Download hp manual

7/24/2019 Download hp manual

1/211

HP 5820X & 5800 Switch SeriesFundamentals

Command Reference

Abstract

This document describes the commands and command syntax options available for the HP 5820X &5800 Series products.

This document is intended for network planners, field technical support and servicing engineers, andnetwork administrators who work with HP 5820X & 5800 Series products.

Part number: 5998-1619Software version: Release 1211Document version: 6W10 2 -201 30520


2/211

Legal and notice information

Copyright 2013 Hewlett-Packard Development Company, L.P.

No part of this documentation may be reproduced or transmitted in any form or by any means withoutprior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TMATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHA

AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contaherein or for incidental or consequential damages in connection with the furnishing, performance, or useof this material.

The only warranties for HP products and services are set forth in the express warranty statementsaccompanying such products and services. Nothing herein should be construed as constituting anadditional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.


3/211

iii

Contents

CLI configuration commands 1 command-alias enable 1 command-alias mapping 1

command-privilege 2 display clipboard 3 display command-alias 4 display history-command 4 display hotkey 5 hotkey 7 quit 9 return 9 screen-length disable10 super 10 super authentication-mode 11 super password 12

system-view 13 Logging in to the switch commands 15

acl (user interface view) 15 activation-key 16 auto-execute command 17 authentication-mode 19 command accounting 20 command authorization 21 databits 21 display ip http 22 display ip https 23 display telnet client configuration 24

display user-interface 25 display users 27 display web users 28 escape-key 29 flow-control 31 free user-interface 31 free web-users 32 history-command max-size 33 idle-timeout 34 ip http acl 34 ip http enable 35 ip http port35

ip https acl 36 ip https certificate access-control-policy 37 ip https enable 38 ip https port 38 ip https ssl-server-policy39 lock 40 parity 40 protocol inbound 41 screen-length 42 send 43 set authentication password 44


4/211

iv

shell 45 speed (user interface view) 45 stopbits 46 telnet 47 telnet client source 48 telnet ipv649 telnet server enable 49 terminal type 50

user privilege level 51

user-interface 52

FTP configuration commands 53 FTP server configuration commands53

display ftp-server 53 display ftp-user 54 free ftp user 55 ftp server acl 56 ftp server enable 56 ftp timeout57 ftp update 57

FTP client configuration commands 59

ascii59 binary 59 bye 60 cd 61 cdup 61 close 62 debugging 63 delete 64 dir 65 disconnect 66 display ftp client configuration66 ftp 67

ftp client source 68 ftp ipv6 69 get 70 lcd 71 ls 72 mkdir 73 open 73 open ipv6 74 passive 75 put 76 pwd 77 quit 77

remotehelp 78

rmdir 80 user 80 verbose 81

TFTP client configuration commands 83 display tftp client configuration 83 tftp-server acl 83 tftp 84 tftp client source 86 tftp ipv6 87


5/211

v

File management commands 88 cd 88 copy 89 delete 89 dir 90 display nandflash file-location 92 display nandflash badblock-location 93 display nandflash page-data 94

execute 95 file prompt 96 fixdisk 96 format 97 mkdir 97 more 98 move 99 pwd 100 rename 100 reset recycle-bin 101 rmdir 103 undelete 103

Configuration file management commands 105 archive configuration 105 archive configuration interval 105 archive configuration location 106 archive configuration max 107 backup startup-configuration 108 configuration replace file 109 display archive configuration 110 display current-configuration 111 display default-configuration 112 display saved-configuration 114 display startup 117

display this 118 reset saved-configuration 120 restore startup-configuration 121 save 122 slave auto-update config 124 startup saved-configuration 125

Software upgrade commands 127 boot-loader 127 boot-loader update file 128 bootrom 129 bootrom-update security-check enable 130 display boot-loader 131

display patch information 132 patch active 133 patch deactive 134 patch delete 134 patch install 135 patch load 136 patch location 136 patch run 137

ISSU commands 138 display issu rollback-timer 138


6/211

vi

display issu state 139 display version comp-matrix 141 issu accept 142 issu commit 143 issu load 143 issu rollback 144 issu rollback-timer 145 issu run switchover 146

