases
Command alias |
Command or command keyword |
Views
System view
Predefined user roles
network-admin
Parameters
alias: Specifies an alias, a case-sensitive string of 1 to 20 characters. An alias cannot be alias or contain spaces.
command: Specifies a command string. Make sure the command string meets the syntax requirements.
Usage guidelines
System-defined command aliases cannot be deleted.
You can configure one or more aliases for a command or the starting keywords of commands. Then, you can use the aliases to execute the command or commands. If the command or commands have undo forms, you can also use the aliases to execute the undo command or commands.
For example, if you configure the alias shiprt for display ip routing-table, you can enter shiprt to execute the display ip routing-table command. If you configure the alias ship for display ip, you can use ship to execute all commands that start with display ip:
· Enter ship routing-table to execute the display ip routing-table command.
· Enter ship interface to execute the display ip interface command.
The command string can include up to nine parameters. Each parameter starts with the dollar sign ($) and a sequence number in the range of 1 to 9. For example, you can configure the alias shinc for the display ip $1 | include $2 command. Then, to execute the display ip routing-table | include Static command, you only need to enter shinc routing-table Static. To execute the display ip interface | include GigabitEthernet1/0/1 command, you only need to enter shinc interface GigabitEthernet1/0/1.
Examples
# Configure the alias shiprt for the display ip routing-table command and verify the configuration.
<Sysname> system-view
[Sysname] alias shiprt display ip routing-table
[Sysname] shiprt
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.3/32 Static 60 0 192.168.1.62 GE1/0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
169.254.0.0/24 Direct 0 0 169.254.0.188 GE1/0/1
169.254.0.0/32 Direct 0 0 169.254.0.188 GE1/0/1
169.254.0.188/32 Direct 0 0 127.0.0.1 InLoop0
169.254.0.255/32 Direct 0 0 169.254.0.188 GE1/0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# Configure the alias shinc for display ip $1 | include $2.
[Sysname] alias shinc display ip $1 | include $2
# Use the alias shinc to display all static routes.
[Sysname] shinc routing-table Static
3.3.3.3/32 Static 60 0 192.168.1.62 GE1/0/1
Related commands
display alias
display | { begin | exclude | include }
Use display | { begin | exclude | include } to filter the output from a display command with a regular expression.
Syntax
display command | { begin | exclude | include } regular-expression
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.
begin: Displays the first line matching the specified regular expression and all subsequent lines.
exclude: Displays all lines not matching the specified regular expression.
include: Displays all lines matching the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines
Use the | { begin | exclude | include } regular-expression option with a display command to filter the command output. For more information about regular expressions, see Fundamentals Configuration Guide.
Examples
# Display the lines that contain vlan in the running configuration.
<Sysname> display current-configuration | include vlan
vlan 1
vlan 999
port access vlan 999
display | by-linenum
Use display | by-linenum to number each output line for a display command.
Syntax
display command | by-linenum
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.
Usage guidelines
By numbering each output line from a display command, you can easily identify the lines of interest.
Each line number is displayed as a 5-character string and might be followed by a colon (:) or hyphen (-). If you specify both | by-linenum and | begin regular-expression for a display command, a hyphen is displayed for all lines that do not match the regular expression.
Examples
# Display VLAN 1 settings, with each output line identified by a number.
<Sysname> display vlan 1 | by-linenum
1: VLAN ID: 1
2: VLAN type: Static
3: Route interface: Not configured
4: Description: VLAN 0001
5: Name: VLAN 0001
6: Tagged ports: None
7: Untagged ports:
8: Ethernet0/1 Ethernet0/2
9: Ethernet0/3
10:
# Display the first line that begins with user-group in the running configuration and all of the following lines.
<Sysname> display current-configuration | by-linenum begin user-group
114: user-group system
115- #
116- return
display >
Use display > to save the output from a display command to a separate file.
Syntax
display command > filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.
filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.
Usage guidelines
The display commands show the configuration, statistics, and states of the device. You can use the display > command to save the output to a file.
If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system overwrites the file.
Examples
# Save VLAN 1 settings to a separate file named vlan.txt.
<Sysname> display vlan 1 > vlan.txt
# Check the content of the vlan.txt file.
<Sysname> more vlan.txt
VLAN ID: 1
VLAN type: Static
Route interface: Not configured
Description: VLAN 0001
Name: VLAN 0001
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/2
display >>
Use display >> to append the output from a display command to the end of a file.
Syntax
display command >> filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
command: Specifies the keywords and arguments of a display command. To display available keywords and arguments, enter display ?.
filename: Specifies the name of the file that is used to save the output, a string of 1 to 63 characters.
Usage guidelines
The display commands show the configuration, statistics, and states of the device. You can use display >> to save the output to a file.
If the specified file does not exist, the system creates the file and saves the output to the file. If the file already exists, the system appends the output to the end of the file.
Examples
# Append the VLAN 999 settings to the end of the vlan.txt file.
<Sysname> display vlan 999 >> vlan.txt
# Check the content of the vlan.txt file.
<Sysname> more vlan.txt
VLAN ID: 1
VLAN type: Static
Route interface: Not configured
Description: VLAN 0001
Name: VLAN 0001
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/2
VLAN ID: 999
VLAN type: Static
Route interface: Configured
IPv4 address: 192.168.2.1
IPv4 subnet mask: 255.255.255.0
Description: For LAN Access
Name: VLAN 0999
Tagged ports: None
Untagged ports:
GigabitEthernet1/0/1
display alias
Use display alias to display command aliases.
Syntax
Views
Any view
Predefined user roles
Parameters
alias: Specifies a command alias. If you do not specify this argument, the command displays all command aliases.
Examples
# Display all command aliases.
Index Alias Command key
1 access-list acl
2 end return
3 erase delete
4 exit quit
5 hostname sysname
6 logging info-center
7 no undo
8 shinc display $1 | include $2
9 show display
10 sirt display ip routing-table
11 write save
# Display the command alias shinc.
<Sysname> display alias shinc
Alias Command key
shinc display ip $1 | include $2
Related commands
alias
display history-command
Use display history-command to display all commands that are saved in the command history buffer for the current CLI session.
Syntax
display history-command
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The system automatically saves commands you have successfully executed to the command history buffer for the current CLI session. You can view them and execute them again.
By default, the system can save up to 10 commands in the buffer. You can use the history-command max-size command to change the buffer size. To buffer a new command when the buffer is full, the system deletes the oldest command entry in the buffer.
All commands in the command history buffer for the current CLI session will be cleared when you log out.
Examples
# Display all commands saved in the command history buffer for the current CLI session.
<Sysname> display history-command
system-view
vlan 2
quit
Related commands
history-command max-size
display history-command all
Use display history-command all to display all commands that are saved in the command history buffer for all CLI sessions.
Syntax
display history-command all
Views
Any view
Predefined user roles
network-admin
Usage guidelines
The system automatically saves commands successfully executed by users to the command history buffer for all CLI sessions. Users can view them but cannot recall them from the buffer.
Up to 1024 commands can be saved in the command history buffer. To buffer a new command when the buffer is full, the system deletes the oldest command entry in the buffer.
A user logout does not cause the system to delete commands from the history buffer for all CLI sessions.
Examples
# Display all commands saved in the command history buffer for all CLI sessions.
<Sysname> display history-command all
Date Time Terminal Ip User
03/16/2012 20:03:33 vty0 192.168.1.26 **
Cmd:dis his all
03/16/2012 20:03:29 vty0 192.168.1.26 **
Cmd:sys
Table 2 Command output
Field |
Description |
Date |
Date when the command was executed. |
Time |
Time when the command was executed. |
Terminal |
User line used by the user. |
Ip |
IP address of the terminal used by the user. |
User |
Username used by the user. |
Cmd |
Command string entered by the user. |
Related commands
display hotkey
Use display hotkey to display hotkey information.
Syntax
display hotkey
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display hotkey information.
<Sysname> display hotkey
----------------- Hotkeys -----------------
-Defined command hotkeys-
CTRL_G display current-configuration
CTRL_L display ip routing-table
CTRL_O undo debugging all
-Undefined command hotkeys-
CTRL_T NULL
CTRL_U NULL
-System-reserved hotkeys-
CTRL_A Move the cursor to the beginning of the line.
CTRL_B Move the cursor one character to the left.
CTRL_C Stop the current command.
CTRL_D Erase the character at the cursor.
CTRL_E Move the cursor to the end of the line.
CTRL_F Move the cursor one character to the right.
CTRL_H Erase the character to the left of the cursor.
CTRL_K Abort the connection request.
CTRL_N Display the next command in the history buffer.
CTRL_P Display the previous command in the history buffer.
CTRL_R Redisplay the current line.
CTRL_V Paste text from the clipboard.
CTRL_W Delete the word to the left of the cursor.
CTRL_X Delete all characters from the beginning of the line to the cursor.
CTRL_Y Delete all characters from the cursor to the end of the line.
CTRL_Z Return to the User View.
CTRL_] Kill incoming connection or redirect connection.
ESC_B Move the cursor back one word.
ESC_D Delete all characters from the cursor to the end of the word.
ESC_F Move the cursor forward one word.
ESC_N Move the cursor down a line.
ESC_P Move the cursor up a line.
ESC_< Move the cursor to the beginning of the clipboard.
ESC_> Move the cursor to the end of the clipboard.
Related commands
hotkey
hotkey
Use hotkey to assign a command to a configurable hotkey.
Use undo hotkey to restore the default.
Syntax
hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U } command
undo hotkey { CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }
Default
· Ctrl_G: display current-configuration (display the running configuration).
· Ctrl_L: display ip routing-table (display the IPv4 routing table information).
· Ctrl_O: undo debugging all (disable all debugging functions).
· Ctrl_T: No command is assigned to this hotkey.
· Ctrl_U: No command is assigned to this hotkey.
Views
System view
Predefined user roles
network-admin
Parameters
CTRL_G: Assigns a command to Ctrl+G.
CTRL_L: Assigns a command to Ctrl+L.
CTRL_O: Assigns a command to Ctrl+O.
CTRL_T: Assigns a command to Ctrl+T.
CTRL_U: Assigns a command to Ctrl+U.
command: Specifies the command to be assigned to the hotkey.
Usage guidelines
The system defines some hotkeys and provides five configurable command hotkeys. Pressing a hotkey executes the command assigned to the hotkey.
To display system-defined and configurable hotkeys, use the display hotkey command.
Examples
# Assign the display tcp statistics command to hotkey Ctrl+T.
<Sysname> system-view
[Sysname] hotkey ctrl_t display tcp statistics
Related commands
display hotkey
quit
Use quit to return to the upper-level view.
Syntax
quit
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Executing this command in user view disconnects you from the device.
Examples
# Return from GigabitEthernet 1/0/1 interface view to system view and then to user view.
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] quit
<Sysname>
repeat
Use repeat to repeat commands in the command history buffer for the current CLI session.
Syntax
repeat [ number ] [ count times ] [ delay seconds ]
Views
Any view
Predefined user roles
network-admin
Parameters
number: Specifies the number of the most recently executed commands in the command history buffer for the current CLI session that you want to execute. The value range is 1 to 10. The default is 1.
count times: Specifies the number of times that you want to execute the commands. The value range is 0 to 4294967295. The default is 0. If you do not specify this option, the system keeps executing the commands until you press the escape key to terminate the execution.
delay seconds: Specifies the time (in seconds) for the system to wait before executing the commands again. The value range is 0 to 4294967295. The default is 1.
Usage guidelines
To repeat a command, first enter the view for the command. To repeat multiple commands, first enter the view for the first command.
The repeat command executes commands in the order they were executed.
The system waits for your interaction when it repeats an interactive command.
Examples
# Configure the system to execute the two most recently executed commands (display cpu-usage and display clock) three times at an interval of 10 seconds.
<Sysname> repeat 2 count 3 delay 10
<Sysname> display cpu-usage
Unit CPU usage:
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:08 UTC Thu 06/19/2014
<Sysname> display cpu-usage
Unit CPU usage:
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:18 UTC Thu 06/19/2014
<Sysname> display cpu-usage
Unit CPU usage:
33% in last 5 seconds
32% in last 1 minute
33% in last 5 minutes
<Sysname> display clock
12:20:28 UTC Thu 06/19/2014
Related commands
display history-command
escape-key
history-command max-size
return
Use return to return to user view from any other view.
Syntax
return
Views
Any view except user view
Predefined user roles
network-admin
network-operator
Usage guidelines
Pressing Ctrl+Z has the same effect as the return command.
Examples
# Return to user view from GigabitEthernet 1/0/1 interface view.
[Sysname-GigabitEthernet1/0/1] return
<Sysname>
screen-length disable
Use screen-length disable to disable pausing between screens of output for the current CLI session.
Use undo screen-length disable to enable pausing between screens of output for the current CLI session.
Syntax
screen-length disable
undo screen-length disable
Default
The default depends on the configuration of the screen-length command in user line view.
The following are the default settings for the screen-length command:
· Pausing between screens of output.
· Displaying up to 24 lines on a screen.
Views
User view
Predefined user roles
network-admin
Usage guidelines
If you disable pausing between screens of output, all output is displayed. The screen is refreshed continuously until the final screen is displayed.
This command takes effect only for the current CLI session. When you are logged out, the default is restored.
Examples
# Disable pausing between screens of output for the current CLI session.
<Sysname> screen-length disable
Related commands
screen-length
system-view
Use system-view to enter system view from user view.
Syntax
system-view
Views
User view
Predefined user roles
network-admin
network-operator
Examples
# Enter system view from user view.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname]
RBAC commands
description
Use description to configure a description for a user role for easy identification.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A user role does not have a description.
Views
User role view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 128 characters.
Examples
# Configure the description as labVIP for user role role1.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] description labVIP
Related commands
display role
role
display role
Use display role to display user role information.
Syntax
display role [ name role-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles.
Examples
# Display information about user role 123.
<Sysname> display role name 123
Role: 123
Description: new role
VLAN policy: Deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: Deny
Permitted interfaces: GigabitEthernet1/0/1 to GigabitEthernet1/0/2, Vlan-interface1 to Vlan-interface20
VPN instance policy: Deny
Permitted VPN instances: vpn, vpn1, vpn2
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit RWX feature-group abc
2 deny -W- feature ldap
3 permit command system ; radius sc *
4 permit R-- xml-element -
5 permit RW- oid 1.2.1
R:Read W:Write X:Execute
# Display information about all user roles.
<Sysname> display role
Role: network-admin
Description: Predefined network admin role has access to all commands on the
device
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center
security-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: network-operator
Description: Predefined network operator role has access to all read commands
on the device
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 deny command display exception *
sys-5 deny command display cpu-usage configuration
*
sys-6 deny command display kernel exception *
sys-7 deny command display kernel deadloop *
sys-8 deny command display kernel starvation *
sys-9 deny command display kernel reboot *
sys-12 permit command system-view ; local-user *
sys-13 permit command system-view ; switchto *
sys-14 permit R-- web-menu -
sys-15 permit R-- xml-element -
sys-16 deny command display security-logfile summary
sys-17 deny command system-view ; info-center
security-logfile directory *
sys-18 deny command security-logfile save
sys-19 permit R-- oid 1
R:Read W:Write X:Execute
Role: level-0
Description: Predefined level-0 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command super *
R:Read W:Write X:Execute
Role: level-1
Description: Predefined level-1 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command display *
sys-6 permit command super *
sys-7 deny command display history-command all
R:Read W:Write X:Execute
Role: level-2
Description: Predefined level-2 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-3
Description: Predefined level-3 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-4
Description: Predefined level-4 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-5
Description: Predefined level-5 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-6
Description: Predefined level-6 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-7
Description: Predefined level-7 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-8
Description: Predefined level-8 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-9
Description: Predefined level-9 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit RWX feature -
sys-2 deny RWX feature device
sys-3 deny RWX feature filesystem
sys-4 permit command display *
sys-5 deny command display history-command all
R:Read W:Write X:Execute
Role: level-10
Description: Predefined level-10 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-11
Description: Predefined level-11 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-12
Description: Predefined level-12 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-13
Description: Predefined level-13 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-14
Description: Predefined level-14 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
Role: level-15
Description: Predefined level-15 role
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center
security-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: security-audit
Description: Predefined security audit role only has access to commands for
the security log administrator
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 deny command *
sys-2 permit command display security-logfile summary
sys-3 permit command system-view ; info-center
security-logfile directory *
sys-4 permit command security-logfile save
sys-5 permit command cd *
sys-6 permit command copy *
sys-7 permit command delete *
sys-8 permit command dir *
sys-9 permit command mkdir *
sys-10 permit command more *
sys-11 permit command move *
sys-12 permit command rmdir *
sys-13 permit command pwd
sys-14 permit command rename *
sys-15 permit command undelete *
sys-16 permit command ftp *
sys-17 permit command sftp *
R:Read W:Write X:Execute
Role: guest-manager
Description: Predefined guest manager role can't access to commands
VLAN policy: Permit (default)
Interface policy: Permit (default)
VPN instance policy: Permit (default)
Security zone policy: Permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit RWX xml-element useraccounts/approveguest/
sys-2 permit RWX xml-element useraccounts/exportguestaccount/
sys-3 permit RWX xml-element useraccounts/generateguestaccount/
sys-4 permit RWX xml-element useraccounts/guest/
sys-5 permit RWX xml-element useraccounts/guestconfigure/
sys-6 permit RWX xml-element useraccounts/importguestaccount/
sys-7 permit RWX xml-element useraccounts/exportguesttemplet/
sys-8 permit RWX xml-element rpc/
sys-9 deny command *
R:Read W:Write X:Execute
Table 3 Command output
Field |
Description |
Role |
User role name. Predefined user role names: · network-admin. · network-operator. · level-n (where n represents an integer in the range of 0 to 15). · security-audit. · guest-manager. |
Description |
User role description. |
VLAN policy |
VLAN policy of the user role: · Deny—Denies access to all VLANs except for permitted VLANs. · Permit (default)—Default VLAN policy, which enables the user role to access all VLANs. |
Permitted VLANs |
VLANs accessible to the user role. |
Interface policy |
Interface policy of the user role: · Deny—Denies access to all interfaces except for permitted interfaces. · Permit (default)—Default interface policy, which enables the user role to access all interfaces. |
Permitted interfaces |
Interfaces accessible to the user role. |
VPN instance policy |
VPN instance policy of the user role: · Deny—Denies access to all VPN instances except for permitted VPNs. · Permit (default)—Default VPN instance policy, which enables the user role to access all VPN instances. |
Permitted VPN instances |
VPN instances accessible to the user role. |
Security zone policy of the user role: · Deny—Denies access to all security zones except for permitted security zones. · Permit (default)—Default security zone policy, which enables the user role to access all security zones. |
|
Security zones accessible to the user role. |
|
Rule |
User role rule number. A user role rule specifies access permissions for items, including commands, feature-specific commands, Web menus, XML elements, and MIB nodes. Predefined user role rules are identified by sys-n, where n represents an integer. |
Perm |
Access control type: · permit—User role has access to the specified items. · deny—User role does not have access to the specified items. |
Type |
Controlled type: · R—Read-only. · W—Write. · X—Execute. |
Scope |
Rule control scope: · command—Controls access to the command or commands, as specified in the Entity field. · feature—Controls access to the commands of the feature, as specified in the Entity field. · feature-group—Controls access to the commands of the features in the feature group, as specified in the Entity field. · web-menu—Controls access to Web menus. · xml-element—Controls access to XML elements. · oid—Controls access to MIB nodes. |
Entity |
Command string, feature name, feature group, Web menu, XML element, or OID specified in the user role rule: · An en dash (–) represents any feature. · An asterisk (*) represents zero or more characters. |
Related commands
role
display role feature
Use display role feature to display features available in the system.
Syntax
display role feature [ name feature-name | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name feature-name: Specifies a feature by feature name. The feature-name argument represents the feature name, and all letters must be in lower case.
verbose: Displays the commands of each feature.
Usage guidelines
If you do not specify any parameters, the command displays only the list of features available in the system.
Examples
# Display the list of feature names.
<Sysname> display role feature
Feature: mpls (MPLS-infrastructure related commands)
Feature: ldp (LDP related commands)
Feature: ofp (OFP related commands)
Feature: device (Device configuration related commands)
…
# Display the commands of each feature.
<Sysname> display role feature verbose
Feature: mpls (MPLS-infrastructure related commands)
system-view ; mpls label * (W)
system-view ; mpls lsr-id * (W)
system-view ; mpls ttl * (W)
system-view ; mpls statistics * (W)
system-view ; interface *; mpls enable * (W)
system-view ; interface *; mpls mtu * (W)
system-view ; mpls bfd * (W)
system-view ; snmp-agent trap enable mpls (W)
display mpls interface * (R)
display mpls label * (R)
display mpls lsp * (R)
display mpls nib * (R)
display mpls nid * (R)
display mpls summary * (R)
display mpls tunnel * (R)
display debugging mpls lsm (R)
debugging mpls lsm * (W)
reset mpls statistics * (W)
system-view ; probe * ; display system internal mpls lsp-pending (R)
system-view ; probe * ; display system internal mpls statistics (R)
system-view ; static-lsp * (W)
display mpls static-lsp * (R)
…
# Display the commands of feature aaa.
<Sysname> display role feature name aaa
Feature: aaa (AAA related commands)
system-view ; domain * (W)
system-view ; header * (W)
system-view ; aaa * (W)
display domain * (R)
system-view ; user-group * (W)
system-view ; local-user * (W)
display local-user * (R)
display user-group * (R)
display debugging local-server (R)
debugging local-server * (W)
super * (X)
display password-control * (R)
reset password-control * (W)
system-view ; password-control * (W)
system-view ; local-user-import * (W)
system-view ; local-user-export * (W)
system-view ; local-guest * (W)
reset local-guest * (W)
local-guest send-email * (W)
display local-guest * (R)
Table 4 Command output (display role feature name aaa)
Field |
Description |
Feature |
Displays the name and brief function description of the feature. |
system-view ; domain * |
All commands that start with the domain keyword in system view, and all commands in ISP domain view. |
system-view ; header * |
All commands that start with the header keyword in system view. |
system-view ; aaa * |
All commands that start with the aaa keyword in system view. |
display domain * |
All commands that start with the display domain keywords in user view. |
system-view ; user-group * |
All commands that start with the user-group keyword in system view, and all commands in user group view. |
system-view ; local-user * |
All commands that start with the local-user keyword in system view, and all commands in local user view. |
display local-user * |
All commands that start with the display local-user keywords in user view. |
display user-group * |
All commands that start with the display user-group keywords in user view. |
display debugging local-server |
All commands that start with the display debugging local-server keywords in user view. |
debugging local-server * |
All commands that start with the debugging local-server keywords in user view. |
super * |
All commands that start with the super keyword in user view. |
display password-control * |
All commands that start with the display password-control keywords in user view. |
reset password-control * |
All commands that start with the reset password-control keywords in user view. |
system-view ; password-control * |
All commands that start with the password-control keyword in system view. |
system-view ; local-user-import * |
All commands that start with the local-user-import keyword in system view. |
system-view ; local-user-export * |
All commands that start with the local-user-export keyword in system view. |
system-view ; local-guest * |
All commands that start with the local-guest keyword in system view. |
reset local-guest * |
All commands that start with the reset local-guest keywords in user view. |
local-guest send-email * |
All commands that start with the local-guest send-email keywords in user view. |
display local-guest * |
All commands that start with the display local-guest keywords in user view. |
(W) |
Command type is Write. A write command configures the system. |
(R) |
Command type is Read. A read command displays configuration or maintenance information. |
(X) |
Command type is Execute. An execute command executes a specific function. |
Related commands
feature
display role feature-group
Use display role feature-group to display feature group information.
Syntax
display role feature-group [ name feature-group-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name feature-group-name: Specifies a feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If you do not specify a feature group, the command displays information about all feature groups.
verbose: Displays the commands of each feature in feature groups. If you do not specify this keyword, the command displays only the feature lists of feature groups.
Usage guidelines
Feature groups L2 and L3 are predefined feature groups.
Examples
# Display the feature lists of feature groups.
<Sysname> display role feature-group
Feature group: L2
Feature: lacp (LACP related commands)
Feature: stp (STP related commands)
Feature: lldp (LLDP related commands)
Feature: dldp (DLDP related commands)
Feature: cfm (CFM related commands)
Feature: loopbk-detect (Loopback-detection related commands)
Feature: vlan (Virtual LAN related commands)
Feature: evi (EVI related commands)
Feature: ofp (OFP related commands)
Feature: port-security (Port-security related commands)
Feature group: L3
Feature: route (Route management related commands)
Feature: usr (Unicast static route related commands)
Feature: ospf (Open Shortest Path First protocol related commands)
Feature: rip (Routing Information Protocol related commands)
Feature: isis (ISIS protocol related commands)
Feature: bgp (Border Gateway Protocol related commands)
Feature: l3vpn (Layer 3 Virtual Private Network related commands)
Feature: route-policy (Routing Policy related commands)
# Display the commands in each feature group. For more information about the wildcards and marks used in the command list, see Table 4.
<Sysname> display role feature-group verbose
Feature group: L2
Feature: lacp (LACP related commands)
display link-aggregation * (R)
display lacp * (R)
system-view ; interface Bridge-Aggregation * (W)
system-view ; interface Route-Aggregation * (W)
system-view ; link-aggregation * (W)
system-view ; lacp * (W)
system-view ; interface * ; link-aggregation * (W)
system-view ; interface * ; port link-aggregation * (W)
system-view ; interface * ; lacp * (W)
system-view ; probe ; display system internal link-aggregation * (R)
reset lacp * (W)
debugging link-aggregation * (W)
display debugging link-aggregation * (R)
Feature: stp (STP related commands)
display stp * (R)
system-view ; stp * (W)
system-view ; interface * ; stp * (W)
system-view ; snmp-agent trap enable stp * (W)
reset stp * (W)
debugging stp * (W)
display debugging stp * (R)
…
# Display the feature list of the L3 feature group.
<Sysname> display role feature-group name L3
Feature group: L3
Feature: route (Route management related commands)
Feature: usr (Unicast static route related commands)
Feature: ospf (Open Shortest Path First protocol related commands)
Feature: rip (Routing Information Protocol related commands)
Feature: isis (ISIS protocol related commands)
Feature: bgp (Border Gateway Protocol related commands)
Feature: l3vpn (Layer 3 Virtual Private Network related commands)
Feature: route-policy (Routing Policy related commands)
Related commands
feature
role feature-group
feature
Use feature to add a feature to a feature group.
Use undo feature to remove a feature from a feature group.
Syntax
feature feature-name
undo feature feature-name
Default
A user-defined feature group does not have any feature.
Views
Feature group view
Predefined user roles
network-admin
Parameters
feature-name: Specifies a feature name. You must enter the feature name in lower case.
Usage guidelines
Repeat the feature command to add multiple features to a feature group.
Examples
# Add the security features AAA and ACL to security group security-features.
<Sysname> system-view
[Sysname] role feature-group name security-features
[Sysname-featuregrp-security-features] feature aaa
[Sysname-featuregrp-security-features] feature acl
Related commands
display role feature
display role feature-group
role feature-group
interface policy deny
Use interface policy deny to enter user role interface policy view.
Use undo interface policy deny to restore the default.
Syntax
interface policy deny
undo interface policy deny
Default
A user role has access to all interfaces.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the interface access of a user role to a set of interfaces, perform the following tasks:
1. Use interface policy deny to enter user role interface policy view.
2. Use permit interface to specify accessible interfaces.
|
NOTE: The interface policy deny command denies the access of the user role to all interfaces if the permit interface command is not configured. |
To configure an interface, make sure the interface is permitted by the user role interface policy in use. You can perform the following tasks on an accessible interface:
· Create, remove, or configure the interface.
· Enter the interface view.
· Specify the interface in feature commands.
The create and remove operations are available only for logical interfaces.
Any change to a user role interface policy takes effect only on users who log in with the user role after the change.
Examples
# Enter user role interface policy view of role1, and deny role1 to access all interfaces.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] quit
# Enter user role interface policy view of role1, and deny role1 to access all interfaces except for GigabitEthernet 1/0/1 to GigabitEthernet 1/0/5.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1 to gigabitethernet 1/0/5
Related commands
display role
permit interface
role
permit interface
Use permit interface to configure a list of interfaces accessible to a user role.
Use undo permit interface to disable the access of a user role to specific interfaces.
Syntax
permit interface interface-list
undo permit interface [ interface-list ]
Default
No permitted interfaces are configured in user role interface policy view.
Views
User role interface policy view
Predefined user roles
network-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 interface items. Each interface item specifies one interface in the interface-type interface-number form or a range of interfaces in the interface-type interface-number to interface-type interface-number form. If you specify an interface range, the end interface must meet the following requirements:
· Be the same type as the start interface.
· Have a higher interface number than the start interface.
Usage guidelines
To permit a user role to access an interface after you configure the interface policy deny command, you must add the interface to the permitted interface list of the policy. With the user role, you can perform the following tasks to the interfaces in the permitted interface list:
· Create, remove, or configure the interfaces.
· Enter the interface views.
· Specify the interfaces in feature commands.
The create and remove operations are available only for logical interfaces.
You can repeat the permit interface command to add multiple permitted interfaces to a user role interface policy.
The undo permit interface command removes the entire list of permitted interfaces if you do not specify an interface.
Any change to a user role interface policy takes effect only on users who log in with the user role after the change.
Examples
1. Configure user role role1:
# Permit user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit the user role to access GigabitEthernet 1/0/1, and GigabitEthernet 1/0/5 to GigabitEthernet 1/0/7.
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1 gigabitethernet 1/0/5 to gigabitethernet 1/0/7
[Sysname-role-role1-ifpolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any interfaces except for GigabitEthernet 1/0/1 and GigabitEthernet 1/0/5 to GigabitEthernet 1/0/7:
# Verify that you can enter GigabitEthernet 1/0/1 interface view.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] quit
# Verify that you can assign GigabitEthernet 1/0/5 to VLAN 10. In this example, the user role can access all VLANs because the default VLAN policy of the user role is used.
[Sysname] vlan 10
[Sysname-vlan10] port gigabitethernet 1/0/5
[Sysname-vlan10] quit
# Verify that you cannot enter GigabitEthernet 1/0/2 interface view.
[Sysname] interface gigabitethernet 1/0/2
Permission denied.
Related commands
display role
interface policy deny
role
permit security-zone
Use permit security-zone to configure a list of security zones accessible to a user role.
Use undo permit security-zone to remove the permission for a user role to access specific security zones.
Syntax
permit security-zone security-zone-name&<1-10>
undo permit security-zone [ security-zone-name&<1-10> ]
Default
No permitted security zones are configured in user role security zone policy view.
Views
User role security zone policy view
Predefined user roles
Parameters
security-zone-name&<1-10>: Specifies a space-separated list of up to 10 security zone names. Each name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
To permit a user role to access a security zone after you configure the security-zone policy deny command, you must add the security zone to the permitted security zone list of the policy. With the user role, you can perform the following tasks on the security zones in the permitted security zone list:
· Create, remove, or configure the security zones.
· Enter the security zone views.
· Specify the security zones in feature commands.
You can repeat the permit security-zone command to add multiple permitted security zones to a user role security zone policy.
The undo permit security-zone command removes the entire list of permitted security zones if you do not specify a security zone.
Any change to a user role security zone policy takes effect only on users who log in with the user role after the change.
Examples
1. Configure user role role1:
# Permit user role role1 to execute all commands available in system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access security zones trust and abc.
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] permit security-zone trust abc
[Sysname-role-role1-zonepolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any security zones except for security zones trust and abc:
# Verify that you can create security zone abc and enter security zone view.
[Sysname] security-zone name abc
[Sysname-security-zone-abc] quit
# Verify that you can create a zone pair with source security zone trust and destination zone abc.
[Sysname] zone-pair security source trust destination abc
[Sysname-zone-pair-security-Trust-abc] quit
# Verify that you cannot create security zone local or enter the security zone view.
[Sysname] security-zone name local
Permission denied.
Related commands
display role
role
security-zone policy deny
permit vlan
Use permit vlan to configure a list of VLANs accessible to a user role.
Use undo permit vlan to remove the permission for a user role to access specific VLANs.
Syntax
permit vlan vlan-id-list
undo permit vlan [ vlan-id-list ]
Default
No permitted VLANs are configured in user role VLAN policy view.
Views
User role VLAN policy view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN by VLAN ID or specifies a range of VLANs in the form of vlan-id1 to vlan-id2. The value range for the VLAN IDs is 1 to 4094. If you specify a VLAN range, the value for the vlan-id2 argument must be greater than the value for the vlan-id1 argument.
Usage guidelines
To permit a user role to access a VLAN after you configure the vlan policy deny command, you must add the VLAN to the permitted VLAN list of the policy. With the user role, you can perform the following tasks on the VLANs in the permitted VLAN list:
· Create, remove, or configure the VLANs.
· Enter the VLAN views.
· Specify the VLANs in feature commands.
You can repeat the permit vlan command to add multiple permitted VLANs to a user role VLAN policy.
The undo permit vlan command removes the entire list of permitted VLANs if you do not specify a VLAN.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.
Examples
1. Configure user role role1:
# Permit user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit user role role1 to access VLANs 2, 4, and 50 to 100.
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 2 4 50 to 100
[Sysname-role-role1-vlanpolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any VLANs except for VLANs 2, 4, and 50 to 100:
# Verify that you can create VLAN 100 and enter the VLAN view.
[Sysname] vlan 100
[Sysname-vlan100] quit
# Verify that you can add GigabitEthernet 1/0/1 to VLAN 100 as an access port.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port access vlan 100
[Sysname-GigabitEthernet1/0/1] quit
# Verify that you cannot create VLAN 101 or enter the VLAN view.
[Sysname] vlan 101
Permission denied.
Related commands
display role
role
vlan policy deny
permit vpn-instance
Use permit vpn-instance to configure a list of VPN instances accessible to a user role.
Use undo permit vpn-instance to disable the access of a user role to specific VPN instances.
Syntax
permit vpn-instance vpn-instance-name&<1-10>
undo permit vpn-instance [ vpn-instance-name&<1-10> ]
Default
No permitted VPN instances are configured in user role VPN instance policy.
Views
User role VPN instance policy view
Predefined user roles
network-admin
Parameters
vpn-instance-name&<1-10>: Specifies a space-separated list of up to 10 MPLS L3VPN instance names. Each name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
To permit a user role to access an MPLS L3VPN instance after you configure the vpn-instance policy deny command, you must add the VPN instance to the permitted VPN instance list of the policy. With the user role, you can perform the following tasks on the VPN instances in the permitted VPN instance list:
· Create, remove, or configure the VPN instances.
· Enter the VPN instance views.
· Specify the VPN instances in feature commands.
You can repeat the permit vpn-instance command to add multiple permitted MPLS L3VPN instances to a user role VPN instance policy.
The undo permit vpn-instance command removes the entire list of permitted VPN instances if you do not specify a VPN instance.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.
Examples
1. Configure user role role1:
# Permit the user role to execute all commands available in system view and in the child views of system view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; *
# Permit the user role to access VPN instance vpn1.
[Sysname-role-role1] vpn policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn1
[Sysname-role-role1-vpnpolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any VPN instances except for vpn1:
# Verify that you can enter the view of VPN instance vpn1.
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] quit
# Verify that you can specify the primary accounting server at 10.110.1.2 in the VPN instance for RADIUS scheme radius1.
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary accounting 10.110.1.2 vpn-instance vpn1
[Sysname-radius-radius1] quit
# Verify that you cannot create VPN instance vpn2 or enter the VPN instance view.
[Sysname] ip vpn-instance vpn2
Permission denied.
Related commands
display role
role
vpn-instance policy deny
role
Use role to create a user role and enter its view, or enter the view of an existing user role.
Use undo role to delete a user role.
Syntax
role name role-name
undo role name role-name
Default
The system has the following predefined user roles: network-admin, network-operator, level-n (where n represents an integer in the range of 0 to 15), security-audit, and guest-manager.
Views
System view
Predefined user roles
network-admin
Parameters
name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63 characters.
Usage guidelines
You can create a maximum of 64 user roles in addition to the predefined user roles.
To change the permissions assigned to a user role, you must first enter the user role view.
You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, level-15, security-audit, or guest-manager.
You cannot assign the security-audit user role to non-AAA authentication users.
The access permissions of the level-0 to level-14 user roles can be modified through user role rules and resource access policies. However, you cannot make changes on the predefined access permissions of these user roles. For example, you cannot change the access permission of these user roles to the display history-command all command.
Examples
# Create a user role named role1 and enter its view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1]
Related commands
display role
interface policy deny
rule
security-zone policy deny
vlan policy deny
vpn-instance policy deny
role default-role enable
Use role default-role enable to enable the default user role feature for remote AAA users.
Use undo role default-role enable to restore the default.
Syntax
role default-role enable [ role-name ]
undo role default-role enable
Default
The default user role feature is disabled. AAA users who do not have a user role cannot log in to the device.
Views
System view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role by its name for the default user role. The user role must already exist. The argument is a case-sensitive string of 1 to 63 characters. If you do not specify a user role, the default user role is network-operator.
Usage guidelines
The default user role feature assigns the default user role to AAA-authenticated users if the authentication server (local or remote) does not assign any user roles to the users. These users are allowed to access the system with the default user role.
If AAA users have been assigned user roles, they log in with the user roles.
Examples
# Enable the default user role feature.
<Sysname> system-view
[Sysname] role default-role enable
Related commands
role
role feature-group
Use role feature-group to create a user role feature group and enter its view, or enter the view of an existing user role feature group.
Use undo role feature-group to delete a user role feature group.
Syntax
role feature-group name feature-group-name
undo role feature-group name feature-group-name
Default
Two user role feature groups L2 and L3 exist.
Views
System view
Predefined user roles
network-admin
Parameters
name feature-group-name: Specifies a feature group name. The feature-group-name argument is a case-sensitive string of 1 to 31 characters.
Usage guidelines
The L2 feature group includes all Layer 2 feature commands, and the L3 feature group includes all Layer 3 feature commands. These predefined feature groups are not user configurable.
In addition to the predefined feature groups L2 and L3, you can create a maximum of 64 user role feature groups.
After you create a user role feature group, you can use the display role feature command to display the features available in the system. Then you can use the feature command to add features to the feature group.
Examples
# Create a feature group named security-features and enter its view.
<Sysname> system-view
[Sysname] role feature-group name security-features
[Sysname-featuregrp-security-features]
Related commands
display role feature-group
display role feature
feature
rule
Use rule to create or change a user role rule for controlling command, Web menu, XML element, or MIB node access.
Use undo rule to delete user role rules.
Syntax
rule number { deny | permit } { command command-string | { execute | read | write } * { feature [ feature-name ] | feature-group feature-group-name | oid oid-string | web-menu [ web-string ] | xml-element [ xml-string ] } }
undo rule { number | all }
Default
A user-defined user role does not have any rules and cannot access any commands, Web menus, XML elements, or MIB nodes.
Views
User role view
Predefined user roles
network-admin
Parameters
number: Specifies a rule number in the range of 1 to 256.
deny: Denies access to the specified commands, Web menus, XML elements, or MIB nodes.
permit: Permits access to the specified commands, Web menus, XML elements, or MIB nodes.
command command-string: Specifies a command string. The command string can represent a command or a group of commands. The command-string argument is a case-sensitive string of 1 to 128 characters, including the following characters:
· The wildcard asterisk (*).
· The delimiters space and tab.
· All printable characters.
execute: Specifies the execute commands, Web menus, XML elements, or MIB nodes. An execute command (for example, ping), Web menu, XML element, or MIB node executes a specific function or program.
read: Specifies the read commands, Web menus, XML elements, or MIB nodes. A read command (for example, display, dir, more, or pwd), Web menu, XML element, or MIB node displays configuration or maintenance information.
write: Specifies the write commands, Web menus, XML elements, or MIB nodes. A write command (for example, ssh server enable), Web menu, XML element, or MIB node configures the system.
feature [ feature-name ]: Specifies one or all features. The feature-name argument represents a feature name. If you do not specify a feature name, you specify all the features in the system. When you specify a feature, the feature name must be the same, including the case, as the name displayed by the display role feature command.
feature-group feature-group-name: Specifies a user-defined or predefined feature group. The feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31 characters. If the feature group has not been created, the rule takes effect after the group is created. To display the feature groups that have been created, use the display role feature-group command.
oid oid-string: Specifies an OID of a MIB node. The oid-string argument represents the OID, a case-insensitive string of 1 to 255 characters. The OID is a dotted numeric string that uniquely identifies the path from the root node to this node. For example, 1.3.6.1.4.1.25506.8.35.14.19.1.1.
web-menu [ web-string ]: Specifies a Web menu. The web-string argument represents the ID path of the Web menu, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate ID items, for example, M_DEVICE/I_BASIC_INFO/I_reboot. If you do not specify a Web menu, the rule applies to all Web items. To verify the ID path of a Web menu, use the display web menu command.
xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the XPath of the XML element, a case-insensitive string of 1 to 255 characters. Use the forward slash (/) to separate Xpath items, for example, Interfaces/Index/Name. If you do not specify an XML element, the rule applies to all XML elements.
all: Specifies all the user role rules.
Usage guidelines
You can define the following types of rules for different access control granularities:
· Command rule—Controls access to a command or a set of commands that match a regular expression.
· Feature rule—Controls access to the commands of a feature by command type.
· Feature group rule—Controls access to the commands of a group of features by command type.
· Web menu rule—Controls access to Web menus by menu type.
· XML element rule—Controls access to XML elements by element type.
· OID rule—Controls access to the specified MIB node and its child nodes by node type.
A user role can access the set of permitted commands, Web menus, XML elements, and MIB nodes specified in the user role rules. User role rules include predefined (identified by sys-n) and user-defined user role rules.
You can configure a maximum of 256 user-defined rules for a user role. The total number of user-defined user role rules cannot exceed 1024.
Any rule modification, addition, or removal for a user role takes effect only on the users who log in with the user role after the change.
Access to the file system commands is controlled by both the file system command rules and the file system feature rule.
A command with output redirection to the file system is permitted only when the command type write is assigned to the file system feature.
The following guidelines apply to non-OID rules:
· If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For example, a user role can use the tracert command but not the ping command if the user role contains rules configured by using the following commands:
¡ rule 1 permit command ping
¡ rule 2 permit command tracert
¡ rule 3 deny command ping
· If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule takes effect.
The following guidelines apply to OID rules:
· The system compares an OID with the OIDs specified in rules, and it uses the longest match principle to select a rule for the OID. For example, a user role cannot access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:
¡ rule 1 permit read write oid 1.3.6
¡ rule 2 deny read write oid 1.3.6.1.4.1
¡ rule 3 permit read write oid 1.3.6.1.4
· If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following commands:
¡ rule 1 permit read write oid 1.3.6
¡ rule 2 deny read write oid 1.3.6.1.4.1
¡ rule 3 permit read write oid 1.3.6.1.4.1
When you specify a command string, follow the guidelines in Table 5.
Table 5 Command string configuration rules
Rule |
Guidelines |
Semicolon (;) is the delimiter. |
Use a semicolon to separate the command of each view that you must enter before you access a command or a set of commands. However, do not use a semicolon to separate commands available in user view or any view, for example, display and dir. Each semicolon-separated segment must have a minimum of one printable character. To specify the commands in a view but not the commands in the view's subviews, use a semicolon as the last printable character in the last segment. To specify the commands in a view and the view's subviews, the last printable character in the last segment must not be a semicolon. For example, you must enter system view before you enter interface view. To specify all commands starting with the ip keyword in any interface view, you must use the "system ; interface * ; ip * ;" command string. For another example, the "system ; radius scheme * ;" command string represents all commands that start with the radius scheme keywords in system view. The "system ; radius scheme *" command string represents all commands that start with the radius scheme keywords in system view and all commands in RADIUS scheme view. |
Asterisk (*) is the wildcard. |
An asterisk represents zero or multiple characters. In a non-last segment, you can use an asterisk only at the end of the segment. In the last segment, you can use an asterisk in any position of the segment. If the asterisk appears at the beginning, you cannot specify a printable character behind the asterisk. For example, the "system ; *" command string represents all commands available in system view and all subviews of the system view. The "debugging * event" command string represents all event debugging commands available in user view. |
Keyword abbreviation is allowed. |
You can specify a keyword by entering the first few characters of the keyword. Any command that starts with this character string matches the rule. For example, "rule 1 deny command dis arp source *" denies access to the commands display arp source-mac interface and display arp source-suppression. |
To control the access to a command, you must specify the command immediately after the view that has the command. |
To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command. For example, the "rule 1 deny command system ; interface * ; *" command string disables access to any command that is assigned to interface view. However, you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl *;". |
Do not include the vertical bar (|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule. |
The system does not treat the redirect signs and the parameters that follow the signs as part of command lines. However, in user role command rules, these redirect signs and parameters are handled as part of command lines. As a result, no rule that includes any of these signs can find a match. For example, "rule 1 permit command display debugging > log" can never find a match. This is because the system has a display debugging command but not a display debugging > log command. |
Examples
# Permit user role role1 to execute the display acl command.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command display acl
# Permit user role role1 to execute all commands that start with the display keyword.
[Sysname-role-role1] rule 2 permit command display *
# Permit user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view.
[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa
# Deny the access of role1 to the read or write commands of all features.
[Sysname-role-role1] rule 4 deny read write feature
# Deny the access of role1 to the read commands of the aaa feature.
[Sysname-role-role1] rule 5 deny read feature aaa
# Permit role1 to access all read, write, and execute commands of feature group security-features.
[Sysname-role-role1] rule 6 permit read write execute feature-group security-features
# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.
[Sysname-role-role1] rule 7 permit read write oid 1.1.2
Related commands
display role
display role feature
display role feature-group
display web menu
role
security-zone policy deny
Use security-zone policy deny to enter user role security zone policy view.
Use undo security-zone policy deny to restore the default.
Syntax
security-zone policy deny
undo security-zone policy deny
Default
A user role has access to all security zones.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the security zone access of a user role to a set of security zones, perform the following tasks:
1. Use security-zone policy deny to enter user role security zone policy view.
2. Use permit security-zone to specify accessible security zones.
|
NOTE: The security-zone policy deny command denies the access of the user role to all security zones if the permit security-zone command is not configured. |
To configure a security zone, make sure the zone is permitted by the user role security zone policy in use. You can perform the following tasks on an accessible security zone:
· Create, remove, or configure the security zone.
· Enter the security zone view.
· Specify the security zone in feature commands.
Any change to a user role security zone policy takes effect only on users who log in with the user role after the change.
Examples
# Enter user role security zone policy view of role1, and deny the access of role1 to all security zones.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] quit
# Enter user role security zone policy view of role1, and deny the access of role1 to all security zones except for security zones trust and abc.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] security-zone policy deny
[Sysname-role-role1-zonepolicy] permit security-zone trust abc
Related commands
display role
permit security-zone
role
super
Use super to obtain another user role without reconnecting to the device.
Syntax
super [ role-name ]
Views
User view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system and cannot be security-audit or guest-manager. If you do not specify a user role, you obtain the default target user role which is set by using the super default role command.
Usage guidelines
The obtained user role is a temporary user role, because this command is effective only on the current login. The next time you are logged in with the user account, the original user role settings take effect.
To enable a user to obtain another user role without reconnecting to the device, you must configure user role authentication.
· If no local password is configured in the local password authentication (local), a console or AUX user can obtain the user role by either entering a string or not entering anything.
· If no local password is configured in the local-then-remote authentication (local scheme), the following rules apply:
¡ A console or VTY user performs remote authentication.
¡ An AUX user can obtain user role authorization by either entering a string or not entering anything.
Examples
# Obtain user role network-operator.
<Sysname> super network-operator
Password:
User privilege role is network-operator, and only those commands that authorized to the role can be used.
Related commands
authentication super (Security Command Reference)
super authentication-mode
super password
super authentication-mode
Use super authentication-mode to set an authentication mode for temporary user role authorization.
Use undo super authentication-mode to restore the default.
Syntax
super authentication-mode { local | scheme } *
undo super authentication-mode
Default
Local password authentication applies.
Views
System view
Predefined user roles
network-admin
Parameters
local: Enables local password authentication.
scheme: Enables remote AAA authentication.
Usage guidelines
For local password authentication, use the super password command to set a password.
For remote AAA authentication, set the username and password on the RADIUS or HWTACACS server.
If you specify both local and scheme keywords, the keyword first entered in the command takes precedence.
· scheme local—Enables remote-then-local authentication mode. The device first performs AAA authentication to obtain a temporary user role. Local password authentication is performed if the remote HWTACACS or RADIUS server does not respond, or if the AAA configuration on the device is invalid.
· local scheme—Enables local-then-remote authentication mode. The device first performs local password authentication. If no password is configured for the user role, the device performs remote authentication.
For more information about AAA, see Security Configuration Guide.
Examples
# Enable local-only authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode local
# Enable remote-then-local authentication for temporary user role authorization.
<Sysname> system-view
[Sysname] super authentication-mode scheme local
Related commands
authentication super (Security Command Reference)
super password
super default role
Use super default role to specify the default target user role for temporary user role authorization.
Use undo super default role to restore the default.
Syntax
super default role role-name
undo super default role
Default
The default target user role is network-admin.
Views
System view
Predefined user roles
Parameters
role-name: Specifies the name of the default target user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system and cannot be security-audit or guest-manager.
Usage guidelines
The default target user role is applied to the super or super password command when you do not specify a user role for the command.
Examples
# Specify the default target user role as network-operator for temporary user role authorization.
[Sysname] super default role network-operator
Related commands
super
super password
super password
Use super password to set a password for a user role.
Use undo super password to delete the password for a user role.
Syntax
In non-FIPS mode:
super password [ role role-name ] [ { hash | simple } string ]
undo super password [ role role-name ]
In FIPS mode:
super password [ role role-name ]
undo super password [ role role-name ]
Default
No password is set for a user role.
Views
System view
Predefined user roles
network-admin
Parameters
role role-name: Specifies a user role, a case-sensitive string of 1 to 63 characters. The user role must exist in the system and cannot be security-audit or guest-manager. If you do not specify a user role, the command sets a password for the default target user role which is set by using the super default role command.
hash: Specifies a password in hashed form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in hashed form.
string: Specifies the password.
· In non-FIPS mode, the plaintext form of the password is a case-sensitive string of 1 to 63 characters. The hashed form of the password is a case-sensitive string of 1 to 110 characters.
· In FIPS mode, the password must be a case-sensitive plaintext string of 15 to 63 characters. The string must contain four character types including digits, uppercase letters, lowercase letters, and special characters.
Usage guidelines
If you do not specify any parameters, you specify a plaintext password in the interactive mode.
The FIPS mode supports only the interactive mode for setting a password.
Set a password if you configure local password authentication for temporary user role authorization.
It is a good practice to specify different passwords for different user roles.
Examples
# Set the password to 123456TESTplat&! in plaintext form for user role network-operator.
<Sysname> system-view
[Sysname] super password role network-operator simple 123456TESTplat&!
# Set the password to 123456TESTplat&! in the interactive mode for user role network-operator.
<Sysname> system-view
[Sysname] super password role network-operator
Password:
Confirm :
Updating user information. Please wait......
Related commands
super authentication-mode
super default role
vlan policy deny
Use vlan policy deny to enter user role VLAN policy view.
Use undo vlan policy deny to restore the default.
Syntax
vlan policy deny
undo vlan policy deny
Default
A user role has access to all VLANs.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the VLAN access of a user role to a set of VLANs, perform the following tasks:
1. Use vlan policy deny to enter user role VLAN policy view.
2. Use permit vlan to specify accessible VLANs.
|
NOTE: The vlan policy deny command denies the access of the user role to all VLANs if the permit vlan command is not configured. |
To configure a VLAN, make sure the VLAN is permitted by the user role VLAN policy in use. You can perform the following tasks on an accessible VLAN:
· Create, remove, or configure the VLAN.
· Enter the VLAN view.
· Specify the VLAN in feature commands.
Any change to a user role VLAN policy takes effect only on users who log in with the user role after the change.
Examples
# Enter user role VLAN policy view of role1, and deny the access of role1 to all VLANs.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] quit
# Enter user role VLAN policy view of role1, and deny the access of role1 to all VLANs except for VLANs 50 to 100.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vlan policy deny
[Sysname-role-role1-vlanpolicy] permit vlan 50 to 100
Related commands
display role
permit vlan
role
vpn-instance policy deny
Use vpn-instance policy deny to enter user role VPN instance policy view.
Use undo vpn-instance policy deny to restore the default.
Syntax
vpn-instance policy deny
undo vpn-instance policy deny
Default
A user role has access to all VPN instances.
Views
User role view
Predefined user roles
network-admin
Usage guidelines
To restrict the VPN instance access of a user role to a set of VPN instances, perform the following tasks:
1. Use vpn-instance policy deny to enter user role VPN instance policy view.
2. Use permit vpn-instance to specify accessible VPN instances.
|
NOTE: The vpn-instance policy deny command denies the access of the user role to all VPN instances if the permit vpn-instance command is not configured. |
To configure a VPN instance, make sure the VPN instance is permitted by the user role VPN instance policy in use. You can perform the following tasks on an accessible VPN instance:
· Create, remove, or configure the VPN instance.
· Enter the VPN instance view.
· Specify the VPN instance in feature commands.
Any change to a user role VPN instance policy takes effect only on users who log in with the user role after the change.
Examples
# Enter user role VPN instance policy view of role1, and deny the access of role1 to all VPN instances.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] quit
# Enter user role VPN instance policy view of role1, and deny the access of role1 to all VPN instances except for vpn2.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] vpn-instance policy deny
[Sysname-role-role1-vpnpolicy] permit vpn-instance vpn2
Related commands
display role
permit vpn-instance
role
Login management commands
The following matrix shows the feature and hardware compatibility:
AUX port login compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3620-DP |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
AUX port login compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Some login management commands are available in both user line view and user line class view. For these commands, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view takes effect for login sessions that are established after the setting is configured.
activation-key
Use activation-key to set the terminal session activation key. Pressing this shortcut key starts a terminal session.
Use undo activation-key to restore the default.
Syntax
activation-key key-string
undo activation-key
Default
The terminal session activation key is Enter.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure activation-key 1, the shortcut key is Ctrl+A. If you configure activation-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 6.
Usage guidelines
This command is not supported in VTY line view or VTY line class view.
This command takes effect immediately.
To display the current terminal session activation key, use the display current-configuration | include activation-key command.
Table 6 ASCII code values for combined keys that use the Ctrl key
Combined key |
ASCII code value |
Examples
# Configure character s as the terminal session activation key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] activation-key s
To verify the configuration:
1. Exit the console session.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Press s.
A terminal session is started.
<Sysname>
authentication-mode
Use authentication-mode to set the authentication mode for a user line.
Use undo authentication-mode to restore the default.
Syntax
In non-FIPS mode:
authentication-mode { none | password | scheme }
undo authentication-mode
In FIPS mode:
authentication-mode scheme
undo authentication-mode
Default
In non-FIPS mode, the authentication mode is password for VTY and AUX lines, and none for console lines.
In FIPS mode, the authentication mode is scheme.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
none: Disables authentication.
password: Performs local password authentication.
scheme: Performs AAA authentication. For more information about AAA, see Security Configuration Guide.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
When the authentication mode is none, a user can log in without authentication. To improve device security, use the password or scheme authentication mode.