Device management commands 148 clock datetime 148 clock summer-time one-off 148 clock summer-time repeating 149 clock timezone 151 copyright-info enable 151 display clock 153 display cpu-usage 154 display cpu-usage history 156 display device 159 display device manuinfo 161 display diagnostic-information 164

display environment 165 display fan 166 display job 168 display memory 169 display power 170 display reboot-type 171 display rps 172 display schedule job 173 display schedule reboot 174 display system-failure 175 display transceiver 175 display transceiver alarm 177

display transceiver diagnosis 179 display transceiver manuinfo 180 display version 181 display version-update-record 182 fan prefer-direction 183 header 184 job 186 reboot 186 reset unused porttag 187 reset version-update-record 188 schedule job 188 schedule reboot at 190

schedule reboot delay 191

shutdown-interval 192 sysname 193 system-failure 194 temperature-limit 194 time at 196 time delay 197 view 198

Support and other resources 199 Contacting HP 199

Subscription service 199


7/211

vii

Related information 199 Documents 199

Websites 199 Conventions 200

Index 202


8/211

1

CLI configuration commands

command-alias enableDescription

Use command-alias enable to enable the command alias function.

Use undo command-alias enable to disable the command alias function (disabled is the defaultcondition).

Syntaxcommand-alias enable

undo command-alias enable

ViewSystem view

Default level2: System level

ParametersNone

Examples1. Enable the command alias function.

system-view

[Sysname] command-alias enable

2. Disable the command alias function. system-view

[Sysname] undo command-alias enable

command-alias mappingDescription

Use command-alias mapping to configure command aliases.

Use undo command-alias mapping to restore the original configuration. By default, a command has noalias.

Syntaxcommand-alias mapping cmdkey alias

undo command-alias mapping cmdkey

ViewSystem view


9/211

2


Parameterscmdkey : The complete form of the first keyword of a command.

alias: Specifies the command alias, which cannot be the same as the first keyword of an existingcommand.

Examples1. Configure command aliases by specifyingshow as the replacement of the display keyword.

system-view

[Sysname] command-alias mapping display show

After you configure the command aliases, thedisplay commands have aliases. For example, if theoriginal command is display clock, now its alias is show clockand you can input the alias to view thesystem time and date.2. Delete the command aliases by canceling the replacement of thedisplay keyword.

system-view

[Sysname] undo command-alias mapping display

command-privilegeDescription

Use command-privilegeto change the command privilege level in the specified view. Command levelsinclude four privileges: visit (0), monitor (1), system (2), and manage (3).By default, each command in a view has a specified privilege level. Changes can cause maintenance,operation, and security problems. HP recommends that you use the default command level or that youmodify the command level under the guidance of professional staff.

Assign a privilege level according to the users need. When logging in to the switch, the user can accessthe assigned level and all levels below it.

Thecommand specified in command-privilegemust be complete and have valid arguments. Forexample, the default level of thetftp server-address {get | put | sget } source-filename [ destination- filename] [ source { interface interface-type interface-number | ip source-ip-address } ] command is3. After command-privilege level0 view shell tftp 1.1.1.1 put a.cfg is executed, users with privilegelevel 0 log in to the switch, and can execute thetftp server-address put source-filename command(such as tftp 192.168.1.26 put syslog.txt). They cannot execute the command with theget, sget orsource keyword, and cannot specify the destination-filename argument.Thecommand specified in undo command-privilege view can be incomplete. For example, afterundo command-privilege view system ftpis executed, all commands starting with the keywordftp (such as ftp server acl, ftp server enable, and ftp timeout) are restored to their default levels. If youhave modified the level offtp server enable and ftp timeout and you want to restore only ftp serverenable to its default level, useundo command-privilege view system ftp server .If you modify the command level of in a specified view from the default level to a lower level, modifythe command levels of thequit command and the corresponding command that is used to enter thisview. For example, the default command level ofinterface and system-view is 2 (system level). If youwant to make the interface command available to the level 1 users, execute the following threecommands:command-privilege level 1 view shell system- view, command-privilege level 1

view system interface GigabitEthernet 1/0/1, and command-privilege level 1 view system quit. The


10/211

3

level 1 users can enter system view, execute theinterface GigabitEthernet command, and return touser view.

Use undo command-privilege view to disable the change.

Syntaxcommand-privilege level level view view command

undo command-privilege view view command View

System view

Default level3: Manage level

Parameterslevel level : Command level, which ranges from 0 to 3.

view view : Specifies a view. The value represents a user view. Theview argument must be the view where

the command resides.command : Command to be set in the specified view.

Example# Set the command level of thesystem-view command to 3 in system view. (By default, level 2 and level3 users can use the system-view command. After the configuration, only level 3 users can use thiscommand.)

system-view

[Sysname] command-privilege level 3 view shell system-view

display clipboardDescriptionUse display clipboard to view the contents of the clipboard.

To copy content to the clipboard:Move the cursor to the starting position of the content and pressEsc+Shift+,.Move the cursor to the ending position of the content and pressEsc+Shift+..

Syntaxdisplay clipboard [ | {begin | exclude | include } regular-expression ]

View Any view

Default level1: Monitor level

Parameters| : Filters command output by specifying a regular expression. For more information about regularexpressions, see CLI configuration.


11/211

4

begin: Displays the first line that matches the regular expression and all lines that follow.

exclude: Displays all lines that do not match the regular expression.

include: Displays all lines that match the regular expression.

regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256 characters.

Example# View the content of the clipboard.

display clipboard

---------------- CLIPBOARD-----------------

display current-configuration

display command-aliasDescription

Use display command-aliasto display defined command aliases and their corresponding commands.

Syntaxdisplay command-alias[ | {begin | exclude | include } regular-expression ]

View Any view






regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Example# Display the defined command aliases and the corresponding commands.

display command-alias

Command alias is enabled

index alias command key1 show display

display history-commandDescription

Use display history-command to display commands saved in the history command buffer.


12/211

5

By default, the system saves the last 10 executed commands. To set the buffer size, use thehistory-command max-size command. For more information, see Logging in to the switch commands.

Syntaxdisplay history-command[ | {begin | exclude | include } regular-expression ]

View

Any viewDefault level

1: Monitor level




include: Displays all lines that match the regular expression.regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Example# Display history commands in current user view.

display history-command

display history-command

system-view

vlan 2

quit

display hotkeyDescription

Use display hotkey to display hotkey information.

Syntaxdisplay hotkey [ | {begin | exclude | include } regular-expression ]

View Any view


Parameters| : Filters command output by specifying a regular expression. For more information about regularexpressions, see "CLI configuration.




13/211

6



Example# Display hotkey information.

display hotkey

----------------- HOTKEY -----------------

=Defined hotkeys=

Hotkeys Command

CTRL_G display current-configuration

CTRL_L display ip routing-table

CTRL_O undo debug all

=Undefined hotkeys=

Hotkeys Command

CTRL_T NULL

CTRL_U NULL

=System hotkeys=

Hotkeys Function

CTRL_A Move the cursor to the beginning of the current line.

CTRL_B Move the cursor one character left.

CTRL_C Stop current command function.

CTRL_D Erase current character.

CTRL_E Move the cursor to the end of the current line.

CTRL_F Move the cursor one character right.

CTRL_H Erase the character left of the cursor.

CTRL_K Kill outgoing connection.CTRL_N Display the next command from the history buffer.

CTRL_P Display the previous command from the history buffer.

CTRL_R Redisplay the current line.

CTRL_V Paste text from the clipboard.

CTRL_W Delete the word left of the cursor.

CTRL_X Delete all characters up to the cursor.

CTRL_Y Delete all characters after the cursor.

CTRL_Z Return to the User View.

CTRL_] Kill incoming connection or redirect connection.

ESC_B Move the cursor one word back.

ESC_D Delete remainder of word.ESC_F Move the cursor forward one word.

ESC_N Move the cursor down a line.

ESC_P Move the cursor up a line.

ESC_< Specify the beginning of clipboard.

ESC_> Specify the end of clipboard.


14/211

7

hotkeyDescription

Use hotkey to associate a hot key to a command.

Use undo hotkey to remove the association. By default,Ctrl+G, Ctrl+L, and Ctrl+O are associated withthese commands:

Ctrl+G corresponds to display current-configuration. Ctrl+L corresponds to display ip routing-table. Ctrl+O corresponds to undo debugging all.

You can modify the associations as needed.