In VTY line view, this command is associated with the protocol inbound command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.
An authentication mode change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Enable the none authentication mode for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode none
# Enable password authentication for VTY line 0 and set the password to 321.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode password
[Sysname-line-vty0] set authentication password simple 321
# Enable scheme authentication for VTY line 0. Configure the local user 123 and set the password to 321. Assign the Telnet service and the user role network-admin to the user.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] authentication-mode scheme
[Sysname-line-vty0] quit
[Sysname] local-user 123
[Sysname-luser-manage-123] password simple 321
[Sysname-luser-manage-123] service-type telnet
[Sysname-luser-manage-123] authorization-attribute user-role network-admin
Related commands
set authentication password
auto-execute command
Use auto-execute command to specify the command to be automatically executed for a login user.
Use undo auto-execute command to restore the default.
Syntax
auto-execute command command
undo auto-execute command
Default
No command is specified to be automatically executed for a login user.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
command: Specifies the command to be automatically executed.
Usage guidelines
CAUTION: After configuring this command for a user line, you might be unable to access the CLI through the user line. Make sure you can access the CLI through a different user line before you configure this command and save the configuration. |
This command is not supported in console line view or console line class view.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
The device automatically executes the specified command when a user logs in through the user line. If the command triggers another task, the device does not close the user connection until the task is completed. If the command does not trigger any other tasks, the device closes the user connection after the command is executed.
Typically, you configure the auto-execute command telnet X.X.X.X command so the device redirects a Telnet user to the host at X.X.X.X. The connection to the device is closed when the user terminates the Telnet connection to X.X.X.X.
Examples
# Configure the device to automatically execute the telnet 192.168.1.41 command when a user logs in through VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] auto-execute command telnet 192.168.1.41
This action will lead to configuration failure through line-vty0. Are you sure?
[Y/N]:y
[Sysname-line-vty0]
# To verify the configuration, Telnet to the device (192.168.1.40).
The device automatically Telnets to 192.168.1.41. The following output is displayed on the configuration terminal:
C:\> telnet 192.168.1.40
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname>
Trying 192.168.1.41 ...
Press CTRL+K to abort
Connected to 192.168.1.41 ...
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname.41>
This operation is the same as directly logging in to the device at 192.168.1.41 through Telnet. When you close the Telnet connection to 192.168.1.41, the Telnet connection to 192.168.1.40 is closed at the same time.
command accounting
Use command accounting to enable command accounting.
Use undo command accounting to disable command accounting.
Syntax
command accounting
undo command accounting
Default
Command accounting is disabled. The accounting server does not record executed commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command accounting is enabled but command authorization is not, every executed command is recorded on the HWTACACS server.
When both command accounting and command authorization are enabled, only authorized commands that are executed are recorded on the HWTACACS server.
Invalid commands are not recorded.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
After you configure the command accounting command in user line class view, you cannot configure the undo command accounting command in any user line views in the class.
Examples
# Enable command accounting for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command accounting
Related commands
accounting command (Security Command Reference)
command authorization
command authorization
Use command authorization to enable command authorization.
Use undo command authorization to disable command authorization.
Syntax
command authorization
undo command authorization
Default
Command authorization is disabled. Logged-in users can execute commands without authorization.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
When command authorization is enabled, a user can only use commands that are permitted by both the AAA scheme and user role.
A configuration change made by this command does not take effect for the current session. It takes effect for subsequent login sessions.
If you configure the command authorization command in user line class view, command authorization is enabled for all user lines in the class. You cannot configure the undo command authorization command in the view of a user line in the class.
Examples
# Enable command authorization for VTY line 0.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] command authorization
Related commands
authorization command (Security Command Reference)
command accounting
databits
Use databits to specify the number of data bits for a character.
Use undo databits to restore the default.
Syntax
databits { 5 | 6 | 7 | 8 }
undo databits
Default
Eight data bits are used for a character.
Views
User line view
Predefined user roles
network-admin
Parameters
5: Uses five data bits for a character. This keyword is available only for modem dial-in.
6: Uses six data bits for a character. This keyword is available only for modem dial-in.
7: Uses seven data bits for a character.
8: Uses eight data bits for a character.
Usage guidelines
This command is not supported in VTY line class view.
This setting must be the same as the setting on the configuration terminal.
Examples
# Configure AUX 0 to use seven data bits for a character.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] databits 7
display line
Use display line to display user line information.
Syntax
display line [ number1 | { aux | console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR3620-DP |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR3620-DP |
Yes |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
summary: Displays summary information about user lines. If you do not specify this keyword, the command displays detailed information.
Examples
# Display information about console line 0.
<Sysname> display line 0
Idx Type Tx/Rx Modem Auth Int Location
+ 0 CON 0 9600 - N - 0/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 7 Command output
Field |
Description |
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
Int |
Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-). |
Location |
Physical position of the line, in the form slot number/CPU number. |
# Display summary information about all user lines.
<Sysname> display line summary
Line type : [CON]
0:U
Line type : [AUX]
1:X
Line type : [VTY]
2:UXXX X
2 lines used. (U)
5 lines not used. (X)
Table 8 Command output
Fields |
Description |
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not. |
display telnet client
Use display telnet client to display the packet source setting for the Telnet client.
Syntax
display telnet client
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the packet source setting for the Telnet client.
<Sysname> display telnet client
The source IP address is 1.1.1.1.
Related commands
telnet client source
display user-interface
Use display user-interface to display user line information.
Syntax
display user-interface [ number1 | { aux | console | vty } number2 ] [ summary ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
summary: Displays summary information about user lines. If you do not specify this keyword, the detailed information is displayed.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the display line command. As a best practice, use the display line command.
Examples
# Display information about console line 0.
<Sysname> display user-interface 0
Idx Type Tx/Rx Modem Auth Int Location
+ 0 CON 0 9600 - N - 0/0
+ : Line is active.
F : Line is active and in async mode.
Idx : Absolute index of line.
Type : Type and relative index of line.
Auth : Login authentication mode.
Int : Physical port of the line.
A : Authentication use AAA.
N : No authentication is required.
P : Password authentication.
Table 9 Command output
Field |
Description |
Modem |
Whether the modem allows calling in or out. By default, this attribute is not configured and this field displays a hyphen (-). |
Int |
Physical port for the line. If there is no physical port for the line or the line is a console line, this field displays a hyphen (-). |
Location |
Physical position of the line, in the form slot number/CPU number. |
# Display summary information about all user lines.
<Sysname> display user-interface summary
Line type : [CON]
0:U
Line type : [AUX]
1:X
Line type : [VTY]
2:UXXX X
2 lines used. (U)
5 lines not used. (X)
Table 10 Command output
Fields |
Description |
number:status |
number: Absolute number of the first user line in the user line class. status: User line status. X is for unused and U is for used. For example, if "2:UXXX X" is displayed, there are five user lines of the user line class, which use the absolute numbers 2 through 6. User line 2 is in use, and the other user lines are not. |
display users
Use display users to display online CLI users.
Syntax
display users [ all ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all user lines supported by the device.
Examples
# Display online user information.
<Sysname> display users
Idx Line Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
The output shows that two users have logged in to the device: one is using VTY line 0 and the other (yourself) is using VTY line 1. Your IP address is 192.168.1.26.
Table 11 Command output
Field |
Description |
Idx |
Absolute number of the user line. |
Line |
Type and relative number of the user line. |
Idle |
Time elapsed after the user's most recent input, in the hh:mm:ss format. |
Time |
Login time of the user. |
Pid |
Process ID of the user session. |
Type |
User type, such as Telnet, SSH, or PAD. |
+ |
User line you are using. |
Location |
IP address of the user. |
escape-key
Use escape-key to set the escape key.
Use undo escape-key to disable the escape key.
Syntax
escape-key { key-string | default }
undo escape-key
Default
The escape key is Ctrl+C.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive, except for d and D), or an ASCII code value in the range of 0 to 127. For example, if you configure escape-key 1, the shortcut key is Ctrl+A. If you configure escape-key a, the shortcut key is a. If you specify the character d or D for this argument, the actual shortcut key is Ctrl+C. To use d or D as the shortcut key, you must specify the ASCII code value of the character for this argument. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 6.
default: Restores the default escape key Ctrl+C.
Usage guidelines
You can use this shortcut key to abort a command that is being executed. For example, you can press this shortcut key to abort a ping or tracert command.
Whether a command can be aborted by Ctrl+C by default depends on the software implementation of the command. For more information, see the usage guidelines for the command.
As a best practice, use a key sequence as the escape key. If you define a single character as the escape key, pressing the key while a command is being executed stops the command. If no command is being executed, pressing the key enters the character as a common character. If you Telnet from the device to a remote device, pressing the key enters the character as a common character on the remote device. The key acts as the escape key on the remote device only when the following conditions are met:
· You define the same character as the escape key on the remote device.
· You press the key while a command is being executed on the remote device.
The undo escape-key command disables the current escape key. After you execute this command, no escape key is available.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
To display the current escape key, use the display current-configuration | include escape-key command.
Examples
# Define the character a as the escape key for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] escape-key a
To verify the configuration:
1. Ping IP address 192.168.1.49, specifying the -c keyword to set the number of ICMP echo request packets to 20.
<Sysname> ping -c 20 192.168.1.49
Ping 192.168.1.49: 56 data bytes, press a to break
Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms
Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms
2. Press a.
The system aborts the command and returns to user view.
--- 192.168.1.49 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/3 ms
<Sysname>
flow-control
Use flow-control to configure the flow control mode.
Use undo flow-control to restore the default.
Syntax
flow-control { hardware | none | software }
flow-control hardware direction1 [ software direction2 ]
flow-control software direction1 [ hardware direction2 ]
undo flow-control
Default
Flow control is disabled.
Views
User line view
Predefined user roles
network-admin
Parameters
hardware: Performs hardware flow control.
none: Disables flow control.
software: Performs software flow control.
direction1, direction2: Specify the software flow control direction and hardware flow control direction.
· in: Listens to flow control information from the remote device.
· out: Sends flow control information to the remote device.
Usage guidelines
This command is not supported in VTY line view.
The device can perform flow control in either or both of the inbound and outbound directions. One direction supports one flow control mode.
To specify the same flow control mode for the two directions, use the flow-control { hardware | software | none } command.
To specify different flow control modes for the two directions, use the flow-control hardware direction1 [ software direction2 ] or flow-control software direction1 [ hardware direction2 ] command. If you do not specify the software direction2 or hardware direction2 option, the flow control mode none applies to the direction represented by the option.
For two devices to communicate, make sure their flow control modes match.
Examples
# Configure hardware flow control in the inbound direction and disable flow control in the outbound direction for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control hardware in
# Configure hardware flow control in the inbound direction and software flow control in the outbound direction for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] flow-control hardware in software out
free line
Use free line to release a user line.
Syntax
free line { number1 | { aux | console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
Usage guidelines
This command does not release the line you are using.
Examples
# Display online users.
<Sysname> display users
Idx Line Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
# Release VTY line 1.
<Sysname> free line vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
free user-interface
Use free user-interface to release a user line.
Syntax
free user-interface { number1 | { aux | console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3620-DP/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
Usage guidelines
This command does not release the line you are using.
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the free line command. As a best practice, use the free line command.
Examples
# Display online users.
<Sysname> display users
Idx LINE Idle Time Pid Type
10 VTY 0 00:10:49 Jun 11 11:27:32 320 TEL
+ 11 VTY 1 00:00:00 Jun 11 11:39:40 334 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.12
VTY 1 :
Location: 192.168.1.26
+ : Current operation user.
F : Current operation user works in async mode.
# Release VTY line 1.
<Sysname> free user-interface vty 1
Are you sure to free line vty1? [Y/N]:y
[OK]
history-command max-size
Use history-command max-size to set the size of the command history buffer for a user line.
Use undo history-command max-size to restore the default.
Syntax
history-command max-size size-value
undo history-command max-size
Default
The command history buffer for a user line stores up to 10 history commands.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
size-value: Specifies the maximum number of history commands the buffer can store, in the range of 0 to 256.
Usage guidelines
Each user line uses a separate command history buffer to store commands successfully executed by its user. The buffer size determines how many history commands the buffer can store.
To display history commands in the buffer for your session, press the up or down arrow key, or execute the display history-command command. For more information about the command history buffer, see Fundamentals Configuration Guide.
Terminating a CLI session clears the commands in the command history buffer.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the command history buffer size to 20 for the console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] history-command max-size 20
idle-timeout
Use idle-timeout to set the CLI connection idle-timeout timer.
Use undo idle-timeout to restore the default.
Syntax
idle-timeout minutes [ seconds ]
undo idle-timeout
Default
The CLI connection idle-timeout timer is 10 minutes.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
minutes: Specifies the number of minutes, in the range of 0 to 35791.
seconds: Specifies the number of seconds, in the range of 0 to 59. The default is 0 seconds.
Usage guidelines
The system automatically terminates a user connection if no information interaction occurs on the connection within the idle-timeout interval.
To disable the idle-timeout feature, execute the idle-timeout 0 command.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the CLI connection idle-timeout timer to 1 minute and 30 seconds for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] idle-timeout 1 30
line
Use line to enter one or multiple user line views.
Syntax
line { first-number1 [ last-number1 ] | { aux | console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
last-number1: Specifies the absolute number of the last user line. This number must be greater than first-number1.
The following matrix shows the value ranges for the first-number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line.
last-number2: Specifies the relative number of the last user line. This number must be greater than first-number2.
The following matrix shows the value ranges for the first-number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
Usage guidelines
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line views.
Examples
# Enter the view of console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0]
# Enter the views of VTY lines 0 to 4.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4]
Related commands
line class
line class
Use line class to enter user line class view.
Syntax
line class { aux | console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
aux: Specifies the AUX line class view.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line class view.
Usage guidelines
To configure the same settings for all user lines of a line class, use this command to enter the user line class view.
In user line class view, you can execute the following commands:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] line class vty
[Sysname-line-class-vty] idle-timeout 15
# In console line class view, configure the character s as the terminal session activation key.
<Sysname> system-view
[Sysname] line class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In the view of console line 0, restore the default terminal session activation key.
[Sysname] line console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1. Exit the session on console line 0.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the user line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
Related commands
line
lock
Use lock to lock the current user line and set the password for unlocking the line.
Syntax
lock
Default
The system does not lock any user lines.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
This command locks the current user line to prevent unauthorized users from using the line. You must set the password for unlocking the line as prompted. The user line is locked after you enter the password and confirm the password.
To unlock the user line, press Enter and enter the password you set.
Examples
# Lock the current user line and set the password for unlocking the line.
<Sysname> lock
Please input password<1 to 16> to lock current line:
Password:
Again:
locked !
// The user line is locked. To unlock it, press Enter and enter the password:
Password:
<Sysname>
lock-key
Use lock-key to set the user line locking key. Pressing this shortcut key locks the current user line and enables unlocking authentication.
Use undo lock-key to restore the default.
Syntax
lock-key key-string
undo lock-key
Default
No user line locking key is set.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
key-string: Specifies a shortcut key. It can be a character (case sensitive), or an ASCII code value in the range of 0 to 127. For example, if you configure lock-key 1, the shortcut key is Ctrl+A. If you configure lock-key a, the shortcut key is a. For information about ASCII code values of individual characters, see the standard ASCII code chart. For information about ASCII code values of combined keys that use the Ctrl key, see Table 6.
Usage guidelines
As a best practice, specify a combined key as the user line locking key. If you specify a single character as the key, the character acts only as the user line locking key. You cannot type the character for any commands, keywords, or arguments.
Pressing this shortcut key is equivalent to executing the lock reauthentication command.
This command takes effect immediately.
To display the current user line locking key, use the display current-configuration | include lock-key command.
Examples
# Set the user line locking key to Ctrl+A for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] lock-key 1
[Sysname-line-console0] quit
To verify the configuration:
1. Press Ctrl+A.
[Sysname]
Please press Enter to unlock the screen.
2. Press Enter and enter the login password.
Password:
[Sysname]
Related commands
lock reauthentication
lock reauthentication
Use lock reauthentication to lock the current user line and enable unlocking authentication.
Syntax
lock reauthentication
Default
The system does not lock any user lines or initiate reauthentication.
Views
Any view
Predefined user roles
network-admin
Usage guidelines
This command locks the current user line. To unlock the user line, you must press Enter and provide the login password to pass reauthentication. If you have changed the login password after login, you must provide the new password. If no login password is set, the system unlocks the user line after you press Enter.
Examples
# Lock the current user line and enable unlocking authentication.
<Sysname> lock reauthentication
Please press Enter to unlock the screen.
// The user line is locked. To unlock it, press Enter and enter the login password:
Password:
<Sysname>
Related commands
lock-key
parity
Use parity to specify the parity.
Use undo parity to restore the default.
Syntax
parity { even | mark | none | odd | space }
undo parity
Default
The setting is none. No parity is used.
Views
User line view
Predefined user roles
network-admin
Parameters
even: Uses even parity.
mark: Uses mark parity.
none: Uses no parity.
odd: Uses odd parity.
space: Uses space parity.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same parity.
Examples
# Configure the user line AUX 0 to use odd parity.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] parity odd
protocol inbound
Use protocol inbound to specify the supported protocols.
Use undo protocol inbound to restore the default.
Syntax
In non-FIPS mode:
protocol inbound { all | pad | ssh | telnet }
undo protocol inbound
In FIPS mode:
protocol inbound ssh
undo protocol inbound
Default
In non-FIPS mode, all protocols are supported.
In FIPS mode, SSH is supported.
Views
VTY line view
VTY line class view
Predefined user roles
network-admin
Parameters
all: Supports all protocols.
pad: Supports PAD only.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
A configuration change in user line view does not take effect for the current session. It takes effect for subsequent login sessions.
Before configuring a user line to support SSH, set the authentication mode to scheme for the user line. For more information, see authentication-mode.
In VTY line view, this command is associated with the authentication-mode command. If you specify a non-default value for one of the two commands, the other command uses the default setting, regardless of the setting in VTY line class view.
Examples
# Enable user lines VTY 0 through VTY 4 to support only SSH.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] authentication-mode scheme
[Sysname-line-vty0-4] protocol inbound ssh
# Enable SSH support and set the authentication mode to scheme in VTY line class view. Enable user lines VTY 0 through VTY 4 to support all protocols and disable authentication for the user lines.
[Sysname] line class vty
[Sysname-line-class-vty] authentication-mode scheme
[Sysname-line-class-vty] protocol inbound ssh
[Sysname-line-class-vty] quit
[Sysname] line vty 0 4
[Sysname-line-vty0-4] authentication-mode none
To verify the configuration:
1. Telnet to the device.
Trying 192.168.1.241 ...
Press CTRL+K to abort
Connected to 192.168.1.241 ...
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Server>
You are logged in without authentication.
2. Display online CLI user information.
Idx Line Idle Time Pid Type
+ 50 VTY 0 00:00:00 Jan 17 15:29:27 189 TEL
Following are more details.
VTY 0 :
Location: 192.168.1.186
+ : Current operation user.
F : Current operation user works in async mode.
The output shows that you are using VTY 0. The configuration in user line view is effective.
screen-length
Use screen-length to set the maximum number of lines of command output to send to the terminal at a time when the screen pausing feature is enabled.
Use undo screen-length to restore the default.
Syntax
screen-length screen-length
undo screen-length
Default
A maximum of 24 lines are sent.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
screen-length: Specifies the maximum number of lines to send, in the range of 0 to 512. To send command output without pausing, set the number to 0 or execute the screen-length disable command.
Usage guidelines
The number of lines that can be displayed on the terminal screen is restricted by both this setting and the display specification of the terminal. For example, if this setting is 40, the device sends 40 lines to the terminal at a time. If the terminal display specification is 24 lines, only the last 24 lines are displayed on the terminal screen. To view the previous 16 lines, you must press PgUp.
To continue to display command output after a pause, press the space bar.
The setting in user line view takes effect immediately for the current session. The setting in user line class view takes effect for login sessions that are established after the setting is configured.
Examples
# Set the maximum number of lines to send at a time to 30 for console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] screen-length 30
screen-length disable
send
Use send to send messages to online login users.
Syntax
send { all | number1 | { aux | console | vty } number2 }
Views
User view
Predefined user roles
network-admin
Parameters
all: Specifies all user lines.
number1: Specifies the absolute number of a user line.
The following matrix shows the value ranges for the number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
number2: Specifies the relative number of a user line.
The following matrix shows the value ranges for the number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
Usage guidelines
You can use this command to send notifications to online users before performing an operation that might affect other online users, for example, before rebooting the device.
To end a message, press Enter. To abort the send operation, press Ctrl+C.
Examples
# Send a notification to the user on VTY 1.
<Sysname> send vty 1
Input message, end with Enter; abort with CTRL+C:
Your attention, please. I will reboot the system in 3 minutes.
Send message? [Y/N]:y
The message should appear on the user's terminal screen as follows:
[Sysname]
***
***
***Message from vty0 to vty1
***
Your attention, please. I will reboot the system in 3 minutes.
set authentication password
Use set authentication password to set the password for local password authentication.
Use undo set authentication password to restore the default.
Syntax
set authentication password { hash | simple } string
undo set authentication password
Default
No password is set for local password authentication.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
hash: Specifies a password in hashed form.
simple: Sets a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in hashed form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 16 characters. Its hashed form is a case-sensitive string of 1 to 110 characters.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
This command is not supported in FIPS mode.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A password change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Set the password to hello for local password authentication on console line 0.
<Sysname> system-view
[Sysname] line console 0
[Sysname-line-console0] authentication-mode password
[Sysname-line-console0] set authentication password simple hello
Related commands
authentication-mode
shell
Use shell to enable the terminal service for user lines.
Use undo shell to disable the terminal service for user lines.
Syntax
shell
undo shell
Default
The terminal service is enabled on all user lines.
Views
User line view
User line class view
Predefined user roles
network-admin
Usage guidelines
The undo shell command is not supported in console line view or console line class view.
You cannot disable the terminal service on the user line you are using.
When the device acts as a Telnet or SSH server, you cannot configure the undo shell command.
If the undo shell command is configured in user line class view, you cannot configure the shell command in the view of a user line in the class.
Examples
# Disable the terminal service for VTY lines VTY 0 through 4 so no user can log in to the device through the user lines.
<Sysname> system-view
[Sysname] line vty 0 4
[Sysname-line-vty0-4] undo shell
Disable ui-vty0-4 , are you sure? [Y/N]:y
[Sysname-line-vty0-4]
speed
Use speed to set the transmission rate (also called the baud rate) on a user line.
Use undo speed to restore the default.
Syntax
speed speed-value
undo speed
Default
The transmission rate is 9600 bps on a user line.
Views
User line view
Predefined user roles
network-admin
Parameters
speed-value: Specifies the transmission rate in bps. Supported transmission rates depend on the device model and configuration environment. The transmission rates for asynchronous serial interfaces might include:
· 300 bps.
· 600 bps.
· 1200 bps.
· 2400 bps.
· 4800 bps.
· 9600 bps.
· 19200 bps.
· 38400 bps.
· 57600 bps.
· 115200 bps.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must be configured with the same transmission rate to communicate.
Examples
# Set the transmission rate to 19200 bps for AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] speed 19200
stopbits
Use stopbits to specify the number of stop bits for a character.
Use undo stopbits to restore the default.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Default
One stop bit is used.
Views
User line view
Predefined user roles
network-admin
Parameters
1: Uses one stop bit.
1.5: Uses one and a half stop bits. The device does not support using one and a half stop bits. If you specify this keyword, two stop bits are used.
2: Uses two stop bits.
Usage guidelines
This command is not supported in VTY line view.
The configuration terminal and the device must use the same number of stop bits to communicate.
Examples
# Set the number of stop bits to 1 for AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] stopbits 1
telnet
Use telnet to Telnet to a host in an IPv4 network.
Syntax
telnet remote-host [ service-port ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip ip-address } ] [ dscp dscp-value ] [ escape character ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv4 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.
source: Specifies a source IPv4 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies the source IPv4 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.
escape character: Specifies an escape character. You can use the escape character together with a dot (.) as the escape key to terminate the current Telnet connection and return to the upper level connection. The value for the character argument is case sensitive and must be different from the login username. As a best practice, specify a tilde (~) for the character argument.
Usage guidelines
This command is not supported in FIPS mode.
Methods for terminating Telnet connections include:
· Pressing Ctrl+K—Terminates all Telnet connections. You can use this method in any scenarios unless you configure an escape character. After you configure an escape character, pressing Ctrl+K does not terminate Telnet connections.
· Executing the quit command—Terminates the current Telnet connection and returns to the upper level connection. This method is not available when the Telnet server reboots or fails.
· Using the escape key—Terminates the current Telnet connection and returns to the upper level connection. You can use this method in any scenarios.
To use the escape key to terminate the current Telnet connection, enter the escape character and a dot in a new line. If you enter any other characters or perform any other operations (for example, pressing the backspace key) before entering the escape character, the escape character does not take effect.
The source address or interface specified by this command is applied only to the Telnet connection that is being established.
Examples
# Telnet to host 1.1.1.2, using 1.1.1.1 as the source IP address for outgoing Telnet packets.
<Sysname> telnet 1.1.1.2 source ip 1.1.1.1
Related commands
telnet client source
telnet client source
Use telnet client source to specify a source IPv4 address or source interface for the Telnet client to use for outgoing Telnet packets.
Use undo telnet client source to restore the default.
Syntax
telnet client source { interface interface-type interface-number | ip ip-address }
undo telnet client source
Default
No source IPv4 address or source interface is specified. The Telnet client uses the primary IPv4 address of the output interface for the route to the server as the source IPv4 address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a source interface. The primary IPv4 address of the interface will be used as the source IPv4 address for outgoing Telnet packets.
ip ip-address: Specifies a source IPv4 address.
Usage guidelines
This command is not supported in FIPS mode.
The setting configured by this command applies to all Telnet connections but has a lower precedence than the source setting specified for the telnet command.
Examples
# Set the source IPv4 address to 1.1.1.1 for outgoing Telnet packets.
<Sysname> system-view
[Sysname] telnet client source ip 1.1.1.1
Related commands
display telnet client
telnet ipv6
Use telnet ipv6 to Telnet to a host in an IPv6 network.
Syntax
telnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ipv6 ipv6-address } ] [ dscp dscp-value ] [ escape character ]
Views
User view
Predefined user roles
network-admin
Parameters
remote-host: Specifies the IPv6 address or host name of a remote host. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
-i interface-type interface-number: Specifies the interface for sending Telnet packets. This option is required when the remote host address is a link-local address. When the server address is a global unicast address, you cannot specify this option.
port-number: Specifies the TCP port number for the Telnet service on the remote host. The value range is 0 to 65535 and the default is 23.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the remote host belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the remote host belongs to the public network, do not specify this option.
source: Specifies a source IPv6 address or source interface for outgoing Telnet packets. If you do not specify this option, the device uses the primary IPv6 address of the output interface for the route to the server as the source address.
interface interface-type interface-number: Specifies the source interface. The primary IPv6 address of the interface will be used as the source IPv6 address for outgoing Telnet packets.
ipv6 ipv6-address: Specifies the source IPv6 address for outgoing Telnet packets.
dscp dscp-value: Specifies a DSCP value for outgoing Telnet packets. The value range is 0 to 63. The default is 48.
escape character: Specifies an escape character. You can use the escape character together with a dot (.) as the escape key to terminate the current Telnet connection and return to the upper level connection. The value for the character argument is case sensitive and must be different from the login username. As a best practice, specify a tilde (~) for the character argument.
Usage guidelines
This command is not supported in FIPS mode.
Methods for terminating Telnet connections include:
· Pressing Ctrl+K—Terminates all Telnet connections. You can use this method in any scenarios unless you configure an escape character. After you configure an escape character, pressing Ctrl+K does not terminate Telnet connections.
· Executing the quit command—Terminates the current Telnet connection and returns to the upper level connection. This method is not available when the Telnet server reboots or fails.
· Using the escape key—Terminates the current Telnet connection and returns to the upper level connection. You can use this method in any scenarios.
To use the escape key to terminate the current Telnet connection, enter the escape character and a dot in a new line. If you enter any other characters or perform any other operations (for example, pressing the backspace key) before entering the escape character, the escape character does not take effect.
Examples
# Telnet to the host at 5000::1.
<Sysname> telnet ipv6 5000::1
# Telnet to the host at 2000::1. Use 1000::1 as the source address for outgoing Telnet packets.
<Sysname> telnet ipv6 2000::1 source ipv6 1000::1
telnet server acl
Use telnet server acl to apply an ACL to filter Telnet logins.
Use undo telnet server acl to restore the default.
Syntax
telnet server acl [ mac ] acl-number
undo telnet server acl
Default
No ACL is used to filter Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the mac keyword, the value range of this argument is 4000 to 4999. If you do not specify the mac keyword, the value range of this argument is 2000 to 3999.
Usage guidelines
This command is not supported in FIPS mode.
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 1.1.1.1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] telnet server acl 2001
telnet server acl-deny-log enable
Use telnet server acl-deny-log enable to enable logging for Telnet login attempts that are denied by the Telnet login control ACL.
Use undo telnet server acl-deny-log enable to disable logging for Telnet login attempts that are denied by the Telnet login control ACL.
Syntax
telnet server acl-deny-log enable
undo telnet server acl-deny-log enable
Default
Logging is disabled for Telnet login attempts that are denied by the Telnet login control ACL.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Only clients permitted by the Telnet login control ACL can Telnet to the device. This logging feature generates log messages for Telnet login attempts that are denied by the Telnet login control ACL.
For information about log message output, see the information center in Network Management and Monitoring Configuration Guide. For information about configuring a Telnet login control ACL, see the telnet server acl or telnet server ipv6 acl command.
Examples
# Enable logging for Telnet login attempts that are denied by the Telnet login control ACL.
<Sysname> system-view
[Sysname] telnet server acl-deny-log enable
Related commands
telnet server acl
telnet server ipv6 acl
telnet server dscp
Use telnet server dscp to specify the DSCP value for IPv4 to use for Telnet packets sent to a Telnet client.
Use undo telnet server dscp to restore the default.
Syntax
telnet server dscp dscp-value
undo telnet server dscp
Default
IPv4 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the ToS field of an IPv4 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv4 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server dscp 30
telnet server enable
Use telnet server enable to enable the Telnet server.
Use undo telnet server enable to disable the Telnet server.
Syntax
telnet server enable
undo telnet server enable
Default
The Telnet server is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is not supported in FIPS mode.
Users can Telnet to the device only when the Telnet server is enabled.
Examples
# Enable the Telnet server.
<Sysname> system-view
[Sysname] telnet server enable
telnet server ipv6 acl
Use telnet server ipv6 acl to apply an IPv6 ACL to filter IPv6 Telnet logins.
Use undo telnet server ipv6 acl to restore the default.
Syntax
telnet server ipv6 acl { ipv6 | mac } acl-number
undo telnet server ipv6 acl
Default
No IPv6 ACL is used to filter IPv6 Telnet logins.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL.
mac: Specifies a Layer 2 ACL. To specify an ACL of a different type, do not specify this keyword.
acl-number: Specifies an ACL by its number. If you specify the ipv6 keyword, the value range of this argument is 2000 to 3999. If you specify the mac keyword, the value range of this argument is 4000 to 4999.
Usage guidelines
This command is not supported in FIPS mode.
This command does not take effect on existing Telnet connections.
You can specify an ACL that does not exist for this command. However, this command takes effect only after you create the ACL and configure rules for the ACL.
If you execute this command multiple times, the most recent configuration takes effect.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Permit only the user at 2000::1 to Telnet to the device.
<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl6-ipv6-basic-2001] rule permit source 2000::1 128
[Sysname-acl6-ipv6-basic-2001] quit
[Sysname] telnet server ipv6 acl ipv6 2001
telnet server ipv6 dscp
Use telnet server ipv6 dscp to specify the DSCP value for IPv6 to use for Telnet packets sent to a Telnet client.
Use undo telnet server ipv6 dscp to restore the default.
Syntax
telnet server ipv6 dscp dscp-value
undo telnet server ipv6 dscp
Default
IPv6 uses the DSCP value 48 for Telnet packets sent to a Telnet client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
This command is not supported in FIPS mode.
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the packet transmission priority.
Examples
# Set the DSCP value for IPv6 to use for outgoing Telnet packets to 30 on a Telnet server.
<Sysname> system-view
[Sysname] telnet server ipv6 dscp 30
telnet server ipv6 port
Use telnet server ipv6 port to specify the IPv6 Telnet service port number.
Use undo telnet server ipv6 port to restore the default.
Syntax
telnet server ipv6 port port-number
undo telnet server ipv6 port
Default
The IPv6 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all Telnet connections to the IPv6 Telnet server. To use the Telnet service, you must reestablish Telnet connections.
Examples
# Set the IPv6 Telnet service port number to 1026.
<Sysname> system-view
[Sysname] telnet server ipv6 port 1026
telnet server port
Use telnet server port to specify the IPv4 Telnet service port number.
Use undo telnet server port to restore the default.
Syntax
telnet server port port-number
undo telnet server port
Default
The IPv4 Telnet service port number is 23.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port number. The value can be 23 or in the range of 1025 to 65535.
Usage guidelines
This command terminates all Telnet connections to the IPv4 Telnet server. To use the Telnet service, you must reestablish Telnet connections.
Examples
# Set the IPv4 Telnet service port number to 1025.
<Sysname> system-view
[Sysname] telnet server port 1025
terminal type
Use terminal type to specify the terminal display type.
Use undo terminal type to restore the default.
Syntax
terminal type { ansi | vt100 }
undo terminal type
Default
The terminal display type is ANSI.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
ansi: Specifies the ANSI type.
vt100: Specifies the VT100 type.
Usage guidelines
The device supports two terminal display types: ANSI and VT100. As a best practice, specify the VT100 type on both the device and the configuration terminal. If either side uses the ANSI type, a display problem might occur when a command line has more than 80 characters. For example, a cursor positioning error might occur.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A terminal display type change does not take effect for the current session. It takes effect for subsequent login sessions.
Examples
# Set the terminal display type to VT100.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] terminal type vt100
user-interface
Use user-interface to enter one or multiple user line views.
Syntax
user-interface { first-number1 [ last-number1 ] | { aux | console | vty } first-number2 [ last-number2 ] }
Views
System view
Predefined user roles
network-admin
Parameters
first-number1: Specifies the absolute number of the first user line.
last-number1: Specifies the absolute number of the last user line. This number must be greater than first-number1.
The following matrix shows the value ranges for the first-number1 argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
0 to 144 |
MSR2600-6-X1/2600-10-X1 |
0 to 144 |
MSR 2630 |
0 to 225 |
MSR3600-28/3600-51 |
0 to 225 |
MSR3600-28-SI/3600-51-SI |
0 to 144 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 417 |
MSR 3610/3620/3620-DP |
0 to 240 |
MSR 3640/3660 |
0 to 417 |
MSR5620/5660/5680 |
0 to 2399 |
Hardware |
Value range |
MSR810-LM-GL |
0 to 144 |
MSR810-W-LM-GL |
0 to 144 |
MSR830-6EI-GL |
0 to 144 |
MSR830-10EI-GL |
0 to 144 |
MSR830-6HI-GL |
0 to 144 |
MSR830-10HI-GL |
0 to 144 |
MSR2600-6-X1-GL |
0 to 144 |
MSR3600-28-SI-GL |
0 to 144 |
aux: Specifies the AUX line.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line.
first-number2: Specifies the relative number of the first user line.
last-number2: Specifies the relative number of the last user line. This number must be greater than first-number2.
The following matrix shows the value ranges for the first-number2 argument:
Hardware |
Value ranges |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· console–0 · vty–0 to 63 |
MSR2600-6-X1 |
· console–0 · vty–0 to 63 |
MSR2600-10-X1 |
· aux–0 · vty–0 to 63 |
MSR 2630 |
· aux–0 · vty–0 to 63 |
MSR3600-28/3600-51 |
· aux–0 · vty–0 to 63 |
MSR3600-28-SI/3600-51-SI |
· console–0 · vty–0 to 63 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· console–0 · vty–0 to 63 |
MSR3620-DP |
· console–0 · vty–0 to 63 |
MSR 3610/3620/3640/3660 |
· aux–0 · vty–0 to 63 |
MSR5620/5660/5680 |
· aux–0 · console–0 · vty–0 to 63 |
Hardware |
Value ranges |
MSR810-LM-GL |
· console–0 · vty–0 to 63 |
MSR810-W-LM-GL |
· console–0 · vty–0 to 63 |
MSR830-6EI-GL |
· console–0 · vty–0 to 63 |
MSR830-10EI-GL |
· console–0 · vty–0 to 63 |
MSR830-6HI-GL |
· console–0 · vty–0 to 63 |
MSR830-10HI-GL |
· console–0 · vty–0 to 63 |
MSR2600-6-X1-GL |
· console–0 · vty–0 to 63 |
MSR3600-28-SI-GL |
· console–0 · vty–0 to 63 |
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line command. As a best practice, use the line command.
To configure settings for a single user line, use this command to enter the user line view.
To configure the same settings for multiple user lines, use this command to enter multiple user line views.
Examples
# Enter the view of console line 0.
<Sysname> system-view
[Sysname] user-interface console 0
[Sysname-line-console0]
# Enter the views of VTY lines 0 to 4.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-line-vty0-4]
user-interface class
user-interface class
Use user-interface class to enter user line class view.
Syntax
user-interface class { aux | console | vty }
Views
System view
Predefined user roles
network-admin
Parameters
aux: Specifies the AUX line class view.
The following matrix shows the aux keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR3620-DP |
No |
MSR 3610/3620/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
console: Specifies the console line.
The following matrix shows the console keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR3620-DP |
Yes |
MSR 3610/3620/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
vty: Specifies the VTY line class view.
Usage guidelines
This command is an older version reserved for backward compatibility purposes. It has the same functionality and output as the line class command. As a best practice, use the line class command.
To configure the same settings for all user lines of a line class, you can use this command to enter the user line class view.
The following commands are available in user line class view:
· activation-key
· auto-execute command
· authentication-mode
· command accounting
· command authorization
· escape-key
· history-command max-size
· idle-timeout
· protocol inbound
· screen-length
· set authentication password
· shell
· terminal type
· user-role
For commands that are available in both user line view and user line class view, the device uses the following rules to determine the settings to be activated:
· A setting in user line view applies only to the user line. A setting in user line class view applies to all user lines of the class.
· A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
· A setting in user line class view does not take effect for current online users. It takes effect only for new login users.
Examples
# Set the CLI connection idle-timeout timer to 15 minutes in VTY line class view.
<Sysname> system-view
[Sysname] user-interface class vty
[Sysname-line-class-vty] idle-timeout 15
[Sysname-line-class-vty] return
# In console line class view, configure the character s as the terminal session activation key.
<Sysname> system-view
[Sysname] user-interface class console
[Sysname-line-class-console] activation-key s
[Sysname-line-class-console] quit
# In the view of console line 0, restore the default terminal session activation key.
[Sysname] user-interface console 0
[Sysname-line-console0] undo activation-key
Alternatively, you can use the following command:
[Sysname-line-console0] activation-key 13
To verify the configuration:
1. Exit the session on console line 0.
[Sysname-line-console0] return
<Sysname> quit
2. Log in again through the console line.
The following message appears:
Press ENTER to get started.
3. Press Enter.
Pressing Enter does not start a session.
4. Enter s.
A terminal session is started.
<Sysname>
Related commands
user-interface
user-role
Use user-role to assign a user role to a user line. The device assigns the user role to a user of the line when the user logs in.
Use undo user-role to remove a user role or restore the default.
Syntax
user-role role-name
undo user-role [ role-name ]
Default
A console line user is assigned the network-admin user role. Users of other user lines are assigned the network-operator user role.
Views
User line view
User line class view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Available predefined user roles include network-admin, network-operator, and level-0 to level-15. The predefined security-audit and guest-manager user roles are not supported in user line view or user line class view. If you do not specify this argument, the undo user-role command restores the default user role.
Usage guidelines
Only users assigned the network-admin or level-15 user role can execute this command. Other users cannot execute this command, even if they are granted the right to execute this command.
This command is not supported in FIPS mode.
This command is available in both user line view and user line class view. A non-default setting in either view takes precedence over a default setting in the other view. A non-default setting in user line view takes precedence over a non-default setting in user line class view.
A user role change does not take effect for the current session. It takes effect for subsequent login sessions.
You can assign up to 64 user roles to a user line.
For more information about user roles, see "Configuring RBAC."
Examples
# Assign the network-admin user role to AUX line 0.
<Sysname> system-view
[Sysname] line aux 0
[Sysname-line-aux0] user-role network-admin
FTP commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
FTP is not supported in FIPS mode.
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
FTP server commands
display ftp-server
Use display ftp-server to display FTP server configuration and status information.
Syntax
display ftp-server
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display FTP server configuration and status information.
User count: 1
Idle-timeout timer (in minutes): 30
Table 12 Command output
Field |
Description |
User count |
Number of the current logged-in users. |
Idle-timeout timer (in minutes) |
If no packet is exchanged between the FTP server and client during this period, the FTP connection is closed. |
Related commands
ftp server enable
ftp timeout
display ftp-user
Use display ftp-user to display detailed information about online FTP users.
Syntax
display ftp-user
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display detailed information about online FTP users.
<Sysname> display ftp-user
UserName HostIP Port HomeDir
root 192.168.20.184 46539 flash:
A field value is wrapped if its length exceeds the limit. The segments are left justified.
The following are the length limits for fields:
· UserName—10 characters.
· HostIP—15 characters.
· HomeDir—37 characters.
<Sysname> display ftp-user
UserName HostIP Port HomeDir
user2 2000:2000:2000: 1499 flash:/user2
2000:2000:2000:
2000:2000
administra 100.100.100.100 10001 flash:/123456789/123456789/123456789/
tor 123456789/123456789/123456789/1234567
89/123456789
Table 13 Command output
Field |
Description |
UserName |
Name of the user. |
HostIP |
IP address of the user. |
Port |
Port number of the user. |
HomeDir |
Authorized directory for the user. |
free ftp user
Use free ftp user to manually release the FTP connections established by using a specific user account.
Syntax
free ftp user username
Views
User view
Predefined user roles
network-admin
Parameters
username: Specifies a username. To display online FTP users, execute the display ftp-user command.
Examples
# Release the FTP connections established by using the user account ftpuser.
<Sysname> free ftp user ftpuser
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
free ftp user-ip
Use free ftp user-ip to manually release the FTP connections established from a specific IPv4 address.
Syntax
free ftp user-ip ip-address [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IP address of an FTP connection. To view the source IP addresses of FTP connections, execute the display ftp-user command.
port port: Specifies the source port of an FTP connection. To view the source ports of FTP connections, execute the display ftp-user command.
Examples
# Release the FTP connections established from the IP address 192.168.20.184.
<Sysname> free ftp user-ip 192.168.20.184
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
free ftp user-ip ipv6
Use free ftp user-ip ipv6 to manually release the FTP connections established from a specific IPv6 address.
Syntax
free ftp user-ip ipv6 ipv6-address [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the source IPv6 address of an FTP connection. To view the source IPv6 addresses of FTP connections, execute the display ftp-user command.
port port: Specifies the source port of an FTP connection. To view the source ports of FTP connections, execute the display ftp-user command.
Examples
# Release the FTP connections established from IPv6 address 2000::154.
<Sysname> free ftp user-ip ipv6 2000::154
Are you sure to free FTP connection? [Y/N]:y
<Sysname>
ftp server acl
Use ftp server acl to use an ACL to control IPv4 FTP clients' access to the FTP server.
Use undo ftp server acl to restore the default.
Syntax
ftp server acl { advanced-acl-number | basic-acl-number | mac mac-acl-number }
undo ftp server acl
Default
No ACL is used to control IPv4 FTP clients' access to the FTP server.
Views
System view
Predefined user roles
network-admin
Parameters
advanced-acl-number: Specifies the number of an IPv4 advanced ACL, in the range of 3000 to 3999.
basic-acl-number: Specifies the number of an IPv4 basic ACL, in the range of 2000 to 2999.
mac mac-acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.
Usage guidelines
Only IPv4 FTP clients permitted by the ACL can access the FTP server.
If any of the following conditions is met, all FTP clients can access the FTP server:
· No ACL is specified.
· The specified ACL does not exist.
· The specified ACL does not have a rule.
The ACL takes effect only for FTP connections to be established. It does not impact existing FTP connections.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only client 1.1.1.1 to access the FTP server.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule 0 permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2001] rule 1 deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ftp server acl 2001
ftp server acl ipv6
Use ftp server acl ipv6 to apply an ACL to control IPv6 FTP clients' access to the FTP server.
Use undo ftp server acl ipv6 to restore the default.
Syntax
ftp server acl ipv6 { advanced-acl-number | basic-acl-number | mac mac-acl-number }
undo ftp server acl ipv6
Default
No ACL is used to control IPv6 FTP clients' access to the FTP server.
Views
System view
Predefined user roles
network-admin
Parameters
advanced-acl-number: Specifies the number of an IPv6 advanced ACL, in the range of 3000 to 3999.
basic-acl-number: Specifies the number of an IPv6 basic ACL, in the range of 2000 to 2999.
mac mac-acl-number: Specifies the number of a Layer 2 ACL, in the range of 4000 to 4999.
Usage guidelines
Only IPv6 FTP clients permitted by the ACL can access the FTP server.
If any of the following conditions is met, all IPv6 FTP clients can access the FTP server:
· No ACL is specified.
· The specified ACL does not exist.
· The specified ACL does not have a rule.
The ACL takes effect only for FTP connections to be established. It does not impact existing FTP connections.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only IPv6 client 1:1::1:1/64 to access the FTP server.
<Sysname> system-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl-ipv6-basic-2001] rule 0 permit source 1:1::1:1 64
[Sysname-acl-ipv6-basic-2001] rule 1 deny source any
[Sysname-acl-ipv6-basic-2001] quit
[Sysname] ftp server acl ipv6 2001
ftp server acl-deny-log enable
Use ftp server acl-deny-log enable to enable logging for FTP login attempts that are denied by FTP login control ACLs.
Use undo ftp server acl-deny-log enable to disable logging for FTP login attempts that are denied by FTP login control ACLs.
Syntax
ftp server acl-deny-log enable
undo ftp server acl-deny-log enable
Default
Logging is disabled for FTP login attempts that are denied by FTP login control ACLs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Only clients permitted by the IPv4 or IPv6 FTP login control ACL can use FTP to access the device. This logging feature generates log messages for FTP login attempts that are denied by the FTP login control ACLs.
For information about log message output, see the information center in Network Management and Monitoring Configuration Guide.
Examples
# Enable logging for FTP login attempts that are denied by FTP login control ACLs.
<Sysname> system-view
[Sysname] ftp server acl-deny-log enable
Related commands
ftp server acl
ftp server acl ipv6
ftp server dscp
Use ftp server dscp to set the DSCP value for IPv4 to use for FTP packets sent to an FTP client.
Use undo ftp server dscp to restore the default.
Syntax
ftp server dscp dscp-value
undo ftp server dscp
Default
IPv4 uses the DSCP value 0 for FTP packets sent to an FTP client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the ToS field of an IP packet to indicate the transmission priority of the packet.
Examples
# Set the DSCP value for IPv4 to use for outgoing FTP packets to 30 on an FTP server.
<Sysname> system-view
[Sysname] ftp server dscp 30
ftp server enable
Use ftp server enable to enable the FTP server.
Use undo ftp server enable to disable the FTP server.
Syntax
ftp server enable
undo ftp server enable
Default
The FTP server is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the FTP server.
<Sysname> system-view
[Sysname] ftp server enable
ftp server ipv6 dscp
Use ftp server ipv6 dscp to set the DSCP value for IPv6 to use for FTP packets sent to an FTP client.
Use undo ftp server ipv6 dscp to restore the default.
Syntax
ftp server ipv6 dscp dscp-value
undo ftp server ipv6 dscp
Default
IPv6 uses the DSCP value 0 for FTP packets sent to an FTP client.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the Traffic class field of an IPv6 packet to indicate the transmission priority of the packet.
Examples
# Set the DSCP value for IPv6 to use for outgoing FTP packets to 30 on an FTP server.
<Sysname> system-view
[Sysname] ftp server ipv6 dscp 30
ftp server ssl-server-policy
Use ftp server ssl-server-policy to associate an SSL server policy with the FTP server.
Use undo ftp server ssl-server-policy to restore the default.
Syntax
ftp server ssl-server-policy policy-name
undo ftp server ssl-server-policy
Default
No SSL server policy is associated with the FTP server.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy by its name, a string of 1 to 31 characters.
Usage guidelines
After you associate an SSL server policy with the device, a client that supports SFTP will establish a secure connection to the device to ensure data security.
Examples
# Associate the SSL server policy myssl with the FTP server.
<Sysname> system-view
[Sysname] ftp server ssl-server-policy myssl
Related commands
ftp server enable
ssl server-policy (Security Command Reference)
ftp timeout
Use ftp timeout to set the FTP connection idle-timeout timer.
Use undo ftp timeout to restore the default.
Syntax
ftp timeout minute
undo ftp timeout
Default
The FTP connection idle-timeout timer is 30 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minute: Specifies a time interval in the range of 1 to 35791 minutes.
Usage guidelines
If no data transfer occurs on an FTP connection within the idle-timeout interval, the FTP server closes the FTP connection to release resources.
Examples
# Set the FTP connection idle-timeout timer to 36 minutes.
<Sysname> system-view
FTP client commands
For FTP users to execute FTP client configuration commands, you must configure authorization settings for users on the FTP server. Authorized operations include viewing the files in the working directory, reading/downloading/uploading/renaming/removing files, and creating directories.
The FTP client commands in this section are supported by the device, but whether they can be executed successfully depends on the FTP server.
The output in the examples of this section varies by FTP server type.
append
Use append to add the content of a file on the FTP client to a file on the FTP server.
Syntax
append localfile [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
localfile: Specifies a file on the FTP client.
remotefile: Specifies a file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Append the content of the local a.txt file to the b.txt file on the FTP server.
ftp> append a.txt b.txt
local: a.txt remote: b.txt
150 Connecting to port 50190
226 File successfully transferred
1657 bytes sent in 0.000736 seconds (2.15 Mbyte/s)
ascii
Use ascii to set the file transfer mode to ASCII.
Syntax
ascii
Default
The file transfer mode is binary.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
FTP transfers files in either of the following modes:
· Binary mode—Transfers non-text files.
· ASCII mode—Transfers text files.
When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode. The transfer mode is binary by default.
Examples
# Set the file transfer mode to ASCII.
ftp> ascii
200 TYPE is now ASCII
Related commands
binary
binary
Use binary to set the file transfer mode to binary, which is also called the flow mode.
Syntax
binary
Default
The file transfer mode is binary.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
FTP transfers files in either of the following modes:
· Binary mode—Transfers program file or pictures.
· ASCII mode—Transfers text files.
When the device acts as the FTP server, the transfer mode is determined by the FTP client. When the device acts as the FTP client, you can set the transfer mode. The default transfer mode is binary.
Examples
# Set the file transfer mode to binary.
ftp> binary
200 TYPE is now 8-bit binary
Related commands
ascii
bye
Use bye to terminate the connection to the FTP server and return to user view. If no connection is established between the device and the FTP server, use this command to return to user view.
Syntax
bye
Views
FTP client view
Predefined user roles
network-admin
Examples
# Terminate the connection to the FTP server and return to user view.
ftp> bye
221-Goodbye. You uploaded 2 and downloaded 2 kbytes.
221 Logout.
<Sysname>
Related commands
quit
cd
Use cd to change the current working directory to another directory on the FTP server.
Syntax
cd { directory | .. | / }
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies the target directory. If the target directory does not exist, the cd command does not change the current working directory.
..: Specifies the upper directory. Executing the cd .. command is the same as executing the cdup command. If the current working directory is the FTP root directory, the cd .. command does not change the current working directory.
/: Specifies the FTP root directory.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
The directory that can be accessed must be authorized by the FTP server.
Examples
# Change the working directory to the subdirectory logfile of the current directory.
ftp> cd logfile
250 OK. Current directory is /logfile
# Change the working directory to the subdirectory folder of the FTP root directory.
ftp> cd /folder
250 OK. Current directory is /folder
# Change the working directory to the upper directory of the current directory.
ftp> cd ..
250 OK. Current directory is /
# Change the working directory to the FTP root directory.
ftp> cd /
250 OK. Current directory is /
Related commands
cdup
pwd
cdup
Use cdup to enter the upper directory of the FTP server.
Syntax
cdup
Views
FTP client view
Predefined user roles
network-admin
You can perform this operation only after you log in to the FTP server.
This command does not change the working directory if the current directory is the FTP root directory.
Examples
# Change the working directory to the upper directory.
ftp> pwd
257 "/ftp/subdir" is your current location
ftp> cdup
250 OK. Current directory is /ftp
ftp> pwd
257 "/ftp" is your current location
Related commands
cd
pwd
close
Use close to terminate the connection to the FTP server without exiting FTP client view.
Syntax
close
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Terminate the connection to the FTP server without exiting the FTP client view.
ftp> close
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
ftp>
Related commands
disconnect
debug
Use debug to enable or disable FTP client debugging.
Syntax
debug
Default
FTP client debugging is disabled.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
When FTP client debugging is enabled, executing this command disables FTP client debugging.
When FTP client debugging is disabled, executing this command enables FTP client debugging.
Examples
# Enable and then disable FTP client debugging.
ftp> debug
Debugging on (debug=1).
ftp> debug
Debugging off (debug=0).
delete
Use delete to permanently delete a file from the FTP server.
Syntax
delete remotefile
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To perform this operation, you must have delete permission on the FTP server.
Examples
# Delete file b.txt.
ftp> delete b.txt
250 Deleted b.txt
dir
Use dir to display detailed information about the files and subdirectories in the current directory on the FTP server.
Use dir remotefile to display detailed information about a file or directory on the FTP server.
Use dir remotefile localfile to save detailed information about a file or directory on the FTP server to a local file.
Syntax
dir [ remotefile [ localfile ] ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file or directory on the FTP server.
localfile: Specifies the name of the local file used to save the displayed information.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
In FTP client view, executing the dir command is the same as executing the ls command.
Examples
# Display detailed information about the files and subdirectories in the current directory on the FTP server.
ftp> dir
227 Entering Passive Mode (168,32,44,12,29,83)
150 Accepted data connection
-rwxr-xr-x 1 0 0 1481 Jul 7 15:36 a.txt
drwxr-xr-x 2 0 0 8192 Jul 2 14:33 diagfile
drwxr-xr-x 3 0 0 8192 Jul 7 15:21 ftp
drwxr-xr-x 2 0 0 8192 Jul 5 09:15 logfile
drwxr-xr-x 2 0 0 8192 Jul 2 14:33 seclog
-rwxr-xr-x 1 0 0 40808448 Jul 2 14:33 simware-cmw710-sys
tem-a1801.bin
-rwxr-xr-x 1 0 0 3050 Jul 7 12:26 startup.cfg
-rwxr-xr-x 1 0 0 54674 Jul 4 09:24 startup.mdb
-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 x.cfg
226 9 matches total
# Save detailed information about the file a.txt to s.txt.
ftp> dir a.txt s.txt
output to local-file: s.txt ? [Y/N]y
227 Entering Passive Mode (168,32,44,12,184,116)
150 Accepted data connection
226 1 matches total
# Display the content of the file s.txt.
ftp> bye
221-Goodbye. You uploaded 0 and downloaded 2 kbytes.