Syntaxhotkey {CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }command

undo hotkey {CTRL_G | CTRL_L | CTRL_O | CTRL_T | CTRL_U }

ViewSystem view


ParametersCTRL_G: Associates hot keyCtrl+G to a command.

CTRL_L: Associates hot keyCtrl+L to a command.

CTRL_O: Associates hot keyCtrl+O to a command.

CTRL_T: Associates hot keyCtrl+T to a command.

CTRL_U: Associates hot keyCtrl+U to a command.

command : The command line associated with the hot key.

Examples1. Associate the hot keyCtrl+T to the display tcp status command.

system-view

[Sysname] hotkey ctrl_t display tcp status


15/211

8

2. Display hotkeys.[Sysname] display hotkey

----------------- HOTKEY -----------------

=Defined hotkeys=

Hotkeys Command

CTRL_G display current-configurationCTRL_L display ip routing-table

CTRL_O undo debug all

CTRL_T display tcp status

=Undefined hotkeys=

Hotkeys Command

CTRL_U NULL

=System hotkeys=

Hotkeys Function

CTRL_A Move the cursor to the beginning of the current line.

CTRL_B Move the cursor one character left.CTRL_C Stop current command function.

CTRL_D Erase current character.

CTRL_E Move the cursor to the end of the current line.

CTRL_F Move the cursor one character right.

CTRL_H Erase the character left of the cursor.

CTRL_K Kill outgoing connection.

CTRL_N Display the next command from the history buffer.

CTRL_P Display the previous command from the history buffer.

CTRL_R Redisplay the current line.

CTRL_V Paste text from the clipboard.

CTRL_W Delete the word left of the cursor.CTRL_X Delete all characters up to the cursor.

CTRL_Y Delete all characters after the cursor.

CTRL_Z Return to the user view.

CTRL_] Kill incoming connection or redirect connection.

ESC_B Move the cursor one word back.

ESC_D Delete remainder of word.

ESC_F Move the cursor forward one word.

ESC_N Move the cursor down a line.

ESC_P Move the cursor up a line.

ESC_< Specify the beginning of clipboard.

ESC_> Specify the end of clipboard.


16/211

9

quitDescription

Use quit to return to a lower-level view.

In user view,quit terminates the connection and reconnects to the switch.

Syntaxquit

View Any view

Default level0: Visit level (in user view)

2: System level (in other views)

ParametersNone

Example# Switch from GigabitEthernet 1/0/1 interface view to system view, and then to user view.

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] quit

returnDescription

Use return to go back into user view, which can also be done with the hot key Ctrl+Z.

Related commands:quit.

Syntaxreturn

View Any view except user view

Default level

2: System levelParameters

None


17/211

10

Example# Return to user view from GigabitEthernet 1/0/1 view.

[Sysname-GigabitEthernet1/0/1] return

screen-length disableDescriptionUse screen-length disable to disable the multiple-screen output function.

Use undo screen-length disable to enable the multiple-screen output function.

The default settings of the screen-length command are: multiple-screen output enabled and 24 linesdisplayed on the next screen. For more information aboutscreen-length, see Logging in to the switchcommands.

When the user logs out, the settings restore to their default values.

Syntaxscreen-length disable

undo screen-length disable

ViewUser view


Parameters

NoneExample

# Disable multiple-screen output for the current user. screen-length disable

superDescription

Use super to switch user privilege levels.

If no level is specified, the command switches the user privilege level to 3. Command levels include fourprivileges: visit (0), monitor (1), system (2), and manage (3). Assign privilege level according to the usersneed. When logging in to the switch, the user can access the assigned level and all levels below it.


18/211

11

A user can switch to a lower privilege level unconditionally. To switch to a higher privilege level: An AUX user can switch to a higher privilege level without entering any password. A VTY user must input the switching password set by thesuper password command to switch to ahigher privilege level. If the password is incorrect or no password is configured, the switchingoperation fails.

Related commands:super password.Syntax

super [ level ]

ViewUser view

Default level0: Visit level

Parameter

level : User level, which ranges from 0 to 3 and defaults to 3.Examples

1. Switch to user privilege level 2 from privilege level 3. super 2

User privilege level is 2, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

2. Switch the user privilege level back to 3 (the switching password123 has been set). If nopassword is set, the user privilege level cannot be switched to 3. super 3

Password:User privilege level is 3, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

super authentication-modeDescription

Use super authentication-mode to set the authentication mode for user privilege level switch.