221 Logout.
<Sysname> more s.txt
-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 a.txt
Related commands
ls
disconnect
Use disconnect to terminate the connection to the FTP server without exiting FTP client view.
Syntax
disconnect
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Terminate the connection to the FTP server without exiting the FTP client view.
ftp> disconnect
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
ftp>
Related commands
close
display ftp client source
Use display ftp client source to display the source address settings on the FTP client.
Syntax
display ftp client source
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the source address settings on the FTP client.
<Sysname> display ftp client source
The source IP address of the FTP client is 1.1.1.1.
The source IPv6 address of the FTP client is 2001::1.
ftp
Use ftp to log in to an FTP server and enter FTP client view.
Syntax
ftp [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] ] *
Views
User view
Predefined user roles
network-admin
Parameters
ftp-server: Specifies the IPv4 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default is 21.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the FTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the FTP server belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv4 to use in outgoing FTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address used to establish the FTP connection.
· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. To establish the FTP connection successfully, make sure the interface is up and has the primary IPv4 address configured.
· ip source-ip-address: Specifies an IPv4 address. To establish the FTP connection successfully, make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
This command is only applicable to IPv4 networks.
If no parameters are specified, this command enters the FTP client view without logging in to an FTP server.
If the server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.
Examples
# Log in to the FTP server 192.168.0.211. Use the source IPv4 address of 192.168.0.212 for outgoing FTP packets.
<Sysname> ftp 192.168.0.211 source ip 192.168.0.212
Press CTRL+C to abort.
Connected to 192.168.0.211 (192.168.0.211).
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User (192.168.0.211:(none)): abc
331 Give me your password, please
Password:
230 Logged in successfully
Remote system type is MSDOS.
ftp>
ftp client ipv6 source
Use ftp client ipv6 source to specify the source IPv6 address for FTP packets sent to an IPv6 FTP server.
Use undo ftp client ipv6 source to restore the default.
Syntax
ftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }
undo ftp client ipv6 source
Default
No source address is specified for FTP packets sent to an IPv6 FTP server. The device selects a source IPv6 address as defined in RFC 3484.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful FTP packet transmission, make sure the interface is up and is configured with an IPv6 address.
ipv6 source-ipv6-address: Specifies an IPv6 address. For successful FTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the ftp ipv6 command takes precedence over the source address specified with the ftp client ipv6 source command.
The source address specified with the ftp client ipv6 source command applies to all FTP connections. The source address specified with the ftp ipv6 command applies only to the FTP connection that is being established.
Examples
# Specify the source IPv6 address of 2000::1 for FTP packets sent to an IPv6 FTP server.
<Sysname> system–view
[Sysname] ftp client ipv6 source ipv6 2000::1
Related commands
ftp ipv6
ftp client source
Use ftp client source to specify the source IPv4 address for FTP packets sent to an IPv4 FTP server.
Use undo ftp client source to restore the default.
Syntax
ftp client source { interface interface-type interface-number | ip source-ip-address }
undo ftp client source
Default
No source IPv4 address is specified for FTP packets sent to an IPv4 FTP server. The device uses the primary IPv4 address of the output interface for the route to the server as the source address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. For successful FTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.
ip source-ip-address: Specifies an IPv4 address. For successful FTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the ftp command takes precedence over the source address specified with the ftp client source command.
The source address specified with the ftp client source command applies to all FTP connections. The source address specified with the ftp command applies only to the FTP connection that is being established.
Examples
# Specify the source IPv4 address of 192.168.20.222 for FTP packets sent to an IPv4 FTP server.
<Sysname> system-view
[Sysname] ftp client source ip 192.168.20.222
Related commands
ftp
ftp ipv6
Use ftp ipv6 to log in to an FTP server and enter FTP client view.
Syntax
ftp ipv6 [ ftp-server [ service-port ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { ipv6 source-ipv6-address | interface interface-type interface-number } ] * [ -i interface-type interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
ftp-server: Specifies the IPv6 address or host name of an FTP server. A host name can be a case-insensitive string of 1 to 253 characters. Valid characters for a host name include letters, digits, hyphens (-), underscores (_), and dots (.).
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default is 21.
dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing FTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.
source { ipv6 source-ipv6-address | interface interface-type interface-number }: Specifies the source address used to establish the FTP connection.
· interface interface-type interface-number: Specifies an interface by its type and number. This option can be used only when the TFTP server address is a link local address and the specified output interface has a link local address. For information about link local addresses, see Layer 3—IP Services Configuration Guide.
· ipv6 source-ipv6-address: Specifies an IPv6 address. To establish the FTP connection successfully, make sure this address is the IPv6 address of an interface in up state on the device.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the FTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the FTP server belongs to the public network, do not specify this option.
-i interface-type interface-number: Specifies an output interface by its type and number. This option can be used only when the FTP server address is a link local address and the specified output interface has a link local address.
Usage guidelines
This command is only applicable to IPv6 networks.
If no parameters are specified, this command enters the FTP client view.
If the FTP server parameters are specified, you are prompted to enter the username and password for logging in to the FTP server.
Examples
# Log in to the FTP server 2000::154.
<Sysname>ftp ipv6 2000::154
Press CTRL+C to abort.
Connected to 2000::154 (2000::154).
220 FTP service ready.
User (2000::154): root
331 Password required for root.
Password:
230 User logged in
Remote system type is H3C
get
Use get to download a file from the FTP server and save the file.
Syntax
get remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies the file to be downloaded.
localfile: Specifies a name for the downloaded file. If you do not specify this argument, the system uses the name of the source file.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To save the downloaded file to the working directory accessed by the ftp command, perform one of the following tasks:
· Execute the command without specifying the localfile argument.
· Specify a file name without any path information for the localfile argument, for example, a.cfg.
To save the downloaded file to some other directory, you must specify a fully qualified file name for the localfile argument, for example, flash:/subdirectory/a.cfg.
Examples
# Download a file to the local working directory. Save the file as b.txt.
ftp> get a.txt b.txt
local: b.txt remote: a.txt
150 Connecting to port 47457
226 File successfully transferred
1569 bytes received in 0.00527 seconds (290.6 kbyte/s)
# Download a file to a subdirectory of the local working directory. Save the file as b.txt.
ftp> get a.txt flash:/test/b.txt
local: flash:/test/b.txt remote: a.txt
150 Connecting to port 47457
226 File successfully transferred
1569 bytes received in 0.00527 seconds (290.6 kbyte/s)
# (Distributed devices in standalone mode.) Download a file to the root directory of the flash memory on the standby MPU (in slot 1). Save the file as c.txt.
ftp> get a.txt slot1#flash:/c.txt
local: slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
# (Centralized devices in IRF mode.) Download a file to the root directory of the flash memory on member device 1. Save the file as c.txt.
ftp> get a.txt slot1#flash:/c.txt
local: slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
# (Distributed devices in IRF mode.) Download a file to the root directory of the flash memory on the MPU that resides in slot 1 of member device 1. Save the file as c.txt.
ftp> get a.txt chassis1#slot1#flash:/c.txt
local: chassis1#slot1#flash:/c.txt remote: a.txt
150 Connecting to port 47460
226 File successfully transferred
1569 bytes received in 0.0564 seconds (27.2 kbyte/s)
Related commands
put
help
Use help to display all commands supported by the FTP client.
Use help command-name to display the help information for a command.
Syntax
help [ command-name ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
command-name: Specifies a command supported by the FTP client.
Usage guidelines
In FTP client view, executing the help command is the same as entering ?.
Examples
# Display all commands supported by the FTP client.
ftp> help
append delete ls quit rmdir
ascii debug mkdir reget status
binary dir newer rstatus system
bye disconnect open rhelp user
cd get passive rename verbose
cdup help put reset ?
close lcd pwd restart
# Display the help information for the dir command.
ftp> help dir
dir list contents of remote directory
Related commands
?
lcd
Use lcd to display the local working directory of the FTP client.
Use lcd directory to change the local working directory of the FTP client to the specified directory.
Use lcd / to change the local working directory of the FTP client to the local root directory.
Syntax
lcd [ directory | / ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies a local directory of the FTP client. There must be a slash sign (/) before the name of the storage medium, for example, /flash:/logfile.
/: Specifies the root directory of the FTP client.
Examples
# Display the local working directory.
ftp> lcd
Local directory now /flash:
# Change the local working directory to flash:/logfile.
ftp> lcd /flash:/logfile
Local directory now /flash:/logfile
ls
Use ls to display detailed information about the files and subdirectories in the current directory on the FTP server.
Use ls remotefile to display detailed information about a file or directory on the FTP server.
Use ls remotefile localfile to save detailed information about a file or directory on the FTP server to a local file.
Syntax
ls [ remotefile [ localfile ] ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file or directory on the FTP server.
localfile: Specifies the name of the local file used to save the displayed information.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
In FTP client view, executing the ls command is the same as executing the dir command.
Examples
# Display detailed information about the files and subdirectories in the current directory on the FTP server.
ftp> ls
227 Entering Passive Mode (168,32,44,12,229,241)
150 Accepted data connection
-rwxr-xr-x 1 0 0 1481 Jul 7 15:36 a.txt
drwxr-xr-x 2 0 0 8192 Jul 2 14:33 diagfile
drwxr-xr-x 3 0 0 8192 Jul 7 15:21 ftp
drwxr-xr-x 2 0 0 8192 Jul 5 09:15 logfile
drwxr-xr-x 2 0 0 8192 Jul 2 14:33 seclog
-rwxr-xr-x 1 0 0 40808448 Jul 2 14:33 simware-cmw710-sys
tem-a1801.bin
-rwxr-xr-x 1 0 0 3050 Jul 7 12:26 startup.cfg
-rwxr-xr-x 1 0 0 54674 Jul 4 09:24 startup.mdb
-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 x.cfg
226 9 matches total
# Save detailed information about the file a.txt to s.txt.
ftp> ls a.txt s.txt
output to local-file: s.txt ? [Y/N]y
227 Entering Passive Mode (168,32,44,12,48,140)
150 Accepted data connection
226 1 matches total
# Display the content of the file s.txt.
ftp> bye
221-Goodbye. You uploaded 0 and downloaded 2 kbytes.
221 Logout.
<Sysname> more s.txt
-rwxr-xr-x 1 0 0 1481 Jul 7 12:34 a.txt
Related commands
dir
mkdir
Use mkdir to create a subdirectory in the current directory on the FTP server.
Syntax
mkdir directory
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies the name for the directory to be created.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
You must have permission to perform this operation on the FTP server.
Examples
# Create the subdirectory newdir in the current directory of the FTP server.
ftp> mkdir newdir
257 "newdir" : The directory was successfully created
newer
Use newer to update a local file by using a file on the FTP server.
Syntax
newer remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a file on the FTP server.
localfile: Specifies the local file to be updated.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
If the local file does not exist, this command downloads the file from the FTP server and saves it locally.
If the file on the FTP server is not newer than the local file, this command does not update the local file.
Examples
# Update the local file with the file a.txt on the FTP server.
ftp> newer a.txt
local: a.txt remote: a.txt
150 Connecting to port 63513
226 File successfully transferred
1573 bytes received in 0.0293 seconds (52.3 kbyte/s)
open
Use open to log in to an FTP server from FTP client view.
Syntax
open server-address [ service-port ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
server-address: Specifies the IPv4 address, IPv6 address, or host name of the FTP server.
service-port: Specifies the TCP port number of the FTP server, in the range of 0 to 65535. The default is 21.
Usage guidelines
After you issue this command, the system will prompt you to enter the username and password.
After you log in to one FTP server, you must disconnect from the server before you can use the open command to log in to another server.
Examples
# In FTP client view, log in to the FTP server 192.168.40.7.
<Sysname> ftp
ftp> open 168.32.44.12
Press CTRL+C to abort.
Connected to 168.32.44.12 (168.32.44.12).
220 FTP service ready.
User (168.32.44.12:(none)): administrators
331 Password required for administrators.
Password:
230 User logged in.
Remote system type is H3C.
ftp>
passive
Use passive to change the FTP operation mode.
Syntax
passive
Default
The FTP operation mode is passive.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
FTP can operate in either of the following modes:
· Active mode—The FTP server initiates the TCP connection.
· Passive mode—The FTP client initiates the TCP connection.
When the FTP operation mode is passive, executing this command changes the mode to active.
When the FTP operation mode is active, executing this command changes the mode to passive.
This command is typically used together with a firewall to control FTP session establishment between private network users and public network users.
Examples
# Change the FTP operation mode to passive.
ftp> passive
Passive mode on.
ftp> passive
Passive mode off.
put
Use put to upload a file from the FTP client to the FTP server.
Syntax
put localfile [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
localfile: Specifies the local file to be uploaded.
remotefile: Specifies the name of the file for saving the uploaded file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To upload a file in the current working directory, specify a file name without the path for the localfile argument, for example, a.cfg.
To upload a file in some other directory, specify a fully qualified file name for the localfile argument, for example, flash:/subdirectory/a.cfg.
Examples
# Upload a file from the local working directory to the FTP server. Save the file as b.txt.
ftp> put a.txt b.txt
local: a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# Upload a file from a subdirectory of the local working directory to the FTP server. Save the file as b.txt.
ftp> put flash:/test/a.txt b.txt
local: flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Distributed devices in standalone mode.) Upload a file from the standby MPU (in slot 1) to the FTP server. Save the file as b.txt.
ftp> put slot1#flash:/test/a.txt b.txt
local: slot1#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Centralized devices in IRF mode.) Upload a file from member device 2 to the FTP server. Save the file as b.txt.
ftp> put slot2#flash:/test/a.txt b.txt
local: slot2#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
# (Distributed devices in IRF mode.) Upload a file from a global standby MPU (in slot 1 of member device 1) to the FTP server. Save the file as b.txt.
ftp> put chassis1#slot1#flash:/test/a.txt b.txt
local: chassis1#slot1#flash:/test/a.txt remote: b.txt
150 Connecting to port 47461
226 File successfully transferred
1569 bytes sent in 0.000671 seconds (2.23 Mbyte/s)
Related commands
get
pwd
Use pwd to display the currently accessed directory on the FTP server.
Syntax
pwd
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the currently accessed directory on the FTP server.
ftp> cd subdir
250 OK. Current directory is /subdir
ftp> pwd
257 "/subdir" is your current location
quit
Use quit to terminate the connection to the FTP server and return to user view.
Syntax
quit
Views
FTP client view
Predefined user roles
network-admin
Examples
# Terminate the connection to the FTP server and return to user view.
ftp> quit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
<Sysname>
Related commands
bye
reget
Use reget to get the missing part of a file from the FTP server.
Syntax
reget remotefile [ localfile ]
Views
FTP client view
Predefined user roles
network-admin
network-operator
Parameters
remotefile: Specifies a file on the FTP server.
localfile: Specifies a local file.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
If a file download is not completed due to network or storage space problems, use this command to get the part that has not been downloaded yet.
Examples
# Get the part of the a.txt file that has not been downloaded yet.
ftp> reget a.txt
local: s.bin remote: s.bin
350 Restarting at 1749706
150-Connecting to port 47429
150 38143.3 kbytes to download
226 File successfully transferred
39058742 bytes received in 66.2 seconds (576.1 kbyte/s)
rename
Use rename to rename a file.
Syntax
rename [ oldfilename [ newfilename ] ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
oldfilename: Specifies the original file name.
newfilename: Specifies the new file name.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Rename the file a.txt as b.txt.
· Method 1:
ftp> rename
(from-name) a.txt
(to-name) b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
· Method 2:
ftp> rename a.txt
(to-name) b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
· Method 3:
ftp> rename a.txt b.txt
350 RNFR accepted - file exists, ready for destination
250 File successfully renamed or moved
reset
Use reset to clear the reply information received from the FTP server in the buffer.
Syntax
reset
Views
FTP client view
Predefined user roles
network-admin
Examples
# Clear the reply information received from the FTP server.
ftp> reset
restart
Use restart to specify the file retransmission offset.
Syntax
restart marker
Views
FTP client view
Predefined user roles
network-admin
Parameters
marker: Specifies the retransmission offset, in bytes.
Usage guidelines
The file retransmission starts from the (offset+1)th byte.
You can perform this operation only after you log in to the FTP server.
Support for this command depends on the FTP server.
Examples
# Set retransmission offset to 2 bytes and retransmit the file h.c. The file has 82 bytes in total.
ftp> restart 2
restarting at 2. execute get, put or append to initiate transfer
ftp> put h.c h.c
local: h.c remote: h.c
350 Restart position accepted (2).
150 Ok to send data.
226 File receive OK.
80 bytes sent in 0.000445 seconds (175.6 kbyte/s)
ftp> dir
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 80 Jul 18 02:58 h.c
rhelp
Use rhelp to display the FTP commands supported by the FTP server.
Use rhelp protocol-command to display the help information for an FTP command supported by the FTP server.
Syntax
rhelp [ protocol-command ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
protocol-command: Specifies an FTP command.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the FTP-related commands supported by the FTP server.
ftp> rhelp
214-The following FTP commands are recognized
USER PASS NOOP QUIT SYST TYPE
HELP CWD XCWD PWD CDUP XCUP
XPWD LIST NLST MLSD PORT EPRT
PASV EPSV REST RETR STOR APPE
DELE MKD XMKD RMD XRMD ABOR
SIZE RNFR RNTO
214 UNIX Type: L8
Table 14 Command output
Field |
Description |
USER |
Username, corresponding to the xx command in FTP client view. |
PASS |
Password. |
NOOP |
Null operation. |
SYST |
System parameters. |
TYPE |
Request type. |
CWD |
Changes the current working directory. |
XCWD |
Extended command with the meaning of CWD. |
PWD |
Prints the working directory. |
CDUP |
Changes the directory to the upper directory. |
XCUP |
Extended command with the meaning of CDUP. |
XPWD |
Extended command with the meaning of PWD. |
LIST |
Lists files. |
NLST |
Lists brief file description. |
MLSD |
Lists file content. |
PORT |
Active mode (IPv4). |
EPRT |
Active mode (IPv6). |
PASV |
Passive mode (IPv4). |
EPSV |
Passive mode (IPv6). |
REST |
Restarts. |
RETR |
Downloads files. |
STOR |
Uploads files. |
APPE |
Appends uploading. |
DELE |
Deletes files. |
MKD |
Creates folders. |
XMKD |
Extended command with the meaning of MKD. |
RMD |
Deletes folders. |
XRMD |
Extended command with the meaning of RMD. |
ABOR |
Aborts the transmission. |
SIZE |
Size of the transmission file. |
RNFR |
Original name. |
RNTO |
New name. |
rmdir
Use rmdir to permanently delete a directory from the FTP server.
Syntax
rmdir directory
Views
FTP client view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
To perform this operation, you must have delete permission on the FTP server.
Delete all files and subdirectories in a directory before you delete the directory. For more information about how to delete files, see the delete command.
Executing the rmdir command does not delete the files of the specified directory from the recycle bin.
Examples
# Delete the empty directory subdir1.
ftp>rmdir subdir1
250 The directory was successfully removed
Related commands
delete
rstatus
Use rstatus to display FTP server status.
Use rstatus remotefile to display detailed information about a directory or file on the FTP server.
Syntax
rstatus [ remotefile ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
remotefile: Specifies a directory or file on the FTP server.
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Support for this command depends on the FTP server.
Examples
# Display FTP server status.
ftp> rstatus
211-FTP server status:
Connected to 192.168.20.177
Logged in as root
TYPE: ASCII
No session bandwidth limit
Session timeout in seconds is 300
Control connection is plain text
Data connections will be plain text
At session startup, client count was 1
vsFTPd 2.0.6 - secure, fast, stable
211 End of status
Table 15 Command output
Filed |
Description |
211-FTP server status: |
Beginning of the display of FTP server status, where 211 specifies the FTP command. |
Connected to 192.168.20.177 |
IP address of the FTP client. |
Logged in as root |
Login username root. |
TYPE: ASCII |
File transfer mode ASCII. |
Session timeout in seconds is 300 |
FTP connection idle-timeout interval is 300 seconds. |
Control connection is plain text |
Control connection type is plain text. |
Data connections will be plain text |
Data connection type is plain text. |
At session startup, client count was 1 |
FTP connection number is 1. |
vsFTPd 2.0.6 - secure, fast, stable |
FTP version is 2.0.6. |
211 End of status |
End of the display of FTP server status. |
# Display the file a.txt.
ftp> rstatus a.txt
213-Status follows:
-rw-r--r-- 1 0 0 80 Jul 18 02:58 a.txt
213 End of status
Table 16 Command output
Field |
Description |
213-Status follows: |
Beginning of the display of the file, where 213 specifies the FTP command. |
-rw-r--r-- |
The first bit specifies the file type. · -—Common. · B—Block. · c—Character. · d—Directory. · l—Symbol connection file. · p—Pipe. · s—socket. The second bit through the tenth bit are divided into three groups. Each group contains three characters, representing the access permission of the owner, group, and other users. · -—No permission. · r—Read permission. · w—Write permission. · x—Execution permission. |
1 |
Number of connections. |
0 |
Name of the file owner. |
0 |
Group number of the file owner. |
80 |
File size, in bytes. |
Jul 18 02:58 |
Date and time when the file was most recently modified. |
a.txt |
File name. |
213 End of status |
End of the display of the file information. |
status
Use status to display FTP status.
Syntax
status
Views
FTP client view
Predefined user roles
network-admin
Examples
# Display FTP status.
ftp> status
Connected to 192.168.1.56.
No proxy connection.
Not using any security mechanism.
Mode: stream; Type: ascii; Form: non-print; Structure: file
Verbose: on; Bell: off; Prompting: on; Globbing: off
Store unique: off; Receive unique: off
Case: off; CR stripping: on
Ntrans: off
Nmap: off
Hash mark printing: off; Use of PORT cmds: on
Table 17 Command output
Field |
Description |
Connected to 192.168.1.56. |
IP address of the FTP server that is connected to the FTP client. |
Verbose: on; Bell: off; Prompting: on; Globbing: off |
Displays debugging information. |
Store unique: off; Receive unique: off |
The name of the file on the FTP server is unique and the name of the local file is unique. |
Case: off; CR stripping: on |
Does not support obtaining multiple files once and deletes "\r" when downloading text files. |
Ntrans: off |
Does not use the input-output transmission table. |
Nmap: off |
The file name does not use the input-to-output mapping template. |
Hash mark printing: off; Use of PORT cmds: on |
Does not end with a pound sign (#) and uses "PORT" data transmission. |
system
Use system to display the system information of the FTP server.
Syntax
system
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
You can perform this operation only after you log in to the FTP server.
Examples
# Display the system information of the FTP server.
ftp> system
215 UNIX Type: L8
user
Use user to initiate an FTP authentication on the current FTP connection.
Syntax
user username [ password ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
username: Specifies the username.
password: Specifies the password.
Usage guidelines
If you tried to access an FTP server but failed to pass the authentication, you can use this command to try again before the connection to the FTP server expires.
After you log in to an FTP server, you can initiate an FTP authentication to change to a new account. By changing to a new account, you can get a different privilege without re-establishing the FTP connection.
Make sure the specified username and password have been configured on the FTP server. If the username or password is not configured, this command fails and the FTP connection is closed.
Examples
# After logging in to the FTP server, use the username ftp and password 123456 to log in again to the FTP server.
· Method 1:
ftp> user ftp 123456
331 Password required for ftp.
230 User logged in.
· Method 2:
ftp> user ftp
331 Password required for ftp.
Password:
230 User logged in.
verbose
Use verbose to enable or disable the device to display detailed information about FTP operations.
Syntax
verbose
Default
The device displays detailed information about FTP operations.
Views
FTP client view
Predefined user roles
network-admin
Usage guidelines
This command affects only the current FTP session.
Examples
# Disable the device from displaying detailed information about FTP operations.
ftp> verbose
Verbose mode off.
# Execute the get command.
ftp> get a.cfg 1.cfg
# Enable the device to display detailed information about FTP operations.
ftp> verbose
Verbose mode on.
# Execute the get command.
ftp> get a.cfg 2.cfg
227 Entering Passive Mode (192,168,1,58,68,14)
150-Accepted data connection
150 The computer is your friend. Trust the computer
226 File successfully transferred
3796 bytes received in 0.00762 seconds (486.5 kbyte/s)
?
Use ? to display all commands supported by an FTP client.
Use ? command-name to display the help information for a command.
Syntax
? [ command-name ]
Views
FTP client view
Predefined user roles
network-admin
Parameters
command-name: Specifies a command supported by the FTP client.
Usage guidelines
In FTP client view, entering ? is the same as executing the help command.
Examples
# Display all commands supported by the FTP client.
ftp> ?
Commands may be abbreviated. Commands are:
append delete ls quit rmdir
ascii debug mkdir reget status
binary dir newer rstatus system
bye disconnect open rhelp user
cd get passive rename verbose
cdup help put reset ?
close lcd pwd restart
# Display the help information for the dir command.
ftp> ? dir
dir list contents of remote directory
Related commands
help
TFTP commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
TFTP is not supported in FIPS mode.
tftp
Use tftp to download a file from a TFTP server or upload a file to a TFTP server in an IPv4 network.
Syntax
tftp tftp-server { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ip source-ip-address } ] *
Views
User view
Predefined user roles
network-admin
Parameters
tftp-server: Specifies the IPv4 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).
get: Downloads a file and writes the file directly to the destination folder. If the destination folder already has a file with the same name, the system deletes the existing file before starting the download operation. The existing file is permanently deleted even if the download operation fails.
put: Uploads a file.
sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file with the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.
source-filename: Specifies the source file name, a case-insensitive string of 1 to 1 to 255 characters.
destination-filename: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the TFTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the TFTP server belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv4 to use for outgoing TFTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ip source-ip-address }: Specifies the source address for outgoing TFTP packets. If you do not specify this option, the device uses the primary IPv4 address of the output interface for the route to the TFTP server as the source address.
· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source IPv4 address. For successful TFTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.
· ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.
The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the current TFTP connection.
Examples
# Download the new.bin file from the TFTP server at 192.168.1.1 and save it as new.bin.
<Sysname> tftp 192.168.1.1 get new.bin
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13.9M 100 13.9M 0 0 1206k 0 0:00:11 0:00:11 --:--:-- 1206k
Writing file...Done.
<Sysname>
Field |
Description |
% |
Percentage of file transmission progress. |
Total |
Size of files to be transmitted, in bytes. |
% |
Percentage of received file size to total file size. |
Received |
Received file size, in bytes. |
% |
Percentage of sent file size to total file size. |
Xferd |
Sent file size, in bytes. |
Average Dload |
Average download speed, in bps. |
Speed Upload |
Average upload speed, in bps. |
Writing file… |
The system was writing the downloaded file to the storage medium. This field is displayed only when the get or sget keyword is specified. If the operation succeeded, this command displays Done at the end of this field. If the operation failed, this command displays Failed. |
Related commands
tftp client source
tftp client ipv6 source
Use tftp client ipv6 source to specify the source IPv6 address for TFTP packets sent to an IPv6 TFTP server.
Use undo tftp client ipv6 source to restore the default.
Syntax
tftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address }
undo tftp client ipv6 source
Default
No source address is specified for TFTP packets sent to an IPv6 TFTP server. The device selects a source IPv6 address as defined in RFC 3484.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source address. For successful TFTP packet transmission, make sure the interface is up and is configured with an IPv6 address.
ipv6 source-ipv6-address: Specifies an IPv6 address . For successful TFTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the tftp ipv6 command takes precedence over the source address specified with the tftp client ipv6 source command.
The source address specified with the tftp client ipv6 source command applies to all TFTP connections. The source address specified with the tftp ipv6 command applies only to the TFTP connection that is being established.
Examples
# Specify the source IPv6 address of 2000::1 for TFTP packets sent to an IPv6 TFTP server.
<Sysname> system–view
[Sysname] tftp client ipv6 source ipv6 2000::1
tftp ipv6
tftp client source
Use tftp client source to specify the source IPv4 address for TFTP packets sent to an IPv4 TFTP server.
Use undo tftp client source to restore the default.
Syntax
tftp client source { interface interface-type interface-number | ip source-ip-address }
undo tftp client source
Default
No source IPv4 address is specified for TFTP packets sent to an IPv4 TFTP server. The device uses the primary IPv4 address of the output interface for the route to the server as the source address.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's primary IPv4 address as the source address. For successful TFTP packet transmission, make sure the interface is up and has the primary IPv4 address configured.
ip source-ip-address: Specifies an IPv4 address. For successful TFTP packet transmission, make sure this address is the IPv4 address of an interface in up state on the device.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
The source address specified with the tftp command takes precedence over the source address specified with the tftp client source command.
The source address specified with the tftp client source command applies to all TFTP connections. The source address specified with the tftp command applies only to the TFTP connection that is being established.
Examples
# Specify the source IP address of 192.168.20.222 for TFTP packets sent to an IPv6 TFTP server..
<Sysname> system-view
[Sysname] tftp client source ip 192.168.20.222
Related commands
tftp
tftp ipv6
Use tftp ipv6 to download a file from a TFTP server or upload a file to a TFTP server in an IPv6 network.
Syntax
tftp ipv6 tftp-server [ -i interface-type interface-number ] { get | put | sget } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ dscp dscp-value | source { interface interface-type interface-number | ipv6 source-ipv6-address } ] *
Views
User view
Predefined user roles
network-admin
Parameters
tftp-server: Specifies the IPv6 address or host name of a TFTP server. The host name can be a case-insensitive string of 1 to 253 characters and can contain only letters, digits, hyphens (-), underscores (_), and dots (.).
-i interface-type interface-number: Specifies an output interface by its type and number. This option can be used only when the TFTP server address is a link local address and the specified output interface has a link local address. For information about link local addresses, see Layer 3—IP Services Configuration Guide.
get: Downloads a file and writes the file directly to the destination folder. If the destination folder already has a file with the same name, the system deletes the existing file before starting the download operation. The existing file is permanently deleted even if the download operation fails.
put: Uploads a file.
sget: Downloads a file and saves the file to memory before writing it to the destination folder. The system starts to write the file to the destination folder only after the file is downloaded and saved to memory successfully. If the destination folder already has a file using the same name, the system overwrites the existing file. If the download or save-to-memory operation fails, the existing file in the destination folder is not overwritten.
source-file: Specifies the source file name, a case-insensitive string of 1 to 255 characters.
destination-file: Specifies the destination file name, a case-insensitive string of 1 to 255 characters. If this argument is not specified, the file uses the source file name.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the TFTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the TFTP server belongs to the public network, do not specify this option.
dscp dscp-value: Specifies the DSCP value for IPv6 to use in outgoing TFTP packets to indicate the packet transmission priority. The value range is 0 to 63. The default is 0.
source { interface interface-type interface-number | ipv6 source-ipv6-address }: Specifies the source address for outgoing TFTP packets. If you do not specify this option, the device uses the primary IPv6 address of the route for the route to the TFTP server as the source address.
· interface interface-type interface-number: Specifies an interface by its type and number. The device will use the interface's IPv6 address as the source IPv6 address. For successful TFTP packet transmission, make sure the interface is up and is configured with an IPv6 address.
· ipv6 source-ipv6-address: Specifies an IPv6 address. For successful TFTP packet transmission, make sure this address is the IPv6 address of an interface in up state on the device.
Usage guidelines
The source address specified with the tftp ipv6 command takes precedence over the source address specified with the tftp client ipv6 source command.
The source address specified with the tftp client ipv6 source command applies to all TFTP connections. The source address specified with the tftp ipv6 command applies only to the current TFTP connection.
Examples
# Download the new.bin file from the TFTP server at 2001::1 and save it as new.bin.
<Sysname> tftp ipv6 2001::1 get new.bin new.bin
Press CTRL+C to abort.
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13.9M 100 13.9M 0 0 1206k 0 0:00:11 0:00:11 --:--:-- 1206k
Writing file...Done.
For more information about the command output, see Table 18.
tftp-server acl
Use tftp-server acl to use an ACL to control the device's access to TFTP servers in an IPv4 network.
Use undo tftp-server acl to restore the default.
Syntax
tftp-server acl acl-number
undo tftp-server acl
Default
No ACL is used to control the device's access to TFTP servers.
Views
System view
Predefined user roles
network-admin
Parameters
acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.
Usage guidelines
You can use an ACL to deny or permit the device's access to specific TFTP servers.
Examples
# Allow the device to access only the TFTP server at 1.1.1.1.
<Sysname> system-view
[Sysname] acl basic 2000
[Sysname-acl-ipv4-basic-2000] rule permit source 1.1.1.1 0
[Sysname-acl-ipv4-basic-2000] quit
[Sysname] tftp-server acl 2000
tftp-server ipv6 acl
Use tftp-server ipv6 acl to use an ACL to control the device's access to TFTP servers in an IPv6 network.
Use undo tftp-server ipv6 acl to restore the default.
Syntax
tftp-server ipv6 acl ipv6-acl-number
undo tftp-server ipv6 acl
Default
No ACL is used to control the device's access to TFTP servers.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-acl-number: Specifies the number of a basic ACL, in the range of 2000 to 2999.
Usage guidelines
You can use an ACL to deny or permit the device's access to specific TFTP servers.
Examples
# Allow the device to access only the TFTP server at 2001::1.
<Sysname> System-view
[Sysname] acl ipv6 basic 2001
[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1/128
[Sysname-acl-ipv6-basic-2001] quit
[Sysname] tftp-server ipv6 acl 2001
File system management commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
The following matrix shows the supported storage medium types:
Hardware |
Supported storage medium types |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· Flash memory · USB disk · SD card |
MSR2600-6-X1/2600-10-X1 |
· Flash memory · USB disk |
MSR 2630 |
· Flash memory · USB disk |
MSR3600-28/3600-51 |
· Flash memory · USB disk |
MSR3600-28-SI/3600-51-SI |
· Flash memory · USB disk |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· Flash memory · USB disk · SD card |
MSR 3610/3620/3620-DP/3640/3660 |
MSR 3610/3620/3640/3660: · CF card · USB disk MSR3620-DP: · SD card · USB disk |
MSR5620/5660/5680 |
MSR 5660/5680: · CF card · USB disk MSR5620: · SD card · USB disk |
IMPORTANT: · Before managing storage media, file systems, directories, and files, make sure you know the possible impact. · A file or directory whose name starts with a dot character (.) is a hidden file or directory. To prevent the system from hiding a file or directory, make sure the file or directory name does not start with a dot character. · Some system files and directories are hidden. For correct system operation and full functionality, do not modify or delete hidden files or directories. |
File system names, directory names, or file names must be compliant with the naming conventions. For more information about the naming conventions and the methods for specifying the names, see Fundamentals Configuration Guide.
Before you use the copy, delete, fixdisk, format, gunzip, gzip, mkdir, move, rename, rmdir, or undelete command on a USB disk, make sure the disk is not write protected.
You cannot access a file system that is being formatted or repaired. To access a file system after it is formatted or repaired, use one of the following methods:
· Use the absolute path to specify a file or directory. For example, use the dir flash:/ command to display the files and directories in the flash: file system.
· Use the cd command to change the working directory to the root directory of the file system before accessing a file or directory in the file system. For example, to display the files and directories in the root directory of the flash: file system, perform the following tasks:
a. Use the cd flash:/ command to change the working directory to the root directory of the file system.
b. Execute the dir command.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
auto-copy destination-directory
Use auto-copy destination-directory to specify the destination directory for the automatic copying feature.
Use undo auto-copy destination-directory to restore the default.
Syntax
auto-copy destination-directory destination-directory
undo auto-copy destination-directory
Default
No destination directory is specified for the automatic copying feature.
Views
System view
Predefined user roles
network-admin
Parameters
destination-directory: Specifies the destination directory for the automatic copying feature. This directory must reside in a file system on the device.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
|
MSR810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
No |
|
MSR 2630 |
No |
|
MSR3600-28/3600-51 |
No |
|
MSR3600-28-SI/3600-51-SI |
No |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
|
MSR 3610/3620/3620-DP/3640/3660 |
No |
|
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR2600-6-X1-GL |
No |
|
MSR3600-28-SI-GL |
No |
The automatic copying feature automatically copies files from a hot-swappable storage medium to the device when you connect the storage medium to the device. For this feature to operate correctly, you must specify a source directory and a destination directory for the copy operation. All files in the source directory will be copied to the destination directory.
Examples
# Specify the root directory of the flash: file system as the destination directory for automatic copying.
<Sysname> system-view
[Sysname] auto-copy destination-directory flash:
auto-copy source-directory
Use auto-copy source-directory to specify the source directory for the automatic copying feature.
Use undo auto-copy source-directory to restore the default.
Syntax
auto-copy source-directory source-directory
undo auto-copy source-directory
Default
No source directory is specified for the automatic copying feature.
Views
System view
Predefined user roles
network-admin
Parameters
source-directory: Specifies the source directory for the automatic copying feature. This directory must reside on a hot-swappable storage medium.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
|
MSR810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
No |
|
MSR 2630 |
No |
|
MSR3600-28/3600-51 |
No |
|
MSR3600-28-SI/3600-51-SI |
No |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
|
MSR 3610/3620/3620-DP/3640/3660 |
No |
|
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR2600-6-X1-GL |
No |
|
MSR3600-28-SI-GL |
No |
The automatic copying feature automatically copies files from a hot-swappable storage medium to the device when you connect the storage medium to the device. For this feature to operate correctly, you must specify a source directory and a destination directory for the copy operation. All files in the source directory will be copied to the destination directory.
Examples
# Specify the root directory of usba0: as the source directory for automatic copying.
<Sysname> system-view
[Sysname] auto-copy source-directory usba0:
cd
Use cd to change the working directory.
Syntax
cd { directory | .. }
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies the destination directory.
..: Specifies the parent directory. If the working directory is the root directory, an error message appears when you execute the cd .. command. No online help information is available for this keyword.
Examples
# Access the test directory after logging in to the device.
<Sysname> cd test
# Change to the parent directory.
<Sysname> cd ..
# (Centralized devices in IRF mode.) Access the root directory of a file system on a subordinate member after you log in to the master.
<Sysname> cd slot2#flash:/
# (Centralized devices in IRF mode.) Change back to the root directory of a file system on the master.
<Sysname> cd flash:/
# (Distributed devices in standalone mode.) Access the root directory of a file system on the standby MPU and then change to the test directory of a file system on the active MPU:
1. Display the slot number of the standby MPU.
<Sysname> display device
Slot No. Board Type Status Primary SubSlots
----------------------------------------------------------------------------
0 MPU-60 Normal Master 0
1 MPU-60 Normal Standby 0
2 SPU Normal N/A 6
The output shows that the slot number of the standby MPU is 1.
2. Access the root directory of a file system on the standby MPU.
<Sysname> cd slot1#cfa0:/
3. Change to the test directory in the root directory of a file system on the active MPU.
<Sysname> cd cfa0:/test
# (Distributed devices in IRF mode.) Change the working directory from the global active MPU to a global standby MPU and then change back to the global active MPU:
4. Display the member IDs and slot numbers of all MPUs.
<Sysname> display irf
MemberID Role Priority CPU-Mac Description
*1 Master 10 00e8-fc0f-8c01 ---
+2 Standby 1 00e8-fc0f-8c02 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The bridge MAC of the IRF is: 5cdd-70a5-8698
Auto upgrade : yes
Mac persistent : 6 min
Domain ID : 0
Auto merge : yes
The output shows that the IRF fabric has two members and four MPUs.
¡ The global active MPU resides in slot 5 of member device 3.
¡ The global standby MPUs reside in slot 0 and slot 1 of member device 2, and slot 6 of member device 3.
5. Access the test directory in the root directory of a file system on the global active MPU.
<Sysname> cd cfa0:/test
6. Change to the root directory of a file system on a global standby MPU.
<Sysname> cd chassis2#slot1#cfa0:/
7. Change to the root directory of a file system on the global active MPU.
<Sysname> cd cfa0:/
copy
Use copy to copy a file.
Syntax
In non-FIPS mode:
copy source-file { dest-file | dest-directory } [ vpn-instance vpn-instance-name ] [ source interface interface-type interface-number ]
In FIPS mode:
copy source-file { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name or URL of the file to be copied in non-FIPS mode, and specifies the name of the file to be copied in FIPS mode. If the file resides on an FTP or TFTP server rather than on the device, specify the URL of the file. Whether a URL is case sensitive depends on the server.
dest-file: Specifies the name or URL for the destination file in non-FIPS mode, and specifies the name for the destination file in FIPS mode. To copy the source file to an FTP or TFTP server, specify a URL. Whether a URL is case sensitive depends on the server.
dest-directory: Specifies the destination directory or URL in non-FIPS mode, and specifies the destination directory in FIPS mode. To copy the source file to an FTP or TFTP server, specify a URL. The device copies the source file to the destination location and saves the file with its original file name. Whether a URL is case sensitive depends on the server.
vpn-instance vpn-instance-name: Specifies the VPN instance to which the destination FTP or TFTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the server belongs to the public network, do not specify this option.
source interface interface-type interface-number: Specifies the source interface used to connect to the server. After you specify the source interface, the device uses the primary IP address of the source interface as the source IP address for outgoing packets. If you do not specify this option, the device uses the outgoing interface as the source interface.
Usage guidelines
In FIPS mode, you can only use the copy command to copy a local file and save it locally.
In non-FIPS mode, you can use the copy command to perform the following tasks:
· Copy a local file and save it locally.
· Copy a local file and save it to an FTP or TFTP server.
· Copy a file from an FTP or TFTP server and save it locally.
To specify a file or directory, use the following guidelines:
Location |
Name format |
Remarks |
On the device |
Use the file name guidelines in Fundamentals Configuration Guide. |
N/A |
On an FTP server |
Enter the URL in the format of ftp://FTP username[:password]@server address[:port number]/file path[/file name]. |
The username and password must be the same as those configured on the FTP server. If the server authenticates users only by the username, you are not required to enter the password. For example, to use the username 1 and password 1 and specify the startup.cfg file in the authorized working directory on the FTP server 1.1.1.1, enter ftp://1:1@1.1.1.1/startup.cfg. To specify an IPv6 address, enclose the IPv6 address in square brackets ([ ]), for example, ftp://test:test@[2001::1]:21/test.cfg. |
On a TFTP server |
Enter the URL in the format of tftp://server address[:port number]/file path[/file name]. |
For example, to specify the startup.cfg file in the working directory on TFTP server 1.1.1.1, enter the URL tftp://1.1.1.1/startup.cfg. To enter an IPv6 address, enclose the IPv6 address in square brackets ([ ]), for example, tftp://test:test@[2001::1]:21/test.cfg. |
Examples
# Copy the test.cfg file in the current directory and save it to the current directory as testbackup.cfg.
<Sysname> copy test.cfg testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to flash:/testbackup.cfg...Done.
# Copy the 1.cfg file from the flash: file system's test directory to the CF card. Save the copy to the testbackup directory as 1backup.cfg.
<Sysname> copy flash:/test/1.cfg cfa0:/testbackup/1backup.cfg
Copy flash:/test/1.cfg to cfa0:/testbackup/1backup.cfg? [Y/N]:y
Copying file flash:/test/1.cfg to cfa0:/testbackup/1backup.cfg...Done.
# Copy test.cfg from the working directory on the FTP server 1.1.1.1. Save the copy to the local current directory as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg
Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the current directory. Save the copy to the working directory on the FTP server 1.1.1.1 as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy test.cfg ftp://user:private@1.1.1.1/testbackup.cfg
Copy flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to ftp://user:private@1.1.1.1/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 1.1.1.1. Save the copy to the local current directory as testbackup.cfg.
<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg
Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the current directory. Save the copy to the working directory on the TFTP server 1.1.1.1 as testbackup.cfg.
<Sysname> copy test.cfg tftp://1.1.1.1/testbackup.cfg
Copy flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg? [Y/N]:y
Copying file flash:/test.cfg to tftp://1.1.1.1/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the FTP server 1.1.1.1. Save the copy to the local current directory as testbackup.cfg. The FTP username is user. The password is private. The FTP server belongs to VPN instance vpn1.
<Sysname> copy ftp://user:private@1.1.1.1/test.cfg testbackup.cfg vpn-instance vpn1
Copy ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 1.1.1.1. Save the copy to the local current directory as testbackup.cfg. The TFTP server belongs to VPN instance vpn1.
<Sysname> copy tftp://1.1.1.1/test.cfg testbackup.cfg vpn-instance vpn1
Copy tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://1.1.1.1/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the FTP server 2001::1. Save the copy to the local current directory as testbackup.cfg. The FTP username is user. The password is private.
<Sysname> copy ftp://user:private@[2001::1]/test.cfg testbackup.cfg
Copy ftp://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file ftp://user:private@[2001::1]/test.cfg to flash:/testbackup.cfg... Done.
# Copy test.cfg from the working directory on the TFTP server 2001::1. Save the copy to the local current directory as testbackup.cfg.
<Sysname> copy tftp://[2001::1]/test.cfg testbackup.cfg
Copy tftp://[2001::1]/test.cfg to flash:/testbackup.cfg? [Y/N]:y
Copying file tftp://[2001::1]/test.cfg to flash:/testbackup.cfg... Done.
# (Centralized devices in IRF mode.) Copy a configuration file of the master to the root directory of a file system on a subordinate member.
<Sysname> copy test.cfg slot2#flash:/
Copy flash:/test.cfg to slot2#flash:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to slot2#flash:/test.cfg...Done.
# (Distributed devices in standalone mode.) Copy a configuration file of the active MPU to the root directory of a file system on the standby MPU.
<Sysname> copy test.cfg slot1#cfa0:/
Copy flash:/test.cfg to slot1#cfa0:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to slot1#cfa0:/test.cfg...Done.
# (Distributed devices in IRF mode.) Copy a configuration file of the global active MPU to the root directory of a file system on a global standby MPU.
<Sysname> copy test.cfg chassis1#slot1#cfa0:/
Copy flash:/test.cfg to chassis1#slot1#cfa0:/test.cfg? [Y/N]:y
Copying file flash:/test.cfg to chassis1#slot1#cfa0:/test.cfg...Done.
# (Distributed devices in IRF mode.) Copy a configuration file of one global standby MPU to the root directory of a file system on another global standby MPU.
<Sysname> copy chassis1#slot1#flash:/test.cfg chassis2#slot1#cfa0:/
Copy chassis1#slot1#flash:/test.cfg to chassis2#slot1#cfa0:/test.cfg? [Y/N]:y
Copying file chassis1#slot1#flash:/test.cfg to chassis2#slot1#cfa0:/test.cfg...Done.
delete
Use delete to delete a file.
Syntax
delete [ /unreserved ] file
Views
User view
Predefined user roles
network-admin
Parameters
/unreserved: Permanently deletes the specified file. If you do not specify this keyword, the command moves the file to the recycle bin.
file: Specifies the name of the file to be deleted. Asterisks (*) are acceptable as wildcards. For example, to remove files with the .txt extension in the current directory, enter delete *.txt.
Usage guidelines
Use the delete /unreserved file command with caution. You cannot restore a file that was deleted with this command.
The delete file command (without /unreserved) moves a file to the recycle bin. You can restore the file by using the undelete command.
Do not use the delete command to delete files from the recycle bin. To delete files from the recycle bin, use the reset recycle-bin command.
If you delete two files that have the same name from different directories, both files are retained in the recycle bin. If you successively delete two files that have the same name from the same directory, only the most recently deleted file is retained in the recycle bin.
Examples
# (Centralized devices in standalone mode.) Remove file 1.cfg from the current directory.
<Sysname> delete 1.cfg
Delete flash:/1.cfg? [Y/N]:y
Deleting file flash:/1.cfg...Done.
# (Centralized devices in standalone mode.) Permanently delete file 1.cfg from the current directory.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete flash:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Remove file 1.cfg from the current directory.
<Sysname> delete 1.cfg
Delete flash:/1.cfg? [Y/N]:y
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Permanently delete file 1.cfg from the root directory of a file system on the master.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete flash:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/1.cfg...Done.
# (Centralized devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on a subordinate member.
· Method 1:
<Sysname> delete slot2#flash:/1.cfg
Delete slot2#flash:/1.cfg? [Y/N]:y
Deleting file delete slot2#flash:/1.cfg...Done.
· Method 2:
<Sysname> cd slot2#flash:/
<Sysname> delete 1.cfg
Delete slot2#flash:/1.cfg? [Y/N]:y
Deleting file slot2#flash:/1.cfg...Done.
# (Distributed devices in standalone mode.) Remove file 1.cfg from the root directory of a file system on the active MPU.
<Sysname> delete 1.cfg
Delete cfa0:/1.cfg? [Y/N]:y
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in standalone mode.) Permanently delete file 1.cfg from the root directory of a file system on the active MPU.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete cfa0:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in standalone mode.) Remove file 1.cfg from the root directory of a file system on the standby MPU (in slot 1).
· Method 1:
<Sysname> delete slot1#cfa0:/1.cfg
Delete slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file slot1#cfa0:/1.cfg...Done.
· Method 2:
<Sysname> cd slot1#cfa0:/
<Sysname> delete 1.cfg
Delete slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file slot1#cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on the global active MPU.
<Sysname> delete 1.cfg
Delete cfa0:/1.cfg? [Y/N]:y
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Permanently delete file 1.cfg from the root directory of a file system on the global active MPU.
<Sysname> delete /unreserved 1.cfg
The file cannot be restored. Delete cfa0:/1.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file cfa0:/1.cfg...Done.
# (Distributed devices in IRF mode.) Remove file 1.cfg from the root directory of a file system on a global standby MPU.
· Method 1:
<Sysname> delete chassis1#slot1#cfa0:/1.cfg
Delete chassis1#slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file chassis1#slot1#cfa0:/1.cfg...Done.
· Method 2:
<Sysname> cd chassis1#slot1#cfa0:/
<Sysname> delete 1.cfg
Delete chassis1#slot1#cfa0:/1.cfg? [Y/N]:y
Deleting file chassis1#slot1#cfa0:/1.cfg...Done.
Related commands
reset recycle-bin
undelete
dir
Use dir to display files or directories.
Syntax
dir [ /all ] [ file | directory | /all-filesystems ]
Views
User view
Predefined user roles
network-admin
Parameters
/all: Displays all files and directories in the current directory, visible or hidden. If you do not specify this option, only visible files and directories are displayed.
file: Displays a specific file. This argument can use the asterisk (*) as a wildcard. For example, to display files with the .txt extension in the current directory, enter dir *.txt.
directory: Displays a specific directory.
/all-filesystems: Displays files and directories in the root directories of all file systems on the device.
Usage guidelines
If no option is specified, the command displays all visible files and directories in the current directory.
The directory name of the recycle bin is .trash. To display files in the recycle bin, use either of the following methods:
· Execute the dir /all .trash command.
· Execute the cd .trash command and then the dir command.
Examples
# (Centralized devices in standalone mode.) Display information about all files and directories in the current directory.
<Sysname> dir /all
Directory of flash:/
...
# (Centralized devices in standalone mode.) Display files and directories in the root directories of all file systems on the device.
<Sysname> dir /all-filesystems
Directory of flash:/
...
Directory of cfa0:/
...
# (Centralized devices in IRF mode.) Display information about all files and directories in the flash: file system on the master.
<Sysname> dir /all
Directory of flash:/
...
# (Centralized devices in IRF mode.) Display files and directories in the root directories of all file systems in the IRF fabric.
<Sysname> dir /all-filesystems
Directory of flash:/
...
Directory of slot1#flash:/
...
# (Centralized devices in IRF mode.) Display information about all files and directories in the flash: file system of the subordinate member with the member ID 2.
<Sysname> cd slot2#flash:/
<Sysname> dir /all
Directory of slot2#flash:/
...
# (Distributed devices in standalone mode.) Display information about all files and directories in the current directory.
<Sysname> dir /all
Directory of cfa0:/
...
# (Distributed devices in standalone mode.) Display files and directories in the root directories of all file systems on the device.
<Sysname> dir /all-filesystems
Directory of cfa0:/
...
Directory of cfa0:/
...
Directory of slot7#cfa0:/
...
Directory of slot7#cfa0:/
...
# (Distributed devices in standalone mode.) Display information about all files and directories in a file system of the standby MPU (in slot 1).
<Sysname> cd slot1#cfa0:/
<Sysname> dir /all
Directory of slot1#cfa0:/
...
# (Distributed devices in IRF mode.) Display information about all files and directories in a file system of the global active MPU.
<Sysname> dir /all
Directory of cfa0:/
...
# (Distributed devices in IRF mode.) Display files and directories in the root directories of all file systems in the IRF fabric.
<Sysname> dir /all-filesystems
Directory of cfa0:/
...
Directory of chassis1#slot1#cfa0:/
...
# (Distributed devices in IRF mode.) Display information about all files and directories in a file system of a global standby MPU.
· Method 1:
<Sysname> dir /all chassis1#slot1#cfa0:/
Directory of chassis1#slot1#cfa0:/
...
· Method 2:
<Sysname> cd chassis1#slot1#cfa0:/
<Sysname> dir /all
Directory of chassis1#slot1#cfa0:/
...
Table 19 Command output
Field |
Description |
Directory of |
Current directory. |
0 -rwh 3144 Apr 26 2014 13:45:28 xx.xx |
File or directory information: · 0—File or directory number, which is automatically allocated by the system. · -rwh—Attributes of the file or directory. The first character is the directory indicator (d for directory and – for file). The second character indicates whether the file or directory is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The fourth character indicates whether the file or directory is hidden (h for hidden, - for visible). Modifying, renaming, or deleting hidden files might affect functions. · 3144—File size in bytes. For a directory, a hyphen (-) is displayed. · Apr 26 2014 13:45:28—Last date and time when the file or directory was modified. · xx.xx—File or directory name. |
file prompt
Use file prompt to set the operation mode for files and directories.
Use undo file prompt to restore the default.
Syntax
file prompt { alert | quiet }
undo file prompt
Default
The operation mode is alert. The system prompts for confirmation when you perform a destructive file or directory operation.
Views
System view
Predefined user roles
network-admin
Parameters
alert: Prompts for confirmation when a destructive file or directory operation is being performed.
quiet: Gives no confirmation prompt for file or directory operations.
Usage guidelines
In quiet mode, the system does not prompt for confirmation when a user performs a file or directory operation. The alert mode provides an opportunity to cancel a disruptive operation.
Examples
# Set the file and directory operation mode to alert.
<Sysname> system-view
[Sysname] file prompt alert
fixdisk
Use fixdisk to check a file system for damage and repair any damage.
Syntax
fixdisk filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
Use this command to fix a file system when space in the file system cannot be used or released.
You can repair a file system only when no other users are accessing the file system.
Examples
# Repair the flash: file system.
<Sysname> fixdisk flash:
Restoring flash: may take some time...
Restoring flash:...Done.
format
Use format to format a file system.
Syntax
format filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
The device requires that the file systems on hot swappable storage media be VFAT file systems. To use a file system of a different type on the device, you must use this command to format the file system.
Formatting a file system permanently deletes all files in the file system. If a startup configuration file exists in the file system, back it up if necessary.
You can format a file system only when no other users are accessing the medium.
Examples
# Format the flash: file system.
<Sysname> format flash:
All data on flash: will be lost, continue? [Y/N]:y
Formatting flash:... Done.
gunzip
Use gunzip to decompress a file.
Syntax
gunzip file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be decompressed. This argument must have .gz as the extension.
Usage guidelines
This command deletes the specified file after decompressing it.
Examples
# Decompress file system.bin.gz:
1. Before decompressing the file, you can display files whose names start with the system. string.
<Sysname> dir system.*
Directory of flash:
1 -rw- 20 Jun 14 2012 10:18:53 system.bin.gz
472972 KB total (472840 KB free)
2. Decompress file system.bin.gz.
<Sysname> gunzip system.bin.gz
Decompressing file flash:/system.bin.gz..... Done.
3. Verify the decompress operation.
<Sysname> dir system.*
Directory of flash:
1 -rw- 0 May 30 2012 11:42:25 system.bin
472972 KB total (472844 KB free)
gzip
Use gzip to compress a file.
Syntax
gzip file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be compressed. The compressed file will be saved to the file.gz file.
Usage guidelines
This command deletes the specified file after compressing it.
Examples
# Compress file system.bin:
1. Before compressing the file, you can display files whose names start with the system. string.
<Sysname> dir system.*
Directory of flash:
1 -rw- 0 May 30 2012 11:42:24 system.bin
472972 KB total (472844 KB free)
2. Compress file system.bin.
<Sysname> gzip system.bin
Compressing file flash:/system.bin..... Done.
3. Verify the compress operation.
<Sysname> dir system.*
Directory of flash:
1 -rw- 20 Jun 14 2012 10:18:53 system.bin.gz
472972 KB total (472840 KB free)
md5sum
Use md5sum to use the MD5 algorithm to calculate the digest of a file.
Syntax
md5sum file
Views
User view
Predefined user roles
network-admin
network-operator
Parameters
file: Specifies the name of a file.
Usage guidelines
You can use file digests to verify file integrity.
Examples
# Use the MD5 algorithm to calculate the digest of file system.bin.
<Sysname> md5sum system.bin
MD5 digest:
4f22b6190d151a167105df61c35f0917
mkdir
Use mkdir to create a directory.
Syntax
mkdir directory
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory.
Usage guidelines
The name of the directory to be created must be unique in the parent directory.
You can create a directory only in an existing directory. For example, to create the flash:/test/mytest directory, make sure the test directory already exists.
Examples
# Create the test directory in the current directory.
<Sysname> mkdir test
Creating directory flash:/test... Done.
# Create the test/subtest directory in the current directory.
<Sysname> mkdir test/subtest
Creating directory flash:/test/subtest... Done.
# (Centralized devices in IRF mode.) Create the test directory in the root directory of the flash: file system on a subordinate member.
<Sysname> mkdir slot2#flash:/test
Creating directory slot2#flash:/test... Done.
# (Distributed devices in standalone mode.) Create the test directory in the root directory of a file system on the standby MPU (in slot 1).
<Sysname> mkdir slot1#cfa0:/test
Creating directory slot1#cfa0:/test... Done.
# (Distributed devices in IRF mode.) Create the test directory in the root directory of a file system on the global active MPU.
<Sysname> mkdir test
Creating directory cfa0:/test... Done.
# (Distributed devices in IRF mode.) Create the test directory in the root directory of a file system on a global standby MPU.
<Sysname> mkdir chassis2#slot1#cfa0:/test
Creating directory chassis2#slot1#cfa0:/test... Done.
more
Use more to display the contents of a text file.
Syntax
more file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of a file.
Examples
# Display the contents of the test.txt file.
<Sysname> more test.txt
Have a nice day.
# Display the contents of the testcfg.cfg file.
<Sysname> more testcfg.cfg
#
version 7.20, Beta 1201, Standard
#
sysname Sysname
#
vlan 2
#
return
<Sysname>
# (Centralized devices in IRF mode.) Display the contents of the testcfg.cfg file on a subordinate member.
<Sysname> more slot2#flash:/testcfg.cfg
#
version 7.20, Release 0000
#
sysname Test
#
---- More ----
# (Distributed devices in standalone mode.) Display the contents of the testcfg.cfg file on the standby MPU (in slot 1).
<Sysname> more slot1#cfa0:/testcfg.cfg
#
version 7.20, Release 0000
#
sysname Test
#
---- More ----
# (Distributed devices in IRF mode.) Display the contents of the testcfg.cfg file on the global active MPU.
<Sysname> more testcfg.cfg
#
version 7.20, Release 0000
#
sysname Sysname
#
---- More ----
# (Distributed devices in IRF mode.) Display the contents of the testcfg.cfg file on a global standby MPU.
<Sysname> more chassis2#slot1#cfa0:/testcfg.cfg
#
version 7.20, Release 0000
#
sysname Sysname
#
---- More ----
mount
Use mount to mount a file system.
Syntax
mount filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
Generally, file systems on hot-swappable storage media are automatically mounted when the storage media are connected to the device. If the system cannot recognize a file system, however, you must mount the file system before you can access it.
To avoid file system corruption, do not perform the following tasks while the system is mounting a file system:
· Install or remove storage media.
· Install or remove cards. (Distributed devices in standalone or IRF mode.)
· Perform an active/standby switchover. (Distributed devices in standalone mode.)
· Perform a switchover between the global active MPU and a global standby MPU. (Distributed devices in IRF mode.)
· Perform a master/subordinate switchover. (Centralized devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Mount the file system on the CF card.
<Sysname> mount cfa0:
# (Centralized devices in IRF mode.) Mount the file system on the CF card of the master.
<Sysname> mount cfa0:
# (Centralized devices in IRF mode.) Mount the file system on the CF card of a subordinate member.
<Sysname> mount slot2#cfa0:
# (Distributed devices in standalone mode.) Mount the file system on the CF card of the active MPU.
<Sysname> mount cfa0:
# (Distributed devices in standalone mode.) Mount the file system on the CF card of the standby MPU (in slot 1).
<Sysname> mount slot1#cfa0:
# (Distributed devices in IRF mode.) Mount the file system on the CF card of the global active MPU.
<Sysname> mount cfa0:
# (Distributed devices in IRF mode.) Mount the file system on the CF card of a global standby MPU.
<Sysname> mount chassis2#slot1#cfa0:
Related commands
umount
move
Use move to move a file.
Syntax
move source-file { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name of the source file.
dest-file: Specifies the name of the destination file.
dest-directory: Specifies the name of the destination directory.
Usage guidelines
If you specify a destination directory, the system moves the source file to the specified directory without changing the file name.
Examples
# Move the flash:/test/sample.txt file to flash:/, and save it as 1.txt.
<Sysname> move test/sample.txt 1.txt
Move flash:/test/sample.txt to flash:/1.txt? [Y/N]:y
Moving file flash:/test/sample.txt to flash:/1.txt ...Done.
# Move the b.cfg file to directory test2.
<Sysname> move b.cfg test2
Move flash:/b.cfg to flash:/test2/b.cfg? [Y/N]:y
Moving file flash:/b.cfg to flash:/test2/b.cfg... Done.
pwd
Use pwd to display the working directory.
Syntax
pwd
Views
User view
Predefined user roles
network-admin
Examples
# Display the working directory.
<Sysname> pwd
flash:
rename
Use rename to rename a file or directory.
Syntax
rename { source-file | source-directory } { dest-file | dest-directory }
Views
User view
Predefined user roles
network-admin
Parameters
source-file: Specifies the name of the source file.
source-directory: Specifies the name of the source directory.
dest-file: Specifies the name of the destination file.
dest-directory: Specifies the name of the destination directory.
Usage guidelines
This command is not executed if the destination file or directory name is already used by an existing file or directory in the working directory.
Examples
# Rename the copy.cfg file as test.cfg.
<Sysname> rename copy.cfg test.cfg
Rename flash:/copy.cfg as flash:/test.cfg? [Y/N]:y
Renaming flash:/copy.cfg as flash:/test.cfg... Done.
reset recycle-bin
Use reset recycle-bin to delete files from the recycle bin.
Syntax
reset recycle-bin [ /force ]
Views
User view
Predefined user roles
network-admin
Parameters
/force: Deletes all files in the recycle bin without prompting for confirmation. If you do not specify this option, the command prompts you to confirm the deletion operation for each file.
Usage guidelines
The delete file command only moves a file to the recycle bin. To permanently delete the file, use the reset recycle-bin command to delete the file from the recycle bin.
Examples
# Empty the recycle bin. (In this example there are two files in the recycle bin.)
<Sysname> reset recycle-bin
Clear flash:/a.cfg? [Y/N]:y
Clearing file flash:/a.cfg... Done.
Clear flash:/b.cfg? [Y/N]:y
Clearing file flash:/b.cfg... Done.
# Delete the b.cfg file from the recycle bin. (In this example there are two files in the recycle bin.)
<Sysname> reset recycle-bin
Clear flash:/a.cfg? [Y/N]:n
Clear flash:/b.cfg? [Y/N]:y
Clearing file flash:/b.cfg... Done.
Related commands
delete
rmdir
Use rmdir to delete a directory.
Syntax
rmdir directory
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies a directory.
Usage guidelines
To delete a directory, you must delete all files and subdirectories in the directory permanently or move them to the recycle bin. If you move them to the recycle bin, executing the rmdir command permanently deletes them.
Examples
# Delete the subtest directory.
<Sysname>rmdir subtest/
Remove directory flash:/test/subtest and the files in the recycle-bin under this directory will be deleted permanently. Continue? [Y/N]:y
Removing directory flash:/test/subtest... Done.
rsync
Use rsync to synchronize files and directories from an Rsync server.
Syntax
rsync [ -s source-ip ] rsync-server { source-file | source-directory } dest-directory [ user-name password ]
Views
User view
Predefined user roles
network-admin
Parameters
-s source-ip: Specifies the source IPv4 address for packets sent to the Rsync server. The IP address must have been configured on the device. If you do not specify this option, the device uses the primary IPv4 address of the outgoing interface as the source IPv4 address.
rsync-server: Specifies the IPv4 address or host name of the Rsync server. The host name must be a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
source-file: Specifies the file to be synchronized.
source-directory: Specifies the directory to be synchronized.
destination-directory: Specifies the destination directory on the device.
user-name: Specifies the username used to log in to the Rsync server. The user account must have been configured on the Rsync server.
password: Specifies the password used to log in to the Rsync server. This password must be the same as the password configured on the Rsync server.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
|
MSR810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
No |
|
MSR 2630 |
No |
|
MSR3600-28/3600-51 |
No |
|
MSR3600-28-SI/3600-51-SI |
No |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
|
MSR 3610/3620/3620-DP/3640/3660 |
No |
|
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR2600-6-X1-GL |
No |
|
MSR3600-28-SI-GL |
No |
This command is available only for an IPv4 network.
The source file or directory name string must meet the requirements of the Rsync server. For example, Linux requires that you use the module name of a directory as the root directory. If the module name for the /usr/test directory is testmod, you must use testmod as the root directory.
· To synchronize the /usr/test/a.txt file to a local directory, you must specify testmod/a.txt as the source file.
· To synchronize the /usr/test/dir1 directory to a local directory, you must specify testmod/dir1 as the source directory.
If you specify a source directory, the command uses the following rules:
· If the source directory ends with a slash (/), for example, testmod/dir1/, this command synchronizes the files and directories in the source directory to the destination directory.
· If the source directory does not end with a slash (/), for example, testmod/dir1, this command performs the following tasks:
¡ Creates the dir1 directory in the destination directory if the dir1 directory does not exist.
¡ Synchronizes files and directories in the source directory to the dir1 directory.
Examples
# Synchronize files and directories in the test/dir1 directory of the Rsync server at 1.1.1.1 to the flash:/rsyncdir directory on the device. Both the username and the password are admin.
<Sysname> rsync 1.1.1.1 test/dir1/ flash:/rsyncdir admin admin
receiving incremental file list
created directory /mnt/flash:/rsyncdir
./
a.cfg
b.txt
sent 65 bytes received 175 bytes 480.00 bytes/sec
total size is 0 speedup is 0.00
To verify the synchronization, execute the dir rsyncdir command. The a.cfg and b.txt file are displayed.
# Synchronize files and directories in the test/dir1 directory of the Rsync server at 1.1.1.1 to the rsyncdir directory on the device. Both the username and the password are admin.
<Sysname> rsync 1.1.1.1 test/dir1 flash:/rsyncdir admin admin
rsync 1.1.1.13 test/dir1 flash:/rsyncdir c c
receiving incremental file list
dir1/
dir1/a.c
dir1/b.txt
sent 66 bytes received 189 bytes 510.00 bytes/sec
total size is 0 speedup is 0.00
To verify the synchronization, perform the following tasks:
1. Execute the dir rsyncdir command.
Because the source directory does not end with a slash (/), the dir1 directory was created.
2. Execute the dir rsyncdir/dir1 command.
The a.cfg and b.txt files are displayed.
Related commands
rsync client source
rsync client source
Use rsync client source to set the source IP address used for file and directory synchronization.
Syntax
rsync client source { interface interface-type interface-number | ip source-ip }
Default
No outgoing interface or source IP address is specified. The device uses the primary IPv4 address of the outgoing interface as the source IP address for outgoing packets during file and directory synchronization.
Views
System view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies the source interface used to synchronize files and directories from an Rsync server. After you specify the source interface, the device uses the primary IPv4 address of the source interface as the source IP address for outgoing packets. For success file transfer, make sure the source interface has a primary IP address and is in up state.
ip source-ip: Specifies the source IP address for outgoing packets. The source IP address must have been configured on the device.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
|
MSR810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
No |
|
MSR 2630 |
No |
|
MSR3600-28/3600-51 |
No |
|
MSR3600-28-SI/3600-51-SI |
No |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
|
MSR 3610/3620/3620-DP/3640/3660 |
No |
|
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR2600-6-X1-GL |
No |
|
MSR3600-28-SI-GL |
No |
If you execute this command multiple times, the most recent configuration takes effect.
The source IP address specified in this command applies to all synchronization operations. The source IP address specified in the rsync command applies only to the current synchronization operation. The source IP address specified in the rsync command takes precedence over the source IP address specified in this command.
Examples
# Set the source IP address used for file and directory synchronization to 1.1.1.1.
<Sysname> system-view
[Sysname] rsync client source ip 1.1.1.1
Related commands
rsync
sha256sum
Use sha256sum to use the SHA-256 algorithm to calculate the digest of a file.
Syntax
sha256sum file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of a file.
Usage guidelines
You can use file digests to verify file integrity.
Examples
# Use the SHA-256 algorithm to calculate the digest of file system.bin.
<Sysname> sha256sum system.bin
SHA256 digest:
0851e0139f2770e87d01ee8c2995ca9e59a8f5f4062e99af14b141b1a36ca152
tar create
Use tar create to archive files and directories.
Syntax
tar create [ gz ] archive-file dest-file [ verbose ] source { source-file | source-directory }&<1-5>
Views
User view
Predefined user roles
network-admin
Parameters
gz: Uses gzip to compress the files and directories before archiving them. If you do not specify this keyword, the command archives the files and directories without compressing them.
archive-file dest-file: Specifies the archive file name. If you specified the gz keyword, the suffix of the archive file name must be .tar.gz. If you did not specify the gz keyword, the suffix of the archive file name must be .tar.
verbose: Displays the names of the successfully archived files and directories. If you do not specify this keyword, the command does not display the names of the successfully archived files and directories.
source { source-file | source-directory }&<1-5>: Specifies the files and directories to be archived. The argument can be a space-separated list of up to five items. Each item can be a file or directory name.
Examples
# Archive files 1.cfg, 2.cfg, and directory test to file a.tar.
<Sysname> tar create archive-file a.tar source 1.cfg 2.cfg test
Creating archive flash:/a.tar Done.
# Compress and archive files 1.cfg, 2.cfg, and directory test to b.tar.gz.
<Sysname> tar create gz archive-file b.tar.gz source 1.cfg 2.cfg test
Creating archive flash:/b.tar.gz Done.
# Compress and archive files and directories, and display the successfully archived files and directories.
<Sysname> tar create gz archive-file c.tar.gz verbose source 1.cfg 2.cfg test
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
Related commands
tar extract
tar list
tar extract
Use tar extract to extract files and directories.
Syntax
tar extract archive-file file [ verbose ] [ screen | to directory ]
Views
User view
Predefined user roles
network-admin
Parameters
archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.
verbose: Displays the names of the successfully extracted files and directories.
screen: Displays the content of the extracted files and directories on the screen. The extracted files are not saved.
to directory: Saves the extracted files and directories to a different directory. The directory argument specifies the directory.
Usage guidelines
If you do not specify the screen keyword or the to directory option, the command saves the extracted files and directories to the working directory.
The command saves the extracted files and directories by using their original names. If a file or directory that has the same name as an extracted file or directory already exists in the destination directory, the file or directory is overwritten.
Specify a small archive file if you specify the screen keyword. If you specify a large archive file, the command might take a long time and cause the configuration terminal to crash. You cannot abort the operation.
Examples
# Extract files and directories from archive file a.tar.
<Sysname> tar extract archive-file a.tar
Extracting archive flash:/a.tar Done.
# Extract files and directories from archive file a.tar.gz, and display the names of the successfully extracted files and directories.
<Sysname> tar extract archive-file a.tar verbose
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
# Extract files and directories from archive file a.tar.gz, and display the content of the files on the screen.
<Sysname> tar extract archive-file a.tar.gz screen
#
version 7.1.055, Demo 2501008
#
sysname Sysname
#
...
Related commands
tar create
tar list
tar list
Use tar list to display the names of archived files and directories.
Syntax
tar list archive-file file
Views
User view
Predefined user roles
network-admin
Parameters
archive-file file: Specifies the archive file name. The suffix can be .tar or .tar.gz.
Examples
# Display the names of archived files and directories.
<Sysname> tar list archive-file a.tar
1.cfg
2.cfg
test/
test/a.log
test/subtest/
test/subtest/aa.log
Related commands
tar create
tar extract
umount
Use umount to unmount a file system.
Syntax
umount filesystem
Views
User view
Predefined user roles
network-admin
Parameters
filesystem: Specifies the name of a file system.
Usage guidelines
File systems on storage media are automatically mounted when storage media are connected to the device. To remove a hot-swappable storage medium from the device, you must first unmount the file system on the storage medium to disconnect the medium from the device. Removing a connected hot-swappable storage medium might damage files on the storage medium or even the storage medium.
You can unmount a file system only when no other users are accessing the file system.
To avoid file system corruption, do not perform the following tasks while the system is unmounting a file system:
· Install or remove storage media.
· Install or remove cards. (Distributed devices in IRF or standalone mode.)
· Perform an active/standby switchover. (Distributed devices in standalone mode.)
· Perform a switchover between the global active MPU and a global standby MPU. (Distributed devices in IRF mode.)
· Perform a master/subordinate switchover. (Centralized devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Unmount the file system on the CF card.
<Sysname> umount cfa0:
# (Centralized devices in IRF mode.) Unmount the file system on the CF card of the master.
<Sysname> umount cfa0:
# (Centralized devices in IRF mode.) Unmount the file system on the CF card of a subordinate member.
<Sysname> umount slot2#cfa0:
# (Distributed devices in standalone mode.) Unmount the file system on the CF card of the active MPU.
<Sysname> umount cfa0:
# (Distributed devices in standalone mode.) Unmount the file system on the CF card of the standby MPU (in slot 5).
<Sysname> umount slot5#cfa0:
# (Distributed devices in IRF mode.) Unmount the file system on the CF card of the global active MPU.
<Sysname> umount cfa0:
# (Distributed devices in IRF mode.) Unmount the file system on the CF card of a global standby MPU.
<Sysname> umount chassis2#slot5#cfa0:
Related commands
mount
undelete
Use undelete to restore a file from the recycle bin.
Syntax
undelete file
Views
User view
Predefined user roles
network-admin
Parameters
file: Specifies the name of the file to be restored.
Usage guidelines
If a file with the same name already exists in the directory, the system prompts whether or not you want to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.
Examples
# Restore the copy.cfg file, which was moved from the root directory of the flash: file system to the recycle bin.
<Sysname> undelete copy.cfg
Undelete flash:/copy.cfg? [Y/N]:y
Undeleting file flash:/copy.cfg... Done.
# Restore the startup.cfg file, which was moved from the flash:/seclog directory to the recycle bin.
· Method 1:
<Sysname> undelete seclog/startup.cfg
Undelete flash:/seclog/startup.cfg? [Y/N]:y
Undeleting file flash:/seclog/startup.cfg... Done.
<Sysname>
· Method 2:
<Sysname> cd seclog
<Sysname> undelete startup.cfg
Undelete flash:/seclog/startup.cfg? [Y/N]:y
Undeleting file flash:/seclog/startup.cfg... Done.
Configuration file management commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/ 810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
archive configuration
Use archive configuration to manually archive the running configuration to the configuration archive directory.
Syntax
archive configuration
Views
User view
Predefined user roles
network-admin
Usage guidelines
Before manually archiving the running configuration, you must use the archive configuration location command to specify a directory and a name prefix for the configuration archives.
Configuration archive facilitates configuration rollback. It provides manual and automatic methods for saving the running configuration as checkpoint references. For more information about the archiving mechanism, see the section about configuration rollback in Fundamentals Configuration Guide.
Examples
# Archive the running configuration.
<Sysname> archive configuration
Save the running configuration to an archive file. Continue? [Y/N]: Y
The archive configuration file myarchive_1.cfg is saved.
Related commands
archive configuration interval
archive configuration location
archive configuration max
display archive configuration
archive configuration interval
Use archive configuration interval to enable automatic running-configuration archiving and set the archiving interval.
Use undo archive configuration interval to disable automatic running-configuration archiving.
Syntax
archive configuration interval interval
undo archive configuration interval
Default
The automatic running-configuration archiving feature is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval for automatically saving the running configuration. The value range is 10 to 525600, in minutes.
Usage guidelines
Before enabling automatic configuration archiving, use the archive configuration location command to specify the configuration archive directory and archive file name prefix.
Configuration archive is a feature that facilitates configuration rollback. It provides manual and automatic methods for saving the running configuration.
Automatic configuration archiving enables the system to periodically save the running configuration to the archive directory. After the system finishes an automatic archive, it resets the archiving interval timer. For more information about the archiving mechanism, see the section about configuration rollback in Fundamentals Configuration Guide.
Change the archiving interval depending on the amount of available storage space. The shorter the interval, the more free storage space is required.
Examples
# Set the system to archive the running configuration every 60 minutes.
<Sysname> system-view
[Sysname] archive configuration interval 60
Archive files will be saved every 60 minutes.
Related commands
archive configuration
archive configuration location
archive configuration max
display archive configuration
archive configuration location
Use archive configuration location to set the directory and file name prefix for archiving the running configuration.
Use undo archive configuration location to restore the default.
Syntax
archive configuration location directory filename-prefix filename-prefix
undo archive configuration location
Default
No configuration archive directory or configuration archive file name prefix is set.
Views
System view
Predefined user roles
network-admin
Parameters
directory: Specifies the configuration archive directory, a string of 1 to 63 characters. The value for this argument must take the format of storage-medium-name:/folder-name. The directory must already exist on the active MPU. (Distributed devices in standalone mode.)
directory: Specifies the configuration archive directory, a string of 1 to 63 characters. The value for this argument must take the format of storage-medium-name:/folder-name. The directory must already exist on the global active MPU. (Distributed devices in IRF mode.)
directory: Specifies the configuration archive directory, a string of 1 to 63 characters. The value for this argument must take the format of storage-medium-name:/folder-name. The directory must already exist on the master. (Centralized devices in IRF mode.)
directory: Specifies the configuration archive directory, a string of 1 to 63 characters. The value for this argument must take the format of storage-medium-name:/folder-name. The directory must already exist on the device. (Centralized devices in standalone mode.)
filename-prefix: Specifies a file name prefix for configuration archives, a case-insensitive string of 1 to 30 characters. Valid characters are letters, digits, underscores (_), and hyphens (-).
Usage guidelines
Before archiving the running configuration, either manually or automatically, you must set a directory and file name prefix for configuration archives. When you create the configuration archive directory, follow these restrictions and guidelines:
· (Distributed devices in standalone or IRF mode.) In standalone mode, the configuration archive feature saves the running configuration only on the active MPU. In IRF mode, the feature saves the running configuration only on the global active MPU. To make sure the system can archive running configuration after an active/standby or master/subordinate switchover, create the configuration archive directory on all MPUs.
· (Centralized devices in IRF mode.) In an IRF fabric, the configuration archive feature saves the running configuration only on the master device. To make sure the system can archive the running configuration after a master/subordinate switchover, create the directory on all IRF members.
Configuration archives are named in the format of prefix_serial number.cfg, for example, 20080620archive_1.cfg and 20080620archive_2.cfg. The serial number is automatically assigned from 1 to 1000, increasing by 1. After the serial number reaches 1000, it restarts from 1.
If you change the file directory or file name prefix, or reboot the device, the following events occur:
· The old configuration archives change to common configuration files.
· The configuration archive counter is reset.
· The display archive configuration command no longer displays the old configuration archives.
· The serial number for new configuration archives starts at 1.
The undo archive configuration location command removes the configuration archive directory and file name prefix settings. The command also performs the following operations:
· Disables the configuration archive feature (both manual and automatic methods).
· Restores the default settings of the archive configuration interval and archive configuration max commands.
· Clears the configuration archive information displayed by using the display archive configuration command.
Examples
# Set the configuration archive directory as flash:/archive and the archive file name prefix as my_archive.
<Sysname> mkdir flash:/archive
Creating directory flash:/archive... Done.
<Sysname> system-view
[Sysname] archive configuration location flash:/archive filename-prefix my_archive
Related commands
archive configuration
archive configuration location
archive configuration max
display archive configuration
archive configuration max
Use archive configuration max to set the maximum number of configuration archives.
Use undo archive configuration max to restore the default.
Syntax
archive configuration max file-number
undo archive configuration max
Default
The maximum number is 5.
Views
System view
Predefined user roles
network-admin
Parameters
file-number: Specifies the maximum number of configuration archives that can be saved. The value range is 1 to 10. Adjust the setting depending on the amount of storage space available.
Usage guidelines
Before you can set a limit on configuration archives, use the archive configuration location command to specify a configuration archive directory and archive file name prefix.
After the maximum number of configuration archives is reached, the system deletes the oldest archive for the new archive.
Changing the limit setting to a lower value does not cause immediate deletion of excess archives. Instead, the configuration archive feature deletes the oldest n files when a new archive is manually or automatically saved, where n = current archive count – new archive limit + 1. For example, seven configuration archives have been saved before the archive limit is set to four. When saving a new configuration archive, the system first deletes the oldest four (7 – 4 + 1) archives.
If you execute the undo archive configuration location command, the default archive limit is restored.
Examples
# Set the maximum number of configuration archives to 10.
<Sysname> system-view
[Sysname] archive configuration max 10
Related commands
archive configuration
archive configuration location
archive configuration interval
display archive configuration
backup startup-configuration
Use backup startup-configuration to back up the main next-startup configuration file to a TFTP server.
Syntax
backup startup-configuration to { ipv4-server | ipv6 ipv6-server } [ dest-filename ] [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
dest-filename: Specifies the target file name used for saving the file on the server. The file must be a .cfg file. If you do not specify a target file name, the source file name is used.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the TFTP server is on the public network, do not specify this option.
Usage guidelines
This command is not supported in FIPS mode.
Examples
# Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2 in the public network, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg
Backing up the main startup configuration file to 2.2.2.2…
Done.
# Back up the main next-startup configuration file to the IPv4 TFTP server at 2.2.2.2 in MPLS L3VPN instance VPN1, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to 2.2.2.2 192-168-1-26.cfg vpn-instance VPN1
Backing up the main startup configuration file to 2.2.2.2 in VPN VPN1...
Done.
# Back up the main next-startup configuration file to the IPv6 TFTP server at 2001::2 in the public network, and set the target file name to 192-168-1-26.cfg.
<Sysname> backup startup-configuration to ipv6 2001::2 192-168-1-26.cfg
Backing up the main startup configuration file to 2001::2...
Done.
Related commands
restore startup-configuration
configuration encrypt
Use configuration encrypt to enable configuration encryption.
Use undo configuration encrypt to disable configuration encryption.
Syntax
configuration encrypt { private-key | public-key }
undo configuration encrypt
Default
Configuration encryption is disabled. The running configuration is saved to a configuration file without encryption.
Views
System view
Predefined user roles
network-admin
Parameters
private-key: Encrypts configuration with a private key. All H3C devices running Comware 7 software use the same private key.
public-key: Encrypts configuration with a public key. All H3C devices running Comware 7 software use the same public key.
Usage guidelines
Configuration encryption enables the device to automatically encrypt a configuration file when saving the running configuration to the file.
Any devices running Comware 7 software can decrypt the encrypted configuration file. To prevent an encrypted file from being decoded by unauthorized users, make sure the file is accessible only to authorized users.
Examples
# Enable the public-key method for configuration encryption.
<Sysname> system-view
[Sysname] configuration encrypt public-key
configuration replace file
Use configuration replace file to perform configuration rollback.
Syntax
configuration replace file filename
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the path of the replacement configuration file, a string of up to 255 characters. The file must be a .cfg file.
Usage guidelines
To replace the running configuration with the configuration in a configuration file without rebooting the device, use the configuration rollback feature. This feature helps you revert to a previous configuration state or adapt the running configuration to different network environments.
To ensure a successful rollback, follow these guidelines:
· Make sure the replacement configuration file is created by using the configuration archive feature or the save command on the device.
· If the configuration file is not created on the device, make sure the command lines in the configuration file are fully compatible with the device.
· Make sure the replacement configuration file is not encrypted.
Examples
# Replace the running configuration with the configuration in the my_archive_1.cfg configuration file.
<Sysname> system-view
[Sysname] configuration replace file my_archive_1.cfg
Current configuration will be lost, save current configuration? [Y/N]:n
Now replacing the current configuration. Please wait...
Succeeded in replacing current configuration with the file my_archive_1.cfg.
display archive configuration
Use display archive configuration to display configuration archive information.
Syntax
display archive configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display configuration archive information.
<Sysname> display archive configuration
Location: flash:/archive
Filename prefix: my_archive
Archive interval in minutes: 120
Maximum number of archive files: 10
Saved archive files:
No. TimeStamp FileName
1 Wed Oct 15 14:20:18 2015 my_archive_1.cfg
2 Wed Oct 15 14:33:10 2015 my_archive_2.cfg
# 3 Wed Oct 15 14:49:37 2015 my_archive_3.cfg
'#' indicates the most recent archive file.
Next archive file to be saved: my_archive_4.cfg
Table 20 Command output
Field |
Description |
Location |
Absolute path of the directory for saving running-configuration archives. |
Filename prefix |
File name prefix for configuration archives. |
Archive interval in minutes |
Interval (in minutes) for the system to automatically archive the running configuration. If automatic configuration saving is disabled, this field is not available. |
Maximum number of archive files |
Maximum number of configuration archives that can be saved. |
Saved archive files |
Configuration archives that have been saved. |
TimeStamp |
Time when the configuration archive was created. |
Related commands
archive configuration
archive configuration interval
archive configuration location
archive configuration max
display current-configuration
Use display current-configuration to display the running configuration.
Syntax
display current-configuration [ configuration [ module-name ] | controller | exclude-provision | interface [ interface-type [ interface-number ] ] | vpn-instance [ vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
configuration [ module-name ]: Displays feature configuration. The module-name argument specifies a feature module. If you do not specify a feature module, the command displays all feature settings you have made.
controller: Specifies the OpenFlow port configuration.
exclude-provision: Excludes preprovisioned settings from the running configuration.
interface [ interface-type [ interface-number ] ]: Displays interface configuration, where the interface-type argument represents the interface type and the interface-number argument represents the interface number. If you do not specify the interface-type interface-number arguments, the command displays the running configuration for all interfaces. If you specify only the interface-type argument, the command displays the running configuration for all interfaces of this type.
vpn-instance [ vpn-instance-name ]: Specifies one or all MPLS L3VPN instances. Use the vpn-instance-name argument to specify one MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you specify the vpn-instance keyword without specifying the vpn-instance-name argument, this command displays the running configuration for all VPN instances. If you do not specify VPN instances, this command displays the running configuration for all VPN instances and the public network.
Usage guidelines
Use this command to verify the configuration you have made.
If the system has automatically changed the setting you have made for a parameter, this command displays the effective setting instead of the configured one. An automatic change typically occurs because of system restrictions.
This command does not display parameters that are using the default settings.
Executing this command with the vpn-instance [ vpn-instance-name ] option displays only part of the running configuration for the specified VPN instances. The displayed information includes settings made on the VPN instances, interfaces associated with the VPN instances, and routing protocol settings. To obtain the complete running configuration for a VPN instance, execute the display current-configuration command without specifying any parameters except a regular expression filter that identifies that VPN instance. You can specify a regular expression to identify the desired VPN configuration by using the include regular-expression option.
Examples
# Display local user configuration.
<Sysname> display current-configuration configuration local-user
#
local-user ftp
password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==
service-type ftp
authorization-attribute user-role network-operator
#
local-user root
password hash $h$6$Twd73mLrN8O2vvD5$Cz1vgdpR4KoTiRQNE9pg33gU14Br2p1VguczLSVyJLO2huV5Syx/LfDIf8ROLtVErJ/C31oq2rFtmNuyZf4STw==
service-type ssh telnet terminal
authorization-attribute user-role network-admin
#
return
# Display GigabitEthernet interface configuration.
<Sysname> display current-configuration interface gigabitethernet
#
interface GigabitEthernet1/0/1
port link-mode route
#
return
display current-configuration diff
Use display current-configuration diff to display the differences that the running configuration has as compared with the next-startup configuration.
Syntax
display current-configuration diff
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The system searches for the next-startup configuration in the following order:
1. The main next-startup configuration file.
2. The backup next-startup configuration file if the main next-startup configuration file is unavailable, for example, the file is corrupt.
If both the main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist.
Examples
# Display the differences that the running configuration has as compared with the next-startup configuration.
<Sysname> display current-configuration diff
--- Startup configuration
+++ Current configuration
@@ -5,7 +5,7 @@
#
sysname Sysname
#
-alias dhc display history-command
+alias dh display hotkey
<Sysname>
Field |
Description |
- - - A +++ B |
· A represents the source configuration for comparison, which can be Startup configuration, Current configuration, or the name of the source configuration file with its directory information. · B represents the target configuration for comparison, which can be Current configuration, Startup configuration, or the name of the target configuration file with its directory information. In this example, the startup configuration and the current configuration are the source and target, respectively. |
@@ -linenumber1,number1 +linenumber2,number2 @@ |
Location information for identifying the command line differences: · -linenumber1,number1—Source configuration section that contains differences. The linenumber1 argument represents the start line of the section. The number1 argument represents the number of lines between the start line and the end line of the section. · +linenumber2,number2—Target configuration section that contains differences. The linenumber2 argument represents the start line of the section. The number2 argument represents the number of lines between the start line and the end line of the section. |
cmd1 - cmd2 + cmd3 cmd4 |
Displays command differences. · cmd1 and cmd4—Command lines are contained in both source and target configurations if they are not prefixed with a minus (-) or plus (+) sign. They provide a context for locating command line differences. · - cmd2—Command lines are prefixed with a minus sign if they are contained in the source configuration but not in the target configuration. · + cmd3—Command lines are prefixed with a plus sign if they are contained in the target configuration but not in the source configuration. In this example, the sample output shows that the alias dhc display history-command command is contained only in the source configuration, and the alias dh display hotkey command is contained only in the target configuration. |
Related commands
display current-configuration
display diff
display saved-configuration
display default-configuration
Use display default-configuration to display the factory defaults.
Syntax
display default-configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The device is shipped with some basic settings called factory defaults. These default settings ensure that the device can start up and run correctly when it does not have a startup configuration file or the configuration file is corrupt.
Examples
# Display the factory defaults.
<Sysname> display default-configuration
display diff
Use display diff to display the differences between configurations.
Syntax
display diff current-configuration { configfile file-name-d | startup-configuration }
display diff startup-configuration { configfile file-name-d | current-configuration }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
configfile file-name-s: Specifies the source configuration file for comparison.
configfile file-name-d: Specifies the target configuration file for comparison.
current-configuration: Specifies the running configuration. In the display diff current-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff startup-configuration commands, this keyword specifies the target configuration.
startup-configuration: Specifies the next-startup configuration. In the display diff startup-configuration command, this keyword specifies the source configuration for comparison. In the display diff configfile file-name-s and display diff current-configuration commands, this keyword specifies the target configuration.
Usage guidelines
If you specify a configuration file for a comparison, the configuration file must be a .cfg configuration file.
If you specify the startup-configuration keyword, the system searches for the next-startup configuration in the following order:
1. The main next-startup configuration file.
2. The backup next-startup configuration file if the main next-startup configuration file is unavailable, for example, the file is corrupt.
If both the main and backup next-startup configuration files are unavailable, the system displays a message indicating that no next-startup configuration files exist.
Examples
# Display the differences between startup.cfg and test.cfg.
<Sysname> display diff configfile startup.cfg configfile test.cfg
--- flash:/startup.cfg
+++ flash:/test.cfg
@@ -5,7 +5,7 @@
#
sysname Sysname
#
-alias dhc display history-command
+alias dh display hotkey
<Sysname>
The output shows that the alias dhc display history-command command is contained only in startup.cfg, and the alias dh display hotkey command is contained only in test.cfg.
# Display the differences between the running configuration and the next-startup configuration.
<Sysname> display diff current-configuration startup-configuration
--- Current configuration
+++ Startup configuration
@@ -5,7 +5,7 @@
#
sysname Sysname
#
-alias dhc display history-command
+alias dh display hotkey
<Sysname>
The output shows that the alias dhc display history-command command is contained only in the running configuration, and the alias dh display hotkey command is contained only in the next-startup configuration.
For the command output description, see Table 21.
Related commands
display current-configuration diff
display saved-configuration
Use display saved-configuration to display the contents of the configuration file for the next system startup.
Syntax
display saved-configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Use this command to verify that important settings have been saved to the configuration file for the next system startup.
This command selects the configuration file to display in the following order:
1. If the main startup configuration file is available, this command displays the contents of the main startup configuration file.
2. If only the backup startup configuration file is available, this command displays the contents of the backup file.
3. If both the main and backup startup configuration files are not available, this command does not display anything.
Examples
# Display the contents of the configuration file for the next system startup.
<Sysname> display saved-configuration
#
version 1.00, Alpha 2009
#
sysname Sysname
#
ftp server enable
#
telnet server enable
#
domain default enable system
#
vlan 1
#
domain system
#
---- More ----
Related commands
reset saved-configuration
save
display startup
Use display startup to display the names of the current startup configuration file and the next-startup configuration files.
Syntax
display startup
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Current startup configuration file is the configuration file that has been loaded. Next-startup configuration file is the configuration file used at the next startup.
(Distributed devices in standalone mode.) The standby MPU always uses the same current startup configuration file as the active MPU. After an active/standby switchover, it is normal that the current startup configuration files on the MPUs are displayed as NULL. This is because the new active MPU continues to run with the running configuration rather than rebooting with a startup configuration file.
(Distributed devices in IRF mode.) The global standby MPUs always use the same current startup configuration file as the global active MPU. After an active/standby switchover, it is normal that the current startup configuration files on all MPUs are displayed as NULL. This is because the new global active MPU continues to run with the running configuration rather than rebooting with a startup configuration file.
(Centralized devices in IRF mode.) All IRF members use the same current startup configuration file as the master. After a master/subordinate switchover, it is normal that the current startup configuration files on all IRF members are displayed as NULL. This is because the new master continues to run with the running configuration rather than rebooting with a startup configuration file.
Examples
# (Centralized devices in standalone mode.) Display names of the startup configuration files.
<Sysname> display startup
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Table 22 Command output
Field |
Description |
Current startup saved-configuration file |
Configuration file that the device has started up with. |
Next main startup saved-configuration file |
Primary configuration file to be used at the next startup. |
Next backup startup saved-configuration file |
Backup configuration file to be used at the next startup. |
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display names of the startup configuration files.
<Sysname> display startup
MainBoard:
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Slot 1:
Current startup saved-configuration file: flash:/startup.cfg
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: NULL
Table 23 Command output
Field |
Description |
MainBoard |
(Distributed devices in standalone mode.) Displays the startup configuration files on the active MPU. (Centralized devices in IRF mode.) Displays the startup configuration files on the master device. |
Current startup saved-configuration file |
(Distributed devices in standalone mode.) Configuration file that the active MPU has started up with. (Centralized devices in IRF mode.) Configuration file that the device has started up with. |
Next main startup saved-configuration file |
Primary startup configuration file to be used at the next startup. |
Next backup startup saved-configuration file |
Backup startup configuration file to be used at the next startup. |
Slot n |
(Distributed devices in standalone mode.) Displays the startup configuration files on the MPU in slot n. (Centralized devices in IRF mode.) Displays the startup configuration files on member device n. |
# (Distributed devices in IRF mode.) Display names of the startup configuration files.
<Sysname> display startup
MainBoard:
Current startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: flash:/startup2.cfg
Chassis 2 Slot 0:
Current startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/startup.cfg
Next backup startup saved-configuration file: flash:/startup2.cfg
Table 24 Command output
Field |
Description |
MainBoard |
Displays the startup configuration files on the IRF master device. |
Current startup saved-configuration file |
Configuration file that the global active MPU has started up with. |
Next main startup saved-configuration file |
Primary configuration file to be used at the next startup. |
Next backup startup saved-configuration file |
Backup configuration file to be used at the next startup. |
(This file does not exist.) |
If the specified next-startup configuration file has been deleted, this comment appears next to the file name. |
Chassis x Slot n |
Displays the startup configuration files on the MPU in slot n of IRF member x. |
Related commands
startup saved-configuration
display this
Use display this to display the running configuration in the current view.
Syntax
display this
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Use this command to verify the configuration you have made in a certain view.
This command does not display parameters that are using the default settings.
Some parameters can be successfully set even if their dependent features are not enabled. For these parameters, this command displays their settings after the dependent features are enabled.
This command can be executed in any user line view to display the running configuration of all user lines.
Examples
# Display the running configuration on the interface GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] display this
#
interface GigabitEthernet1/0/1
port link-mode route
#
return
# Display the running configuration on user lines.
<Sysname> system-view
[Sysname] line vty 0
[Sysname-line-vty0] display this
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode none
user-role network-admin
#
return
reset saved-configuration
Use reset saved-configuration to delete a next-startup configuration file.
Syntax
reset saved-configuration [ backup | main ]
Views
User view
Predefined user roles
network-admin
Parameters
backup: Specifies the backup next-startup configuration file.
main: Specifies the main next-startup configuration file.
Usage guidelines
CAUTION: · (Centralized devices in standalone or IRF mode.) This command permanently deletes the specified next-startup configuration file from the device in standalone mode or from all member devices on an IRF fabric. Before performing this task, back up the file as needed. · (Distributed devices in standalone or IRF mode.) This command permanently deletes the specified next-startup configuration file from each MPU. Before performing this task, back up the file as needed. |
You can delete the main file, the backup file, or both.
To delete a file that is set as both main and backup next-startup configuration files, you must execute both the reset saved-configuration backup command and the reset saved-configuration main command. Using only one of the commands removes the specified file attribute instead of deleting the file.
For example, if the reset saved-configuration backup command is executed, the backup next-startup configuration file setting is set to NULL. However, the file is still used as the main file. To delete the file, you must also execute the reset saved-configuration main command.
If you do not specify a configuration file attribute, the reset saved-configuration command deletes the main next-startup configuration file.
Examples
# (Centralized devices in standalone mode.) Delete the main next-startup configuration file.
<Sysname> reset saved-configuration
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...........
Configuration file is cleared.
# (Distributed devices in standalone mode.) Delete the main next-startup configuration file.
<Sysname> reset saved-configuration
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Slot 1:
Erase next configuration file successfully
# (Centralized devices in IRF mode.) Delete the backup next-startup configuration file.
<Sysname> reset saved-configuration backup
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Slot 2:
Erase next configuration file successfully
# (Distributed devices in IRF mode.) Delete the backup next-startup configuration file.
<Sysname> reset saved-configuration backup
The saved configuration file will be erased. Are you sure? [Y/N]:y
Configuration file in flash: is being cleared.
Please wait ...
..
MainBoard:
Configuration file is cleared.
Chassis 2 Slot 2:
Erase next configuration file successfully
Related commands
display saved-configuration
restore startup-configuration
Use restore startup-configuration to download a configuration file from a TFTP server and specify it as the main next-startup configuration file.
Syntax
restore startup-configuration from { ipv4-server | ipv6 ipv6-server } src-filename [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv4-server: Specifies a TFTP server by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
ipv6 ipv6-server: Specifies a TFTP server by its IPv6 address or host name. The host name is a case-insensitive string of 1 to 253 characters. Valid characters include letters, digits, hyphens (-), underscores (_), and dots (.).
src-filename: Specifies the file name of the configuration file to be downloaded. The file must be a .cfg file. The file name is a case-insensitive string of up to 255 characters.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the TFTP server is on the public network, do not specify this option.
Usage guidelines
This command is not supported in FIPS mode.
Before restoring the configuration file for the next startup, make sure the following requirements are met:
· The server is reachable.
· The server is enabled with TFTP service.
· You have read and write permissions to the server.
Centralized devices in IRF mode:
This command downloads the configuration file to the root directory of the default storage medium on each member device and specifies the file as the main next-startup configuration file. If the default storage medium has been partitioned, the configuration file is saved on the first partition.
Make sure all IRF members use the same type of default storage medium. If a subordinate device uses a different type of default storage medium than the master device, the command cannot propagate the configuration file to the subordinate device. For example, the subordinate device uses a CF card, but the master device uses a flash memory. In this situation, you must manually restore the main next-startup configuration file on the subordinate device.
Distributed devices in standalone or IRF mode:
This command downloads the configuration file to the root directory of the default storage medium on each MPU and specifies the file as the main next-startup configuration file. If the default storage medium has been partitioned, the configuration file is saved on the first partition.
Make sure all MPUs use the same type of default storage medium. If a standby MPU uses a different type of default storage medium than the active MPU, the command cannot propagate the configuration file to the standby MPU. For example, the standby MPU uses a CF card, but the active MPU uses a flash memory. In this situation, you must manually restore the main next-startup configuration file on the standby MPU.
Examples
# (Centralized devices in standalone mode.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg
Restoring the next startup-configuration file from 2.2.2.2...
Done.
# (Centralized devices in standalone mode.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in MPLS L3VPN instance VPN1, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2 in VPN VPN1...
Done.
# (Centralized devices in standalone mode.) Download test.cfg from the IPv6 TFTP server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2...
Done.
# (Distributed devices in standalone mode.) Download config.cfg from the IPv4 TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2...
Done.
# (Distributed devices in standalone mode.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in MPLS L3VPN instance VPN1, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. in VPN VPN1...
Done.
# (Distributed devices in standalone mode.) Download test.cfg from the IPv6 TFTP server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2...
Done..
# (Centralized devices in IRF mode.) Download config.cfg from the IPv4 TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2...
Done.
# (Centralized devices in IRF mode.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in MPLS L3VPN instance VPN1, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. in VPN VPN1...
Done.
# (Centralized devices in IRF mode.) Download test.cfg from the IPv6 TFTP server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2...
Done..
# (Distributed devices in IRF mode.) Download config.cfg from the IPv4 TFTP server at 2.2.2.2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 config.cfg
Restoring the next startup-configuration file from 2.2.2.2...
Done..
# (Distributed devices in IRF mode.) Download test.cfg from the IPv4 TFTP server at 2.2.2.2 in MPLS L3VPN instance VPN1, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from 2.2.2.2 test.cfg vpn-instance VPN1
Restoring the next startup-configuration file from 2.2.2.2. in VPN VPN1....
Done.
# (Distributed devices in IRF mode.) Download test.cfg from the IPv6 TFTP server at 2001::2 in the public network, and specify the file as the main next-startup configuration file.
<Sysname> restore startup-configuration from ipv6 2001::2 test.cfg
Restoring the next startup-configuration file from 2001::2...
Done.
Related commands
backup startup-configuration
save
Centralized devices in standalone mode:
Use save file-url to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of the storage medium. This command automatically specifies the file as a next-startup configuration file.
Centralized devices in IRF mode:
Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of the storage medium. This command automatically saves the file on each member device and specifies the file as a next-startup configuration file.
Distributed devices in standalone mode:
Use save file-url [ all | slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of the storage medium. This command automatically saves the file on each MPU and specifies the file as a next-startup configuration file.
Distributed devices in IRF mode:
Use save file-url [ all | chassis chassis-number slot slot-number ] to save the running configuration to a configuration file, without specifying the file as a next-startup configuration file.
Use save [ safely ] [ backup | main ] [ force ] [ changed ] to save the running configuration to a file in the root directory of the storage medium. This command automatically saves the file on each MPU and specifies the file as a next-startup configuration file.
Syntax
Centralized devices in standalone mode:
save file-url
save [ safely ] [ backup | main ] [ force ] [ changed ]
Distributed devices in standalone mode/centralized devices in IRF mode:
save file-url [ all | slot slot-number ]
save [ safely ] [ backup | main ] [ force ] [ changed ]
Distributed devices in IRF mode:
save file-url [ all | chassis chassis-number slot slot-number ]
save [ safely ] [ backup | main ] [ force ] [ changed ]
Views
Any view
Predefined user roles
network-admin
Parameters
file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file. If the file path includes a folder name, the folder must already exist. (Centralized device in standalone mode.)
file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file. If you specify the all keyword or a member ID, the file path cannot include a member ID. If the file path includes a folder name, the folder must already exist. (Centralized devices in IRF mode.)
file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file. If you specify the all keyword or an MPU slot, the file path cannot include a chassis or slot number. If the file path includes a folder name, the folder must already exist. (Distributed devices in standalone or IRF mode.)
all: Saves the running configuration to both MPUs. If you do not specify this keyword or the slot slot-number option, the command saves the running configuration only to the active MPU. (Distributed devices in standalone mode.)
all: Saves the running configuration to all member devices. If you do not specify this keyword or the slot slot-number option, the command saves the running configuration only to the master. (Centralized device in IRF mode.)
all: Saves the running configuration to all MPUs. If you do not specify this keyword or the chassis chassis-number slot slot-number option, the command saves the running configuration only to the global active MPU in the IRF fabric. (Distributed devices in IRF mode.)
slot slot-number: Specifies the standby MPU by its slot number. If you do not specify the standby MPU or the all keyword, this command saves the running configuration only to the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies a subordinate device by its member ID. If you do not specify a subordinate device or the all keyword, this command saves the running configuration only to the master. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a standby MPU on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the standby MPU. If you do not specify a standby MPU or the all keyword, this command saves the running configuration only to the global active MPU in the IRF fabric. (Distributed devices in IRF mode.)
safely: Saves the configuration file in safe mode. If you do not specify this keyword, the device saves the configuration file in fast mode. Safe mode is slower than fast mode, but more secure. As a best practice, specify the safely keyword for the command.
backup: Saves the running configuration to a configuration file, and specifies the file as the backup next-startup configuration file. If you do not specify this keyword or the main keyword, the command specifies the saved file as the main next-startup configuration file.
main: Saves the running configuration to a configuration file, and specifies the file as the main next-startup configuration file. If you do not specify this keyword or the backup keyword, the command specifies the saved file as the main next-startup configuration file.
force: Saves the running configuration to the existing next-startup configuration file without prompting for confirmation. If you do not specify this keyword, the system prompts you to confirm the operation. If you do not confirm the operation within 30 seconds, the system automatically aborts the operation. If you enter Y within the time limit, you can continue the save process and change the target file name during the process.
changed: Overwrites the target configuration file with the running configuration if an inconsistency is detected between the settings in the configuration file and the running configuration. The save command does not take effect if no inconsistency is detected. If you do not specify this keyword, the save command always overwrites the target configuration file with the running configuration.
Usage guidelines
If the file specified for this command does not exist, the system creates the file before saving the configuration. If the file already exists, the system prompts you to confirm whether to overwrite the file. If you choose to not overwrite the file, the system cancels the save operation.
This command saves the running configuration to an .mdb binary file as well as a .cfg text file. The two files use the same file name. An .mdb file takes less time to load than a .cfg file.
In safe mode, the system saves configuration in a temporary file and starts overwriting the target next-startup configuration file after the save operation is complete. If a reboot, power failure, out of memory, or out of storage space event occurs during the save operation, the next-startup configuration file is retained.
In fast mode, the device directly overwrites the target next-startup configuration file. If a reboot, power failure, out of memory, or out of storage space event occurs during this process, all settings in the next-startup configuration file are lost.
Examples
# Save the running configuration to backup.cfg, without specifying the file as the next-startup configuration file.
<Sysname> save backup.cfg
The current configuration will be saved to flash:/backup.cfg. Continue? [Y/N]:y
Now saving current configuration to the device.
Saving configuration flash:/backup.cfg. Please wait...
Configuration is saved to device successfully.
# Save the running configuration to the main next-startup configuration file without any confirmation required.
<Sysname> save force
Validating file. Please wait....
Saved the current configuration to mainboard device successfully.
# (Centralized devices in standalone mode.) Save the running configuration to a file in the root directory of the default storage medium, and specify the file as the main next-startup configuration file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/backup.cfg]
(To leave the existing filename unchanged, press the enter key):test.cfg
Validating file. Please wait............
Configuration is saved to device successfully.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Save the running configuration to a file in the root directory of the storage medium, and specify the file as the main next-startup configuration file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Slot 1:
Save next configuration file successfully.
# (Distributed devices in IRF mode.) Save the running configuration to a file in the root directory of the flash memory, and specify the file as the main next-startup configuration file.
<Sysname> save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Chassis 1 Slot 1:
Save next configuration file successfully.
Related commands
display current-configuration
display saved-configuration
startup saved-configuration
Use startup saved-configuration to specify a file as a next-startup configuration file.
Use undo startup saved-configuration to set the system to start up with factory defaults at the next startup.
Syntax
startup saved-configuration cfgfile [ backup | main ]
undo startup saved-configuration
No next-startup configuration files are specified.
Views
Predefined user roles
network-admin
Parameters
cfgfile: Specifies the path of a configuration file, a string of up to 255 characters. The file must be a .cfg file. The file path cannot include chassis or slot information or any spaces. If the file is not on the default storage medium, you must specify the file name with storage medium information.
backup: Specifies the configuration file as the backup next-startup configuration file.
main: Specifies the configuration file as the main next-startup configuration file. This is the primary configuration file that the device attempts to load at startup. If the loading attempt fails, the device tries the backup next-startup configuration file.
Usage guidelines
CAUTION: In an IRF fabric, the undo startup saved-configuration command can cause an IRF split after the IRF fabric or an IRF member reboots. |
(Distributed devices.) To successfully execute the startup saved-configuration command, make sure the following requirements are met:
· The specified file has been saved in the root directory of the storage medium on each MPU. The command applies to all MPUs.
· On an IRF fabric, make sure the working directory has been set to a directory on the master device. To view the working directory, use the pwd command. To change the working directory, use the cd command. For more information about the pwd and cd commands, see file system management in Fundamentals Command Reference.
(Centralized devices.) To successfully execute the startup saved-configuration command, make sure the following requirements are met:
· In standalone mode, the specified file has been saved in the root directory of the storage medium on the device.