Use undo super authentication-mode to restore the default condition (authentication mode).

Related commands:super password.

Syntaxsuper authentication-mode{ local | scheme } *

undo super authentication-mode

ViewSystem view


19/211

12


Parameterslocal: Authenticates a user by using the local password set by thesuper password command. When nopassword is set, two results can occur: the privilege level switch succeeds if the user is logged in through

the AUX user interface; the switch operation fails if the user logs in through a VTY user interface. If theuser enters the incorrect password, the switch operation fails.

scheme: AAA authentication. For more information about AAA, see theSecurity Configuration Guide .

local scheme: Firstlocal and then scheme, which authenticates a user by using the local password first. Ifno password is set, the user logged in through the AUX user interface can switch the privilege level; otherusers need to pass AAA authentication before they can switch the privilege level.

scheme local: Firstscheme and then local, which authenticates a user by performing the AAAauthentication first. If the AAA configuration is invalid (the domain parameters or authentication schemeare not configured) or the server does not respond, the local password authentication is performed.

Examples1. Set the authentication mode for the user privilege level switch tolocal.

system-view

[Sysname] super authentication-mode local

2. Set the authentication mode for the user privilege level switch toscheme local. system-view

[Sysname] super authentication-mode scheme local

super passwordDescription

Use super password to set the password used to switch user privilege to a higher level.Use the simple parameter to set a simple-text password.Use the cipher parameter to set a cipher-text password. A cipher-text password is recommended.During authentication, you must input a cipher-text password regardless of the password type you set.

Use undo super password to restore the default condition (no password is set).

Syntaxsuper password [ leveluser-level ] { simple | cipher } password

undo super password [ level user-level ]

ViewSystem view


Parameterslevel user-level : User privilege level, which ranges from 1 to 3 and defaults to 3.

simple: Plain-text password, a string of 1 to 16 characters.


20/211

13

cipher : Cipher-text password. A cipher password is a string of 1 to 16 characters in plain text or 24characters in cipher text. For example, the simple text 1234567 corresponds to the cipher text(TT8F]Y\5SQ=^Q`MAF4


21/211

14

Example# Enter system view from the user view.

system-view

System View: return to User View with Ctrl+Z.

[Sysname]


22/211

15

Logging in to the switch commands

acl (user interface view)Description

Use acl to reference ACLs to control access to the VTY user interface.If no ACL is referenced in VTY user interface view, the VTY user interface has no access control overestablishing a Telnet or SSH connection.If an ACL is referenced in VTY user interface view, the connection is permitted only when packetsestablishing a Telnet or SSH connection match a permit statement in the ACL.The system regards the basic/advanced ACL with theinbound keyword, the basic/advanced ACLwith theoutbound keyword, Ethernet frame header ACL as four different types of ACLs, which cancoexist in one VTY user interface.

The match order is basic/advanced ACL, Ethernet frame header ACL. At most one ACL of each typecan be referenced in the same VTY user interface, and the last configured one takes effect.

Use undo acl to cancel the ACL application. For more information about ACL, see the ACL and QoSConfiguration Guide . By default, access to the VTY user interface is not restricted.

SyntaxTo use a basic or advanced ACL:

acl [ ipv6 ] acl-number{inbound | outbound }

undo acl [ ipv6 ] acl-number { inbound | outbound }To use an Ethernet frame header ACL:

acl acl-number inbound

undo acl acl-number inbound

View VTY user interface view

Default level

2: System level

Parametersipv6: When this keyword is present, the command supports IPv6; otherwise, it supports IPv4.

acl-number : Number of the ACL. The value range varies with devices:

Basic ACL: 2000 to 2999 Advanced ACL: 3000 to 3999Ethernet frame header ACL: 4000 to 4999

inbound: Restricts Telnet or SSH connections established in the inbound direction through the VTY userinterface. If the received packets for establishing a Telnet or SSH connection are permitted by an ACL rule,


23/211

16

the connection is allowed to be established. When the device functions as a Telnet server or SSH server,this keyword is used to control access of Telnet clients or SSH clients. outbound: Restricts Telnet connections established in the outbound direction through the VTY userinterface. If the packets sent for establishing a Telnet connection are permitted by an ACL rule, theconnection is allowed to be established. When the device functions as a Telnet client, this keyword isused to define Telnet servers accessible to the client.