· On an IRF fabric:
¡ The specified file has been saved in the root directory of the storage medium on each member. The command applies to all IRF members.
¡ Make sure the working directory has been set to a directory on the master device. To view the working directory, use the pwd command. To change the working directory, use the cd command. For more information about the pwd and cd commands, see file system management in Fundamentals Command Reference.
If you do not specify the backup or main keyword, the startup saved-configuration command specifies the main next-startup configuration file.
As a best practice, specify different files as the main and backup next-startup configuration files.
The undo startup saved-configuration command changes the file attribute of the main and backup next-startup configuration files to NULL. However, the command does not delete the two configuration files.
You can also specify a configuration file as a next startup file when you use the save command to save the running configuration.
Examples
# Specify the main next-startup configuration file.
<Sysname> startup saved-configuration testcfg.cfg
Please wait ....... Done!
Related commands
display startup
Software upgrade commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
The router can start up from the built-in flash memory or the USB disk. As a best practice, store the startup images in the built-in flash memory. If you store the startup images on the USB disk, do not remove the USB disk during the startup process.
boot-loader file
Use boot-loader file to specify startup image files.
Syntax
Centralized devices in standalone mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { backup | main }
boot-loader file ipe-filename { backup | main }
Distributed devices in standalone mode/centralized devices in IRF mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | slot slot-number } { backup | main }
boot-loader file ipe-filename { all | slot slot-number } { backup | main }
Distributed devices in IRF mode:
boot-loader file boot boot-package system system-package [ feature feature-package&<1-30> ] { all | chassis chassis-number slot slot-number } { backup | main }
boot-loader file ipe-filename { all | chassis chassis-number slot slot-number } { backup | main }
Views
User view
Predefined user roles
network-admin
Parameters
boot boot-package: Specifies a .bin boot image file in the filesystemname/filename.bin format. The file must be stored in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters. For more information about specifying a file, see "Managing file systems."
system system-package: Specifies a .bin system image file in the filesystemname/filename.bin format. The file must be stored in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters. For more information about specifying a file, see "Managing file systems."
feature feature-package: Specifies a space-separated list of up to 30 .bin feature image files. Specify each .bin file in the filesystemname/filename.bin format. The files must be stored in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters. For more information about specifying a file, see "Managing file systems."
ipe-filename: Specifies an .ipe image package file in the filesystemname/filename.ipe format. The file must be stored in the root directory of a file system on the device. The filesystemname:/filename.ipe section can have a maximum of 63 characters. For more information about specifying a file, see "Managing file systems."
all: Specifies all hardware components to which the specified images apply. You can use this option to upgrade all hardware components that run the same images.
slot slot-number: Specifies the slot number of an MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies the IRF member ID of a member device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU in the IRF fabric. The chassis-number argument represents the IRF member ID of the device that holds the MPU. The slot-number argument represents the slot number of the MPU. (Distributed devices in IRF mode.)
backup: Specifies the files as backup startup image files. Backup images are used only when main images are not available.
main: Specifies the files as main startup image files. The device always first attempts to start up with main startup files.
Usage guidelines
To avoid configuration failure, make sure no other users are configuring or managing the device before executing this command.
Centralized devices in standalone mode:
To load the specified startup software images, you must reboot the system.
Before you specify startup image files, perform the following tasks:
· Save the upgrade files to the root directory of the storage medium. If the storage medium is partitioned, save the files to the root directory of the first partition.
· If the specified software images require a license, register and activate a license for each image. If a license-based software image lacks a license, the command execution result is as follows:
¡ If .bin files are specified, the command cannot be executed.
¡ If an .ipe file is specified, the command sets all images as startup images except for the image that does not have a license.
For more information about licensing, see Fundamentals Configuration Guide.
The boot-loader file command overwrites the entire startup image list. To add new startup feature images, specify all feature image files in the old startup image list, including feature image files. The new startup image list will contain only the feature image files that are specified in the command.
Distributed devices in standalone or IRF mode/centralized devices in IRF mode:
To load the specified startup software images, you must reboot the system.
Before you specify startup image files, perform the following tasks:
· Save the upgrade files to the root directory of any available storage medium. If the storage medium is partitioned, save the files to the root directory of the first partition.
· If the specified software images require a license, register and activate a license for each image. If a license-based software image lacks a license, the command execution result is as follows:
¡ If you specify .bin files, the command cannot be executed.
¡ If you specify an .ipe file, the command sets all images as startup software images except for the image that does not have a license.
For more information about licensing, see Fundamentals Configuration Guide.
If the upgrade images are not stored on the hardware in the slot you specified to upgrade, the system automatically copies the images to that hardware. The destination directory is the root directory of the storage medium on the hardware. If the destination root directory already contains a startup image with the same name as an upgrade image, you must choose whether to overwrite the image.
The boot-loader file command overwrites the entire startup image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup image list. The new startup image list will contain only the feature image files that are specified in the command.
(Centralized IRF devices.) Do not reboot any member device during the execution of this command. Member devices might not be able to come up.
(Distributed devices in standalone mode.) (Distributed devices in IRF mode.) Do not reboot any card during the execution of this command. Cards might not be able to come up.
Examples
# (Centralized devices in standalone mode.) Specify flash:/all.ipe as the main startup image file.
<Sysname> boot-loader file flash:/all.ipe main
Verifying the IPE file and the images............Done.
H3C MSR2600 images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to the device.
File flash:/boot.bin already exists on the device.
File flash:/system.bin already exists on the device.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on the device.
# (Centralized devices in standalone mode.) Specify flash:/boot.bin and flash:/system.bin as the main startup boot and system image files.
<Sysname> boot-loader file boot flash:/boot.bin system flash:/system.bin main
This command will set the main startup software images. Continue? [Y/N]:y
Verifying the file flash:/boot.bin on the device...Done.
Verifying the file flash:/system.bin on the device........Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on the device.
# (Distributed devices in standalone mode.) Specify flash:/all.ipe as the main startup image file for the MPU in slot 0.
<Sysname> boot-loader file flash:/all.ipe slot 0 main
Verifying the IPE file and the images............Done.
H3C MSR56-60 images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to slot 0.
File flash:/boot.bin already exists on slot 0.
File flash:/system.bin already exists on slot 0.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 0.
# (Centralized devices in IRF mode.) Specify flash:/all.ipe as the main startup image file for IRF member device 1.
<Sysname> boot-loader file flash:/all.ipe slot 1 main
Verifying the IPE file and the images............Done.
H3C MSR3610 images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to slot 1.
File flash:/boot.bin already exists on slot 1.
File flash:/system.bin already exists on slot 1.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.
# (Distributed devices in IRF mode.) Specify flash:/all.ipe as the main startup image file for the MPU in slot 0 on IRF member device 1.
<Sysname> boot-loader file flash:/all.ipe chassis 1 slot 0 main
Verifying the IPE file and the images............Done.
H3C MSR56-60 images in IPE:
boot.bin
system.bin
This command will set the main startup software images. Continue? [Y/N]:Y
Add images to chassis 1 slot 0.
File flash:/boot.bin already exists on chassis 1 slot 0.
File flash:/system.bin already exists on chassis 1 slot 0.
Overwrite the existing files? [Y/N]:Y
Decompressing file boot.bin to flash:/boot.bin........................Done.
Decompressing file system.bin to flash:/system.bin...............................Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on chassis 1 slot 0.
display boot-loader
boot-loader update
Distributed devices in standalone mode:
Use boot-loader update to synchronize startup images from the active MPU to the standby MPU.
Centralized devices in IRF mode:
Use boot-loader update to synchronize startup images from the master to a subordinate device.
Distributed devices in IRF mode:
Use boot-loader update to synchronize startup images from the global active MPU to a standby MPU.
Syntax
Distributed devices in standalone mode/centralized devices in IRF mode:
boot-loader update { all | slot slot-number }
Distributed devices in IRF mode:
boot-loader update { all | chassis chassis-number slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
all: Upgrades the standby MPU. (Distributed devices in standalone mode.)
all: Upgrades all the subordinate devices. (Centralized devices in IRF mode.)
all: Upgrades all standby MPUs in the IRF fabric. (Distributed devices in IRF mode.)
slot slot-number: Specifies the slot number of the standby MPU. (Distributed devices in standalone mode.)
slot: Specifies the IRF member ID of a subordinate device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a standby MPU. The chassis-number argument represents the IRF member ID of the device that holds the standby MPU. The slot-number argument represents the slot number of the standby MPU. (Distributed devices in IRF mode.)
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Distributed devices in standalone or IRF mode:
You can use this command to synchronize startup images after adding new MPUs.
If any of the startup software images require a license, register and activate a license for the image on the new MPU before executing this command. Use the display license feature command to verify the licensing state of software images.
The images used for synchronization are in the main or backup startup software images list instead of the current software images list (see the display boot-loader command).
· The main images list is used if the active MPU (in standalone mode) or global active MPU (in IRF mode) started up with the main startup images.
· The backup image list is used if the active MPU (in standalone mode) or global active MPU (in IRF mode) started up with the main startup images.
The startup images synchronized to the standby MPU are set as main startup images, regardless of whether the source startup images are main or backup.
If a patch has been installed or software upgrade has been performed by using install commands, use the install commit command to update the main startup images on the active MPU before software synchronization. This command ensures startup image consistency between the active MPU and the standby MPU.
Startup image synchronization fails if any software image being synchronized is not available or is corrupted.
Do not reboot any card during the execution of this command. Cards might not be able to come up.
Centralized devices in IRF mode:
You can use this command to synchronize startup images after adding new member devices.
If any of the startup software images require a license, register and activate a license for the image on the new subordinate device before executing this command. Use the display license feature command to verify the licensing state of software images.
The startup images synchronized to the subordinate device are set as main startup images, regardless of whether the source startup images are main or backup.
· If the master device has started up with main startup images, its main startup images are synchronized to the subordinate device, regardless of whether any main startup image has been respecified on the master device.
· If the master device has started up with backup startup images, its backup startup images are synchronized to the subordinate device, regardless of whether any backup startup image has been respecified on the master device.
If a patch has been installed or software upgrade has been performed by using install commands, use the install commit command to update the set of main startup images on the master before software synchronization. This command ensures startup image consistency between the master and the subordinate device.
Startup image synchronization fails if any software image being synchronized is not available or is corrupted.
Do not reboot any member device during the execution of this command. Member devices might not be able to come up.
Examples
# (Distributed devices in standalone mode.) Synchronize startup images from the active MPU to the standby MPU in slot 1.
<Sysname> boot-loader update slot 1
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Verifying the file flash:/ boot.bin on slot 0...Done.
Verifying the file flash:/ system.bin on slot 0....Done.
Copying main startup software images to slot 1. Please wait...
Done.
Setting copied images as main startup software images for slot 1...
Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 1.
Done.
Successfully updated the startup software images of slot 1.
# (Centralized devices in IRF mode.) Synchronize startup images from the master device to subordinate device 2.
<Sysname> boot-loader update slot 2
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Verifying the file flash:/ boot.bin on slot 1...Done.
Verifying the file flash:/ system.bin on slot 1....Done.
Copying main startup software images to slot 2. Please wait...
Done.
Setting copied images as main startup software images for slot 2...
Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on slot 2.
Successfully updated the startup software images of slot 2.
# (Distributed devices in IRF mode.) Synchronize startup images from the global active MPU to the MPU in slot 1 on IRF member device 1.
<Sysname> boot-loader update chassis 1 slot 1
This command will update the specified standby MPU. Continue? [Y/N]:y
Updating. Please wait...
Verifying the file flash:/ boot.bin on chassis 1 slot 0...Done.
Verifying the file flash:/ system.bin on chassis 1 slot 0....Done.
Copying main startup software images to chassis 1 slot 1. Please wait...
Done.
Setting copied images as main startup software images for chassis 1 slot 1...
Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on chassis 1 slot 1.
Successfully updated the startup software images of chassis 1 slot 1.
display boot-loader
install commit
bootrom update
Use bootrom update to load the Boot ROM image on the default storage medium to the Normal area of Boot ROM.
Syntax
Centralized devices in standalone mode:
bootrom update file file-url slot slot-number-list
Distributed devices in standalone mode/centralized devices in IRF mode:
bootrom update file file-url slot slot-number-list [ subslot subslot-number-list ]
Distributed devices in IRF mode:
bootrom update file file-url chassis chassis-number slot slot-number-list [ subslot subslot-number-list ]
Views
User view
Predefined user roles
network-admin
Parameters
file file-url: Specifies the file that contains the Boot ROM image. The file-url argument represents the file name, a string of 1 to 63 characters.
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number. (Centralized devices in standalone mode/distributed devices in standalone mode.)
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies an IRF member device by its member ID or a range of IRF member devices in the form of start-slot-number to end-slot-number. The end slot number must be equal to or greater than the start slot number. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
slot slot-number-list: Specifies a space-separated list of up to seven slot number items. An item specifies a card by its slot number or a range of cards in the form of start-slot-number to end-slot-number on the specified IRF member device. The end slot number must be equal to or greater than the start slot number. (Distributed devices in IRF mode.)
subslot subslot-number-list: Specifies a list of up to seven subslot number items. Each item specifies a subcard by its subslot number or a range of subcards in the form of start-subslot-number to end-subslot-number. If you do not specify a subcard, this command loads the Boot ROM image for the base card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
Boot ROM images are contained in the .bin Comware boot image file. You can specify a Comware boot image file in this command to upgrade the Boot ROMs in the system before you upgrade the Comware images. If you do not upgrade Boot ROMs before upgrading Comware images, the system automatically upgrades Boot ROMs as necessary when loading Comware images.
The new Boot ROM images take effect after you reboot the device.
Examples
# Use the file a.bin in the root directory of the flash memory to upgrade the Boot ROM image.
<Sysname> bootrom update file flash:/a.bin
This command will update the Boot ROM file on the specified board(s), Continue? [Y/N]:y
Now updating the Boot ROM, please wait...
.............Done.
Related commands
boot-loader file
display boot-loader
Use display boot-loader to display current software images and startup software images.
Syntax
Centralized devices in standalone mode:
display boot-loader
Distributed devices in standalone mode/centralized devices in IRF mode:
display boot-loader [ slot slot-number ]
Distributed devices in IRF mode:
display boot-loader [ chassis chassis-number [ slot slot-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the slot number of an MPU. If you do not specify an MPU, this command displays the software images on each MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies the member ID of an IRF member device. If you do not specify a member device, this command displays the software images on each IRF member device. (Centralized devices in IRF mode.)
chassis chassis-number [slot slot-number ]: Specifies an IRF member device or an MPU in an IRF member device. The chassis-number argument represents the IRF member ID of the device. The slot-number argument represents the slot number of the MPU on the device. If you do not specify an IRF member device, this command displays the software images on each MPU in the IRF fabric. If you specify an IRF member device without specifying an MPU, this command displays the software images on each MPU on the specified member device. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display the current software images and startup software images.
<Sysname> display boot-loader
Software images on the device:
Current software images:
flash:/boot.bin
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the current software images and startup software images.
<Sysname> display boot-loader
Software images on slot 0:
Current software images:
flash:/boot.bin
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
# (Distributed devices in IRF mode.) Display current software images and startup software images.
<Sysname> display boot-loader
Software images on chassis 0 slot 1:
Current software images:
flash:/boot.bin
flash:/system.bin
Main startup software images:
flash:/boot.bin
flash:/system.bin
Backup startup software images:
flash:/boot.bin
flash:/system.bin
Table 25 Command output
Field |
Description |
Software images on slot slot-number |
This field displays the Comware images on the MPU in the specified slot. (Centralized devices in standalone mode.) This field displays the Comware images on the member device. The slot number represents the device's IRF member ID. (Centralized devices in IRF mode.) |
Software images on chassis chassis-id slot slot-number |
This field displays the Comware images on the specified MPU. The chassis ID represents the IRF member ID, and the slot number represents the MPU's slot number. (Distributed devices in IRF mode.) |
Current software images |
Comware images that have been loaded. |
Main startup software images |
Primary Comware images for the next startup. |
Backup startup software images |
Backup Comware images for the next startup. |
Related commands
boot-loader file
display install active
Use display install active to display active software images.
Syntax
Centralized devices in standalone mode:
display install active [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install active [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install active [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Examples
# (Centralized devices in standalone mode.) Display active software images.
<Sysname> display install active
Active packages on the device:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display active software images.
<Sysname> display install active
Active packages on slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Distributed devices in IRF mode.) Display active software images.
<Sysname> display install active
Active packages on chassis 1 slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Centralized devices in standalone mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on the device:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: test
Description: test package
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on slot 1:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
# (Distributed devices in IRF mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on chassis 1 slot 1:
flash:/boot.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
Field |
Description |
Active packages on the device |
Active software images on the device. (Centralized devices in standalone mode.) |
Active packages on slot n |
Active software images on the card in the specified slot. (Distributed devices in standalone mode.) |
Active packages on slot n |
Active software images on the specified member. The argument n indicates the member ID of the member. (Centralized devices in IRF mode.) |
Active packages on chassis m slot n |
Active software images on the card in the specified slot of the specified member. (Distributed devices in IRF mode.) |
[Package] |
Detailed information about the software image. |
Service name |
Image type: · boot—Boot image. · system—System image. · boot patch—Patch image for the boot image. · system patch—Patch image for the system image. · Any other value indicates a feature image. |
Supported board |
Cards supported by the software image: · cen—Centralized device. · mpu—MPU. · lc—LPU. |
[Component] |
Information about components included in the image file. |
Related commands
install active
display install backup
Use display install backup to display backup startup software images.
Syntax
Centralized devices in standalone mode:
display install backup [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install backup [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install backup [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Usage guidelines
Backup startup images are used only when the main boot or system image is missing or corrupt. For more information, see Fundamental Configuration Guide.
To modify the backup startup image list, you must use the boot-loader file command.
Examples
# (Centralized devices in standalone mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in IRF mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on chassis 1 slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed information about backup startup software images.
<Sysname> display install backup verbose
Backup startup software images on slot 1:
flash:/boot-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
For information about the command output, see Table 26.
Related commands
boot-loader file
display install committed
display install committed
Use display install committed to display main startup software images.
Syntax
Centralized devices in standalone mode:
display install committed [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install committed [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install committed [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Usage guidelines
Some install commands do not modify the main startup image list. For the software image changes to take effect after reboot, you must execute the install commit command to update the main startup image list with the image changes. You can use the display install committed command to verify the operation results.
Both the install commit and boot-loader file commands modify the main startup software image list.
Examples
# Display the main startup software images.
<Sysname> display install committed
Committed packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
flash:/feature.bin
# Display detailed information about main startup software images.
<Sysname> display install committed verbose
Committed packages on the device:
flash:/boot-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
flash:/ssh-feature.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 26.
Related commands
boot-loader file
display install backup
install commit
display install inactive
Use display install inactive to display inactive software images in the root directories of file systems.
Syntax
Centralized devices in standalone mode:
display install inactive [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install inactive [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install inactive [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Examples
# Display brief information about inactive software images in the root directories of the file systems.
<Sysname> display install inactive
Inactive packages on the device:
flash:/ssh-feature.bin
# Display detailed information about inactive software images in the root directories of the file systems.
<Sysname> display install inactive verbose
Inactive packages on the device:
flash:/ssh-feature.bin
[Package]
Vendor: H3C
Product: XXXX
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 26.
Related commands
install deactivate
display install ipe-info
Use display install ipe-info to display the software images included in an .ipe file.
Syntax
display install ipe-info ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
Examples
# Display information about the .ipe file flash:/test.ipe.
<Sysname> display install ipe-info flash:/test.ipe
Verifying the file flash:/test.ipe on the device................Done.
H3C MSR3600 images in IPE:
boot.bin
system.bin
Related commands
display install package
display install job
Use display install job to display ongoing activate, deactivate, and rollback operations.
Syntax
display install job
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# (Centralized devices in standalone mode.) Display ongoing activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on the device
The output shows that the device is executing the install activate flash:/ssh-feature.bin command.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display ongoing activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin slot 1 command.
# (Distributed devices in IRF mode.) Display ongoing activate, deactivate, and rollback operations.
JobID:5
Action:install activate flash:/ssh-feature.bin on chassis 1 slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin chassis 1 slot 1 command.
display install log
Use display install log to display log information for upgrades that use install commands.
Syntax
display install log [ log-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
log-id: Specifies a log entry by its ID. If you do not specify this argument, the command displays all log entries.
verbose: Displays detailed log information. If you do not specify this keyword, the command displays brief log information.
Usage guidelines
The device creates one log entry for each upgrade operation to track the upgrade process and operation result.
The upgrade log can contain a maximum of 50 entries. The latest entry overwrites the oldest entry if the log is full.
Examples
# Display all log entries for upgrades that use install commands.
<Sysname> display install log
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
# Displays detailed information about log entry 1 for the upgrade that uses install commands.
<Sysname> display install log 1 verbose
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Obtained the Upgrade Way successfully.
Got upgrade policy successfully.
Related commands
reset install log-history oldest
display install package
Use display install package to display software image file information.
Syntax
display install package { filename | all } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
all: Specifies all software image files in the root directories of the device's file systems. (Centralized devices in standalone mode.)
all: Specifies all software image files in the root directories of the active MPU's file systems. (Distributed devices in standalone mode.)
all: Specifies all software image files in the root directories of the master's file systems. (Centralized devices in IRF mode.)
all: Specifies all software image files in the root directories of the file systems on the global active MPU. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only basic software image information.
Examples
# Display information about system.bin.
<Sysname> display install package flash:/system.bin
flash:/system.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
# Display detailed information about system.bin.
<Sysname> display install package flash:/system.bin verbose
flash:/system.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
[Component]
Component: system
Description: system package
For information about the command output, see Table 26.
display install rollback
Use display install rollback to display rollback point information.
Syntax
display install rollback [ point-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
point-id: Specifies a rollback point ID. If you do not specify a rollback point ID, the command displays all rollback points.
Examples
# Display all rollback points.
<Sysname> display install rollback
Install rollback information 1 on the device:
Updating from flash:/route-1.bin
to flash:/route-2.bin.
Install rollback information 2 on the device:
Deactivating flash:/route-2.bin
The output shows that the device has two rollback points.
· At rollback point 1, flash:/route-1.bin was upgraded to flash:/route-2.bin.
· At rollback point 2, flash:/route-2.bin was deactivated.
Related commands
install rollback
reset install rollback oldest
display install which
Use display install which to display all software image files that include a specific component or file.
Syntax
Centralized devices in standalone mode:
display install which { component name | file filename }
Distributed devices in standalone mode/centralized devices in IRF mode:
display install which { component name | file filename } [ slot slot-number ]
Distributed devices in IRF mode:
display install which { component name | file filename } [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
component name: Specifies a component name.
file filename: Specifies a file in the filename.extension format, a case-insensitive string of up to 63 characters. It cannot contain path information.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
Usage guidelines
A component is a collection of features. The features of a component are installed or uninstalled at the same time.
When the system displays a component or file error, use this command to identify the relevant image files before you make a software upgrade decision.
This command searches only the root directory of the storage medium.
Examples
# Display all software image files that include pkg_ctr.
<Sysname> display install which file pkg_ctr
Verifying the file flash:/system-d2601006.bin on the device........................Done.
Found pkg_ctr in flash:/system-d2601006.bin on the device.
flash:/system-d2601006.bin
[Package]
Vendor: H3C
Product: RT-MSR810-LMS
Service name: system
Platform version: 7.1.060
Product version: Demo 2601006
Supported board: mpu
Verifying the file flash:/boot-d2601007.bin on the device.....Done.
Table 27 Command output
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
[Package] |
Detailed information about the software image. |
Service name |
Image type: · boot—Boot image. · system—System image. · patch—Patch image. · Any other value indicates a feature image. |
Supported board |
Cards supported by the software image: · cen—Centralized device. · mpu—MPU. · lc—LPU. |
display version comp-matrix
Use display version comp-matrix to display the recommended upgrade methods.
Syntax
display version comp-matrix file { boot filename | system filename | feature filename&<1-30> } *
display version comp-matrix file ipe ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of the default file system (centralized device in standalone mode), active MPU (distributed device in standalone mode), global active MPU (distributed device in IRF mode), or master device (centralized device in IRF mode). This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
ipe ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode), active MPU (distributed device in standalone mode), global active MPU (distributed device in IRF mode), or master device (centralized device in IRF mode). This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
Examples
# (Centralized devices in standalone mode.) Display the recommended upgrade method. (In this example, the specified images are incompatible with the running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system flash:/system-e2205.bin feature flash:/dhcp-e2205.re.bin
Verifying the file flash:/dhcp-e2205.re.bin on the device.....Done.
Verifying the file flash:/boot-e2205.bin on the device.....Done.
Verifying the file flash:/system-e2205.bin on the device.....Done.
Incompatible upgrade.
# (Centralized devices in IRF mode.) Display the recommended upgrade methods. (In this example, the specified images are compatible with the running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system flash:/system-e2205.bin feature flash:/dhcp-e2205.incom.bin
Verifying the file flash:/dhcp-e2205.incom.bin on slot 2.....Done.
Verifying the file flash:/boot-e2205.bin on slot 2.....Done.
Verifying the file flash:/system-e2205.bin on slot 2.....Done.
Slot Upgrade Way
2 File Upgrade
# (Distributed devices in standalone mode.) Display the recommended upgrade methods. (In this example, the specified image is compatible with the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7125.bin
Verifying the file flash:/cmw710-cfa-a7125.bin on slot 0.....Done.
Slot Upgrade Way
0 Service Upgrade
1 Service Upgrade
1.1 Service Upgrade
4 Service Upgrade
Influenced service according to following table on slot 0:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 4:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1.1:
flash:/cmw710-cfa-a7125.bin
CFA
# (Distributed devices in IRF mode.) Display compatibility information for a feature upgrade image as well as the recommended upgrade methods. (In this example, the specified image is compatible with the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7122.bin
Verifying the file flash:/cmw710-cfa-a7122.bin on chassis 1 slot 0.....Done.
Identifying the upgrade methods...Done.
Chassis Slot Upgrade Way
1 0 Service Upgrade
1 0.1 Service Upgrade
1 7 Service Upgrade
1 9 Service Upgrade
2 0 Service Upgrade
2 0.1 Service Upgrade
2 1 Service Upgrade
2 6 Service Upgrade
Influenced service according to following table on chassis 1 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 7:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 9:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 6:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
Influenced service according to following table |
Services that will be affected by the upgrade. This field is displayed only for compatible versions. |
Incompatible upgrade |
You are upgrading the software to an incompatible version. |
Chassis |
Member ID of the device in the IRF fabric. This field is displayed only for compatible versions in IRF mode. |
Slot |
Slot number of the card. This field is displayed only for compatible versions. (Distributed devices in standalone or IRF mode.) Member ID of the device in the IRF fabric. This field is displayed only for compatible versions. (Centralized devices in IRF mode.) |
Upgrade Way |
Upgrade method to be used for a compatible version: · Service Upgrade. · File Upgrade. · Reboot. This field is displayed only for compatible versions. For more information about upgrade methods, see Fundamentals Configuration Guide. |
firmware update
Use firmware update to upgrade firmware.
Syntax
Centralized devices in standalone mode:
firmware update slot slot-number { cpld cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
Distributed devices in standalone mode/centralized devices in IRF mode:
firmware update slot slot-number subslot subslot-number { cpld cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
Distributed devices in IRF mode:
firmware update chassis chassis-number slot slot-number subslot subslot-number { cpld cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
Views
User view
Predefined user roles
network-admin
Parameters
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the IRF member ID. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device. The slot-number argument represents its IRF member ID. (Centralized devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, the command upgrades firmware for all subcards on the base card.
cpld cpld-number: Specifies a complex programmable logical device (CPLD) by its number.
The following matrix shows the cpld cpld-number option and hardware compatibility:
Hardware |
Option compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
fpga fpga-number: Specifies a field programmable gate array (FPGA) by its number.
The following matrix shows the fpga fpga-number option and hardware compatibility:
Hardware |
Option compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
cpu cpu-number: Specifies a CPU by its number.
The following matrix shows the cpu cpu-number option and hardware compatibility:
Hardware |
Option compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
module module-number: Specifies a module by its number.
file filename: Specifies an upgrade file in the filesystemname/filename.extension format. The value string excluding the file system location section (if any) can have a maximum of 63 characters. For more information about specifying a file, see "Managing file systems."
Usage guidelines
Use this command to upgrade firmware that cannot be upgraded using the boot-loader command.
To complete the firmware upgrade, you must power cycle the card or subcard.
To power cycle a card or subcard, use one of the following methods:
· Power cycle the device.
· Remove and reinsert the card or subcard.
· Execute the power-supply off command, and then execute the power-supply on command.
Examples
# (Centralized devices in standalone mode.) Upgrade CPLD 1.
<Sysname> firmware update slot 0 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Distributed devices in standalone mode.) Upgrade CPLD 1 in slot 1.
<Sysname> firmware update slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Centralized devices in IRF mode.) Upgrade CPLD 1 on IRF member device 1.
<Sysname> firmware update slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
# (Distributed devices in IRF mode.) Upgrade CPLD 1 in slot 1 on IRF member device 1.
<Sysname> firmware update chassis 1 slot 1 cpld 1 file package.bin
Updating firmware for CPLD on the specified card or subcard. Continue?[Y/N]:y
Updating the firmware…
Please power cycle the card or subcard to activate the firmware.
install abort
Use install abort to abort ongoing upgrade operations performed by using install commands .
Syntax
install abort [ job-id ]
Views
User view
Predefined user roles
network-admin
Parameters
job-id: Specifies the job ID of an upgrade operation. If you do not specify this argument, the command aborts all ongoing software image activate and deactivate operations.
Usage guidelines
The system creates a software image management job each time you use the install activate, install add, install commit, install deactivate, install remove, or install rollback to command. Each job represents one command and is assigned a unique job ID. You can abort only ongoing activate and deactivate operations.
When you abort an ongoing activate or deactivate operation, the system rolls back to the status it was in before the operation was started.
To obtain the ID of a job, use the display install job command.
Examples
# Abort all ongoing upgrade operations.
<Sysname> install abort
Related commands
display install job
install activate
Use install activate to activate software images, or identify the upgrade method and the possible impact on the device.
Syntax
Centralized devices in standalone mode:
install activate { boot filename | system filename | feature filename&<1-30> } * [ test ]
install activate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * slot slot-number [ test ]
install activate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * chassis chassis-number slot slot-number [ test ]
install activate patch filename { all | chassis chassis-number slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters. (Centralized devices in standalone mode.)
filename: Specifies a .bin file in the filesystemname/filename.bin format. A boot, system, or feature image file must be saved in the root directory of a file system on the device. A patch image file must be saved in the root directory of a file system on the master (centralized device in IRF mode), active MPU (distributed device in standalone mode), or global active MPU (distributed device in IRF mode). The value string excluding the file system location section (if any) can have a maximum of 63 characters.
all: Specifies all cards. (Distributed devices in standalone mode.)
all: Specifies all member devices. (Centralized devices in IRF mode.)
all: Specifies all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
test: Only identifies the upgrade method to be used for the upgrade. If you do not specify this keyword, the command activates the specified software images.
Before you use this command to activate a software image, read the release notes to identify the licensing requirements for the image. If the image requires a license, make sure the device has a valid license installed for the image.
An image runs in memory immediately after it is activated. For an activated image to run after a reboot, you must commit the software change by using the install commit command.
You can install up to 32 .bin files on the device, including one boot image file, one system image file, and up to 30 feature or patch image files.
On a distributed device in standalone mode, follow these guidelines:
· If you specify the active MPU, the command takes effect on the active MPU and all LPUs.
· If you specify the standby MPU, the command takes effect only on the standby MPU.
· If the specified files are not saved on the MPU to be upgraded, the command copies the images to the MPU automatically.
On an IRF fabric of distributed devices, follow these guidelines:
· If you specify the global active MPU, the command takes effect on the global active MPU and all LPUs.
· If you specify a standby MPU, the command takes effect on the standby MPU.
· If the specified files are not saved on the MPU to be upgraded, the command copies the images to the MPU automatically.
On an IRF fabric of centralized devices:
If you specify a subordinate member for the command, the command copies the images to the subordinate member automatically.
On a multichassis IRF fabric:
At reboot, a subordinate device automatically synchronizes the master device's configuration and status data. You must wait for the synchronization to complete before using the install activate command on the subordinate device. To identify whether the synchronization is complete, use the display system stable state command. The synchronization is complete if the System State field displays Stable.
Examples
# (Centralized devices in standalone mode.) Identify the upgrade method for feature upgrade with ssh2.bin and the upgrade impact on the device.
<Sysname> install activate feature flash:/ssh2.bin test
Verifying the file flash:/ssh2.bin on the device.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Upgrade Way: Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Distributed devices in standalone mode.) Identify the upgrade method for feature upgrade with ssh2.bin on the standby MPU (in slot 1) and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 1 test
Copying file flash:/ssh2.bin to slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Slot Upgrade Way
1 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Centralized devices in IRF mode.) Identify the upgrade method for feature upgrade with ssh2.bin on subordinate member 2 and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 2 test
Copying file flash:/ssh2.bin to slot2#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 2.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Slot Upgrade Way
2 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Distributed devices in IRF mode.) Identify the upgrade method for feature upgrade with ssh2.bin on the global standby MPU in slot 1 of IRF member 1 and the upgrade impact.
<Sysname>install activate feature flash:/ssh2.bin chassis 1 slot 1 test
Copying file flash:/ssh2.bin to chassis1#slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on chassis 1 slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Chassis Slot Upgrade Way
1 1 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Centralized devices in standalone mode.) Activate the system image in system.bin and the feature images in feature.bin.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin
Verifying the file flash:/feature.bin on the device.....Done.
Verifying the file flash:/system.bin on the device.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
NONE Beta 1330
Upgrade Way: Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Distributed devices in standalone mode.) Activate the system image in system.bin and the feature images in feature.bin on the standby MPU (in slot 1).
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 1
Copying file flash:/system.bin to slot1#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Copying file flash:/feature.bin to slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
None Beta 1330
Slot Upgrade Way
1 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Centralized devices in IRF mode.) Activate the system image in system.bin and the feature images in feature.bin on member device 2.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 2
Copying file flash:/system.bin to slot2#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 2.....Done.
Copying file flash:/feature.bin to slot2#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 2.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
None Beta 1330
Slot Upgrade Way
2 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Distributed devices in IRF mode.) Activate the feature images in feature.bin on the global standby MPU in slot 1 of IRF member 1.
<Sysname> install activate feature flash:/feature.bin chassis 1 slot 1
Copying file flash:/feature.bin to chassis1#slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on chassis 1 slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/route-feature.bin
Running Version New Version
None Beta 1330
Chassis Slot Upgrade Way
1 1 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
Table 29 Command output
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
Upgrade summary according to following table |
Upgrade summary. |
Running Version |
Version number of the running software. |
New Version |
Version number of the new software. |
Chassis |
Member ID of the device in the IRF fabric. This field is available only in IRF mode. |
Slot |
Number of the slot where the card resides. (Distributed devices in standalone or IRF mode.) Member ID of the device in the IRF fabric. (Centralized devices in IRF mode.) |
Upgrade Way |
Upgrade methods: · Service Upgrade. · File Upgrade. · Reboot. This field is displayed only for an upgrade to a compatible version. For more information about upgrade methods, see Fundamentals Configuration Guide. |
Influenced service according to following table |
Services influenced by the upgrade. |
Related commands
display install active
install commit
install deactivate
install add
Use install add to decompress an .ipe file.
Syntax
install add ipe-filename filesystem
Views
User view
Predefined user roles
network-admin
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
filesystem: Specifies the destination file system for the software images in the filesystemname format.
Usage guidelines
To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file, use this command to decompress the .ipe file before you start the upgrade.
To identify software images that are included in an .ipe file, use the display install ipe-info command.
Examples
# Decompress all.ipe to the flash memory.
<Sysname> install add flash:/all.ipe flash:
Verifying the file flash:/all.ipe on the device...Done.
Decompressing file boot.bin to flash:/boot.bin.......................Done.
Decompressing file system.bin to flash:/system.bin.................................Done.
install commit
Use install commit to commit software changes.
Syntax
install commit
Views
User view
Predefined user roles
network-admin
Usage guidelines
Before you use this command, read the release notes to identify software image licensing requirements. Make sure the device has valid licenses for all license-based images.
This command modifies the main startup software image list to be the same as the current software image list.
You must execute this command after using the following commands:
· The install activate command in an incremental upgrade.
· The install deactivate command.
· The install rollback command.
In a reboot upgrade, the install activate command modifies both the current and startup software image lists. You do not need to commit software changes.
Both the install commit and boot-loader file commands modify the main startup software image list. To modify the backup startup image list or add inactive images as main startup images, however, you must use the boot-loader file command.
For more information about main and backup startup software images, see Fundamental Configuration Guide.
Examples
# Commit software changes.
<Sysname> install commit
This operation will take several minutes, please wait...........................Done.
Related commands
install activate
install deactivate
install rollback
install deactivate
Use install deactivate to deactivate feature images and patch images.
Syntax
Centralized devices in standalone mode:
install deactivate feature filename&<1-30>
install deactivate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install deactivate feature filename&<1-30> slot slot-number
install deactivate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install deactivate feature filename&<1-30> chassis chassis-number slot slot-number
install deactivate patch filename chassis chassis-number { all | slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode) or on the specified slot. This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
all: Specifies all cards on which the specified patch image file has been activated. (Distributed devices in standalone mode.)
all: Specifies all member devices on which the specified patch image file has been activated. (Centralized devices in IRF mode.)
all: Specifies all cards on which the specified patch image file has been activated. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
Usage guidelines
You can deactivate only active feature and patch images.
To prevent deactivated images from running after a reboot, you must commit the software changes by using the install commit command.
At reboot, a subordinate device automatically synchronizes the master device's configuration and status data. You must wait for the synchronization to complete before using the install deactivate command on the subordinate device. To identify whether the synchronization is complete, use the display system stable state command. The synchronization is complete if the System State field displays Stable.
Examples
# (Centralized devices in standalone mode.) Deactivate the patch images in file route-patch.bin.
<Sysname> install deactivate patch flash:/route-patch.bin
# (Distributed devices in standalone mode.) Deactivate the patch images in route-patch.bin on slot 0.
<Sysname> install deactivate patch flash:/route-patch.bin slot 0
# (Centralized devices in IRF mode.) Deactivate the patch images in route-patch.bin on IRF member 1.
<Sysname> install deactivate patch flash:/route-patch.bin slot 1
# (Distributed devices in IRF mode.) Deactivate the patch images in route-patch.bin on slot 0 of IRF member 1.
<Sysname> install deactivate feature flash:/route-feature.bin chassis 1 slot 0
Related commands
display install active
display install inactive
install remove
Use install remove to delete an inactive software image file.
Syntax
Centralized devices in standalone mode:
install remove { filename | inactive }
Distributed devices in standalone mode/centralized devices in IRF mode:
install remove [ slot slot-number ] { filename | inactive }
Distributed devices in IRF mode:
install remove [ chassis chassis-number slot slot-number ] { filename | inactive }
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command deletes inactive software images from all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command deletes inactive software images from all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command deletes inactive software images from all cards. (Distributed devices in IRF mode.)
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode) or on the specified slot. This argument cannot contain slot or chassis information, and can have a maximum of 63 characters.
inactive: Deletes all inactive software image files in the root directories of the specified file systems.
Usage guidelines
You can use this command only to delete inactive software image files that are saved in root directories of file systems.
This command permanently deletes the image file from the device. You cannot use the install rollback to command to revert the operation, or use the install abort command to abort the operation.
Examples
# Delete the inactive software image file flash:/ssh-feature.bin.
<Sysname> install remove flash:/ssh-feature.bin
install rollback to
Use install rollback to to roll back the software to an earlier rollback point.
Syntax
install rollback to { point-id | original }
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point ID. This option is supported only when there are two or more rollback points. To identify available rollback points, use the display install rollback command.
original: Rolls back to the software images that were running before the upgrade that uses install commands.
Usage guidelines
The system creates a rollback point for each incremental upgrade performed through an activate or deactivate operation. The rollback points are retained until the install commit command is executed.
After a reboot upgrade is performed, you can roll back the running software images only to the status before any activate or deactivate operations were performed.
After a commit operation is performed, you cannot perform a rollback.
For a rollback to take effect after a reboot, you must perform a commit operation to update the main startup software image list.
The device supports a maximum of 50 rollback points. The earliest rollback point is deleted if this limit has been reached when a rollback point is created.
Patch images do not support rollback.
Examples
# Roll back the software to rollback point 1.
<Sysname> install rollback to 1
# Roll back the software to the original software versions and observe the change made by the rollback.
<Sysname> display install active
Active packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
flash:/ssh-feature-a0201.bin
<Sysname> display install rollback
Install rollback information 1 on the device:
Updating from no package
to flash:/ssh-feature-a0201.bin.
The output shows that currently three image files are active but only two of them are confirmed. The image file flash:/ssh-feature-a0201.bin is not confirmed yet.
<Sysname> install rollback to original
<Sysname> display install active
Active packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
<Sysname> display install committed
Committed packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
The output shows the SSH feature has been rolled back to the original software version. The image file flash:/ssh-feature-a0201.bin has been removed.
Related commands
display install rollback
install verify
Use install verify to verify the software change commit status, image integrity, and image consistency.
Syntax
install verify
Views
User view
Predefined user roles
network-admin
Usage guidelines
To make sure the system can start up and operate correctly after an upgrade performed by using install commands, execute this command to verify the following items:
· Integrity—Verify that the boot, system, and feature images are integral.
· Consistency—Verify that the same active images are running across the entire system.
· Software commit status—Verify that the active images are committed as needed.
If a software image fails the verification, perform the following tasks to resolve the problem:
· To ensure software integrity, download and install the software images again.
· To guarantee software image consistency or change software commit status, use the install activate, install deactivate, and install commit commands as appropriate.
Examples
# (Centralized devices in standalone mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on the device are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on the device:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on the device...........Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on the device............Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in standalone mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Centralized devices in IRF mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 2:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 2.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 2.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in IRF mode.) Verify the software change confirmation status and software image integrity and consistency.
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on chassis 1 slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on chassis 1 slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
reset install log-history oldest
Use reset install log-history oldest to clear log entries for upgrade operations performed by using install commands.
Syntax
reset install log-history oldest log-number
Views
User view
Predefined user roles
network-admin
Parameters
log-number: Specifies the number of log entries to be deleted.
Usage guidelines
This command clears the specified number of log entries, beginning with the oldest log entry.
Examples
# Clear the two oldest log entries for upgrade operations performed by using install commands.
<Sysname> reset install log-history oldest 2
Related commands
display install log
reset install rollback oldest
Use reset install rollback oldest to clear rollback points for upgrade operations performed by using install commands.
Syntax
reset install rollback oldest point-id
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point by its ID.
Usage guidelines
This command clears the specified rollback point and all rollback points older than the specified rollback point.
Examples
# Clear rollback point 2 and all rollback points older than rollback point 2.
<Sysname> reset install rollback oldest 2
Related commands
display install rollback
version auto-update enable
Use version auto-update enable to enable software synchronization from active MPU to standby MPU at startup.
Use undo version auto-update enable to disable this feature.
Syntax
version auto-update enable
undo version auto-update enable
Default
Software synchronization from active MPU to standby MPU is enabled. If software inconsistency is detected at startup, the standby MPU loads the current software images of the active MPU.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available on distributed devices in standalone mode.
To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.
The startup software version check feature examines the standby MPU's startup software images for version inconsistency with the active MPU's current software images at startup. If their software versions are different, the standby MPU copies the current software images of the active MPU, specifies them as main startup software images, and reboots with these images.
To ensure a successful synchronization in a multiuser environment, make sure no one reboots or swaps MPUs during the software synchronization process. You can configure the information center to output the synchronization status to configuration terminals (see Network Management and Monitoring Configuration Guide).
Examples
# Enable software auto-update for the standby MPU.
<Sysname> system-view
[Sysname] version auto-update enable
Related commands
version check ignore
version check ignore
Use version check ignore to disable startup software version check for the standby MPU at startup.
Use undo version check ignore to enable this feature.
Syntax
version check ignore
undo version check ignore
Default
The startup software images on the standby MPU are checked for version inconsistency with the current software images on the active MPU.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is available in standalone mode.
When the standby MPU starts up, this command disables the system to examine the standby MPU's startup software images for version inconsistency with the active MPU's current software images. The standby MPU can start up with a different software version than the active MPU.
To avoid anomalies, do not disable startup software version check for the standby MPU unless for software upgrade.
To make sure the standby MPU always runs the same software images as the active MPU, configure both the version auto-update enable command and the undo version check ignore command.
Examples
# Enable startup software version check for the standby MPU.
<Sysname> system-view
[Sysname] undo version check ignore
Related commands
version auto-update enable
ISSU commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
display install active
Use display install active to display active software images.
Syntax
Centralized devices in standalone mode:
display install active [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install active [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install active [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Examples
# (Centralized devices in standalone mode.) Display active software images.
<Sysname> display install active
Active packages on the device:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display active software images.
<Sysname> display install active
Active packages on slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Distributed devices in IRF mode.) Display active software images.
<Sysname> display install active
Active packages on chassis 1 slot 1:
flash:/boot.bin
flash:/system.bin
flash:/feature.bin
# (Centralized devices in standalone mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on the device:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: cen
[Component]
Component: test
Description: test package
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on slot 1:
flash:/boot.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: XXX
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
# (Distributed devices in IRF mode.) Display detailed information about active software images.
<Sysname> display install active verbose
Active packages on chassis 1 slot 1:
flash:/boot.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: boot
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: system
Description: system package
flash:/feature.bin
[Package]
Vendor: xxx
Product: xxxx
Service name: test
Platform version: 7.1.022
Product version: Test 2201
Supported board: mpu
[Component]
Component: test
Description: test package
Field |
Description |
Active packages on the device |
Active software images on the device. (Centralized devices in standalone mode.) |
Active packages on slot n |
Active software images on the card in the specified slot. (Distributed devices in standalone mode.) |
Active packages on slot n |
Active software images on the specified member. The argument n indicates the member ID of the member. (Centralized devices in IRF mode.) |
Active packages on chassis m slot n |
Active software images on the card in the specified slot of the specified member. (Distributed devices in IRF mode.) |
[Package] |
Detailed information about the software image. |
Service name |
Image type: · boot—Boot image. · system—System image. · boot patch—Patch image for the boot image. · system patch—Patch image for the system image. · Any other value indicates a feature image. |
Supported board |
Cards supported by the software image: · cen—Centralized device. · mpu—MPU. · lc—LPU. |
[Component] |
Information about components included in the image file. |
Related commands
install active
display install backup
Use display install backup to display backup startup software images.
Syntax
Centralized devices in standalone mode:
display install backup [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install backup [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install backup [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Usage guidelines
Backup startup images are used only when the main boot or system image is missing or corrupt. For more information, see Fundamental Configuration Guide.
To modify the backup startup image list, you must use the boot-loader file command.
Examples
# (Centralized devices in standalone mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in IRF mode.) Display the backup startup software images.
<Sysname> display install backup
Backup startup software images on chassis 1 slot 1:
flash:/boot-a0201.bin
flash:/system-a0201.bin
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display detailed information about backup startup software images.
<Sysname> display install backup verbose
Backup startup software images on slot 1:
flash:/boot-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mpu
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
For information about the command output, see Table 30.
Related commands
boot-loader file
display install committed
display install committed
Use display install committed to display main startup software images.
Syntax
Centralized devices in standalone mode:
display install committed [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install committed [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install committed [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Usage guidelines
Some install commands do not modify the main startup image list. For the software image changes to take effect after reboot, you must execute the install commit command to update the main startup image list with the image changes. You can use the display install committed command to verify the operation results.
Both the install commit and boot-loader file commands modify the main startup software image list.
Examples
# Display the main startup software images.
<Sysname> display install committed
Committed packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
flash:/feature.bin
# Display detailed information about main startup software images.
<Sysname> display install committed verbose
Committed packages on the device:
flash:/boot-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: boot
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: boot
Description: boot package
flash:/system-a0201.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: system
Description: system package
flash:/ssh-feature.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 30.
Related commands
boot-loader file
display install backup
install commit
display install inactive
Use display install inactive to display inactive software images in the root directories of file systems.
Syntax
Centralized devices in standalone mode:
display install inactive [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display install inactive [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display install inactive [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only image names.
Examples
# Display brief information about inactive software images in the root directories of the file systems.
<Sysname> display install inactive
Inactive packages on the device:
flash:/ssh-feature.bin
# Display detailed information about inactive software images in the root directories of the file systems.
<Sysname> display install inactive verbose
Inactive packages on the device:
flash:/ssh-feature.bin
[Package]
Vendor: H3C
Product: XXXX
Service name: ssh
Platform version: 7.1
Product version: Beta 1330
Supported board: mr, lc, sfc
[Component]
Component: ssh
Description: ssh package
For information about the command output, see Table 30.
Related commands
install deactivate
display install ipe-info
Use display install ipe-info to display the software images included in an .ipe file.
Syntax
display install ipe-info ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
Examples
# Display information about the .ipe file flash:/test.ipe.
<Sysname> display install ipe-info flash:/test.ipe
Verifying the file flash:/test.ipe on the device................Done.
H3C MSR3600 images in IPE:
boot.bin
system.bin
Related commands
display install package
display install job
Use display install job to display ongoing ISSU activate, deactivate, and rollback operations.
Syntax
display install job
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# (Centralized devices in standalone mode.) Display ongoing ISSU activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on the device
The output shows that the device is executing the install activate flash:/ssh-feature.bin command.
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display ongoing ISSU activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin slot 1 command.
# (Distributed devices in IRF mode.) Display ongoing ISSU activate, deactivate, and rollback operations.
<Sysname> display install job
JobID:5
Action:install activate flash:/ssh-feature.bin on chassis 1 slot 1
The output shows that the device is executing the install activate flash:/ssh-feature.bin chassis 1 slot 1 command.
display install log
Use display install log to display ISSU log information.
Syntax
display install log [ log-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
log-id: Specifies a log entry by its ID. If you do not specify this argument, the command displays all ISSU log entries.
verbose: Displays detailed ISSU log information. If you do not specify this keyword, the command displays brief ISSU log information.
Usage guidelines
The device creates one log entry for each ISSU operation to track the ISSU process and operation result.
The ISSU log can contain a maximum of 50 entries. The latest entry overwrites the oldest entry if the log is full.
Examples
# Display all ISSU log entries.
<Sysname> display install log
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
# Displays detailed information about ISSU log entry 1.
<Sysname> display install log 1 verbose
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Install job 1 started by user ** at 01/01/2011 20:57:50.
Job 1 completed successfully at 01/01/2011 20:57:50.
Obtained the Upgrade Way successfully.
Got upgrade policy successfully.
Related commands
reset install log-history oldest
display install package
Use display install package to display software image file information.
Syntax
display install package { filename | all } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
all: Specifies all software image files in the root directories of the device's file systems. (Centralized devices in standalone mode.)
all: Specifies all software image files in the root directories of the active MPU's file systems. (Distributed devices in standalone mode.)
all: Specifies all software image files in the root directories of the master's file systems. (Centralized devices in IRF mode.)
all: Specifies all software image files in the root directories of the file systems on the global active MPU. (Distributed devices in IRF mode.)
verbose: Displays detailed information. If you do not specify this keyword, the command displays only basic software image information.
Examples
# Display information about system.bin.
<Sysname> display install package flash:/system.bin
flash:/system.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
# Display detailed information about system.bin.
<Sysname> display install package flash:/system.bin verbose
flash:/system.bin
[Package]
Vendor: H3C
Product: xxxx
Service name: system
Platform version: 7.1.022
Product version: Beta 1330
Supported board: mpu
[Component]
Component: system
Description: system package
For information about the command output, see Table 30.
display install rollback
Use display install rollback to display rollback point information.
Syntax
display install rollback [ point-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
point-id: Specifies a rollback point ID. If you do not specify a rollback point ID, the command displays all rollback points.
Examples
# Display all rollback points.
<Sysname> display install rollback
Install rollback information 1 on the device:
Updating from flash:/route-1.bin
to flash:/route-2.bin.
Install rollback information 2 on the device:
Deactivating flash:/route-2.bin
The output shows that the device has two rollback points.
· At rollback point 1, flash:/route-1.bin was upgraded to flash:/route-2.bin.
· At rollback point 2, flash:/route-2.bin was deactivated.
Related commands
install rollback
reset install rollback oldest
display install which
Use display install which to display all software image files that include a specific component or file.
Syntax
Centralized devices in standalone mode:
display install which { component name | file filename }
Distributed devices in standalone mode/centralized devices in IRF mode:
display install which { component name | file filename } [ slot slot-number ]
Distributed devices in IRF mode:
display install which { component name | file filename } [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
component name: Specifies a component name.
file filename: Specifies a file in the filename.extension format, a case-insensitive string of up to 63 characters. It cannot contain path information.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
Usage guidelines
A component is a collection of features. The features of a component are installed or uninstalled at the same time.
When the system displays a component or file error, use this command to identify the relevant image files before you make a software upgrade decision.
This command searches only the root directory of the storage medium.
Examples
# Display all software image files that include pkg_ctr.
<Sysname> display install which file pkg_ctr
Verifying the file flash:/system-d2601006.bin on the device........................Done.
Found pkg_ctr in flash:/system-d2601006.bin on the device.
flash:/system-d2601006.bin
[Package]
Vendor: H3C
Product: RT-MSR810-LMS
Service name: system
Platform version: 7.1.060
Product version: Demo 2601006
Supported board: mpu
Verifying the file flash:/boot-d2601007.bin on the device.....Done.
Table 31 Command output
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
[Package] |
Detailed information about the software image. |
Service name |
Image type: · boot—Boot image. · system—System image. · patch—Patch image. · Any other value indicates a feature image. |
Supported board |
Cards supported by the software image: · cen—Centralized device. · mpu—MPU. · lc—LPU. |
display version comp-matrix
Use display version comp-matrix to display version compatibility information and identify the recommended upgrade method.
Syntax
display version comp-matrix
display version comp-matrix file { boot filename | system filename | feature filename&<1-30> } *
display version comp-matrix file ipe ipe-filename
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of the default file system (centralized device in standalone mode), active MPU (distributed device in standalone mode), global active MPU (distributed device in IRF mode), or master device (centralized device in IRF mode). This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
ipe ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode), active MPU (distributed device in standalone mode), global active MPU (distributed device in IRF mode), or master device (centralized device in IRF mode). This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
To display compatibility information for the running software images, do not specify any image files for the command. If you specify the upgrade image files, the command displays the following information:
· Compatibility information for upgrade images.
· Recommended ISSU methods for upgrading the running images to the upgrade images.
If one or more images are incompatible, the incompatible upgrade method applies. The entire system needs to be rebooted during an incompatible upgrade.
Examples
# Display compatibility information for the running images.
<Sysname> display version comp-matrix
Boot image: flash:/cmw710-boot-a7122.bin
Version:
7.1.031
System image: flash:/cmw710-system-a7122.bin
Version:
V700R001B31D001
Version compatibility list:
V700R001B31D001
Version dependency boot list:
7.1.031
Feature image: flash:/cmw710-cfa-a7124.bin
Version:
V700R001B31D003
Version compatibility list:
V700R001B31D003
Version dependency system list:
V700R001B31D001
V700R001B31D002
# (Centralized devices in standalone mode.) Display compatibility information for upgrade images as well as the recommended ISSU method. (In this example, the specified images are incompatible with the running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system flash:/system-e2205.bin feature flash:/dhcp-e2205.re.bin
Verifying the file flash:/dhcp-e2205.re.bin on the device.....Done.
Verifying the file flash:/boot-e2205.bin on the device.....Done.
Verifying the file flash:/system-e2205.bin on the device.....Done.
Identifying the upgrade methods...Done.
Boot image: flash:/boot-e2205.bin
Version:
7.1.035
System image: flash:/system-e2205.bin
Version:
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency boot list:
7.1.035
Feature image: flash:/dhcp-e2205.re.bin
Version:
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency system list:
V200R001B02D012
V200R001B02D014
Incompatible upgrade.
# (Centralized devices in IRF mode.) Display compatibility information for upgrade images as well as the recommended ISSU method. (In this example, the specified images are compatible with the running images.)
<Sysname> display version comp-matrix file boot flash:/boot-e2205.bin system flash:/system-e2205.bin feature flash:/dhcp-e2205.incom.bin
Verifying the file flash:/dhcp-e2205.incom.bin on slot 2.....Done.
Verifying the file flash:/boot-e2205.bin on slot 2.....Done.
Verifying the file flash:/system-e2205.bin on slot 2.....Done.
Identifying the upgrade methods...Done.
Boot image: flash:/boot-e2205.bin
Version:
7.1.035
System image: flash:/system-e2205.bin
Version:
V200R001B02D012
Version compatibility list:
V200R001B02D012
Version dependency boot list:
7.1.035
Feature image: flash:/dhcp-e2205.incom.bin
Version:
V200R001B02D014
Version compatibility list:
V200R001B02D014
Version dependency system list:
V200R001B02D012
V200R001B02D014
Slot Upgrade Way
2 File Upgrade
# (Distributed devices in standalone mode.) Display compatibility information for a feature upgrade image as well as the recommended ISSU methods. (In this example, the specified image is compatible with the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7125.bin
Verifying the file flash:/cmw710-cfa-a7125.bin on slot 0.....Done.
Identifying the upgrade methods...Done.
Feature image: flash:/cmw710-cfa-a7125.bin
Version:
V700R001B31D002
Version compatibility list:
V700R001B31D001
V700R001B31D002
Version dependency system list:
V700R001B31D001
V700R001B31D002
Slot Upgrade Way
0 Service Upgrade
1 Service Upgrade
1.1 Service Upgrade
4 Service Upgrade
Influenced service according to following table on slot 0:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 4:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1:
flash:/cmw710-cfa-a7125.bin
CFA
Influenced service according to following table on slot 1.1:
flash:/cmw710-cfa-a7125.bin
CFA
# (Distributed devices in IRF mode.) Display compatibility information for a feature upgrade image as well as the recommended ISSU methods. (In this example, the specified image is compatible with the running images.)
<Sysname> display version comp-matrix file feature flash:/cmw710-cfa-a7122.bin
Verifying the file flash:/cmw710-cfa-a7122.bin on chassis 1 slot 0.....Done.
Identifying the upgrade methods...Done.
Feature image: flash:/cmw710-cfa-a7122.bin
Version:
V700R001B31D002
Version compatibility list:
V700R001B31D001
V700R001B31D002
Version dependency system list:
V700R001B31D001
V700R001B31D002
Chassis Slot Upgrade Way
1 0 Service Upgrade
1 0.1 Service Upgrade
1 7 Service Upgrade
1 9 Service Upgrade
2 0 Service Upgrade
2 0.1 Service Upgrade
2 1 Service Upgrade
2 6 Service Upgrade
Influenced service according to following table on chassis 1 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 7:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 9:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 1 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 1:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 6:
flash:/cmw710-cfa-a7122.bin
CFA
Influenced service according to following table on chassis 2 slot 0.1:
flash:/cmw710-cfa-a7122.bin
CFA
Table 32 Command output
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
Version compatibility list |
· Under a system image, this field shows all system image versions that are compatible with the system image. · Under a feature image, this field shows all feature image versions that are compatible with the feature image. |
Version dependency boot list |
Boot image versions that support the system image. To install the system image, you must install one of the boot image versions that are in the list. |
Version dependency system list |
System image versions that support the feature image. To install the feature image, you must install one of the system image versions that is in the list. |
Influenced service according to following table |
Services that will be affected by the upgrade. This field is displayed only for compatible versions. |
Incompatible upgrade |
You are upgrading the software to an incompatible version. |
Chassis |
Member ID of the device in the IRF fabric. This field is displayed only for compatible versions in IRF mode. |
Slot |
Slot number of the card. This field is displayed only for compatible versions. (Distributed devices in standalone or IRF mode.) Member ID of the device in the IRF fabric. This field is displayed only for compatible versions. (Centralized devices in IRF mode.) |
Upgrade Way |
ISSU method to be used for a compatible version: · Service Upgrade. · File Upgrade. · ISSU Reboot. · Reboot. This field is displayed only for compatible versions. For more information about ISSU methods, see Fundamentals Configuration Guide. |
install abort
Use install abort to abort an ongoing ISSU operation.
Syntax
install abort [ job-id ]
Views
User view
Predefined user roles
network-admin
Parameters
job-id: Specifies the job ID of an ISSU operation. If you do not specify this argument, the command aborts all ongoing software image activate and deactivate operations.
Usage guidelines
The system creates a software image management job each time you use the install activate, install add, install commit, install deactivate, install remove, or install rollback to command. Each job represents one command and is assigned a unique job ID. You can abort only ongoing activate and deactivate operations.
When you abort an ongoing activate or deactivate operation, the system rolls back to the status it was in before the operation was started.
To obtain the ID of a job, use the display install job command.
Examples
# Abort all ongoing ISSU operations.
<Sysname> install abort
Related commands
display install job
install activate
Use install activate to activate software images, or identify the ISSU method and the possible impact on the device.
Syntax
Centralized devices in standalone mode:
install activate { boot filename | system filename | feature filename&<1-30> } * [ test ]
install activate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * slot slot-number [ test ]
install activate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install activate { boot filename | system filename | feature filename&<1-30> } * chassis chassis-number slot slot-number [ test ]
install activate patch filename { all | chassis chassis-number slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
boot: Specifies a boot image file.
system: Specifies a system image file.
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters. (Centralized devices in standalone mode.)
filename: Specifies a .bin file in the filesystemname/filename.bin format. A boot, system, or feature image file must be saved in the root directory of a file system on the device. A patch image file must be saved in the root directory of a file system on the master (centralized device in IRF mode), active MPU (distributed device in standalone mode), or global active MPU (distributed device in IRF mode). The value string excluding the file system location section (if any) can have a maximum of 63 characters.
all: Specifies all cards. (Distributed devices in standalone mode.)
all: Specifies all member devices. (Centralized devices in IRF mode.)
all: Specifies all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
test: Only identifies the ISSU method to be used for the upgrade. If you do not specify this keyword, the command activates the specified software images.
Usage guidelines
Before you use this command to activate a software image, read the release notes to identify the licensing requirements for the image. If the image requires a license, make sure the device has a valid license installed for the image.
An image runs in memory immediately after it is activated. For an activated image to run after a reboot, you must commit the software change by using the install commit command.
On a distributed device in standalone mode, follow these guidelines:
· If you specify the active MPU, the command takes effect on the active MPU and all LPUs.
· If you specify the standby MPU, the command takes effect only on the standby MPU.
· If the specified files are not saved on the MPU to be upgraded, the command copies the images to the MPU automatically.
On an IRF fabric of distributed devices, follow these guidelines:
· If you specify the global active MPU, the command takes effect on the global active MPU and all LPUs.
· If you specify a standby MPU, the command takes effect on the standby MPU.
· If the specified files are not saved on the MPU to be upgraded, the command copies the images to the MPU automatically.
On an IRF fabric of centralized devices:
If you specify a subordinate member for the command, the command copies the images to the subordinate member automatically.
On a multichassis IRF fabric:
At reboot, a subordinate device automatically synchronizes the master device's configuration and status data. You must wait for the synchronization to complete before using the install activate command on the subordinate device. To identify whether the synchronization is complete, use the display system stable state command. The synchronization is complete if the System State field displays Stable.
Examples
# (Centralized devices in standalone mode.) Identify the ISSU method for feature upgrade with ssh2.bin and the upgrade impact on the device.
<Sysname> install activate feature flash:/ssh2.bin test
Verifying the file flash:/ssh2.bin on the device.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Upgrade Way: Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Distributed devices in standalone mode.) Identify the ISSU method for feature upgrade with ssh2.bin on the standby MPU (in slot 1) and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 1 test
Copying file flash:/ssh2.bin to slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Slot Upgrade Way
1 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Centralized devices in IRF mode.) Identify the ISSU method for feature upgrade with ssh2.bin on subordinate member 2 and the upgrade impact.
<Sysname> install activate feature flash:/ssh2.bin slot 2 test
Copying file flash:/ssh2.bin to slot2#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on slot 2.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Slot Upgrade Way
2 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Distributed devices in IRF mode.) Identify the ISSU method for feature upgrade with ssh2.bin on the global standby MPU in slot 1 of IRF member 1 and the upgrade impact.
<Sysname>install activate feature flash:/ssh2.bin chassis 1 slot 1 test
Copying file flash:/ssh2.bin to chassis1#slot1#flash:/ssh2.bin......Done.
Verifying the file flash:/ssh2.bin on chassis 1 slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/ssh2.bin
Running Version New Version
Beta 1330 Beta 1331
Chassis Slot Upgrade Way
1 1 Service Upgrade
Influenced service according to following table:
flash:/ssh2.bin
SSH IFMGR CFA LAGG
The output shows that a service upgrade is recommended. The SSH, IFMGR, CFA, and LAGG modules will be rebooted during the upgrade.
# (Centralized devices in standalone mode.) Activate the system image in system.bin and the feature images in feature.bin.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin
Verifying the file flash:/feature.bin on the device.....Done.
Verifying the file flash:/system.bin on the device.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
NONE Beta 1330
Upgrade Way: Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Distributed devices in standalone mode.) Activate the system image in system.bin and the feature images in feature.bin on the standby MPU (in slot 1).
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 1
Copying file flash:/system.bin to slot1#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Copying file flash:/feature.bin to slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/feature.bin on slot 1.....Done.
Verifying the file flash:/system.bin on slot 1.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
None Beta 1330
Slot Upgrade Way
1 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Centralized devices in IRF mode.) Activate the system image in system.bin and the feature images in feature.bin on member device 2.
<Sysname> install activate system flash:/system.bin feature flash:/feature.bin slot 2
Copying file flash:/system.bin to slot2#flash:/system.bin......Done.
Verifying the file flash:/system.bin on slot 2.....Done.
Copying file flash:/feature.bin to slot2#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on slot 2.....Done.
Upgrade summary according to following table:
flash:/system.bin
Running Version New Version
Beta 1330 Beta 1331
flash:/feature.bin
Running Version New Version
None Beta 1330
Slot Upgrade Way
2 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
# (Distributed devices in IRF mode.) Activate the feature images in feature.bin on the global standby MPU in slot 1 of IRF member 1.
<Sysname> install activate feature flash:/feature.bin chassis 1 slot 1
Copying file flash:/feature.bin to chassis1#slot1#flash:/feature.bin......Done.
Verifying the file flash:/feature.bin on chassis 1 slot 1.....Done.
Identifying the upgrade methods...Done.
Upgrade summary according to following table:
flash:/route-feature.bin
Running Version New Version
None Beta 1330
Chassis Slot Upgrade Way
1 1 Service Upgrade
Upgrading software images to compatible versions. Continue? [Y/N]:y
This operation might take several minutes, please wait.......................................................................Done.
Table 33 Command output
Field |
Description |
Verifying the file |
The system was verifying the validity of the file. |
Upgrade summary according to following table |
Upgrade summary. |
Running Version |
Version number of the running software. |
New Version |
Version number of the new software. |
Chassis |
Member ID of the device in the IRF fabric. This field is available only in IRF mode. |
Slot |
Number of the slot where the card resides. (Distributed devices in standalone or IRF mode.) Member ID of the device in the IRF fabric. (Centralized devices in IRF mode.) |
Upgrade Way |
ISSU methods: · Service Upgrade. · File Upgrade. · ISSU Reboot. · Reboot. This field is displayed only for an upgrade to a compatible version. For more information about ISSU methods, see Fundamentals Configuration Guide. |
Influenced service according to following table |
Services influenced by the upgrade. |
Related commands
display install active
install commit
install deactivate
install add
Use install add to decompress an .ipe file.
Syntax
install add ipe-filename filesystem
Views
User view
Predefined user roles
network-admin
Parameters
ipe-filename: Specifies an .ipe file in the filesystemname/filename.ipe format. The file must be saved in the root directory of a file system on the device. The value string excluding the file system location section (if any) can have a maximum of 63 characters.
filesystem: Specifies the destination file system for the software images in the filesystemname format.
Usage guidelines
To use install commands for upgrade, you must use .bin image files. If the upgrade file is an .ipe file, use this command to decompress the .ipe file before you start the upgrade.
To identify software images that are included in an .ipe file, use the display install ipe-info command.
Examples
# Decompress all.ipe to the flash memory.
<Sysname> install add flash:/all.ipe flash:
Verifying the file flash:/all.ipe on the device...Done.
Decompressing file boot.bin to flash:/boot.bin.......................Done.
Decompressing file system.bin to flash:/system.bin.................................Done.
install commit
Use install commit to commit software changes.
Syntax
install commit
Views
User view
Predefined user roles
network-admin
Usage guidelines
Before you use this command, read the release notes to identify software image licensing requirements. Make sure the device has valid licenses for all license-based images.
This command modifies the main startup software image list to be the same as the current software image list.
You must execute this command after using the following commands:
· The install activate command in an incremental upgrade.
· The install deactivate command.
· The install rollback command.
In a reboot or ISSU reboot upgrade, the install activate command modifies both the current and startup software image lists. You do not need to commit software changes.
Both the install commit and boot-loader file commands modify the main startup software image list. To modify the backup startup image list or add inactive images as main startup images, however, you must use the boot-loader file command.
For more information about main and backup startup software images, see Fundamental Configuration Guide.
Examples
# Commit software changes.
<Sysname> install commit
This operation will take several minutes, please wait...........................Done.
Related commands
install activate
install deactivate
install rollback
install deactivate
Use install deactivate to deactivate feature images and patch images.
Syntax
Centralized devices in standalone mode:
install deactivate feature filename&<1-30>
install deactivate patch filename
Distributed devices in standalone mode/centralized devices in IRF mode:
install deactivate feature filename&<1-30> slot slot-number
install deactivate patch filename { all | slot slot-number }
Distributed devices in IRF mode:
install deactivate feature filename&<1-30> chassis chassis-number slot slot-number
install deactivate patch filename chassis chassis-number { all | slot slot-number }
Views
User view
Predefined user roles
network-admin
Parameters
feature: Specifies feature image files. You can specify a space-separated list of up to 30 feature image files.
patch: Specifies a patch image file.
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode) or on the specified slot. This argument cannot contain slot or chassis information and can have a maximum of 63 characters.
all: Specifies all cards on which the specified patch image file has been activated. (Distributed devices in standalone mode.)
all: Specifies all member devices on which the specified patch image file has been activated. (Centralized devices in IRF mode.)
all: Specifies all cards on which the specified patch image file has been activated. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
Usage guidelines
You can deactivate only active feature and patch images.
To prevent deactivated images from running after a reboot, you must commit the software changes by using the install commit command.
At reboot, a subordinate device automatically synchronizes the master device's configuration and status data. You must wait for the synchronization to complete before using the install deactivate command on the subordinate device. To identify whether the synchronization is complete, use the display system stable state command. The synchronization is complete if the System State field displays Stable.
Examples
# (Centralized devices in standalone mode.) Deactivate the patch images in file route-patch.bin.
<Sysname> install deactivate patch flash:/route-patch.bin
# (Distributed devices in standalone mode.) Deactivate the patch images in route-patch.bin on slot 0.
<Sysname> install deactivate patch flash:/route-patch.bin slot 0
# (Centralized devices in IRF mode.) Deactivate the patch images in route-patch.bin on IRF member 1.
<Sysname> install deactivate patch flash:/route-patch.bin slot 1
# (Distributed devices in IRF mode.) Deactivate the patch images in route-patch.bin on slot 0 of IRF member 1.
<Sysname> install deactivate feature flash:/route-feature.bin chassis 1 slot 0
Related commands
display install active
display install inactive
install remove
Use install remove to delete an inactive software image file.
Syntax
Centralized devices in standalone mode:
install remove { filename | inactive }
Distributed devices in standalone mode/centralized devices in IRF mode:
install remove [ slot slot-number ] { filename | inactive }
Distributed devices in IRF mode:
install remove [ chassis chassis-number slot slot-number ] { filename | inactive }
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command deletes inactive software images from all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command deletes inactive software images from all IRF members. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command deletes inactive software images from all cards. (Distributed devices in IRF mode.)
filename: Specifies a .bin file in the filesystemname/filename.bin format. The file must be saved in the root directory of a file system on the device (centralized device in standalone mode) or on the specified slot. This argument cannot contain slot or chassis information, and can have a maximum of 63 characters.
inactive: Deletes all inactive software image files in the root directories of the specified file systems.
Usage guidelines
You can use this command only to delete inactive software image files that are saved in root directories of file systems.
This command permanently deletes the image file from the device. You cannot use the install rollback to command to revert the operation, or use the install abort command to abort the operation.
Examples
# Delete the inactive software image file flash:/ssh-feature.bin.
<Sysname> install remove flash:/ssh-feature.bin
install rollback to
Use install rollback to to roll back the software to an earlier rollback point.
Syntax
install rollback to { point-id | original }
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point ID. This option is supported only when there are two or more rollback points. To identify available rollback points, use the display install rollback command.
original: Rolls back to the software images that were running before the ISSU.
Usage guidelines
The system creates a rollback point for each incremental upgrade performed through an activate or deactivate operation. The rollback points are retained until any of the following events occur:
· An ISSU reboot or reboot upgrade is performed.
· The install commit command is executed.
After an ISSU reboot or reboot upgrade is performed, you can roll back the running software images only to the status before any activate or deactivate operations were performed.
After a commit operation is performed, you cannot perform a rollback.
For a rollback to take effect after a reboot, you must perform a commit operation to update the main startup software image list.
The device supports a maximum of 50 rollback points. The earliest rollback point is deleted if this limit has been reached when a rollback point is created.
Patch images do not support rollback.
Examples
# Roll back the software to rollback point 1.
<Sysname> install rollback to 1
# Roll back the software to the original software versions and observe the change made by the rollback.
<Sysname> display install active
Active packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
flash:/ssh-feature-a0201.bin
<Sysname> display install rollback
Install rollback information 1 on the device:
Updating from no package
to flash:/ssh-feature-a0201.bin.
The output shows that currently three image files are active but only two of them are confirmed. The image file flash:/ssh-feature-a0201.bin is not confirmed yet.
<Sysname> install rollback to original
<Sysname> display install active
Active packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
<Sysname> display install committed
Committed packages on the device:
flash:/boot-a0201.bin
flash:/system-a0201.bin
The output shows the SSH feature has been rolled back to the original software version. The image file flash:/ssh-feature-a0201.bin has been removed.
Related commands
display install rollback
install verify
Use install verify to verify the software change commit status, image integrity, and image consistency.
Syntax
install verify
Views
User view
Predefined user roles
network-admin
Usage guidelines
To ensure a successful ISSU and make sure the system can start up and operate correctly after an ISSU, execute this command to verify the following items:
· Integrity—Verify that the boot, system, and feature images are integral.
· Consistency—Verify that the same active images are running across the entire system.
· Software commit status—Verify that the active images are committed as needed.
If a software image fails the verification, perform the following tasks to resolve the problem:
· To ensure software integrity, download and install the software images again.
· To guarantee software image consistency or change software commit status, use the install activate, install deactivate, and install commit commands as appropriate.
Examples
# (Centralized devices in standalone mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on the device are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on the device:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on the device...........Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on the device............Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in standalone mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Centralized devices in IRF mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on slot 2:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on slot 2.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on slot 2.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
# (Distributed devices in IRF mode.) Verify the software change confirmation status and software image integrity and consistency.
<Sysname> install verify
Active packages on slot 1 are the reference packages.
Packages will be compared with the reference packages.
This operation will take several minutes, please wait...
Verifying packages on chassis 1 slot 0:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 0.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 0.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verifying packages on chassis 1 slot 1:
Start to check active package completeness.
Verifying the file flash:/boot-a0101.bin on chassis 1 slot 1.....................Done.
flash:/boot-a0101.bin verification successful.
Verifying the file flash:/system-a0101.bin on chassis 1 slot 1.....................Done.
flash:/system-a0101.bin verification successful.
Start to check active package consistency.
Active packages are consistent with committed packages on their own board.
Active packages are consistent with the reference packages.
Verification is done.
reset install log-history oldest
Use reset install log-history oldest to clear ISSU log entries.
Syntax
reset install log-history oldest log-number
Views
User view
Predefined user roles
network-admin
Parameters
log-number: Specifies the number of ISSU log entries to be deleted.
Usage guidelines
This command clears the specified number of log entries, beginning with the oldest log entry.
Examples
# Clear the two oldest ISSU log entries.
<Sysname> reset install log-history oldest 2
Related commands
display install log
reset install rollback oldest
Use reset install rollback oldest to clear ISSU rollback points.
Syntax
reset install rollback oldest point-id
Views
User view
Predefined user roles
network-admin
Parameters
point-id: Specifies a rollback point by its ID.
Usage guidelines
This command clears the specified rollback point and all rollback points older than the specified rollback point.
Examples
# Clear rollback point 2 and all rollback points older than rollback point 2.
<Sysname> reset install rollback oldest 2
Related commands
display install rollback
Emergency shell commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Emergency shell compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-10-PoE/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Emergency shell compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
File system names, directory names, or file names must be compliant with the naming conventions. For more information about the naming conventions and the methods for specifying the names, see Fundamentals Configuration Guide.
Unless otherwise stated, a file or directory name argument in this chapter must contain the file system name. The path information might contain multiple levels of directories, each of which can have 1 to 255 characters. The file name alone (without the path information) can include 1 to 255 characters. The entire argument, including the file system name, the path information, and the file name, can have 1 to 511 characters. (Centralized devices in standalone mode.)
Unless otherwise stated, a file or directory name argument in this document must contain the storage medium and cannot contain slot information. The path information might contain multiple levels of directories, each of which can have 1 to 255 characters. The file name alone (without the path information) can have 1 to 255 characters. The entire argument, including the file system name, the path information, and the file name, can have 1 to 511 characters. (Distributed devices in standalone mode/centralized devices in IRF mode.)
Unless otherwise stated, a file or directory name argument in this document must contain the file system name and cannot contain chassis or slot information. The path information might contain multiple levels of directories, each of which can have 1 to 255 characters. The file name alone (without the path information) can have 1 to 255 characters. The entire argument, including the file system name, the path information, and the file name, can include 1 to 511 characters. (Distributed devices in IRF mode.)
copy
Use copy to copy a file.
Syntax
copy fileurl-source fileurl-dest
Views
User view
Parameters
fileurl-source: Specifies the file to be copied.
fileurl-dest: Specifies the destination file or directory. If you specify a destination directory, the system uses the name of the source file as the file name.
Usage guidelines
If the destination file already exists, the system prompts whether or not to overwrite it. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.
Examples
# Copy the file flash:/test.cfg. Save the copy to the file flash:/testbackup.cfg.
<boot> copy flash:/test.cfg flash:/testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y
Start to copy flash:/test.cfg to flash:/testbackup.cfg...Done.
# Copy the file flash:/test.cfg and save the copy to the file flash:/testbackup.cfg. Overwrite the existing file that has the same name as the destination file.
<boot> copy flash:/test.cfg flash:/testbackup.cfg
Copy flash:/test.cfg to flash:/testbackup.cfg?[Y/N]:y
flash:/testbackup.cfg already exists. Overwrite it?[Y/N]:y
Start to copy flash:/test.cfg to flash:/testbackup.cfg...Done.
delete
Use delete to permanently delete a file.
Syntax
delete file-url
Views
User view
Parameters
file-url: Specifies the file to be deleted.
Examples
# Delete the tt.cfg file from the current directory.
<boot> delete flash:/tt.cfg
Delete flash:/tt.cfg? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Start to delete flash:/tt.cfg...Done.
dir
Use dir to display files or directories.
Syntax
dir [ /all ] [ file-url ]
Views
User view
Parameters
/all: Displays both hidden and non-hidden files and subdirectories.
file-url: Specifies a file or directory.
Usage guidelines
Task |
Command |
Remarks |
Display all non-hidden files and subdirectories in the current directory. |
dir |
N/A |
Display all files and subdirectories in the current directory. |
dir /all |
N/A |
Display all non-hidden files and subdirectories in a directory. |
dir file-url |
Specify a directory for the file-url argument. |
Display all files and subdirectories in a directory. |
dir /all file-url |
Specify a directory for the file-url argument. |
Display a file. |
dir file-url |
Specify a file for the file-url argument. |
Examples
# Display information about all files and directories in the system.
<boot> dir /all
Directory of flash:
0 drw- - Jan 01 2016 00:06:09 01
1 drw- - May 15 2016 04:03:14 pki
2 drw- - Jan 01 2016 00:04:07 test
3 drw- - May 26 2016 02:48:00 license
4 drw- - May 05 2016 06:45:07 logfile
5 -rwh 20 May 20 2016 09:09:52 .snmpboots
6 drw- - May 05 2016 05:56:22 diagfile
7 drwh - May 20 2016 09:23:48 .trash
8 -rw- 816 May 20 2016 06:15:00 ifindex.dat
9 -rw- 3231 May 31 2016 09:01:41 startup.cfg
10 -rw- 60620 May 31 2016 09:01:43 startup.mdb
11 drw- - May 30 2016 04:43:24 versionInfo
12 drw- - May 05 2016 05:56:22 seclog
13 -rwh 18 May 20 2016 09:09:34 .pathfile
14 -rw- 11238400 May 30 2016 11:06:53 boot-t2301001.bin
15 -rw- 0 May 31 2016 05:04:40 lauth.dat
16 -rw- 4383 May 20 2016 06:15:00 test.cfg
61440 KB total (11108 KB free)
# Display all unhidden files and directories in the system.
<boot> dir
Directory of flash:
0 drw- - Jan 01 2016 00:06:09 01
1 drw- - May 15 2016 04:03:14 pki
2 drw- - Jan 01 2016 00:04:07 test
3 drw- - May 26 2016 02:48:00 license
4 drw- - May 05 2016 06:45:07 logfile
5 drw- - May 05 2016 05:56:22 diagfile
6 -rw- 816 May 20 2016 06:15:00 ifindex.dat
7 -rw- 3231 May 31 2016 09:01:41 startup.cfg
8 -rw- 60620 May 31 2016 09:01:43 startup.mdb
9 drw- - May 30 2016 04:43:24 versionInfo
10 drw- - May 05 2016 05:56:22 seclog
11 -rw- 11238400 May 30 2016 11:06:53 boot-t2301001.bin
12 -rw- 0 May 31 2016 05:04:40 lauth.dat
13 -rw- 4383 May 20 2016 06:15:00 test.cfg
61440 KB total (11108 KB free)
# Display information about the startup.cfg file.
<boot> dir flash:/startup.cfg
Directory of flash:
0 -rw- 3231 May 31 2016 09:01:41 startup.cfg
61440 KB total (11108 KB free)
Table 34 Command output
Field |
Description |
Directory of |
Current directory. |
0 -rw- 3231 May 31 2016 09:01:41 startup.cfg |
Information about a file or directory: · 0—Index number, automatically assigned by the system. · -rw-—Attributes of the file or directory. The first character is the directory indicator (d for directory and - for file). The second character indicates whether the file or directory is readable (r for readable). The third character indicates whether the file or directory is writable (w for writable). The last character indicates whether the file or directory is hidden (h for hidden and - for visible). · 3231—Size of the file, in bytes. For a directory, the value of this field is a hyphen (-). · May 31 2016 09:01:41—Time when the file was most recently modified. · startup.cfg—Name of the file or directory. |
Total size of the storage medium and size of the free space, in kilobytes. |
display copyright
Use display copyright to display copyright information.
Syntax
display copyright
Views
Any view
Examples
# Display copyright information.
<boot> display copyright
...
display install package
Use display install package to display information about a software package.
Syntax
display install package package
Views
Any view
Parameters
package: Specifies a .bin file in the filesystemname/filename.bin format, for example, flash:/a.bin. The file must be saved in the root directory of a file system on the device. The value string is case insensitive and can have a maximum of 63 characters.
Examples
# Display information about the system.bin software package.
<boot> display install package flash:/system.bin
flash:/system.bin
[Package]
Vendor: H3C
Product: MSR26
Service name: system
Platform version: 7.1
Product version: ESS 0401L13
Supported board: MSR26-30
[Component]
Component: Comware system
Description: system package
Table 35 Command output
Field |
Description |
Product |
Product name. |
Service name |
Type of the service package: · boot—Boot image. · system—System image. · patch—Patch package. If the value of this field is not boot, system, or patch, the service packet is a feature package. |
Platform version |
Platform version number. |
Product version |
Product version number. You determine whether the version of a system image matches that of a boot image by checking the value of this field. |
Supported board |
Types of cards that the software package supports: · MSR810, MSR2600-6-X1, MSR2600-10-X1, MSR 26-30, MSR3600-28, MSR3600-51, MSR 36-10, MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR 36-20, MSR3620-DP, MSR 36-40, or MSR 36-60—The device is a centralized device. · MPU-60 or MPU-100—The card is an MPU. · SPU, SPU-100, SPU-200, SPU-300, or SPU-100-X1—The card is an LPU. |
[Component] |
Information about the components of the software package. |
display ip routing-table
Use display ip routing-table to display IPv4 routing information.
Syntax
display ip routing-table
Views
Any view
Examples
# Display IPv4 routing information.
<boot> display ip routing-table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.116.0 * 255.255.255.0 U 0 0 0 m-eth0
default 192.168.116.1 0.0.0.0 UG 0 0 0 m-eth0
Table 36 Command output
Field |
Description |
Kernel IP routing table |
IPv4 routing information. |
Destination |
Destination address. For the default route, the value of this field is default. |
Gateway |
Gateway address. If no gateway is needed, the value of this field is an asterisk (*). |
Genmask |
Subnet mask. For the default route, the value of this field is 0.0.0.0. |
Flags |
Flags: · A—The route was learned from a route advertisement. · C—The route is a cached route used to fast forward packets. · D—The route is the default route learned through neighbor discovery. · G—The route is a gateway route. · H—The route is a host route. · U—The route can be used. |
Metric |
Cost of the route. |
Ref |
Number of times the route has been referenced by other route entries. |
Use |
Number of times the route has been matched. |
Iface |
Outbound interface. |
display ipv6 routing-table
Use display ipv6 routing-table to display IPv6 routing information.
Syntax
display ipv6 routing-table
Views
Any view
Examples
# Display IPv6 routing information.
<boot> display ipv6 routing-table
Kernel IPv6 routing table
Destination Next Hop
Flags Metric Ref Use Iface
::1/128 ::
U 0 0 1 lo
FE80::201:2FF:FE03:406/128 ::
U 0 0 1 lo
FE80::/64 ::
U 256 0 0 m-eth0
FF02::1:2/128 FF02::1:2
UC 0 2888 0 m-eth0
FF00::/8 ::
U 256 0 0 m-eth0
Table 37 Command output
Field |
Description |
Kernel IPv6 routing table |
IPv6 routing information. |
Flags |
Flags: · A—The route was learned from a route advertisement. · C—The route is a cached route used to fast forward packets. · D—The route is the default route learned through neighbor discovery. · G—The route is a gateway route. · H—The route is a host route. · U—The route can be used. |
Metric |
Cost of the route. |
Ref |
Number of times the route has been referenced by other route entries. |
Use |
Number of times the route has been matched. |
Iface |
Outbound interface. If it is a loopback interface, the value of this field is lo. |
display version
Use display version to display boot image version information.
Syntax
display version
Views
Any view
Examples
# Display boot image version information.
<boot> display version
…
format
Use format to format a file system.
Syntax
format filesystem
Views
User view
Parameters
filesystem: Specifies a file system.
Usage guidelines
Use this command with caution. This command permanently deletes all files and directories from the file system, including the startup image files and startup configuration files. The deleted files and directories cannot be restored. Without startup images, the device cannot reboot.
Examples
# Format the flash: file system.
<boot> format flash:
All data on flash: will be lost, continue?[Y/N]:y
Formatting flash:… Done.
ftp
Use ftp to access an FTP server.
Syntax
ftp { server-ipv4-address | ipv6 server-ipv6-address } { get remote-file local-file | put local-file remote-file }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the FTP server.
server-ipv6-address: Specifies the IPv6 address of the FTP server.
get remote-file local-file: Downloads a file from the FTP server. The remote-file argument indicates the file to be downloaded. The local-file argument indicates the name for the downloaded file.
put local-file remote-file: Uploads a file to the FTP server. The local-file argument indicates the file to be uploaded. The remote-file argument indicates the name for the uploaded file.
Usage guidelines
If the traffic is heavy and the file transfer speed is low, you can press Ctrl+C to abort the transfer and try again later.
Examples
# Log in to FTP server 192.168.1.100. Download the 111.txt file and save it to a local file named 222.txt.
<boot> ftp 192.168.1.100 get 111.txt flash:/222.txt
User: test
Password: ***
mkdir
Use mkdir to create a directory.
Syntax
mkdir directory
Views
User view
Parameters
directory: Specifies a directory.
Usage guidelines
You can create a directory only in an existing directory. For example, to create the flash:/test/mytest directory, the directory test must already exist.
The name of the directory to be created must be unique in the parent directory.
Examples
# Create a directory named test in the root directory of the flash: file system.
<boot> mkdir flash:/test
Directory flash:/test created.
# Create a directory named subtest in the flash:/test directory.
<boot> mkdir flash:/test/subtest
Directory flash:/test/subtest created.
Related commands
dir
rmdir
more
Use more to display the contents of a file.
Syntax
more file-url
Views
User view
Parameters
file-url: Specifies a file.
Examples
# Display the contents of the file test.txt.
<boot> more flash:/test.txt
Have a nice day.
move
Use move to move a file.
Syntax
move fileurl-source fileurl-dest
Views
User view
Parameters
fileurl-source: Specifies the name of the file to be moved, a case-insensitive string of 1 to 63 characters.
fileurl-dest: Specifies the name of the destination file or directory, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If a file in the destination directory is using the destination file name, the system prompts whether or not to overwrite the existing file. If you enter Y, the existing file is overwritten. If you enter N, the command is not executed.
Examples
# Move the config.cfg file to the flash:/test directory.
<boot> move flash:/config.cfg flash:/test/
Move flash:/config.cfg to flash:/test/config.cfg?[Y/N]:y
<boot> dir flash:/test
Directory of flash:/test
0 -rw- 77065 Oct 20 1939 06:15:02 test.mdb
61440 KB total (11108 KB free)
ping
Use ping to check the connectivity to an IPv4 address.
Syntax
ping [ -c count | -s size ] * ip-address
Views
Any view
Parameters
-c count: Specifies the number of ICMP echo requests to send, in the range of 1 to 2147483647. The default is 5.
-s size: Specifies the length (in bytes) of each ICMP echo request, in the range of 20 to 8100. The default is 56.
ip-address: Specifies the IPv4 address of the destination in dotted decimal notation.
Usage guidelines
When you execute the ping command, the device sends ICMP echo requests to the destination. You can press Ctrl+C to abort the ping operation.
Examples
# Check the connectivity to the destination 1.2.1.1.
<boot> ping 1.2.1.1
PING 1.2.1.1 (1.2.1.1): 56 data bytes
56 bytes from 1.2.1.1: seq=0 ttl=128 time=2.243 ms
56 bytes from 1.2.1.1: seq=1 ttl=128 time=0.717 ms
56 bytes from 1.2.1.1: seq=2 ttl=128 time=0.891 ms
56 bytes from 1.2.1.1: seq=3 ttl=128 time=0.745 ms
56 bytes from 1.2.1.1: seq=4 ttl=128 time=0.911 ms
--- 1.2.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.717/1.101/2.243 ms
Field |
Description |
PING 1.2.1.1 (1.2.1.1) |
Checking the connectivity to the device at 1.2.1.1. |
56 data bytes |
Number of data bytes in each ICMP echo request. |
56 bytes from 1.2.1.1: seq=0 ttl=128 time=2.243 ms |
Received an ICMP reply from the device at 1.2.1.1. Fields of the reply: · bytes—Number of data bytes in the ICMP reply. · seq—Sequence number of the reply. You can examine the sequence numbers of replies to determine whether packets are missing, disordered, or duplicated. · ttl—TTL value in the ICMP reply. · time—Response time. |
--- 1.2.1.1 ping statistics --- |
Statistics for packets sent and received during the ping operation. |
5 packets transmitted |
Number of ICMP echo requests sent. |
5 packets received |
Number of ICMP echo replies received. |
0% packet loss |
Percentage of echo requests that failed to be echoed back. |
round-trip min/avg/max = 0.717/1.101/2.243 ms |
Minimum/average/maximum response time, in milliseconds. |
ping ipv6
Use ping ipv6 to check the connectivity to an IPv6 address.
Syntax
ping ipv6 [ -c count | -s size ] * ipv6-address
Views
Any view
Parameters
-c count: Specifies the number of ICMPv6 echo requests to send, in the range of 1 to 2147483647. The default is 5.
-s size: Specifies the length (in bytes) of each ICMPv6 echo request, in the range of 20 to 8100. The default is 56.
Ipv6-address: Specifies the IPv6 address of the destination.
Usage guidelines
When you execute the ping ipv6 command, the device sends ICMPv6 echo requests to the destination. You can press Ctrl+C to abort the ping operation.
Examples
# Check the connectivity to the destination 2001::2.
<boot> ping ipv6 2001::2
ping ipv6 2001::2
PING 2001::2 (2001::2): 56 data bytes
56 bytes from 2001::2: seq=0 ttl=64 time=5.420 ms
56 bytes from 2001::2: seq=1 ttl=64 time=1.140 ms
56 bytes from 2001::2: seq=2 ttl=64 time=2.027 ms
56 bytes from 2001::2: seq=3 ttl=64 time=0.887 ms
56 bytes from 2001::2: seq=4 ttl=64 time=0.791 ms
--- 2001::2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.791/2.053/5.420 ms
For information about the fields, see Table 38.
pwd
Use pwd to display the working directory.
Syntax
pwd
Views
User view
Examples
# Display the working directory.
<boot> pwd
flash:
quit
Use quit to return to the upper-level view.
Syntax
quit
Views
System view
Management Ethernet interface view
Examples
# Return from management Ethernet interface view to user view.
[boot-m-eth0] quit
[boot] quit
<boot>
reboot
Use the reboot command to reboot the device. (Centralized devices in standalone mode.)
Use the reboot command to reboot the current MPU. (Distributed devices in standalone or IRF mode.)
Use reboot to reboot the current member device. (Centralized devices in IRF mode.)
Syntax
reboot
Views
User view
Examples
# (Centralized devices in standalone mode.) Reboot the device.
<boot> reboot
# (Distributed devices in standalone or IRF mode.) Reboot the current MPU.
<boot> reboot
# (Centralized devices in IRF mode.) Reboot the current member device.
<boot> reboot
reset ssh public-key
Use reset ssh public-key to delete all SSH server public keys saved on the device.
Syntax
reset ssh public-key
Views
User view
Usage guidelines
The first time you use the ssh2 command to connect to an SSH server, the device saves the server's public key locally. The device can then use the public key to authenticate the server when you connect to the server from the device again. If the server changes its public key, the public keys will not match anymore and you cannot connect to the server. To solve this problem, use this command to delete all SSH server public keys saved on the device.
Examples
# Delete all SSH server public keys saved on the device.
<boot> ssh2 192.168.1.59
login as:client001
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
83:2d:b6:90:4a:1b:0e:c1:ea:af:09:3a:65:09:8a:b3.
Please contact your system administrator.
RSA host key for 192.168.1.59 has changed and you have requested strict checking
.
Host key verification failed.
<boot> reset ssh public-key
<boot> ssh2 192.168.1.59
login as:client001
The authenticity of host '192.168.1.59 (192.168.1.59)' can't be established.
RSA key fingerprint is 83:2d:b6:90:4a:1b:0e:c1:ea:af:09:3a:65:09:8a:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts.
client001@192.168.1.59's password:
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Sysname.59>
rmdir
Use rmdir to delete an existing directory.
Syntax
rmdir directory
Views
User view
Parameters
directory: Specifies the directory to be deleted.
Usage guidelines
To delete a directory, first delete the files and subdirectories in the directory. To delete files, use the delete command.
Examples
# Delete the mydir directory.
<boot> rmdir flash:/mydir
Remove directory flash:/mydir?[Y/N]:y
Directory flash:/1 removed.
Related commands
delete
dir
mkdir
shutdown
Use shutdown to shut down the management Ethernet interface.
Use undo shutdown to bring up the management Ethernet interface.
Syntax
shutdown
undo shutdown
Default
The management Ethernet interface is up.
Views
Management Ethernet interface view
Usage guidelines
When the management Ethernet interface is not operating correctly, you can shut it down and then bring it up.
Examples
# Shut down the management Ethernet interface.
<boot> system-view
[boot] interface m-eth0
[boot-m-eth0] shutdown
# Bring up the management Ethernet interface.
[boot-m-eth0] undo shutdown
ssh2
Use ssh2 to log in to an SSH server.
Syntax
ssh2 { server-ipv4-address | ipv6 server-ipv6-address }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the SSH server in dotted decimal notation.
ipv6 server-ipv6-address: Specifies the IPv6 address of the SSH server.
Usage guidelines
If the SSH server does not respond, you can press Ctrl+C to abort the login attempt and try again later.
Examples
# Connect to the SSH server 192.168.1.59 for the first time.
<boot> ssh2 192.168.1.59
login as:client001
The authenticity of host '192.168.1.59 (192.168.1.59)' can't be established.
RSA key fingerprint is 3d:ee:1f:f9:81:be:4f:aa:42:88:1c:ab:81:4e:95:6f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.59' (RSA) to the list of known hosts.
client001@192.168.1.59's password:
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Syaname.59>
# Connect to the SSH server 192.168.1.59 for the second time.
<boot> ssh2 192.168.1.59
login as:client001
client001@192.168.1.59's password:
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<Syaname.59>
system-view
Use system-view to enter system view from user view.
Syntax
system-view
Views
User view
Examples
# Enter system view from user view.
<boot> system-view
[boot]
Related commands
quit
telnet
Use telnet to log in to a Telnet server.
Syntax
telnet { server-ipv4-address | ipv6 server-ipv6-address }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the Telnet server in dotted decimal notation.
server-ipv6-address: Specifies the IPv6 address of the Telnet server.
Usage guidelines
If the Telnet server does not respond, you can press Ctrl+K to abort the login attempt and try again later.
Examples
# Log in to the Telnet server 192.168.100.1.
<boot> telnet 192.168.100.1
tftp
Use tftp to access to a TFTP server.
Syntax
tftp server-ipv4-address { get remote-file local-file | put local-file remote-file }
tftp ipv6 server-ipv6-address { get remote-file local-file | put local-file remote-file }
Views
User view
Parameters
server-ipv4-address: Specifies the IPv4 address of the TFTP server in dotted decimal notation.
server-ipv6-address: Specifies the IPv6 address of the TFTP server.
get remote-file local-file: Downloads a file from the TFTP server. The remote-file argument indicates the file to be downloaded. The local-file argument indicates the name for the downloaded file.
put local-file remote-file: Uploads a file to the TFTP server. The local-file argument indicates the file to be uploaded. The remote-file argument indicates the name for the uploaded file.
Usage guidelines
If the traffic is heavy and the file transfer speed is low, you can press Ctrl+C to abort the transfer and try again later.
Examples
# Download the 111.txt file from the TFTP server 192.168.1.100, and save the copy to a local file named 222.txt.
<boot> tftp 192.168.1.100 get 111.txt flash:/222.txt
# Upload the startup configuration file named startup.cfg to the TFTP server 192.168.1.100.
<boot> tftp 192.168.1.100 put flash:/startup.cfg startup.cfg
Automatic configuration commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Automatic configuration compatibility |
MSR810-LMS/810-LUS |
No |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
autodeploy sms enable
Use autodeploy sms enable to enable SMS-based automatic configuration.
Use undo autodeploy sms enable to disable SMS-based automatic configuration.
Syntax
autodeploy sms enable
undo autodeploy sms enable
Default
SMS-based automatic configuration is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Disable SMS-based automatic configuration.
<Sysname> system-view
[Sysname] undo autodeploy sms enable
autodeploy udisk enable
Use autodeploy udisk enable to enable USB-based automatic configuration.
Use undo autodeploy udisk enable to disable USB-based automatic configuration.
Syntax
Default
USB-based automatic configuration is enabled.
Views
System view
Predefined user roles
Examples
# Disable USB-based automatic configuration.
[Sysname] undo autodeploy udisk enable
Security zone commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Security zone compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes except on MSR810-LMS/810-LUS |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Security zone compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
display security-zone
Use display security-zone to display security zone information.
Syntax
display security-zone [ name zone-name ]
Any view
Predefined user roles
network-admin
Parameters
name zone-name: Specifies the security zone name, a case-insensitive string of 1 to 31 characters. If you do not specify this option, the command displays all security zones, including system-defined and user-defined security zones.
Usage guidelines
When displaying all security zones, the command uses the following order:
1. System-defined security zones.
2. User-defined security zones in alphabetical order of security zone names.
Examples
# Display information about the security zone myZone.
<Sysname> display security-zone name myZone
Name: myZone
Members:
GigabitEthernet1/0/3
GigabitEthernet1/0/4
GigabitEthernet1/1/1 in VLAN 3
Table 39 Command output
Description |
|
Security zone name. |
|
· Type and number of a Layer 3 interface. · Type and number of a Layer 2 interface, and IDs of the VLANs to which the interface belongs. · None. If a security zone does not have any members, this field displays None. |
display zone-pair security
Use display zone-pair security to display all zone pairs.
Syntax
Any view
Predefined user roles
Examples
# Display all zone pairs.
<Sysname> display zone-pair security
Source zone Destination zone
DMZ Local
Trust Local
import interface
Use import interface to add Layer 3 interfaces to a security zone, including Layer 3 Ethernet interfaces, Layer 3 Ethernet subinterfaces, and other types of Layer 3 logical interfaces.
Use undo import interface to remove Layer 3 interfaces from a security zone.
Syntax
import interface layer3-interface-type layer3-interface-number
undo import interface layer3-interface-type layer3-interface-number
Default
A security zone does not have any Layer 3 interface members.
Security zone view
Predefined user roles
Parameters
Usage guidelines
To add multiple Layer 3 interfaces to a security zone, execute this command multiple times.
· Use the undo import interface command to remove the interface from the current security zone.
· Use the import interface command to add the interface to the new security zone.
Examples
# Add Layer 3 Ethernet interface GigabitEthernet 1/0/1 to the security zone Trust.
[Sysname] security-zone name trust
[Sysname-security-zone-trust] import interface gigabitethernet 1/0/1
import interface vlan
Use import interface vlan to add Layer 2 interface-VLAN combinations to a security zone.
Use undo import interface vlan to remove Layer 2 interface-VLAN combinations from a security zone.
Syntax
import interface layer2-interface-type layer2-interface-number vlan vlan-list
undo import interface layer2-interface-type layer2-interface-number vlan vlan-list
Default
A security zone does not have Layer 2 interface-VLAN combination members.
Views
Security zone view
Predefined user roles
network-admin
Parameters
interface layer2-interface-type layer2-interface-number: Specifies a Layer2 interface by its type and number.
vlan vlan-list: Specifies a list of VLANs. The vlan-list argument must be a space-separated list of up to 10 VLAN items that meet the following requirements:
· Each item specifies a VLAN by its ID or a range of VLANs in the form of start-VLAN-ID to end-VLAN-ID. The end-VLAN-ID is greater than the start-VLAN-ID.
· The VLAN IDs are in the range of 1 to 4094.
· The VLANs already exist.
Usage guidelines
You cannot add any members to the system-defined security zone Local. You can add members to the other system-defined security zones.
To add multiple Layer 2 Ethernet interface-VLAN combinations to a security zone, execute this command multiple times.
A Layer 2 interface-VLAN combination can belong to only one security zone. To move a Layer 2 interface-VLAN combination from one security zone to another security zone, perform the following tasks:
· Use the undo import interface vlan command to remove the combination from the current security zone.
· Use the import interface vlan command to add the combination to the new security zone.
Examples
# Add the combination of Layer 2 Ethernet interface GigabitEthernet 1/0/1 and VLAN 10 to the security zone Untrust.
<Sysname> system-view
[Sysname] security-zone name untrust
[Sysname-security-zone-untrust] import interface gigabitethernet1/0/1 vlan 10
security-zone
Use security-zone to create a security zone and enter its view, or enter the view of an existing security zone.
Use undo security-zone to delete a security zone.
Syntax
undo security-zone name zone-name
Default
No security zone exists.
System view
Predefined user roles
Parameters
Usage guidelines
The device provides the following system-defined security zones: Local, Trust, DMZ, Management, and Untrust. These security zones are created automatically by the system when one of following events occurs:
· The first command for creating a security zone is executed.
· The first command for creating an object policy is executed.
· The first command for entering the view of a system-defined security zone is executed.
System-defined security zones cannot be deleted.
You can use this command multiple times to create multiple security zones.
Deleting a security zone also deletes the following items:
· All zone pairs that use the security zone as the source or destination security zone.
· All object policy applications on the zone pairs.
Examples
# Create the security zone zonetest and enter security zone view.
[Sysname] security-zone name zonetest
[Sysname-security-zone-zonetest]
Related commands
import interface
security-zone intra-zone default permit
Use security-zone intra-zone default permit to set the default action to permit for packets exchanged between interfaces in the same security zone.
Use undo security-zone intra-zone default permit to restore the default.
Syntax
security-zone intra-zone default permit
undo security-zone intra-zone default permit
Default
The default action is deny for packets exchanged between interfaces in the same security zone.
Views
System view
The default action is used when no zone pair is configured from the security zone to the security zone itself.
Examples
# Set the default action to permit for packets exchanged between interfaces in the same security zone.
[Sysname] security-zone intra-zone default permit
zone-pair security
Use zone-pair security to create a zone pair and enter its view, or enter the view of an existing zone pair.
Use undo zone-pair security to delete a zone pair.
Syntax
zone-pair security source { source-zone-name | any } destination { destination-zone-name | any }
undo zone-pair security source { source-zone-name | any } destination { destination-zone-name | any }
Default
No zone pair exists.
System view
Predefined user roles
Parameters
source source-zone-name: Specifies the name of the source security zone, a case-insensitive string of 1 to 31 characters. This security zone must already exist.
any: Specifies any security zone.
Usage guidelines
A zone pair has a source security zone and a destination security zone. The device examines received first data packets and uses zone pairs to identify data flows. You can apply security control policies to zone pairs so the device processes data flows based on security control policies.
You can use the zone-pair security source any destination any command to define the any-to-any zone pair. This zone pair matches all packets from one security zone to another security zone.
A zone pair between specific security zones has a higher priority than the any-to-any zone pair.
A packet between the Management and Local zones matches only zone pairs of the two zones. It does not match the any-to-any zone pair.
Deleting a zone pair deletes all object policy applications on the zone pair.
Examples
# Create a zone pair with the source security zone Trust and destination zone Untrust.
[Sysname] zone-pair security source trust destination untrust
[Sysname-zone-pair-security-Trust-Untrust]
Related commands
Device management commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
card-mode
Use card-mode to set the operating mode for an interface module.
Syntax
Centralized devices in standalone mode:
card-mode slot slot-number mode-name
Distributed devices in standalone mode/centralized devices in IRF mode:
card-mode slot slot-number subslot subslot-number mode-name
Distributed devices in IRF mode:
card-mode chassis chassis-number slot slot-number subslot subslot-number mode-name
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
slot slot-number: Specifies a subcard by its slot number. (Centralized devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone or IRF mode.)
subslot subslot-number: Specifies an interface module by its subslot number.
mode-name: Specifies an operating mode. The following shows all operating mode values:
· atm: Specifies the ATM mode. All interfaces on the interface module act as ATM interfaces.
· auto: Specifies the auto negotiation mode. The interface module operates in ATM or EFM mode, depending on the negotiation result.
· e: Specifies the E mode. All interfaces on the interface module act as CPOS E3-E1 interfaces.
· e1: Specifies the E1 mode. All interfaces on the interface module act as CPOS E1 interfaces.
· e3: Specifies the E3 mode. All interfaces on the interface module act as CPOS E3 interfaces.
· e-cpos: Specifies the E-CPOS mode. All interfaces on the interface module act as 2.5 Gbps CPOS interfaces.
· efm: Specifies the EFM mode. All interfaces on the interface module act as EFM interfaces.
· ipsec: Specifies the IPsec mode.
· oc-12: Specifies the OC-12c/STM-4c mode (622 Mbps). All interfaces on the interface module act as 622 Mbps CPOS interfaces.
· oc-12-atm: Specifies the oc-12-atm mode. All interfaces on the interface module act as ATM interfaces.
· oc-12-pos: Specifies the oc-12-pos mode. All interfaces on the interface module act as POS interfaces.
· oc-3: Specifies the OC-3c/STM-1c mode (155 Mbps). All interfaces on the interface module act as 155 Mbps CPOS interfaces.
· oc-3-atm: Specifies the oc-3-atm mode. All interfaces on the interface module act as ATM interfaces.
· oc-3-pos: Specifies the oc-3-pos mode. All interfaces on the interface module act as POS interfaces.
· pos: Specifies the POS mode. All interfaces on the interface module act as POS interfaces.
· ssl: Specifies the SSL mode.
· t: Specifies the T mode. All interfaces on the interface module act as CPOS T3-T1 interfaces.
· t1: Specifies the T1 mode. All interfaces on the interface module act as CPOS T1 interfaces.
· t3: Specifies the T3 mode. All interfaces on the interface module act as CPOS T3 interfaces.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
You must perform one of the following tasks to activate the new operating mode:
· Hot swap the interface module if the interface module supports hot swapping.
· Restart the device.
For more information about interface types, see Interface Configuration Guide.
Examples
# (Centralized devices in standalone mode.) Set the operating mode to E1 for the interface module in slot 2.
<Sysname> system-view
[Sysname] card-mode slot 2 e1
Please reboot or hot-swap the board or card (if supported) to make the configuration take effect.
# (Distributed devices in standalone mode.) Set the operating mode to E1 for the subcard in subslot 1 of interface module 2.
<Sysname> system-view
[Sysname] card-mode slot 2 subslot 1 e1
Please reboot or hot-swap the board or card (if supported) to make the configuration take effect.
# (Distributed devices in IRF mode.) Set the operating mode to E1 for the subcard in subslot 1 on interface module 2 of member device 1.
<Sysname> system-view
[Sysname] card-mode chassis 1 slot 2 subslot 1 e1
Please reboot or hot-swap the board or card (if supported) to make the configuration take effect.
clock datetime
Use clock datetime to set the system time.
Syntax
clock datetime time date
Views
User view
Predefined user roles
network-admin
Parameters
time: Specifies a time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
date: Specifies a date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Usage guidelines
Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.
For the device to use the local system time, execute the clock protocol none command and this command in turn. The specified system time takes effect immediately. Then, the device uses the clock signals generated by its built-in crystal oscillator to maintain the system time.
If you set the time zone or daylight saving time after you configure this command, the device recalculates the system time. To view the system time, use the display clock command.
Examples
# Set the system time to 08:08:08 01/01/2016.
<Sysname> clock datetime 8:8:8 1/1/2016
# Set the system time to 08:10:00 01/01/2016.
<Sysname> clock datetime 8:10 2016/1/1
Related commands
clock protocol
clock summer-time
clock timezone
display clock
clock protocol
Use clock protocol to specify the system time source.
Use undo clock protocol to restore the default.
Syntax
clock protocol { none | controller cellular cellular-number | ntp }
undo clock protocol
Default
The device uses the NTP time source.
Views
System view
Predefined user roles
network-admin
Parameters
none: Uses the system time set by using the clock datetime command.
controller cellular cellular-number: Uses a cellular interface to obtain the network time. The cellular-number argument specifies a cellular interface by its number.
ntp: Uses NTP to obtain the UTC time. You must configure NTP correctly. For more information about NTP and NTP configuration, see Network Management and Monitoring Configuration Guide.
Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.
The device can use the locally set system time, or obtain the UTC time from an NTP source and calculate the system time.
· If you configure the clock protocol none and clock datetime commands in turn, the device uses the locally set system time. The device then uses the clock signals generated by its built-in crystal oscillator to maintain the system time.
· If you configure the clock protocol ntp command, the device obtains the UTC time through NTP and calculates the system time. The device then periodically synchronizes the UTC time and recalculates the system time. For more information about NTP, see Network Management and Monitoring Configuration Guide.
· If you configure the clock protocol controller cellular cellular-number command, the device uses the specified interface and the connected 3G or 4G modem to obtain the network time. If the interface is removed or not activated, the device uses the NTP protocol to obtain the UTC time. After the interface is available, the device uses the 3G or 4G modem to obtain the network time again. For more information about 3G and 4G modem management, see Layer 2—WAN Access Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the device to use the local UTC time.
<Sysname> system-view
[Sysname] clock protocol none
clock summer-time
Use clock summer-time to set the daylight saving time.
Use undo clock summer-time to restore the default.
Syntax
clock summer-time name start-time start-date end-time end-date add-time
undo clock summer-time
Default
The daylight saving time is not set.
Views
System view
Predefined user roles
network-admin
Parameters
name: Specifies a name for the daylight saving time schedule, a case-sensitive string of 1 to 32 characters.
start-time: Specifies the start time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
start-date: Specifies the start date in one of the following formats:
· MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.
· month week day, where:
¡ month—Takes January, February, March, April, May, June, July, August, September, October, November or December.
¡ week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.
¡ day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
end-time: Specifies the end time in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
end-date: Specifies the end date in one of the following formats:
· MM/DD. The value range for MM is 1 to 12. The value range for DD varies by month.
· month week day, where:
¡ month—Takes January, February, March, April, May, June, July, August, September, October, November or December.
¡ week—Represents week of the month. It takes first, second, third, fourth, fifth, or last.
¡ day—Takes Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, or Saturday.
add-time: Specifies the time to be added to the standard time, in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
Usage guidelines
Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.
After you set the daylight saving time, the device recalculates the system time. To view the system time, use the display clock command
Make sure all devices on the network are using the same daylight saving time as the local time.
Examples
# Set the system time ahead 1 hour for the period between 06:00:00 on 08/01 and 06:00:00 on 09/01.
<Sysname> system-view
[Sysname] clock summer-time PDT 6 08/01 6 09/01 1
Related commands
clock datetime
clock timezone
display clock
clock timezone
Use clock timezone to set the local time zone.
Use undo clock timezone to restore the default.
Syntax
clock timezone zone-name { add | minus } zone-offset
undo clock timezone
Default
The local time zone is not set.
Views
System view
Predefined user roles
network-admin
Parameters
zone-name: Specifies a time zone by its name, a case-sensitive string of 1 to 32 characters.
add: Adds an offset to the UTC time or local system time.
minus: Decreases the UTC time or local system time by an offset.
zone-offset: Specifies an offset, in the hh:mm:ss format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. The value range for ss is 0 to 59. The leading zero in a segment can be omitted. If the seconds segment is 0 (hh:mm:00), you can omit it. If both the minutes and seconds segments are 0 (hh:00:00), you can omit both of the segments. For example, to specify 08:00:00, you can enter 8.
Usage guidelines
Correct system time is essential to network management and communication. You must configure the system time correctly before you run the device on the network.
After you set the time zone, the device recalculates the system time. To view the system time, use the display clock command.
Make sure all devices on the network are using the same time zone as the local time.
Examples
# Set the name of the local time zone to Z5, and add 5 hours to the UTC time.
<Sysname> system-view
[Sysname] clock timezone Z5 add 5
Related commands
clock datetime
clock summer-time
display clock
command
Use command to assign a command to a job.
Use undo command to revoke a command.
Syntax
command id command
undo command id
Default
No command is assigned to a job.
Views
Job view
Predefined user roles
network-admin
Parameters
id: Specifies an ID for the command, in the range of 0 to 4294967295. A command ID uniquely identifies a command in a job. Commands in a job are executed in ascending order of their command IDs.
command: Specifies the command to be assigned to the job.
Usage guidelines
To assign a command (command A) to a job, you must first assign the job the command or commands for entering the view of command A.
If you specify the ID of an existing command for another command, the existing command is replaced.
Make sure all commands in a schedule are compliant to the command syntax. The system does not examine the syntax when you assign a command to a job.
If a command requires a yes or no answer, the system always assumes that a Y or Yes is entered. If a command requires a character string input, the system assumes that either the default character string (if any) or a null string is entered.
A job cannot contain the telnet, ftp, ssh2, or monitor process command.
Examples
# Assign commands to the backupconfig job to back up the configuration file startup.cfg to the TFTP server at 192.168.100.11.
<Sysname> system-view
[Sysname] scheduler job backupconfig
[Sysname-job-backupconfig] command 2 tftp 192.168.100.11 put flash:/startup.cfg backup.cfg
# Assign commands to the shutdownGE job to shut down GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] scheduler job shutdownGE
[Sysname-job-shutdownGE] command 1 system-view
[Sysname-job-shutdownGE] command 2 interface gigabitethernet 1/0/1
[Sysname-job-shutdownGE] command 3 shutdown
Related commands
scheduler job
copyright-info enable
Use copyright-info enable to enable copyright statement display.
Use undo copyright-info enable to disable copyright statement display.
Syntax
copyright-info enable
undo copyright-info enable
Default
Copyright statement display is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable copyright statement display.
<Sysname> system-view
[Sysname] copyright-info enable
The device will display the following statement when a user logs in:
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
display alarm
Use display alarm to display alarm information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone or IRF mode:
display alarm [ slot slot-number ]
Distributed devices in IRF mode:
display alarm [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the entire device. The value is fixed at 0. (Centralized devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays alarm information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays alarm information for all IRF member devices. (Centralized devices in IRF mode)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays alarm information for all cards. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display alarm information.
<Sysname> display alarm
Slot CPU Level Info
0 0 ERROR faulty
Table 40 Command output
Field |
Description |
Slot |
If the alarm was generated by a card in a slot, this field displays 0. If the alarm was generated by the chassis, this field displays a hyphen (-). |
Level |
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in descending order. |
Info |
Detailed alarm information: · faulty—The card is starting up or faulty. · Fan n is absent—The specified fan is absent. |
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display alarm information.
<Sysname> display alarm
Slot CPU Level Info
2 0 ERROR faulty
5 0 ERROR faulty
8 1 ERROR faulty
Table 41 Command output
Field |
Description |
Slot |
Slot number of the card with an alarm. If the value is a hyphen (-), the alarm was generated by the chassis. (Distributed devices in standalone mode.) IRF member ID of the device with an alarm. If the value is a hyphen (-), the alarm was generated by the chassis. (Centralized devices in IRF mode.) |
Level |
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in descending order. |
Info |
Detailed alarm information: · faulty—The card is starting up or faulty. · Fan n is absent—The specified fan is absent. · Power n is absent—The specified power supply is absent. · The temperature of sensor n exceeds the lower limit—The temperature of the specified sensor is lower than the low-temperature threshold. · The temperature of sensor n exceeds the upper limit—The temperature of the specified sensor is higher than the high-temperature warning threshold. |
# (Distributed devices in IRF mode.) Display alarm information.
<Sysname> display alarm
Chassis Slot CPU Level Info
1 6 0 ERROR Fan 2 is absent.
1 6 0 ERROR Power 2 is absent.
1 6 1 ERROR The board in slot 10 is faulty.
2 3 1 WARNING The temperature of sensor 3 exceeds the lower limit.
Table 42 Command output
Field |
Description |
Chassis |
Member ID of the IRF member device with an alarm. |
Slot |
Slot number of the card. |
Level |
Alarm severity. Possible values include ERROR, WARNING, NOTICE, and INFO, in descending order. |
Info |
Detailed alarm information: · faulty—The card is starting up or faulty. · Fan n is absent—The specified fan is absent. · Power n is absent—The specified power supply is absent. · The temperature of sensor n exceeds the lower limit—The temperature of the specified sensor is lower than the low-temperature threshold. · The temperature of sensor n exceeds the upper limit—The temperature of the specified sensor is higher than the high-temperature warning threshold. |
display card-forwarding-mode
Use display card-forwarding-mode to display SPU operating mode information.
Syntax
display card-forwarding-mode
Views
Any view
Predefined user roles
network-admin
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Only the SPU600-X1 on the device supports this command. |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
This command displays both the current operating mode and the current operating mode setting. The current operating mode setting requires a reboot to take effect.
Examples
# Display SPU operating mode information.
<Sysname> display card-forwarding-mode
Current mode: load-balancing
Mode after a reboot: redundant-backup
display clock
Use display clock to display the system time, date, local time zone, and daylight saving time.
Syntax
display clock
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the system time and date when the local time zone is not specified.
<Sysname> display clock
10:09:00 UTC Fri 03/16/2016
# Display the system time and date when the local time zone Z5 is specified.
<Sysname> display clock
15:10:00 Z5 Fri 03/16/2016
Time Zone : Z5 add 05:00:00
# Display the system time and date when the local time zone Z5 and daylight saving time PDT are specified.
<Sysname> display clock
15:11:00 Z5 Fri 03/16/2016
Time Zone : Z5 add 05:00:00
Summer Time : PDT 06:00:00 08/01 06:00:00 09/01 01:00:00
Related commands
clock datetime
clock timezone
clock summer-time
display copyright
Use display copyright to display the copyright statement, including software and hardware copyright statements, and software license information.
network-admin
network-operator
# Display the copyright statement.
display cpu-usage
Use display cpu-usage to display the current CPU usage statistics.
Syntax
Centralized devices in standalone mode:
display cpu-usage [ summary ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage [ summary ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage [ summary ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays CPU usage statistics in table form. If you do not specify this keyword, the command displays CPU usage statistics in text form.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the CPU usage statistics for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays CPU usage statistics for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays CPU usage statistics for all cards. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
This command displays the average CPU usage values during the last 5-second, 1-minute, and 5-minute intervals.
Examples
# (Centralized devices in standalone mode.) Display the current CPU usage statistics in text form.
<Sysname> display cpu-usage
Unit CPU usage:
1% in last 5 seconds
1% in last 1 minute
1% in last 5 minutes
# (Centralized devices in standalone mode.) Display the current CPU usage statistics in table form.
<Sysname> display cpu-usage
CPU Last 5 sec Last 1 min Last 5 min
0 2% 2% 10%
# (Distributed devices in standalone mode.) Display the current CPU usage statistics in text form.
<Sysname> display cpu-usage
Slot 0 CPU 0 CPU usage:
1% in last 5 seconds
0% in last 1 minute
0% in last 5 minutes
Slot 1 CPU 0 CPU usage:
1% in last 5 seconds
1% in last 1 minute
1% in last 5 minutes
# (Distributed devices in standalone mode.) Display the current CPU usage statistics in table form.
<Sysname> display cpu-usage
Slot CPU Last 5 sec Last 1 min Last 5 min
0 0 22% 54% 44%
1 0 17% 29% 28%
# (Centralized devices in IRF mode.) Display the current CPU usage statistics for all member devices in text form.
<Sysname> display cpu-usage
Slot 1 CPU 0 CPU usage:
6% in last 5 seconds
10% in last 1 minute
5% in last 5 minutes
Slot 2 CPU 0 CPU usage:
5% in last 5 seconds
8% in last 1 minute
5% in last 5 minutes
# (Centralized devices in IRF mode.) Display the current CPU usage statistics for all member devices in table form.
<Sysname> display cpu-usage
Slot CPU Last 5 sec Last 1 min Last 5 min
1 0 22% 54% 44%
2 0 17% 29% 28%
# (Distributed devices in IRF mode.) Display the current CPU usage statistics for all cards in text form.
<Sysname> display cpu-usage
Chassis 1 Slot 0 CPU 0 CPU usage:
9% in last 5 seconds
8% in last 1 minute
8% in last 5 minutes
Chassis 1 Slot 1 CPU 0 CPU usage:
5% in last 5 seconds
4% in last 1 minute
4% in last 5 minutes
Chassis 2 Slot 0 CPU 0 CPU usage:
6% in last 5 seconds
6% in last 1 minute
6% in last 5 minutes
Chassis 2 Slot 1 CPU 0 CPU usage:
6% in last 5 seconds
6% in last 1 minute
6% in last 5 minutes
# (Distributed devices in IRF mode.) Display the current CPU usage statistics for all cards in table form.
<Sysname> display cpu-usage
Chassis Slot CPU Last 5 sec Last 1 min Last 5 min
1 0 0 6% 5% 8%
1 1 0 5% 4% 4%
2 0 0 6% 6% 8%
2 1 0 6% 6% 6%
Table 43 Command output
Field |
Description |
Unit CPU usage |
CPU usage statistics. (Centralized devices in standalone mode.) |
Chassis |
Member ID of the IRF member device. (Distributed devices in IRF mode.) |
Slot |
Member ID of the IRF member device. (Centralized devices in IRF mode.) Slot number of the card. (Distributed devices in IRF or standalone mode.) |
CPU |
Number of the CPU. |
x% in last 5 seconds |
Average CPU usage during the last 5-second interval. |
y% in last 1 minute |
Average CPU usage during the last 1-minute interval. |
z% in last 5 minutes |
Average CPU usage during the last 5-minute interval. |
Slot x CPU y CPU usage |
Usage statistics for CPU y of the card in slot x. (Distributed devices in standalone mode.) |
Slot x CPU y CPU usage |
Usage statistics for CPU y of member device x. (Centralized devices in IRF mode.) |
Chassis x Slot y CPU z CPU usage |
Usage statistics for CPU z of the card in slot y on member device x. (Distributed devices in IRF mode.) |
display cpu-usage configuration
Use display cpu-usage configuration to display CPU usage monitoring settings.
Syntax
Centralized devices in standalone mode:
display cpu-usage configuration
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage configuration [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the CPU usage monitoring settings for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the CPU usage monitoring settings for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays the CPU usage monitoring settings for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display the CPU usage monitoring settings.
<Sysname> display cpu-usage configuration
CPU usage monitor is enabled.
Current monitor interval is 60 seconds.
Current monitor threshold is 90%.
Related commands
monitor cpu-usage enable
monitor cpu-usage interval
monitor cpu-usage threshold
display cpu-usage history
Use display cpu-usage history to display the historical CPU usage statistics in a coordinate system.
Syntax
Centralized devices in standalone mode:
display cpu-usage history [ job job-id ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display cpu-usage history [ job job-id ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display cpu-usage history [ job job-id ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
job job-id: Specifies a process by its ID. If you do not specify a process, this command displays the statistics for the entire system's CPU usage (the total CPU usage of all processes). To view the IDs and names of the running processes, use the display process command. For more information, see Network Management and Monitoring Configuration Guide.
slot slot-number: Specifies a card by its slot number. If you specify a process but do not specify a card, this command displays the statistics for the process on the active MPU. If you do not specify any options, this command displays the statistics for all processes on all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you specify a process but do not specify a member device, this command displays the statistics for the process on the master device. If you do not specify any options, this command displays the statistics for all processes on all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you specify a process but do not specify a card, this command displays the statistics for the process on the global active MPU. If you do not specify any options, this command displays the statistics for all processes on all cards. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. If you specify a process but do not specify a CPU, this command displays the statistics for the default CPU. If you do not specify a process or CPU, this command displays the historical statistics for all CPUs. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system regularly samples CPU usage and saves the samples to the history record buffer. This command displays the most recent 60 samples in a coordinate system as follows:
· The vertical axis represents the CPU usage. If a statistic is not a multiple of the usage step, it is rounded up or down to the closest multiple of the usage step. For example, if the CPU usage step is 5%, the statistic 53% is rounded up to 55%, and the statistic 52% is rounded down to 50%.
· The horizontal axis represents the time.
· Pound signs (#) indicate the CPU usage. The value on the vertical axis for the topmost pound sign at a specific time represents the CPU usage at that time.
Examples
# Display the historical CPU usage statistics for the entire system.
<Sysname> display cpu-usage history
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|
15%| #
10%| ### #
5%| ########
------------------------------------------------------------
10 20 30 40 50 60 (minutes)
cpu-usage (Chassis 1 slot 0 CPU 0) last 60 minutes (SYSTEM)
The output shows the following items:
· Process name. The name SYSTEM represents the entire system.
· CPU that is holding the process: CPU 0 in slot 0 of member device 1.
· Historical CPU usage statistics for the entire system during the last 60 minutes.
¡ 12 minutes ago: Approximately 5%.
¡ 13 minutes ago: Approximately 10%.
¡ 14 minutes ago: Approximately 15%.
¡ 15 minutes ago: Approximately 10%.
¡ 16 and 17 minutes ago: Approximately 5%.
¡ 18 minutes ago: Approximately 10%.
¡ 19 minutes ago: Approximately 5%.
¡ Other time: 2% or lower than 2%.
# Display the historical CPU usage statistics for process 1.
<Sysname> display cpu-usage history job 1
100%|
95%|
90%|
85%|
80%|
75%|
70%|
65%|
60%|
55%|
50%|
45%|
40%|
35%|
30%|
25%|
20%|
15%|
10%|
5%| #
------------------------------------------------------------
10 20 30 40 50 60 (minutes)
cpu-usage (Chassis 1 slot 0 CPU 0) last 60 minutes (scmd)
The output shows the following items:
· Process name, which is scmd. A process name in a pair of square brackets ([ ]) represents a kernel process.
· CPU that is holding the process: CPU 0 in slot 0 of member device 1.
· Historical CPU usage statistics for process 1 in the last 60 minutes.
¡ 20 minutes ago: Approximately 5%.
¡ Other time: 2% or lower than 2%.
monitor cpu-usage enable
monitor cpu-usage interval
display device
Use display device to display device information.
Syntax
Centralized devices in standalone mode:
display device [ cf-card | harddisk | sd-card | usb ] [ slot slot-number | verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display device [ cf-card | harddisk | sd-card | usb ] [ slot slot-number [ subslot subslot-number ] | verbose ]
Distributed devices in IRF mode:
display device [ cf-card | harddisk | sd-card | usb ] [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
cf-card: Specifies the CF cards.
The following matrix shows the cf-card keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
harddisk: Specifies the hard disks.
The following matrix shows the harddisk keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
No |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
sd-card: Specifies the SD cards.
The following matrix shows the sd-card keyword and hardware compatibility:
Hardware |
Keyword compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
No |
Hardware |
Keyword compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
usb: Specifies the device connected to the USB interface.
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays hardware information for all member devices. (Distributed devices in IRF mode.)
slot slot-number: Specifies a subcard by its slot number. (Centralized devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays hardware information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays hardware information for all member devices. (Centralized devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays device information for all cards. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this command does not display information about any subcards.
verbose: Displays detailed hardware information. If you do not specify this keyword, this command displays brief information.
Usage guidelines
If you do not specify the cf-card, sd-card, and usb keywords, this command displays information about cards on the device.
Examples
# (Centralized devices in standalone mode.) Display device information.
<Sysname> display device
Device Name: H3C MSR36-40
Slot No. Board Type Status Max Ports
-------------------------------------------------------
0 RPU Normal 6
3 SIC-1AM Normal 1
5 HMIM-8GSW Normal 8
6 HMIM-2SAE Normal 2
7 HMIM-4FXO Normal 4
9 VPM-256 Normal 1
Table 44 Command output
Field |
Description |
Slot No. |
Slot number of the card. |
Board Type |
Hardware type of the card. |
Status |
Card status: · Illegal—The card is not operating correctly. · Normal—The card is operating correctly. |
Max Ports |
Maximum number of physical ports that the card supports. |
# (Distributed devices in standalone mode.) Display device information.
<Sysname> display device
Slot No. Board Type Status Primary SubSlots
0 MPU Normal Master 12
1 MPU Normal Standby 12
2 MPU Normal Standby 12
Table 45 Command output
Field |
Description |
Slot No. |
Slot number of the card. |
Board Type |
Hardware type of the card. |
Status |
Card status: · Standby—The card is the standby MPU. · Master—The card is the active MPU. · Absent—The slot is not installed with a card. · Fault—The card is faulty and cannot start up. · Normal—The card is an interface card and is operating correctly. |
Primary |
Role of the card: · Master—The card is the active MPU. · Standby—The card is the standby MPU. |
SubSlots |
Maximum number of subcards that the card supports. |
# (Centralized devices in IRF mode.) Display device information about all IRF member devices in the IRF fabric.
<Sysname> display device
Slot No. Board Type Status Primary SubSlots
1 MPU Normal Master 12
2 MPU Normal Standby 12
The output shows that the IRF fabric has two member devices, and each member has 28 Ethernet interfaces and two 10-GE physical IRF ports.
Table 46 Command output
Field |
Description |
Slot No. |
Member ID of the IRF member device. |
Board Type |
Hardware type of the IRF member device |
Status |
Status of the IRF member device: · Normal—The IRF member device is operating correctly. · Illegal—The IRF member device is not identified. |
Primary |
Role of the IRF member device: · Master—The member device is the active MPU. · Standby—The member device is the standby MPU. · Loading—The member device is loading the system startup software. |
SubSlots |
Maximum number of subcards that the member device supports. |
# (Distributed devices in IRF mode.) Display device information about all IRF member devices.
<Sysname> display device
Chassis No. Slot No. Board Type Status Primary Local Primary SubSlots
-------------------------------------------------------------------------------
1 0 MPU-100 Normal Master Master 0
1 2 SPU-300 Normal N/A N/A 8
Table 47 Command output
Field |
Description |
Chassis No. |
Member ID of the IRF member device. |
Slot No. |
Number of the slot where the card on the IRF member device resides. |
Board Type |
Card type. |
Status |
Card status: · Absent—No card is inserted in the slot. · Normal—The card is an interface card and is operating correctly. · Fault—The card is faulty. |
Primary |
Role of the card: · Master—The card is the global active MPU. · Standby—The card is a global standby MPU. |
Local Primary |
Role of the local card: · Master—The card is the active MPU for the IRF member device. · Standby—The card is the standby MPU for the IRF member device. |
SubSlots |
Maximum number of subcards that the card supports. |
display device manuinfo
Use display device manuinfo to display electronic label information for the device.
Syntax
Centralized devices in standalone mode:
display device manuinfo [ slot slot-number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display device manuinfo [ slot slot-number [ subslot subslot-number ] ]
Distributed devices in IRF mode:
display device manuinfo [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays electronic label information for all member devices. (Distributed devices in IRF mode.)
slot slot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this command does not display electronic label information for subcards. (Centralized devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays electronic label information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays electronic label information for all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays electronic label information for all member devices. (Centralized devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this command does not display information about any subcards.
Usage guidelines
An electronic label is a profile of a device or card. It contains the permanent configuration, including the serial number, manufacturing date, MAC address, and vendor name. The data is written to the storage component during debugging or testing. This command displays only part of the electronic label information.
Examples
# (Centralized devices in standalone mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 0
DEVICE_NAME : aaaa
DEVICE_SERIAL_NUMBER : xxxx
MAC_ADDRESS : 000F-E26A-58EA
MANUFACTURING_DATE : 2016-01-10
VENDOR_NAME : H3C
PRODUCT ID : XXXXXX
# (Distributed devices in standalone mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 0 CPU 0:
DEVICE_NAME : RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A73SA07B000108
MAC_ADDRESS : 000F-E26A-58ED
MANUFACTURING_DATE : 2016-01-9
VENDOR_NAME : H3C
PRODUCT ID : RT-MPU-100
Slot 1 CPU 0:
DEVICE_NAME : RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A73SA07B000075
MAC_ADDRESS : 000F-E26A-581B
MANUFACTURING_DATE : 2016-01-10
VENDOR_NAME : H3C
PRODUCT ID : RT-MPU-100
Slot 2 CPU 0:
DEVICE_NAME : RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A76VX081000020
MAC_ADDRESS : No
MANUFACTURING_DATE : 2016-02-2
VENDOR_NAME : H3C
PRODUCT ID : RT-MPU-100
# (Centralized devices in IRF mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Slot 1 CPU 0:
DEVICE_NAME : MSR 36-40a
DEVICE_SERIAL_NUMBER : 210235A0W8B133000041
MAC_ADDRESS : 001C-C5BC-3111
MANUFACTURING_DATE : 2016-05-08
VENDOR_NAME : H3C
Slot 2 CPU 0:
DEVICE_NAME : MSR 36-40b
DEVICE_SERIAL_NUMBER : 210235A252A079000140
MAC_ADDRESS : 000F-E269-46D1
MANUFACTURING_DATE : 2016-09-26
VENDOR_NAME : H3C
Table 48 Command output
Field |
Description |
Slot 1 CPU 0 |
Slot number of the card and number of the CPU. (Distributed devices in standalone mode.) Member ID of the device and number of the CPU. (Centralized devices in IRF mode.) |
DEVICE_NAME |
Device name. |
DEVICE_SERIAL_NUMBER |
Serial number. |
MAC_ADDRESS |
MAC address. |
MANUFACTURING_DATE |
Manufacturing date. |
VENDOR_NAME |
Vendor name. |
PRODUCT ID |
Product ID. |
# (Distributed devices in IRF mode.) Display electronic label information for the device.
<Sysname> display device manuinfo
Chassis 1:
Slot 0 CPU 0:
subslot 0
DEVICE_NAME : RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A1UXB137000109
MAC_ADDRESS : 7425-8A76-08F0
MANUFACTURING_DATE : 2016-05-26
VENDOR_NAME : H3C
PRODUCT ID : RT-MPU-100
Slot 1 CPU 0:
subslot 0
DEVICE_NAME : RT-MPU-100
DEVICE_SERIAL_NUMBER : 210231A1UXB137000174
MAC_ADDRESS : 7425-8A76-09AA
MANUFACTURING_DATE : 2016-05-26
VENDOR_NAME : H3C
PRODUCT ID : RT-MPU-100
Slot 2 CPU 0:
subslot 0
DEVICE_NAME : RT-SPU-200
DEVICE_SERIAL_NUMBER : 210231A1V0B139000007
MAC_ADDRESS : 7425-8AEA-1FF4
MANUFACTURING_DATE : 2016-05-23
VENDOR_NAME : H3C
PRODUCT ID : RT-SPU-200
Table 49 Command output
Field |
Description |
Chassis 1 |
IRF member device 1. |
Slot 0 CPU 0 |
Information about CPU 0 on the card in slot 0. |
DEVICE_NAME |
Device name. |
DEVICE_SERIAL_NUMBER |
Serial number. |
MAC_ADDRESS |
MAC address. |
MANUFACTURING_DATE |
Manufacturing date. |
VENDOR_NAME |
Vendor name. |
display device manuinfo fan
Use display device manuinfo fan to display electronic label information for a fan.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode :
display device manuinfo fan fan-id
Centralized devices in IRF mode:
display device manuinfo slot slot-number fan fan-id
Distributed devices in IRF mode:
display device manuinfo chassis chassis-number fan fan-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
fan-id: Specifies a fan by its ID.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Examples
# (Distributed devices in standalone mode/centralized devices in standalone mode.) Display electronic label information for fan 1.
<Sysname> display device manuinfo fan 1
Fan 1:
DEVICE_NAME : fan
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
# (Centralized devices in IRF mode.) Display electronic label information for fan 1 on IRF member device 1.
<Sysname> display device manuinfo fan 1
Slot 1:
Fan 1:
DEVICE_NAME : fan
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
# (Distributed devices in IRF mode.) Display electronic label information for fan 1 on IRF member device 1.
<Sysname> display device manuinfo chassis 1 fan 1
Chassis 1:
Fan 1:
DEVICE_NAME : fan1
DEVICE_SERIAL_NUMBER : 210235A36L1234567891
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
display device manuinfo power
Use display device manuinfo power to display electronic label information for a power supply.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display device manuinfo power power-id
Centralized devices in IRF mode:
display device manuinfo slot slot-number power power-id
Distributed devices in IRF mode:
display device manuinfo chassis chassis-number power power-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
power-id: Specifies a power supply by its ID.
The following matrix shows the power-id argument and hardware compatibility:
Hardware |
Argument compatibility |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
N/A |
MSR2600-6-X1/2600-10-X1 |
No |
N/A |
MSR 2630 |
No |
N/A |
MSR3600-28/3600-51 |
Yes |
1 to 2 |
MSR3600-28-SI/3600-51-SI |
No |
N/A |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
N/A |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
1 |
MSR5620/5660/5680 |
Yes |
1 to 2 |
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Examples
# (Distributed devices in standalone mode/centralized devices in standalone mode.) Display electronic label information for power supply 1.
<Sysname> display device manuinfo power 1
Power 1:
DEVICE_NAME : power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
# (Centralized devices in IRF mode.) Display electronic label information for power supply 1 on IRF member device 1.
<Sysname> display device manuinfo slot 1 power 1
Slot 1:
Power 1:
DEVICE_NAME : power
DEVICE_SERIAL_NUMBER : 210235A36L1234567890
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
# (Distributed devices in IRF mode.) Display electronic label information for power supply 1 on IRF member device 1.
<Sysname> display device manuinfo chassis 1 power 1
Chassis 1:
Power 1:
DEVICE_NAME : power1
DEVICE_SERIAL_NUMBER : 210235A36L1234567891
MAC_ADDRESS : NONE
MANUFACTURING_DATE : 2016-01-20
VENDOR_NAME : H3C
display diagnostic-information
Use display diagnostic-information to display or save operating information for features and hardware modules.
Syntax
display diagnostic-information [ hardware | infrastructure | l2 | l3 | service ] [ key-info ] [ filename ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
hardware: Specifies hardware-related operating information.
infrastructure: Specifies operating information for the fundamental features.
l2: Specifies operating information for the Layer 2 features.
l3: Specifies operating information for the Layer 3 features.
service: Specifies operating information for Layer 4 and upper-layer features.
key-info: Displays or saves only critical operating information. The device might have a large amount of operating information if an exception occurs or after the device runs for a long period of time. Specifying this keyword reduces the command execution time and helps you focus on critical operating information. If you do not specify this keyword, the command displays or saves both critical and non-critical operating information.
filename: Saves the information to a file. The filename argument must use the .tar.gz suffix.
Usage guidelines
You can use one of the following methods to collect operating statistics for diagnostics and troubleshooting:
· Use separate display commands to collect operating information feature by feature or module by module.
· Use the display diagnostic-information command to collect operating information for multiple or all features and hardware modules.
To save storage space, this command automatically compresses the information before saving the information to a file. To view the file content:
1. Use the tar extract command to extract the file.
2. Use the gunzip command to decompress the extracted file.
3. Use the more command to view the content of the decompressed file.
If you abort the display diagnostic-information command, the gunzip command might not be able to decompress the extracted file. To decompress the extracted file, export the extracted file to a PC that is running Linux, and use the gunzip -c command.
If you do not specify a file name for the command, the system prompts you to choose whether to display or save the information. If you choose to save the information, the system automatically assigns a file name and displays the file name in brackets. For file name uniqueness, the file name includes the device name and the current system time. If the device name contains any of the following special characters, the system uses an underscore (_) to replace each special character: forward slashes (/), backward slashes (\), colons (:), asterisks (*), question marks (?), less than signs (<), greater than signs (>), pipeline signs (|), and quotation marks ("). For example, device name A/B will change to A_B in the file name, as in flash:/diag_A_B_20160101-000438.tar.gz.
If you do not specify any feature parameters, this command displays or saves the operating information for all features and modules.
This command does not support the |, >, and >> options.
While the device is executing this command, do not execute any other commands. Executing other commands might affect the collected operating information.
Examples
# Display the operating information for all features and modules.
<Sysname> display diagnostic-information
Save or display diagnostic information (Y=save, N=display)? [Y/N]:n
===============================================
===============display clock===============
14:03:55 UTC Thu 01/05/2016
=================================================
===============display version===============
...
# Save the operating information to the default file.
<Sysname> display diagnostic-information
Save or display diagnostic information (Y=save, N=display)? [Y/N]:y
Please input the file name(*.tar.gz)[flash:/diag_Sysname_20160101-024601.tar.gz]:
Diagnostic information is outputting to flash:/diag_Sysname_20160101-024601.tar.gz.
Please wait...
Press Enter when the system prompts you to enter the file name.
# Save the operating information for all features and modules to file test.tar.gz.
<Sysname> display diagnostic-information test.tar.gz
Diagnostic information is outputting to flash:/test.tar.gz.
Please wait...
Save successfully.
Related commands
gunzip
more
tar extract
display environment
Use display environment to display temperature information, including the temperature thresholds and the current temperature values.
Syntax
Centralized devices in standalone mode:
display environment
Distributed devices in standalone mode:
display environment [ slot slot-number ]
Centralized devices in IRF mode:
display environment [ slot slot-number ]
Distributed devices in IRF mode:
display environment [ chassis chassis-number [ slot slot-number] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays temperature information for all member devices. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays temperature information for all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays temperature information for all member devices. (Centralized devices in IRF mode.)
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
Examples
# (Centralized devices in standalone mode.) Display information about all temperature sensors on the device.
<Sysname> display environment
Slot Subslot Sensor ID Temperature LowerLimit WarningLimit AlarmLimit
----------------------------------------------------------------------
0 0 inflow 1 31 -7 53 61
0 0 hotspot 1 37 0 57 65
# (Distributed devices in standalone mode.) (Centralized IRF devices.) Display information about all temperature sensors on the device.
<Sysname> display environment
Slot Subslot Sensor ID Temperature LowerLimit WarningLimit AlarmLimit
-----------------------------------------------------------------------
0 0 hotspot 1 40 0 60 70
1 0 hotspot 1 41 0 60 70
2 0 inflow 1 37 0 60 70
2 0 hotspot 1 43 0 65 75
# (Distributed devices in IRF mode.) Display information about all temperature sensors in the IRF fabric.
<Sysname> display environment
System temperature information (degree centigrade):
-----------------------------------------------------------------------------
Chassis Slot Subslot Sensor ID Temperature LowerLimit WarningLimit AlarmLimit
-----------------------------------------------------------------------------
1 0 0 hotspot1 38 0 60 70
1 1 0 hotspot1 40 0 60 70
1 2 0 inflow 1 36 -5 55 65
1 2 0 hotspot1 44 0 65 75
2 0 0 hotspot1 38 0 60 70
2 1 0 hotspot1 39 0 60 70
2 2 0 inflow 1 34 -5 55 65
2 2 0 hotspot1 43 0 65 75
Table 50 Command output
Field |
Description |
Chassis |
Member ID of the IRF member device. |
sensor |
Temperature sensor: · hotspot—Hotspot sensor. · inflow—Air inlet sensor. · outflow—Air outlet sensor. |
Slot |
A number in this field indicates a device. (Centralized devices in standalone mode.) |
Slot |
A number in this field indicates a card. (Distributed devices in standalone mode.) |
Slot |
A number in this field indicates an IRF member device. (Centralized devices in IRF mode.) |
Slot |
A number in this field indicates a sensor on the frame or fan tray of an IRF member device. (Distributed devices in IRF mode.) |
Subslot |
Subslot number. |
Temperature |
Current temperature. |
LowerLimit |
Lower temperature limit. |
WarningLimit |
Warning temperature threshold. |
AlarmLimit |
Alarming temperature threshold. |
display fan
Use display fan to display fan operating status information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display fan [ fan-id ]
Centralized devices in IRF mode:
display fan [ slot slot-number [ fan-id ] ]
Distributed devices in IRF mode:
display fan [ chassis chassis-number [ fan-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fan operating status information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays fan operating status information for all member devices. (Distributed devices in IRF mode.)
fan-id: Specifies a fan by its ID. If you do not specify a fan, this command displays operating status information for all fans at the specified position.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
|
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
|
MSR2600-6-X1/2600-10-X1 |
Yes |
|
MSR 2630 |
Yes |
|
MSR3600-28/3600-51 |
Yes |
|
MSR3600-28-SI/3600-51-SI |
Yes |
|
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
|
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
|
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
Examples
# Display the operating states of all fans.
display memory
Use display memory to display memory usage information.
Syntax
Centralized devices in standalone mode:
display memory [ summary ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display memory [ summary ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display memory [ summary ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays brief information about memory usage. If you do not specify this keyword, the command displays detailed information about memory usage.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays memory usage for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays memory usage for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays memory usage for all MPUs. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display detailed memory usage information.
<Sysname> display memory
Memory statistics are measured in KB:
Slot 0:
Total Used Free Shared Buffers Cached FreeRatio
Mem: 507980 154896 353084 0 488 54488 69.5%
-/+ Buffers/Cache: 99920 408060
Swap: 0 0 0
Table 51 Command output
Field |
Description |
Chassis |
Member ID of the IRF member device. (Distributed devices in IRF mode.) |
Slot |
This field specifies the entire device. The value of this field is fixed at 0. (Centralized devices in standalone mode .) Member ID of the IRF member device. (Centralized devices in IRF mode.) Slot number of the card. (Distributed devices in IRF or standalone mode.) |
CPU |
Number of the CPU. |
Mem |
Memory usage information. |
Total |
Total size of the physical memory space that can be allocated. The memory space is virtually divided into two parts. Part 1 is solely used for kernel code, kernel management, and ISSU functions. Part 2 can be allocated and used for such tasks as running service modules and storing files. The size of part 2 equals the total size minus the size of part 1. |
Used |
Used physical memory. |
Free |
Free physical memory. |
Shared |
Physical memory shared by processes. |
Buffers |
Physical memory used for buffers. |
Cached Caches |
Physical memory used for caches. |
FreeRatio |
Free memory ratio. |
-/+ Buffers/Cache |
-/+ Buffers/Cache:used = Mem:Used – Mem:Buffers – Mem:Cached, which indicates the physical memory used by applications. -/+ Buffers/Cache:free = Mem:Free + Mem:Buffers + Mem:Cached, which indicates the physical memory available for applications. |
Swap |
Swap memory. |
display memory-threshold
Use display memory-threshold to display memory alarm thresholds and statistics.
Syntax
Centralized devices in standalone mode:
display memory-threshold
Distributed devices in standalone mode/centralized devices in IRF mode:
display memory-threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the memory usage thresholds and statistics for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the memory usage thresholds and statistics for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays the memory usage thresholds and statistics for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
For more information about memory usage notifications, see log information containing MEM_EXCEED_THRESHOLD or MEM_BELOW_THRESHOLD.
Examples
# Display memory alarm thresholds and statistics.
<Sysname> display memory-threshold
Memory usage threshold: 100%
Free memory threshold:
Minor: 64M
Severe: 48M
Critical: 32M
Normal: 96M
Current memory state: Normal
Event statistics:
[Back to normal state]
First notification: 2016-5-15 09:21:35.546
Latest notification: 2016-5-15 09:21:35.546
Total number of notifications sent: 1
[Enter minor low-memory state]
First notification at: 2016-5-15 09:07:05.941
Latest notification at: 2016-5-15 09:07:05.941
Total number of notifications sent: 1
[Back to minor low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Enter severe low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Back to severe low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
[Enter critical low-memory state]
First notification at: 0.0
Latest notification at: 0.0
Total number of notifications sent: 0
display power-supply
Use display power-supply to display power supply information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone mode:
display power-supply [ verbose ]
Centralized devices in IRF mode:
display power-supply [ slot slot-number ] [ verbose ]
Distributed devices in IRF mode:
display power-supply [ chassis chassis-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays power supply information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays power supply information for all member devices. (Distributed devices in IRF mode.)
verbose: Displays detailed power supply information. If you do not specify this keyword, this command displays the brief information.
Examples
# Display detailed power supply information.
<Sysname> display power-supply verbose
display scheduler job
Use display scheduler job to display job configuration information.
Syntax
display scheduler job [ job-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
job-name: Specifies a job by its name, a case-sensitive string of 1 to 47 characters. If you do not specify a job, this command displays configuration information for all jobs.
Examples
# Display configuration information for all jobs.
<Sysname> display scheduler job
Job name: saveconfig
copy startup.cfg backup.cfg
Job name: backupconfig
Job name: creat-VLAN100
system-view
vlan 100
// The output shows that the device has three jobs: the first has one command, the second does not have any commands, and the third has two commands. Jobs are separated by blank lines.
display scheduler logfile
Use display scheduler logfile to display job execution log information.
Syntax
display scheduler logfile
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display job execution log information.
<Sysname> display scheduler logfile
Logfile Size: 1902 Bytes.
Job name : shutdown
Schedule name : shutdown
Execution time : Tue May 27 10:44:42 2016
Completion time : Tue May 27 10:44:47 2016
--------------------------------- Job output -----------------------------------
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]interface rang gigabitethernet 1/0/1 to gigabitethernet 1/0/3
[Sysname-if-range]shutdown
Table 52 Command output
Field |
Description |
Logfile Size |
Size of the log file, in bytes. |
Schedule name |
Schedule to which the job belongs. |
Execution time |
Time when the job was started. |
Completion time |
Time when the job was completed. If the job has never been executed or the job does not have any commands, this field is blank. |
Job output |
Commands in the job and their output. |
Related commands
reset scheduler logfile
display scheduler reboot
Use display scheduler reboot to display the automatic reboot schedule.
Syntax
display scheduler reboot
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the automatic reboot schedule.
<Sysname> display scheduler reboot
System will reboot at 16:32:00 05/23/2016 (in 1 hours and 39 minutes).
scheduler reboot at
scheduler reboot delay
display scheduler schedule
Use display scheduler schedule to display schedule information.
Syntax
display scheduler schedule [ schedule-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
schedule-name: Specifies a schedule by its name, a case-sensitive string of 1 to 47 characters. If you do not specify a schedule, this command displays information about all schedules.
Examples
# Display information about all schedules.
<Sysname> display scheduler schedule
Schedule name : shutdown
Schedule type : Run once after 0 hours 2 minutes
Start time : Tue Dec 27 10:44:42 2016
Last execution time : Tue Dec 27 10:44:42 2016
Last completion time : Tue Dec 27 10:44:47 2016
Execution counts : 1
-----------------------------------------------------------------------
Job name Last execution status
shutdown Successful
Table 53 Command output
Field |
Description |
Schedule type |
Execution time setting of the schedule. If no execution time is specified, this field is not displayed. |
Start time |
Time to execute the schedule for the first time. If no execution time is specified, this field is not displayed. |
Last execution time |
Last time when the schedule was executed. If no execution time is specified, this field is not displayed. If the schedule has never been executed, "Yet to be executed" is displayed for this field. |
Last completion time |
Last time when the schedule was completed. If no execution time is specified, this field is not displayed. |
Execution counts |
Number of times the schedule has been executed. If the schedule has never been executed, this field is not displayed. |
Job name |
Name of a job under the schedule. |
Last execution status |
Result of the most recent execution: · Successful. · Failed. · Waiting—The device is executing the schedule and the job is waiting to be executed. · In process—The job is being executed. · -NA-—The execution time has not arrived yet. To view information about whether the commands in the job has been executed and the execution results, execute the display scheduler logfile command. |
display system stable state
Use display system stable state to display system stability and status information.
Syntax
Views
Any view
network-admin
Usage guidelines
Before performing an ISSU or a switchover, execute this command multiple times to identify whether the system is operating stably. If the value of the System State field is not Stable, you cannot perform an ISSU. If the value of the Redundancy Stable field is not Stable, you cannot perform a switchover.
The device/card startup process takes some time. If the values of the status fields do not change to Stable, execute this command multiple times to identify the devices/cards that are not in Stable state. You can also use other commands to identify the faulty components. For example:
· Use the display device command to identify the device operating status.
· Use the display system internal process state command in probe view to display service operating status.
Examples
# (Centralized devices in standalone mode.) Display system stability and status information.
<Sysname> display system stable state
System state : Stable
Role State
Active Stable
Table 54 Command output
Field |
Description |
System state |
System status, which is fixed at Stable. The system is operating stably. |
Role |
Role of the card in the system, which is fixed at Active. |
State |
Device status, which is fixed at Stable. The device is operating stably. |
* |
The object is not operating stably. |
# (Distributed devices in standalone mode.) Display system stability and status information.
<Sysname> display system stable state
System state : Not ready
Redundancy state: Not ready
Slot CPU Role State
0 0 Active Stable
* 1 0 Standby Service starting
# (Distributed devices in IRF mode.) Display system stability and status information.
<Sysname> display system stable state
System state : Not ready
Redundancy state: Stable
Chassis Slot CPU Role State
1 1 0 Active Stable
1 2 0 Standby Stable
1 3 0 Other Stable
* 1 3 1 Other Kernel initiating
Table 55 Command output
Field |
Description |
System state |
System status: · Stable—The system is operating stably. · Not ready—The system is not operating stably. You cannot perform an ISSU when the system is in this state. |
Redundancy state |
System redundancy status: · Stable—The MPUs are operating stably. You can perform a switchover. · No redundance—The system has only one MPU and the MPU is operating stably. You cannot perform a switchover. · Not ready—The system is not operating stably. You cannot perform a switchover. |
Role |
Role of the card in the system: · Active—The card is the active MPU. · Standby—The card is a standby MPU. · Other—The card is not an MPU. |
State |
Card status: · Stable—The card is operating stably. · Board inserted—The card has just been installed. · Kernel initiating—Card kernel is being initialized. · Service starting—Services are starting. · Service stopping—Services are stopping. · HA batch backup—An HA batch backup is going on. · Interface data batch backup—An interface data batch backup is in progress. |
* |
The object is not operating stably. |
# (Centralized devices in IRF mode.) Display system stability and status information.
<Sysname> display system stable state
System state : Not ready
Redundancy state: Not ready
Slot CPU Role State
1 0 Active Stable
* 2 0 Standby HA batch backup
Table 56 Command output
Description |
|
System status: · Stable—The system is operating stably. |
|
System redundancy status: · Stable—Both MPUs are operating stably. You can perform a switchover. · Not ready—The system is not operating stably. You cannot perform a switchover. |
|
Role of the member device in the system: · Active—The member device is the master. |
|
· Stable—The member device is operating stably. · Board inserted—The member device has just joined the IRF fabric. · Kernel initiating—Card kernel is being initialized. · Service starting—Services are starting. · Service stopping—Services are stopping. · HA batch backup—An HA batch backup is going on. · Interface data batch backup—An interface data batch backup is in progress. |
|
Related commands
display device
display transceiver alarm
Use display transceiver alarm to display transceiver alarms.
Syntax
display transceiver alarm interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the alarms present on every transceiver module.
Usage guidelines
Table 57 shows the common transceiver alarm components. If no error occurs, "None" is displayed.
Table 57 Common transceiver alarm components
Field |
Description |
SFP/SFP+/GBIC/SFF: |
|
RX |
Receive |
TX |
Transmit |
power |
Optical power |
Temp |
Temperature |
RX |
Receive |
TX |
Transmit |
power |
Optical power |
Temp |
Temperature |
CFP: |
|
RX |
Receive |
TX |
Transmit |
power |
Optical power |
Temp |
Temperature |
REFCLK |
Reference clock |
XFP: |
|
RX |
Receive |
TX |
Transmit |
power |
Optical power |
Temp |
Temperature |
APD |
Avalanche photo diode |
TEC |
Thermoelectric cooler |
XENPAK: |
|
RX |
Receive |
TX |
Transmit |
power |
Optical power |
Temp |
Temperature |
WIS |
WAN interface sublayer |
PMA/PMD |
Physical medium attachment/physical medium dependent |
PCS |
Physical coding sublayer |
PHY XS |
PHY extended sublayer |
Examples
# Display the alarms present on the transceiver module in interface GigabitEthernet 1/0/1.
<Sysname> display transceiver alarm interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver current alarm information:
RX loss of signal
RX power low
Table 58 Command output
Field |
Description |
transceiver current alarm information |
Alarms present on the transceiver module. |
RX loss of signal |
Received signals are lost. |
RX power low |
Received power is low. |
display transceiver diagnosis
Use display transceiver diagnosis to display the current values of the digital diagnosis parameters on transceiver modules.
Syntax
display transceiver diagnosis interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays the current values of the digital diagnosis parameters on every transceiver module.
Examples
# Display the current values of the digital diagnosis parameters on the transceiver module in interface GigabitEthernet 1/0/1.
<Sysname> display transceiver diagnosis interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver diagnostic information:
Current diagnostic parameters:
Temp(°C) Voltage(V) Bias(mA) RX power(dBm) TX power(dBm)
36 3.31 6.13 -35.64 -5.19
Alarm thresholds:
Temp(°C) Voltage(V) Bias(mA) RX power(dBM) TX power(dBM)
High 50 3.55 1.44 -10.00 5.00
Low 30 3.01 1.01 -30.00 0.00
Table 59 Command output
Field |
Description |
transceiver diagnostic information |
Digital diagnosis information for the transceiver module in the interface. |
Temp.(°C) |
Temperature in °C, accurate to 1°C. |
Voltage(V) |
Voltage in V, accurate to 0.01 V. |
Bias(mA) |
Bias current in mA, accurate to 0.01 mA. |
RX power(dBm) |
Receive power in dBm, accurate to 0.01 dBm. |
TX power(dBm) |
Transmit power in dBm, accurate to 0.01 dBm. |
display transceiver interface
Use display transceiver interface to display the key parameters of transceiver modules.
Syntax
display transceiver interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the key parameters of every transceiver module.
Examples
# Display the key parameters of the transceiver module in interface GigabitEthernet 1/0/1.
<Sysname> display transceiver interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver information:
Transceiver Type : 1000_BASE_SX_SFP
Connector Type : LC
Wavelength(nm) : 850
Transfer Distance(m) : 550(50um),270(62.5um)
Digital Diagnostic Monitoring : YES
Vendor Name : H3C
Ordering Name : SFP-GE-SX-MM850
Table 60 Command output
Field |
Description |
Connector Type |
Connector types: · SC—Fiber connector developed by NTT. · LC—1.25 mm/RJ-45 fiber connector developed by Lucent. · RJ-45. · CX 4. |
Wavelength(nm) |
Central wavelength (in nm) of the transmit laser. If the transceiver supports multiple wavelengths, every two wavelength values are separated by a comma. For a copper cable, this field displays N/A. |
Transfer Distance(xx) |
Transmission distance, where xx indicates the distance unit: · km—Kilometers, for single-mode transceiver modules. · m—Meters, for other transceiver modules. If the transceiver module supports multiple types of transmission media, this field displays the transmission distance for each type, in the form transmission distance (medium type). Transmission medium types include: · 9 um—9/125 µm single-mode fiber. · 50 um—50/125 µm multimode fiber. · 62.5 um—62.5/125 µm multimode fiber. · TP—Twisted pair. · CX4—CX4 cable. |
Digital Diagnostic Monitoring |
Support for digital diagnosis: · YES—Supported. · NO—Not supported. |
Ordering Name |
Product code. |
display transceiver manuinfo
Use display transceiver manuinfo to display electronic label information for transceiver modules.
Syntax
display transceiver manuinfo interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface [ interface-type interface-number ]: Specifies an interface by its type and number. If no interface is specified, this command displays electronic label information for the transceiver modules on all interfaces.
Usage guidelines
This command displays only part of the electronic label information.
Examples
# Display electronic label information for the transceiver module on interface GigabitEthernet 1/0/1.
<Sysname> display transceiver manuinfo interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 transceiver manufacture information:
Manu. Serial Number : 213410A0000054000251
Manufacturing Date : 2016-06-01
Vendor Name : H3C
Table 61 Command output
Field |
Description |
Manu. Serial Number |
Serial number generated during production of the transceiver module. |
Manufacturing Date |
Date when the electronic label information was written to the transceiver module. |
display version
Use display version to display system version information.
Syntax
display version
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display system version information.
<Sysname> display version
H3C Comware Software, Version 7.1.064, Release 0605P01
Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.
H3C MSR3600 uptime is 0 weeks, 0 days, 4 hours, 20 minutes
Last reboot reason : User reboot
Boot image: flash:/msr3600si-cmw710-boot-r0605p01.bin
Boot image version: 7.1.064P29, Release 0605P01
Compiled Dec 09 2016 16:00:00
System image: flash:/msr3600si-cmw710-system-r0605p01.bin
System image version: 7.1.064, Release 0605P01
Compiled Dec 09 2016 16:00:00
Feature image(s) list:
flash:/msr3600si-cmw710-security-r0605p01.bin, version: 7.1.064
Compiled Dec 09 2016 16:00:00
flash:/msr3600si-cmw710-voice-r0605p01.bin, version: 7.1.064
Compiled Dec 09 2016 16:00:00
flash:/msr3600si-cmw710-data-r0605p01.bin, version: 7.1.064
Compiled Dec 09 2016 16:00:00
CPU ID: 0xc
512M bytes DDR3 SDRAM Memory
10M bytes Flash Memory
PCB Version: 3.0
CPLD Version: 1.0
Basic BootWare Version: 1.10
Extended BootWare Version: 1.10
Table 62 Command output
Field |
Description |
Last reboot reason |
Reason for the last reboot: · User reboot—The reboot was manually initiated from a user interface, such as the CLI, Web interface, or SNMP. · Cold reboot—The reboot was caused by a power cycle. · Kernel abnormality reboot—The reboot was caused by kernel exceptions. · DeadLoop reboot—The reboot was caused by a kernel thread dead loop. · DEV HandShake reboot—The reboot was caused by a device management handshake failure. · License timeout reboot—The reboot was caused by a license expiration event. · SlaveSwitch reboot—The original master rebooted after a master/subordinate switchover. (Centralized IRF devices.) · SlaveSwitch reboot—The original active MPU rebooted after an active/standby switchover. (In standalone mode.) · SlaveSwitch reboot—The original global active MPU rebooted after a master/subordinate switchover. (In IRF mode.) · Slave Cannot Update reboot—The standby MPU rebooted because it failed to act as the active MPU. · IRF Merge reboot—The current device rebooted after an IRF merge. · Auto Update reboot—The reboot was caused by an automatic software upgrade. · Master Lost reboot—The reboot was caused by a batch backup on the current card. · Warm reboot—The reboot was caused by an unknown reason. · Memory exhaust reboot—The reboot was caused by a card-memory-exhausted event. · Cryptotest Fail reboot—The reboot was caused by a cryptographic algorithm self-test failure. |
display version-update-record
Use display version-update-record to display the startup software image upgrade records. (Centralized devices in standalone mode.)
Use display version-update-record to display the startup software image upgrade records of the active MPU. (Distributed devices in standalone mode.)
Use display version-update-record to display the startup software image upgrade records of the master. (Centralized devices in IRF mode.)
Use display version-update-record to display the startup software image upgrade records of the global active MPU. (Distributed devices in IRF mode.)
Syntax
display version-update-record
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The device records its current startup software version information and all subsequent version update information. Such information can survive reboots.
The maximum number of records is 10.
Examples
# Display the startup software image upgrade records.
<Sysname> display version-update-record
Record 1 (updated on Sep 20 2014 at 01:56:49):
*Name : msr56-cmw710-boot-e0615p03.bin
Version : 7.1.064P50 ESS 0615P03
Compile time: Nov 07 2017 16:00:00
*Name : msr56-cmw710-system-e0615p03.bin
Version : 7.1.064 ESS 0615P03
Compile time: Nov 07 2017 16:00:00
Table 63 Command output
Field |
Description |
Record n |
Number of the startup software image upgrade record. Record 1 is the most recent record. |
Name |
Software image file name. |
* |
The software image version changed during the upgrade. |
Related commands
reset version-update-record
firmware update fota
Use firmware update fota to update the modem firmware through FoTA.
Syntax
firmware update fota
Views
Cellular interface view
Predefined user roles
network-admin
Usage guidelines
Currently, this command is supported only on the following devices:
· MSR810-LMS
· MSR810-LUS
· Devices that are installed with the SIC-D4G-CNED or SIC-4G-CNED card.
Use this command with caution. A modem firmware update through FoTA affects data transmission and consumes SIM card resources.
Examples
# Update the modem firmware through FoTA.
<Sysname> system-view
[Sysname] controller cellular 1/0
[Sysname-Controller-Cellular1/0] firmware update fota
Updating firmware for the modem. Continue?[Y/N]:y
Updating the firmware..
Do not turn off power during the updating process! Set modem to Fota Mode.
Updated successfully! The modem is restarting.......................Done.
header
Use header to configure a banner.
Use undo header to delete a banner.
Syntax
header { legal | login | motd | shell } text
undo header { legal | login | motd | shell }
Default
No banners are configured.
Views
System view
Predefined user roles
network-admin
Parameters
legal: Configures the banner to be displayed before a user inputs the username and password to access the CLI.
login: Configures the banner to be displayed before password or scheme authentication is performed for a login user.
motd: Configures the greeting banner to be displayed before the legal banner appears.
shell: Configures the banner to be displayed before a user accesses user view.
text: Specifies the banner message. You can enter the banner message on the same line as the keywords or on different lines. For more information, see Fundamentals Configuration Guide.
Examples
# Configure the legal banner, login banner, MOTD banner, and shell banner.
<Sysname> system-view
[Sysname] header legal
Please input banner content, and quit with the character '%'.
Welcome to legal (header legal)%
[Sysname] header login
Please input banner content, and quit with the character '%'.
Welcome to login(header login)%
[Sysname] header motd
Please input banner content, and quit with the character '%'.
Welcome to motd(header motd)%
[Sysname] header shell
Please input banner content, and quit with the character '%'.
Welcome to shell(header shell)%
In this example, the percentage sign (%) is the starting and ending character for each banner and is not included in the banners.
# Telnet to the device to test the configuration. The login banner appears only when password or scheme login authentication has been configured.
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Welcome to legal (header legal)
Welcome to motd(header motd)
Welcome to login(header login)
Login authentication
Password:
Welcome to shell(header shell)
job
Use job to assign a job to a schedule.
Use undo job to revoke a job.
Syntax
job job-name
undo job job-name
Default
No job is assigned to a schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
You can assign multiple jobs to a schedule. The jobs in a schedule are executed concurrently.
The jobs to be assigned to a schedule must already exist. To create a job, use the scheduler job command.
Examples
# Assign job save-job to schedule saveconfig.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] job save-job
Related commands
scheduler job
scheduler schedule
memory-threshold
Use memory-threshold to set free-memory thresholds.
Use undo memory-threshold to restore the defaults.
Syntax
Centralized devices in standalone mode:
memory-threshold minor minor-value severe severe-value critical critical-value normal normal-value
undo memory-threshold
Distributed devices in standalone mode/centralized devices in IRF mode:
memory-threshold [ slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value critical critical-value normal normal-value
undo memory-threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] minor minor-value severe severe-value critical critical-value normal normal-value
undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
The following matrix shows the default free-memory thresholds:
Hardware |
Default free-memory thresholds |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR2600-6-X1 |
· Minor alarm threshold—64 MB. · Severe alarm threshold—48 MB. · Critical alarm threshold—32 MB. · Normal state threshold—96 MB. |
MSR2600-10-X1 |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR 2630 |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR3600-28/3600-51 |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR3600-28-SI/3600-51-SI |
· Minor alarm threshold—64 MB. · Severe alarm threshold—48 MB. · Critical alarm threshold—32 MB. · Normal state threshold—96 MB. |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR 3610/3620/3620-DP/3640/3660 |
· Minor alarm threshold—96 MB. · Severe alarm threshold—64 MB. · Critical alarm threshold—48 MB. · Normal state threshold—128 MB. |
MSR5620/5660/5680 |
· Minor alarm threshold—224 MB. · Severe alarm threshold—128 MB. · Critical alarm threshold—96 MB. · Normal state threshold—256 MB. |
Views
System view
Predefined user roles
network-admin
Parameters
minor minor-value: Specifies the minor alarm threshold in MB. This threshold must be equal to or less than the normal state threshold. Setting this threshold to 0 disables the minor alarm feature.
The following matrix shows the value ranges for the minor-value argument:
Hardware |
Value range |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
0 to 1004 |
MSR810-LMS/810-LUS |
0 to 498 |
MSR2600-6-X1 |
0 to 1004 |
MSR2600-10-X1 |
0 to 1003 |
MSR 2630 |
0 to 1003 |
MSR3600-28/3600-51 |
0 to 1003 |
MSR3600-28-SI/3600-51-SI |
0 to 498 |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
0 to 1978 |
MSR 3610/3620/3620-DP/3640/3660 |
0 to 1972 |
MSR5620/5660/5680 |
0 to 1978 |
severe severe-value: Specifies the severe alarm threshold in MB. This threshold must be equal to or less than the minor alarm threshold. Setting this threshold to 0 disables the severe alarm feature.
critical critical-value: Specifies the critical alarm threshold in MB. This threshold must be equal to or less than the severe alarm threshold. Setting this threshold to 0 disables the critical alarm feature.
normal normal-value: Specifies the normal state threshold in MB. This threshold must be equal to or less than the total memory size.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets free-memory thresholds for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets free-memory thresholds for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command sets free-memory thresholds for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
To ensure correct operation and improve memory efficiency, the system monitors the amount of free memory space in real time. If the amount of free memory space exceeds a free-memory threshold, the system generates an alarm notification and sends it to affected service modules or processes. For more information about the thresholds, see Fundamentals Configuration Guide.
# Set the minor alarm, severe alarm, critical alarm, and normal state thresholds to 64 MB, 48 MB, 32 MB, and 96 MB, respectively.
<Sysname> system-view
[Sysname] memory-threshold minor 64 severe 48 critical 32 normal 96
display memory-threshold
memory-threshold usage
Use memory-threshold usage to set the memory usage threshold.
Use undo memory-threshold usage to restore the default.
Syntax
Centralized devices in standalone mode:
memory-threshold usage memory-threshold
undo memory-threshold usage
Distributed devices in standalone mode/centralized devices in IRF mode:
memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage memory-threshold
undo memory-threshold [ slot slot-number [ cpu cpu-number ] ] usage
Distributed devices in IRF mode:
undo memory-threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ] usage
Default
The memory usage threshold is 100%.
Views
System view
Predefined user roles
network-admin
Parameters
memory-threshold: Specifies the memory usage threshold in percentage. The value range is 0 to 100.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets the memory usage threshold for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the memory usage threshold for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command sets the memory usage threshold for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
The device samples memory usage at an interval of 1 minute. If the sample is greater than the memory usage threshold, the device sends a trap.
Examples
# Set the memory usage threshold to 80%.
<Sysname> system-view
[Sysname] memory-threshold chassis 1 slot 2 cpu 1 usage 80
Related commands
display memory-threshold
monitor cpu-usage enable
Use monitor cpu-usage enable to enable CPU usage monitoring.
Use undo monitor cpu-usage enable to disable CPU usage monitoring.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage enable
undo monitor cpu-usage enable
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage enable [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor cpu-usage enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
CPU usage monitoring is enabled.
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command enables CPU usage monitoring for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command enables CPU usage monitoring for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command enables CPU usage monitoring for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system samples and saves CPU usage at the interval specified by the monitor cpu-usage interval command. You can use the display cpu-usage history command to view recent CPU usage.
Examples
# Enable CPU usage monitoring.
<Sysname> system-view
[Sysname] monitor cpu-usage enable
display cpu-usage configuration
display cpu-usage history
monitor cpu-usage interval
monitor cpu-usage interval
Use monitor cpu-usage interval to set the sampling interval for CPU usage monitoring.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage interval interval
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage interval interval [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor cpu-usage interval interval [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
The system samples CPU usage every 1 minute.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the sampling interval for CPU usage monitoring. Valid values include 5Sec for 5 seconds, 1Min for 1 minute, and 5Min for 5 minutes.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets the interval for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the interval for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command sets the interval for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
After CPU usage monitoring is enabled, the system samples and saves CPU usage at the specified interval. You can use the display cpu-usage history command to view recent CPU usage.
Examples
# Set the sampling interval for CPU usage monitoring to 5 seconds.
<Sysname> system-view
[Sysname] monitor cpu-usage interval 5Sec
Related commands
display cpu-usage configuration
display cpu-usage history
monitor cpu-usage enable
monitor cpu-usage threshold
Use monitor cpu-usage threshold to set the CPU usage threshold.
Use undo monitor cpu-usage threshold to restore the default.
Syntax
Centralized devices in standalone mode:
monitor cpu-usage threshold cpu-threshold [ slot slot-number ]
undo monitor cpu-usage threshold [ slot slot-number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor cpu-usage threshold cpu-threshold [ slot slot-number [ cpu cpu-number ] ]
undo monitor cpu-usage threshold [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
undo monitor cpu-usage threshold [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
The CPU usage threshold is 99%.
Views
System view
Predefined user roles
network-admin
Parameters
cpu-threshold: Specifies the CPU usage threshold in percentage. The value range is 0 to 100.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command sets the CPU usage threshold for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command sets the CPU usage threshold for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command sets the CPU usage threshold for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
The device samples CPU usage at an interval of 1 minute. If the sample is greater than the CPU usage threshold, the device sends a trap and notifies the relevant modules.
Examples
# Set the CPU usage threshold to 80%.
<Sysname> system-view
[Sysname] monitor cpu-usage threshold 80
Related commands
display cpu-usage configuration
password-recovery enable
Use password-recovery enable to enable password recovery capability.
Use undo password-recovery enable to disable password recovery capability.
Syntax
password-recovery enable
undo password-recovery enable
Default
Password recovery capability is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Password recovery capability controls console user access to the device configuration and SDRAM from Boot ROM menus.
If password recovery capability is enabled, a console user can access the device configuration without authentication to configure new passwords.
If password recovery capability is disabled, console users must restore the factory-default configuration before they can configure new passwords. Restoring the factory-default configuration deletes the next-startup configuration files.
To enhance system security, disable password recovery capability.
Availability of Boot ROM menu options depends on the password recovery capability setting. For more information, see the release notes.
Examples
# Disable password recovery capability.
<Sysname> system-view
[Sysname] undo password-recovery enable
power-supply off
Use power-supply off to power off a card or subcard.
Syntax
Distributed devices in standalone mode:
power-supply off slot slot-number [ subslot subslot-number ]
Distributed devices in IRF mode:
power-supply off chassis chassis-number slot slot-number [ subslot subslot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this command stops supplying power to all subcards on the card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
When power is insufficient, you can power off interface cards that are idle or connected to unimportant network nodes to ensure power supply to critical interface cards.
To avoid IRF split, the system does not power off an interface card that contains all active physical IRF ports of a member device. (Distributed devices in IRF mode.)
Examples
# (Distributed devices in standalone mode.) Power off the card in slot 9.
<Sysname> power-supply off slot 9
# (Distributed devices in IRF mode.) Power off the card in slot 3 on member device 1.
<Sysname> power-supply off chassis 1 slot 3
power-supply on
Use power-supply on to power on a card or subcard.
Syntax
Distributed devices in standalone mode:
power-supply on slot slot-number [ subslot subslot-number ]
Distributed devices in IRF mode:
power-supply on chassis chassis-number slot slot-number [ subslot subslot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, this command starts power supply to all subcards on the card.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Examples
# (Distributed devices in standalone mode.) Power on the card in slot 9.
<Sysname> power-supply on slot 9
# (Distributed devices in IRF mode.) Power on the card in slot 3 on IRF member device 1.
<Sysname> power-supply on chassis 1 slot 3
power-supply policy enable
Use power-supply policy enable to enable power supply management.
Use undo power-supply policy enable to disable power supply management.
Syntax
Distributed devices in standalone mode:
power-supply policy enable
undo power-supply policy enable
Distributed devices in IRF mode:
power-supply policy chassis chassis-number enable
undo power-supply policy chassis chassis-number enable
Default
Power supply management is disabled..
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Examples
# (Distributed devices in standalone mode.) Enable power supply management.
<Sysname> system-view
[Sysname] power-supply policy enable
# (Distributed devices in IRF mode.) Enable power supply management for IRF member device 1.
<Sysname> system-view
[Sysname] power-supply policy chassis 1 enable
power-supply policy redundant
Use power-supply policy redundant to specify the number of redundant power supplies.
Use undo power-supply policy redundant to restore the default.
Syntax
Distributed devices in standalone mode:
power-supply policy redundant module-count
undo power-supply policy redundant
Distributed devices in IRF mode:
power-supply policy chassis chassis-number redundant module-count
undo power-supply policy chassis chassis-number redundant
Default
The number of redundant power supplies is 0.
Views
System view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. (Distributed devices in IRF mode.)
module-count: Specifies the number of redundant power supplies. The value range varies by device model. To view the value range for the module-count argument, use the online help for this command at the CLI. The upper limit for the value range is the maximum number of redundant power supplies supported by the system. The actual number of redundant power supplies that you can specify varies by the number of the interface cards and their power consumption. The actual number is smaller than or equal to the maximum number.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
The configuration of this command takes effect only when power supply management is enabled.
Examples
# (Distributed devices in standalone mode.) Set the number of redundant power supplies to 3.
<Sysname> system-view
[Sysname] power-supply policy redundant 3
# (Distributed devices in IRF mode.) Set the number of redundant power supplies on IRF member device 1 to 3.
<Sysname> system-view
[Sysname] power-supply policy chassis 1 redundant 3
reboot
Use reboot to reboot the device.
Syntax
Centralized devices in standalone mode:
reboot [ force ]
Distributed devices in standalone mode/centralized devices in IRF mode:
reboot [ slot slot-number [ subslot subslot-number ] ] [ force ]
Distributed devices in IRF mode:
reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ] [ force ]
Views
User view
Predefined user roles
network-admin
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify an IRF member device, the command reboots all IRF member devices. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command reboots the entire device. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command reboots the IRF member device. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify an IRF member device, the command reboots all IRF member devices. (Centralized devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subslot number, the command reboots the slot.
force: Reboots the device immediately without performing software or hard disk check. If this keyword is not specified, the system first identifies whether the reboot might result in data loss or a system failure. For example, the system identifies whether the main system software image file exists and whether a write operation is in progress on a storage medium. If the reboot might cause problems, the system does not reboot the device.
Usage guidelines
CAUTION: · A reboot might interrupt network services. · If the main startup software images are corrupt or missing, you must re-specify a set of main startup software images before executing the reboot command. · Use the force keyword only when the device fails or a reboot command without the force keyword cannot perform a reboot correctly. A reboot command with the force keyword might result in file system corruption because it does not perform data protection. |
For data security, the device does not reboot if you reboot the device while the device is performing file operations.
· Distributed devices in standalone mode:
To reboot the active MPU, perform the following tasks:
¡ Identify whether the standby MPU is installed and operating correctly.
¡ Use the display system stable state command to display system stability and status information.
If the standby MPU is not installed, the entire device will be rebooted. If the standby MPU is installed and is operating correctly, a switchover will occur.
IMPORTANT: To ensure correct operation of the system and cards, do not trigger a switchover by rebooting the active MPU if the status of a card is not Stable. |
· Centralized devices in IRF mode:
To reboot the master, perform the following tasks:
¡ Identify whether the IRF fabric has subordinate members and whether the subordinate members are operating correctly.
¡ Use the display system stable state command to display system stability and status information.
If the IRF fabric has only one member device, the IRF fabric will be rebooted. If the IRF fabric has a subordinate member and the member is operating correctly, a switchover will occur.
|
NOTE: To ensure correct operation of the IRF fabric and member devices, do not trigger a switchover by rebooting the master if the status of a member device is not Stable. |
· Distributed devices in IRF mode:
To reboot the global active MPU, perform the following tasks:
¡ Identify whether the IRF fabric has global standby MPUs and whether the global standby MPUs are operating correctly.
¡ Use the display system stable state command to display system stability and status information.
If the IRF fabric has only one MPU, the IRF fabric will be rebooted. If the IRF fabric has a global standby MPU and the MPU is operating correctly, a switchover will occur.
|
NOTE: To ensure correct operation of the IRF fabric and MPUs, do not trigger a switchover by rebooting the global active MPU if the status of a card is not Stable. |
Examples
# Reboot the device when no configuration change has occurred since the last time you saved the running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# (Centralized devices in standalone mode.) Reboot the device when the device has configuration changes that have not been saved. Choose to save the running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration will be lost after the reboot, save current configuration? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Configuration is saved to flash successfully.
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in standalone mode.) (Centralized devices in IRF mode.) (Distributed devices in IRF mode.) Reboot the device when the device has configuration changes that have not been saved. Choose to save the running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration will be lost after the reboot, save current configuration? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Configuration is saved to mainboard device successfully.
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the device when the device has configuration changes that have not been saved. Choose not to save the running configuration.
<Sysname> reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration will be lost after the reboot, save current configuration? [Y/N]:n
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the device immediately without performing software check.
<Sysname> reboot force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in standalone mode.) Reboot the interface card in slot 2.
<Sysname> reboot slot 2
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified slot, Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the interface card in slot 2 by force.
<Sysname> reboot slot 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot IRF member device 2.
<Sysname> reboot chassis 2
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified chassis, Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot IRF member device 2 by force.
<Sysname> reboot chassis 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
# (Distributed devices in IRF mode.) Reboot the interface card in slot 2 on IRF member device 2.
<Sysname> reboot chassis 2 slot 2
Start to check configuration with next startup configuration file, please wait..
.......DONE!
This command will reboot the specified slot, Continue? [Y/N]:y
Now rebooting, please wait...
# Reboot the interface card in slot 2 on IRF member device 2 by force.
<Sysname> reboot chassis 2 slot 2 force
A forced reboot might cause the storage medium to be corrupted. Continue? [Y/N]:y
Now rebooting, please wait...
display system stable state
remove
Use remove to unmount an HMIM module.
Syntax
Centralized devices in standalone mode:
remove subslot subslot-number
Distributed devices in standalone mode/centralized devices in IRF mode:
remove slot slot-number subslot subslot-number
Distributed devices in IRF mode:
remove chassis chassis-number slot slot-number subslot subslot-number
Views
User view
Predefined user roles
network-admin
Parameters
subslot subslot-number: Specifies an HMIM module by its subslot number. (Centralized devices in standalone mode.)
slot slot-number subslot subslot-number: Specifies an HMIM module by its slot number and subslot number. (Distributed devices in standalone mode.)
slot slot-number subslot subslot-numbe: Specifies an HMIM module by its subslot number and the IRF member device ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an HMIM module by its subslot number, slot number, and the IRF member device ID. (Distributed devices in IRF mode.)
Usage guidelines
CAUTION: Unmounting an HMIM module stops all services provided by the module. |
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
Yes |
MSR2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Command compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
Unmount an HMIM module before removing the module from the device. If you remove an HMIM module that is not unmounted, the device might fail or be damaged.
An unmounted HMIM module is not visible or configurable.
Examples
# (Centralized devices in standalone mode.) Unmount the HMIM module in subslot 6.
<Sysname> remove subslot 6
You can remove the card now!
# (Centralized devices in IRF mode.) Unmount the HMIM module in subslot 6 of member device 1.
<Sysname> remove slot 1 subslot 6
You can remove the card now!
# (Distributed devices in IRF mode.) Unmount the HMIM module in subslot 6 of slot 1 on member device 1.
<Sysname> remove chassis 1 slot 1 subslot 6
You can remove the card now!
reset scheduler logfile
Use reset scheduler logfile to clear job execution log information.
Syntax
reset scheduler logfile
Views
User view
Predefined user roles
network-admin
Examples
# Clear job execution log information.
<Sysname> reset scheduler logfile
Related commands
display scheduler logfile
restore factory-default
Use restore factory-default to restore the factory-default configuration for the device.
Syntax
restore factory-default
Views
User view
Predefined user roles
network-admin
Usage guidelines
CAUTION: This command is disruptive. Use this command only when you cannot troubleshoot the device by using other methods, or you want to use the device in a different scenario. |
Examples
# Restore the factory-default configuration for the device.
<Sysname> restore factory-default
This command will restore the system to the factory default configuration and clear the operation data. Continue [Y/N]:y
Restoring the factory default configuration. This process might take a few minutes. Please wait..........................................................................................................Done.
Please reboot the system to place the factory default configuration into effect.
Related commands
reboot
scheduler job
Use scheduler job to create a job and enter its view, or enter the view of an existing job.
Use undo scheduler job to delete a job.
Syntax
scheduler job job-name
undo scheduler job job-name
Default
No job exists.
Views
System view
Predefined user roles
network-admin
Parameters
job-name: Specifies the job name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
A job can be referenced by multiple schedules. In job view, you can assign commands to the job.
Examples
# Create a job named backupconfig and enter job view.
<Sysname> system-view
[Sysname] scheduler job backupconfig
[Sysname-job-backupconfig]
Related commands
command
scheduler schedule
scheduler logfile size
Use scheduler logfile size to set the size for the job execution log file.
Syntax
scheduler logfile size value
Default
The size of the job execution log file is 16 KB.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the size of the job execution log file, in KB. The value range is 16 to 1024.
Usage guidelines
The job execution log file saves the execution information of jobs. If the file is full, old records are deleted to make room for new records. If the size of the log information to be written to the file is greater than the file size, the excessive information is not written to the file.
Examples
# Set the size of the job execution log file to 32 KB.
<Sysname> system-view
[Sysname] scheduler logfile size 32
Related commands
display scheduler logfile
scheduler reboot at
Use scheduler reboot at to specify the reboot date and time.
Use undo scheduler reboot to delete the reboot schedule configuration.
Syntax
scheduler reboot at time [ date ]
undo scheduler reboot
Default
No reboot date or time is specified.
Views
User view
Predefined user roles
network-admin
Parameters
time: Specifies the reboot time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.
date: Specifies the reboot date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Usage guidelines
CAUTION: Device reboot interrupts network services. |
When the date argument is not specified, the system uses the following rules to determine the reboot time:
· If the reboot time is later than the current time, a reboot occurs at the reboot time of the current day.
· If the reboot time is earlier than the current time, a reboot occurs at the reboot time the next day.
For data security, the system does not reboot at the reboot time if a file operation is being performed.
The device supports only one device reboot schedule. If you execute both the scheduler reboot delay and scheduler reboot at commands or execute one of the commands multiple times, the most recent configuration takes effect.
Examples
# Configure the device to reboot at 12:00 p.m. This example assumes that the current time is 11:43 a.m. on June 6, 2016.
<Sysname> scheduler reboot at 12:00
Reboot system at 12:00:00 06/06/2016 (in 0 hours and 16 minutes). Confirm? [Y/N]:
Related commands
scheduler reboot delay
scheduler reboot delay
Use scheduler reboot delay to specify the reboot delay time.
Use undo scheduler reboot to delete the reboot schedule configuration.
Syntax
scheduler reboot delay time
undo scheduler reboot
Default
No reboot delay time is specified.
Views
User view
Predefined user roles
network-admin
Parameters
time: Specifies the reboot delay time in the hh:mm or mm format. This argument can contain up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59.
Usage guidelines
CAUTION: Device reboot interrupts network services. |
For data security, the system does not reboot at the reboot time if a file operation is being performed.
The device supports only one device reboot schedule. If you execute both the scheduler reboot delay and schedule reboot at commands or execute one of the commands multiple times, the most recent configuration takes effect.
Examples
# Configure the device to reboot after 88 minutes. This example assumes that the current time is 11:48 a.m. on June 6, 2016.
<Sysname> scheduler reboot delay 88
Reboot system at 13:16 06/06/2016(in 1 hours and 28 minutes). Confirm? [Y/N]:
scheduler schedule
Use scheduler schedule to create a schedule and enter its view, or enter the view of an existing schedule.
Use undo scheduler schedule to delete a schedule.
Syntax
scheduler schedule schedule-name
undo scheduler schedule schedule-name
Default
No schedule exists.
Views
System view
Predefined user roles
network-admin
Parameters
schedule-name: Specifies the schedule name, a case-sensitive string of 1 to 47 characters.
Usage guidelines
You can configure a schedule to have the device automatically run a command or a set of commands without administrative interference.
To configure a schedule:
1. Use the scheduler job command to create a job and enter job view.
2. Use the command command to assign commands to the job.
3. Use the scheduler schedule command to create a schedule and enter schedule view.
4. Use the job command to assign the job to the schedule. You can assign multiple jobs to a schedule. The jobs must already exist.
5. Use the user-role command to assign user roles to the schedule. You can assign up to 64 user roles to a schedule.
6. Use the time at, time once, or time repeating command to specify an execution time for the schedule. You can specify only one execution time for a schedule.
Examples
# Create a schedule named saveconfig.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
Related commands
job
time at
time once
shutdown-interval
Use shutdown-interval to set the port status detection timer.
Use undo shutdown-interval to restore the default.
Syntax
shutdown-interval interval
undo shutdown-interval
Default
The port status detection timer setting is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the port status detection timer value in seconds. The value range is 0 to 300. To disable port status detection, set this argument to 0.
Usage guidelines
The device starts a port status detection timer when a port is shut down by a protocol. Once the timer expires, the device brings up the port so the port status reflects the port's physical status.
If you change the timer setting during port detection, the device compares the new setting (T1) with the time that elapsed since the port was shut down (T).
· If T < T1, the port will be brought up after T1 – T seconds.
· If T ≥ T1, the port is brought up immediately.
For example, the timer setting is 30 seconds. If you change it to 10 seconds 2 seconds after the port is shut down, the port will come up 8 seconds later. If you change the timer setting to 2 seconds 10 seconds after the port is shut down, the port comes up immediately.
Examples
# Set the port status detection timer to 100 seconds.
<Sysname> system-view
[Sysname] shutdown-interval 100
sysname
Use sysname to set the device name.
Use undo sysname to restore the default.
Syntax
sysname sysname
undo sysname
Default
The default device name is H3C.
Views
System view
Predefined user roles
network-admin
Parameters
sysname: Specifies a name for the device, a string of 1 to 64 characters.
Usage guidelines
A device name identifies a device in a network and is used in CLI view prompts. For example, if the device name is Sysname, the user view prompt is <Sysname>.
Examples
# Set the name of the device to R2000.
<Sysname> system-view
[Sysname] sysname R2000
[R2000]
time at
Use time at to specify an execution date and time for a non-periodic schedule.
Use undo time to delete the execution date and time configuration for a non-periodic schedule.
Syntax
time at time date
undo time
Default
No execution time or date is specified for a non-periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
time: Specifies the schedule execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.
date: Specifies the schedule execution date in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month.
Usage guidelines
The specified time (date plus time) must be later than the current system time.
The time at command, the time once command, and the time repeating command overwrite one another. The most recently configured command takes effect.
Examples
# Configure the device to execute schedule saveconfig at 01:01 a.m. on May 11, 2016.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time at 1:1 2016/05/11
Related commands
scheduler schedule
time once
Use time once to specify one or more execution days and the execution time for a non-periodic schedule.
Use undo time to delete the execution day and time configuration for a non-periodic schedule.
Syntax
time once at time [ month-date month-day | week-day week-day&<1-7> ]
time once delay time
undo time
Default
No execution time or day is specified for a non-periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59.
month-date month-day: Specifies a day in the current month, in the range of 1 to 31. If you specify a day that does not exist in the current month, the configuration takes effect on that day in the next month.
week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.
delay time: Specifies the delay time for executing the schedule, in the hh:mm or mm format. This argument can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59.
Usage guidelines
If the specified time has already occurred, the schedule will be executed at the specified time the following day.
If the day in the month has already occurred, the schedule will be executed at the specified day in the following month.
If the specified day in a week has already occurred, the schedule will be executed at the specified day in the following week.
The time at command, the time once command, and the time repeating command overwrite one another. The most recently configured command takes effect.
Examples
# Configure the device to execute schedule saveconfig once at 15:00.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 15:00
Schedule starts at 15:00 5/11/2016.
# Configure the device to execute schedule saveconfig once at 15:00 on the coming 15th day in a month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 15:00 month-date 15
# Configure the device to execute schedule saveconfig at 12:00 p.m. on the coming Monday and Friday.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once at 12:00 week-day mon fri
# Configure the device to execute schedule saveconfig after 10 minutes.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time once delay 10
Related commands
scheduler schedule
time repeating
Use time repeating to specify an execution time table for a periodic schedule.
Use undo time to delete the execution time table configuration for a periodic schedule.
Syntax
time repeating [ at time [ date ] ] interval interval
time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ]
undo time
Default
No execution time table is specified for a periodic schedule.
Views
Schedule view
Predefined user roles
network-admin
Parameters
at time: Specifies the execution time in the hh:mm format. The value range for hh is 0 to 23. The value range for mm is 0 to 59. If you do not specify this option, the current system time is used as the execution time.
date: Specifies the start date for the periodic schedule, in the MM/DD/YYYY or YYYY/MM/DD format. The value range for YYYY is 2000 to 2035. The value range for MM is 1 to 12. The value range for DD varies by month. If you do not specify this argument, the execution start date is the first day when the specified time arrives.
interval interval: Specifies the execution time interval in the hh:mm or mm format. This argument can have up to six characters. When in the hh:mm format, mm must be in the range of 0 to 59. When in the mm format, this argument must be equal to or greater than 1 minute.
month-date [ month-day | last ]: Specifies a day in a month, in the range 1 to 31. The last keyword indicates the last day of a month. If you specify a day that does not exist in a month, the configuration takes effect on that day in the next month.
week-day week-day&<1-7>: Specifies a space-separated list of up to seven week days for the schedule. Valid week day values include Mon, Tue, Wed, Thu, Fri, Sat, and Sun.
Usage guidelines
The time repeating [ at time [ date ] ] interval interval command configures the device to execute a schedule at an interval from the specified time on.
The time repeating at time [ month-date [ month-day | last ] | week-day week-day&<1-7> ] command configures the device to execute a schedule at the specified time on every specified day in a month or week.
The time at command, the time once command, and the time repeating command overwrite one another, whichever is configured most recently takes effect.
Examples
# Configure the device to execute schedule saveconfig once an hour from 8:00 a.m. on.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 interval 60
# Configure the device to execute schedule saveconfig at 12:00 p.m. every day.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 12:00
# Configure the device to execute schedule saveconfig at 8:00 a.m. on the 5th of every month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 month-date 5
# Configure the device to execute schedule saveconfig at 8:00 a.m. on the last day of every month.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 month-date last
# Configure the device to execute schedule saveconfig at 8:00 a.m. every Friday and Saturday.
<Sysname> system-view
[Sysname] scheduler schedule saveconfig
[Sysname-schedule-saveconfig] time repeating at 8:00 week-day fri sat
Related commands
scheduler schedule
usb disable
Use usb disable to disable all USB interfaces.
Use undo usb disable to enable all USB interfaces.
Syntax
usb disable
undo usb disable
Default
All USB interfaces are enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can use USB interfaces to upload or download files or to connect a 3G modem. By default, all USB interfaces are enabled.
Before executing this command, use the umount command to unmount all USB file systems.
Examples
# Unmount all USB file systems before disabling USB interfaces.
<Sysname> umount usba0:
<Sysname> umount slot1#usba0:
<Sysname> system-view
[Sysname] usb disable
# Enable all USB interfaces.
<Sysname> system-view
[Sysname] undo usb disable
user-role
Use user-role to assign user roles to a schedule.
Use undo user-role to remove user roles from a schedule.
Syntax
user-role role-name
undo user-role role-name
Default
A schedule has the user roles of the schedule creator.
Views
Schedule view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. The user role can be user-defined or predefined. Predefined user roles include network-admin, network-operator, and level-0 to level-15.
A schedule must have one or more user roles. A command in a schedule can be executed if it is permitted by one or more user roles of the schedule. For more information about user roles, see the RBAC configuration in Fundamentals Configuration Guide.
A schedule can have a maximum of 64 user roles. After the limit is reached, you cannot assign additional user roles to the schedule.
Examples
# Assign user role rolename to schedule test.
<sysname> system-view
[Sysname] scheduler schedule test
[Sysname-schedule-test] user-role rolename
Related commands
command
Tcl commands
cli
Use cli to enable a Comware command to be executed in Tcl configuration view when it conflicts with a Tcl command.
Syntax
cli command
Views
Tcl configuration view
Predefined user roles
network-admin
Parameters
command: Specifies the commands to be executed. They must be complete command lines.
Usage guidelines
In Tcl configuration view, if a Comware command conflicts with a Tcl command, the Tcl command will be executed. To execute the Comware command when a conflict occurs, execute the cli command.
Examples
# Perform the following steps to execute a Comware command that conflicts with a Tcl command in Tcl configuration view.
1. Execute a Comware command in Tcl configuration view. The output shows that the Comware command cannot be executed because it conflicts with a Tcl command.
<Sysname> tclsh
<Sysname-tcl> system-view
[Sysname-tcl] route-policy 1 permit node 10
[Sysname-tcl-route-policy-1-10] apply cost 10
can't interpret "cost" as a lambda expression
2. Configure the cli command to execute the Comware command again.
[Sysname-tcl-route-policy-1-10] cli apply cost 10
# Execute multiple Comware commands in one operation to enter OSPF area view.
Method 1:
[Sysname-tcl] ospf 100;area 0
[Sysname-tcl-ospf-100-area-0.0.0.0]
Method 2:
[Sysname-tcl] cli "ospf 100 ; area 0"
[Sysname-tcl-ospf-100-area-0.0.0.0]
Method 3:
[Sysname-tcl] cli ospf 100 ; cli area 0
[Sysname-tcl-ospf-100-area-0.0.0.0]
tclquit
Use tclquit to return from Tcl configuration view to user view.
Syntax
tclquit
Views
Tcl configuration view
Predefined user roles
network-admin
Usage guidelines
To return from Tcl configuration view to user view, you can also use the quit command.
To return to the upper-level view after you execute Comware commands to enter system view or a Comware feature view, use the quit command.
Examples
# Return from Tcl configuration view to user view.
<Sysname-tcl> tclquit
<Sysname>
Related commands
tclsh
tclsh
Use tclsh to enter Tcl configuration view from user view.
Syntax
tclsh
Views
User view
Predefined user roles
network-admin
Usage guidelines
In Tcl configuration view, you can execute the following commands:
· All Tcl 8.5 commands.
· Comware commands. The Tcl configuration view is equivalent to the user view. You can use Comware commands in Tcl configuration view in the same way they are used in user view.
Examples
# Enter Tcl configuration view from user view.
<Sysname> tclsh
<Sysname-tcl>
Related commands
tclquit
Python commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Security zone compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes except on MSR810-LMS/810-LUS |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Security zone compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
No |
python
Use python to enter the Python shell.
Syntax
Views
User view
Predefined user roles
Usage guidelines
In the Python shell, you can use the following items:
· Python 2.7 commands.
· Python 2.7 standard API.
· Comware 7 extended API.
To return to user view from the Python shell, enter exit().
Examples
Python 2.7.3 (default)
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> exit()
<Sysname>
python filename
Use python filename to execute a Python script.
Syntax
Views
User view
Predefined user roles
Parameters
Usage guidelines
You cannot perform any operations while a Python script is being executed by your command.
Make sure the statements in the script meet the syntax requirements. The system stops executing a Python script if it finds a statement with syntax errors.
Examples
# Execute the Python script test.py.
['/flash:/test.py', '1', '2']
License management commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
The following matrix shows the feature and hardware compatibility:
Hardware |
License compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
display license
Use display license to display detailed license information.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
display license [ activation-file ]
Centralized devices in IRF mode:
display license [ activation-file ] [ slot slot-number ]
Distributed devices in IRF mode:
display license [ activation-file ] [ chassis chassis-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
activation-file: Displays information about activation files.
slot slot-number: Specifies the member ID of an IRF member device. If no member device is specified, this command displays license information for all IRF member devices. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies the member ID of an IRF member device. If no member device is specified, this command displays license information for all IRF member devices. (Distributed devices in IRF mode.)
Usage guidelines
The display license command displays detailed information about all licenses if it is used without any keywords.
Examples
# (Centralized devices in standalone mode.) Display detailed information about all licenses.
<Sysname> display license
cfa0:/license/210235A0W8B1330000412013073110284693735.ak
Feature: pkg_license
Product Description: H3C MSR 36 Data Software License
Registered at: 2013-07-31 10:29:33
License Type: Trial (days restricted)
Trial Time Left (days): 0
Current State: Expired
cfa0:/license/3640a_data.ak
Feature: pkg_license
Product Description: H3C MSR 36 Data Software License
Registered at: 2013-04-17 17:47:00
License Type: Permanent
Current State: In use
cfa0:/license/3640a_voice.ak
Feature: pkg_license
Product Description: H3C MSR 36 Voice Software License
Registered at: 2013-04-17 17:46:52
License Type: Permanent
Current State: In use
cfa0:/license/3640a_security.ak
Feature: pkg_license
Product Description: H3C MSR 36 Security Software License
Registered at: 2013-04-17 17:46:45
License Type: Permanent
Current State: In use
# (Distributed devices in IRF mode.) Display detailed license information for each IRF member device.
<Sysname> display license
Chassis 1:
cfa0:/license/5660_voice.ak
Feature: pkg_license
Product Description: H3C MSR 56 Voice Software License
Registered at: 2013-04-18 09:10:17
License Type: Permanent
Current State: In use
cfa0:/license/5660_security.ak
Feature: pkg_license
Product Description: H3C MSR 56 Security Software License
Registered at: 2013-04-18 09:09:44
License Type: Permanent
Current State: In use
cfa0:/license/5660_data.ak
Feature: pkg_license
Product Description: H3C MSR 56 Data Software License
Registered at: 2013-04-18 09:09:30
License Type: Permanent
Current State: In use
Chassis 2:
No license information to display.
Table 64 Command output
Field |
Description |
Chassis n |
Member ID of the IRF member device. This field is available for distributed devices in IRF mode. |
Slot n |
Member ID of the IRF member device. This field is available for centralized devices in IRF mode. |
Feature |
Feature name. |
Registered at |
Time when the license was installed. |
License Type |
License type by validity period: · NA—The system cannot obtain the license type. · Permanent—Purchased license that never expires and is always valid. · Days restricted—Purchased license that is valid for a period of days, for example, 30 days. · Trial (days restricted)—Free trial license that is valid for a period of days. |
Time Left (days) |
Remaining days of the license. This field is available for a purchased license. |
Trial Time Left (days) |
Remaining days of the trial period. This field is available for a trial license. |
Current State |
State of the license: · In use—The license is being used. · Usable—The license is available for use. If multiple days-restricted licenses for one feature are installed, only one license is in In use state and the rest licenses are in Usable state. · Expired—The license has expired. · Uninstalled—The license has been uninstalled. · Unusable—The license cannot be used. · Invalid—The license is invalid and cannot be used. |
Uninstall Key |
This field is available for licenses that have been uninstalled. An Uninstall file that contains an Uninstall key is created when you uninstall the activation file. The Uninstall file is required for transferring the license. |
Uninstall Date |
Date when the activation file was uninstalled. |
display license device-id
Use display license device-id to display SN and DID information.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
display license device-id
Centralized devices in IRF mode:
display license device-id slot slot-number
Distributed devices in IRF mode:
display license device-id chassis chassis-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies the member ID of an IRF member device. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies the member ID of an IRF member device. (Distributed devices in IRF mode.)
Usage guidelines
Each device has a unique SN and DID. When you register a license for a device, you must provide its SN and DID.
The DID changes each time you use the license compress command to compress the license storage. Use the display license device-id command to identify the up-to-date DID each time you register licenses.
The DID can be generated as a string or .id file.
· If the DID is a string, enter the string when you register the license with the license center.
· If the DID is contained in an .id file, upload the file when you register the license with the license center.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Display the device SN and DID.
<Sysname> display license device-id
SN: XXXXXXXXXXXXXXXXXXXX
Device ID: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
# (Centralized devices in IRF mode.) Display the SN and DID of IRF member device 2.
<Sysname> display license device-id slot 2
SN: XXXXXXXXXXXXXXXXXXXX
Device ID: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
# (Distributed devices in IRF mode.) Display the SN and DID of IRF member device 2.
<Sysname> display license device-id chassis 2
SN: XXXXXXXXXXXXXXXXXXXX
Device ID: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX
display license feature
Use display license feature to display brief license information for features.
Syntax
display license feature
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Feature license information includes the following information:
· The total number of licenses that the device supports.
· The number of installed licenses.
· Features that must be licensed to run on the device.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Display brief feature license information.
<Sysname> display license feature
Total: 50 Usage: 7
Feature Licensed State
ACG N -
APMGR N -
IPS N -
SSLVPN N -
pkg_data N -
pkg_security N -
pkg_voice N -
# (Centralized devices in IRF mode.) Display brief feature license information.
<Sysname> display license feature
Slot 1:
Total: 50 Usage: 7
Feature Licensed State
Feature Licensed State
ACG N -
APMGR N -
IPS N -
SSLVPN N -
pkg_data N -
pkg_security N -
pkg_voice N -
Slot 2:
Total: 50 Usage: 7
Feature Licensed State
ACG N -
APMGR N -
IPS N -
SSLVPN N -
pkg_data N -
pkg_security N -
pkg_voice N -
# (Distributed devices in IRF mode.) Display brief feature license information.
<Sysname> display license feature
Chassis 1:
Total: 50 Usage: 7
Feature Licensed State
ACG N -
IPS N -
POSA N -
RemoteTermConn N -
SSLVPN N -
pkg_data N -
pkg_security Y Formal
pkg_voice Y Formal
Chassis 2:
Total: 50 Usage: 7
Feature Licensed State
ACG N -
IPS N -
POSA N -
RemoteTermConn N -
SSLVPN N -
pkg_data N -
pkg_security Y Formal
pkg_voice Y Formal
Table 65 Command output
Field |
Description |
Chassis n |
Member ID of the IRF member device. This field is available for distributed devices in IRF mode. |
Slot n |
Member ID of the IRF member device. This field is available for centralized devices in IRF mode. |
Total |
Total number of licenses that can be installed. |
Usage |
Number of installed licenses. |
Feature |
Feature that must be licensed before being used. |
Licensed |
Licensing state of the feature: · N—Not licensed. · Y—Licensed. |
State |
License type by purchasing state: · Trial—Trial license. · Formal—Purchased license. If the feature is not licensed, this field displays a hyphen (-). To use the feature, you must install a valid activation file. |
license activation-file install
Use license activation-file install to install an activation file.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
license activation-file install license-file
Centralized devices in IRF mode:
license activation-file install license-file slot slot-number
Distributed devices in IRF mode:
license activation-file install license-file chassis chassis-number
Views
System view
Predefined user roles
network-admin
Parameters
license-file: Specifies the file path, a case-sensitive string of 1 to 127 characters. The activation file must be valid and stored on the device.
slot slot-number: Specifies the member ID of an IRF member device. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies the member ID of an IRF member device. (Distributed devices in IRF mode.)
Usage guidelines
To install a license activation file successfully, make sure the SN and DID used for registering the feature license matches the current SN and DID of the device.
Activation files are device locked rather than MPU locked. A licensed feature can run on the entire system even after an MPU replacement.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Install activation file 20130810.ak.
<Sysname> system-view
[Sysname] license activation-file install flash:/license/20130810.ak
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
# (Centralized devices in IRF mode.) Install activation file 20130812.ak on IRF member device 2.
<Sysname> system-view
[Sysname] license activation-file install cfa0:/license/20130812.ak slot 2
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
# (Distributed devices in IRF mode.) Install activation file 20130813.ak on IRF member device 2.
<Sysname> system-view
[Sysname] license activation-file install cfa0:/license/20130813.ak chassis 2
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
Related commands
display license activation-file
display license device-id
license activation-file uninstall
license activation-file uninstall
Use license activation-file uninstall to uninstall an activation file.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
license activation-file uninstall license-file
Centralized devices in IRF mode:
license activation-file uninstall license-file slot slot-number
Distributed devices in IRF mode:
license activation-file uninstall license-file chassis chassis-number
Views
System view
Predefined user roles
network-admin
Parameters
license-file: Specifies the file path, a case-sensitive string of 1 to 127 characters.
slot slot-number: Specifies the member ID of an IRF member device. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies the member ID of an IRF member device. (Distributed devices in IRF mode.)
Usage guidelines
A feature cannot run after you uninstall all of its activation files.
Use this command to revoke an unexpired license if you want to transfer the license from one device to another.
When an activation file is uninstalled, the system creates an Uninstall file. Use this file together with the SN and DID of the transfer destination to register the license for the transfer destination.
Trial licenses are not transferrable. When you uninstall the activation file of a trial license, no Uninstall file is created.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Uninstall activation file flash:/license/20130810.ak.
<Sysname> system-view
[Sysname] license activation-file uninstall flash:/license/20130810.ak
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
Uninstall file: flash:/license/20130810.uak
# (Centralized devices in IRF mode.) Uninstall activation file cfa0:/license/20130812.ak from IRF member device 2.
<Sysname> system-view
[Sysname] license activation-file uninstall cfa0:/license/20130812.ak slot 2
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
Uninstall file: flash:/license/20130812.uak
# (Distributed devices in IRF mode.) Uninstall activation file cfa0:/license/20130813.ak from IRF member device 2.
<Sysname> system-view
[Sysname] license activation-file uninstall cfa0:/license/20130813.ak chassis 2
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
Uninstall file: flash:/license/20130813.uak
display license activation-file
license activation-file install
license compress
Use license compress to compress the license storage.
Syntax
Centralized devices in standalone mode/distributed devices in standalone mode:
license compress
Centralized devices in IRF mode:
license compress slot slot-number
Distributed devices in IRF mode:
license compress chassis chassis-number
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies the member ID of an IRF member device. (Centralized devices in IRF mode.)
chassis chassis-number: Specifies the member ID of an IRF member device. (Distributed devices in IRF mode.)
Usage guidelines
CAUTION: The DID changes each time the license storage is compressed. Before performing a compression, make sure all activation files generated based on the old DID have been installed. They cannot be installed after the compression. |
Use this command if the free license storage (see the display license feature command) is not sufficient.
This command clears invalid licenses (expired licenses and uninstalled licenses) and Uninstall keys from the license storage area. Back up the Uninstall keys before you compress the license storage.
Examples
# (Centralized devices in standalone mode/distributed devices in standalone mode.) Compress the license storage.
<Sysname> system-view
[Sysname] license compress
This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.
Are you sure you want to continue? [Y/N]: Y
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
# (Centralized devices in IRF mode.) Compress the license storage on IRF member device 2.
<Sysname> system-view
[Sysname] license compress slot 2
This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.
Are you sure you want to continue? [Y/N]: Y
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
# (Distributed devices in IRF mode.) Compress the license storage on IRF member device 2.
<Sysname> system-view
[Sysname] license compress chassis 2
This command will delete all data relevant to uninstalled and expired keys/licenses, including Uninstall keys, and create a new device ID for activation keys/files. Make sure you have saved the Uninstall keys so you can apply for a new activation key/file for the unexpired licenses that were covered by the uninstalled activation keys/files.
Are you sure you want to continue? [Y/N]: Y
This operation might take some time. Do not perform any other operations until the operation is completed or a failure message is displayed. Please wait... Done.
activation-key,48
alias,1
append,111
archive configuration,178
archive configuration interval,179
archive configuration location,180
archive configuration max,181
ascii,112
authentication-mode,50
auto-copy destination-directory,148
auto-copy source-directory,149
autodeploy sms enable,303
autodeploy udisk enable,303
auto-execute command,51
backup startup-configuration,182
binary,112
boot-loader file,204
boot-loader update,208
bootrom update,211
bye,113
card-mode,311
cd,114
cd,150
cdup,114
cli,390
clock datetime,313
clock protocol,314
clock summer-time,315
clock timezone,316
close,115
command,317
command accounting,53
command authorization,54
configuration encrypt,183
configuration replace file,184
copy,151
copy,287
copyright-info enable,318
databits,54
debug,116
delete,287
delete,116
delete,154
description,14
dir,157
dir,288
dir,117
disconnect,118
display | { begin | exclude | include },2
display | by-linenum,3
display >,4
display >>,5
display alarm,319
display alias,6
display archive configuration,184
display boot-loader,212
display card-forwarding-mode,321
display clock,321
display copyright,322
display copyright,290
display cpu-usage,322
display cpu-usage configuration,325
display cpu-usage history,326
display current-configuration,185
display current-configuration diff,187
display default-configuration,188
display device,329
display device manuinfo,333
display device manuinfo fan,336
display device manuinfo power,337
display diagnostic-information,339
display diff,189
display environment,341
display fan,343
display ftp client source,118
display ftp-server,103
display ftp-user,104
display history-command,6
display history-command all,7
display hotkey,8
display install active,214
display install active,251
display install backup,255
display install backup,218
display install committed,257
display install committed,220
display install inactive,259
display install inactive,222
display install ipe-info,223
display install ipe-info,260
display install job,223
display install job,260
display install log,224
display install log,261
display install package,225
display install package,290
display install package,262
display install rollback,226
display install rollback,263
display install which,264
display install which,227
display ip routing-table,291
display ipv6 routing-table,292
display license,394
display license device-id,396
display license feature,397
display line,55
display memory,344
display memory-threshold,345
display power-supply,347
display role,14
display role feature,22
display role feature-group,24
display saved-configuration,190
display scheduler job,348
display scheduler logfile,348
display scheduler reboot,349
display scheduler schedule,349
display security-zone,305
display startup,191
display system stable state,351
display telnet client,58
display this,193
display transceiver alarm,353
display transceiver diagnosis,355
display transceiver interface,355
display transceiver manuinfo,357
display user-interface,58
display users,61
display version,357
display version,293
display version comp-matrix,265
display version comp-matrix,228
display version-update-record,359
display zone-pair security,306
escape-key,62
feature,26
file prompt,159
firmware update,231
firmware update fota,360
fixdisk,160
flow-control,64
format,160
format,293
free ftp user,105
free ftp user-ip,105
free ftp user-ip ipv6,105
free line,65
free user-interface,67
ftp,119
ftp,293
ftp client ipv6 source,120
ftp client source,120
ftp ipv6,121
ftp server acl,106
ftp server acl ipv6,107
ftp server acl-deny-log enable,108
ftp server dscp,108
ftp server enable,109
ftp server ipv6 dscp,109
ftp server ssl-server-policy,110
ftp timeout,111
get,122
gunzip,161
gzip,162
header,360
help,124
history-command max-size,70
hotkey,9
idle-timeout,70
import interface,306
import interface vlan,307
install abort,234
install abort,270
install activate,271
install activate,234
install add,240
install add,276
install commit,277
install commit,240
install deactivate,241
install deactivate,278
install remove,279
install remove,243
install rollback to,280
install rollback to,244
install verify,245
install verify,282
interface policy deny,27
job,362
lcd,124
license activation-file install,400
license activation-file uninstall,401
license compress,402
line,71
line class,74
lock,76
lock reauthentication,78
lock-key,77
ls,125
md5sum,162
memory-threshold,362
memory-threshold usage,365
mkdir,294
mkdir,163
mkdir,126
monitor cpu-usage enable,366
monitor cpu-usage interval,367
monitor cpu-usage threshold,368
more,295
more,164
mount,165
move,166
move,295
newer,127
open,127
parity,78
passive,128
password-recovery enable,369
permit interface,28
permit security-zone,30
permit vlan,31
permit vpn-instance,32
ping,295
ping ipv6,297
power-supply off,370
power-supply on,371
power-supply policy enable,372
power-supply policy redundant,373
protocol inbound,79
put,129
pwd,297
pwd,130
pwd,167
python,392
python filename,393
quit,10
quit,298
quit,130
reboot,374
reboot,298
reget,131
remove,377
rename,131
rename,167
repeat,10
reset,132
reset install log-history oldest,247
reset install log-history oldest,284
reset install rollback oldest,284
reset install rollback oldest,248
reset recycle-bin,168
reset saved-configuration,194
reset scheduler logfile,379
reset ssh public-key,298
restart,132
restore factory-default,379
restore startup-configuration,196
return,12
rhelp,133
rmdir,299
rmdir,168
rmdir,135
role,34
role default-role enable,35
role feature-group,35
rstatus,135
rsync,169
rsync client source,171
rule,36
save,198
scheduler job,380
scheduler logfile size,380
scheduler reboot at,381
scheduler reboot delay,382
scheduler schedule,382
screen-length,81
screen-length disable,12
security-zone,308
security-zone intra-zone default permit,309
security-zone policy deny,40
send,82
set authentication password,84
sha256sum,172
shell,85
shutdown,300
shutdown-interval,383
speed,86
ssh2,300
startup saved-configuration,201
status,137
stopbits,87
super,41
super authentication-mode,42
super default role,43
super password,43
sysname,384
system,138
system-view,13
system-view,301
tar create,172
tar extract,173
tar list,175
tclquit,390
tclsh,391
telnet,302
telnet,87
telnet client source,88
telnet ipv6,89
telnet server acl,90
telnet server acl-deny-log enable,91
telnet server dscp,92
telnet server enable,92
telnet server ipv6 acl,93
telnet server ipv6 dscp,94
telnet server ipv6 port,94
telnet server port,95
terminal type,95
tftp,302
tftp,141
tftp client ipv6 source,142
tftp client source,143
tftp ipv6,144
tftp-server acl,145
tftp-server ipv6 acl,146
time at,385
time once,385
time repeating,387
umount,175
undelete,176
usb disable,388
user,138
user-interface,96
user-interface class,99
user-role,101
user-role,389
verbose,139
version auto-update enable,248
version check ignore,249
vlan policy deny,45
vpn-instance policy deny,46
zone-pair security,309