Example# Allow only the user with the IP address of 192.168.1.26 to access the device through Telnet or SSH.

system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 192.168.1.26 0

[Sysname-acl-basic-2001] quit

[Sysname] user-interface vty 0

[Sysname-ui-vty0] acl 2001 inbound

With this configuration, user A (with IP address 192.168.1.26) can Telnet to the device but user B (with IPaddress 192.168.1.60) cannot. If a connection failure occurs, the "%connection closed by remotehost! " message will appear.

activation-keyDescription

Use activation-key to define a shortcut key for starting a terminal session.Theactivation-key command is not supported by the VTY user interface.To display the shortcut key you have defined, use thedisplay current-configuration| includeactivation-keycommand.If a new shortcut key is defined with theactivation-keycommand, the Enter key no longer functions.

Use undo activation-key to restore the default. By default, pressing theEnterkey starts a terminal session.Syntax

activation-key character

undo activation-key

ViewUser interface view

Default level

3: Manage level


24/211

17

Parameterscharacter: Shortcut key for starting a terminal session, a single character (or its ASCII code value thatranges from 0 to 127) or a string of one to three characters. Only the first character functions as theshortcut key. For example, if you input an ASCII code value of 97, the system uses its charactera as theshortcut key. If you input string b@c, the system uses the first characterb as the shortcut key.

Examples1. Configure character s as the shortcut key for starting a terminal session on the console port.

system-view

[Sysname] user-interface aux 0

[Sysname-ui-aux0] activation-key s

To verify the configuration, perform the following operations:2. Exit the terminal session on the console port.

[Sysname-ui-aux0] return

quit

3. Log in to the console port again. The following message appears:******************************************************************************* Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. *

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

******************************************************************************

User interface aux0 is available.

Please press ENTER.

4. At this moment, pressing Enter does not start a session. To start the terminal session, enters.

%Mar 2 18:40:27:981 2005 Sysname SHELL/5/LOGIN: Console logged in from aux0.

auto-execute commandDescription

CAUTION: Applyingauto-execute command to the user interface may disable you from configuring the system.Before configuring the command and saving the configuration (by using thesave command), makesure that you can access the device through VTY and AUX interfaces to remove the configuration whena problem occurs.

auto-execute command is not supported by the console port.

Use auto-execute command to specify a command automatically executed when a user logs in to thecurrent user interface.

The system automatically executes the command when a user logs in to the user interface, and tearsdown the user connection after the command is executed.


25/211

18

If the command triggers another task, the system does not tear down the user connection until thetask is completed.

Use undo auto-execute command to remove the configuration. By default, command auto-execution isdisabled.

Syntaxauto-execute command command

undo auto-execute command


Default level

3: Manage level

Parametercommand : Specifies a command to be automatically executed.

Examples1. Configure the device to automatically Telnet to 192.168.1.41 after a user logs in to interface VTY

0. system-view

system-view


[Sysname-ui-vty0] auto-execute command telnet 192.168.1.41

% This action will lead to configuration failure through ui-vty0. Are yousure?

[Y/N]:y

[Sysname-ui-vty0]

2. To verify the configuration, perform the following operations:

Telnet to 192.168.1.40. The device automatically Telnets to 192.168.1.41. The following output isdisplayed:

C:\> telnet 192.168.1.40

****************************************************************************

* Copyright(c)2010-2011 Hewlett-Packard Development Company, L.P. *



****************************************************************************


26/211

19

Trying 192.168.1.41 ...

Press CTRL+K to abort

Connected to 192.168.1.41 ...

****************************************************************************

* Copyright (c) 2010-2011 Hewlett-Packard Development Company, L.P. *



****************************************************************************

This operation is the same as directly logging in to the device at 192.168.1.41. If the Telnetconnection to 192.168.1.41 breaks down, the Telnet connection to 192.168.1.40 breaks down at thesame time.

authentication-modeDescription

Use authentication-mode to set the authentication mode for the user interface.

Use undo authentication-mode to restore: VTY user interfaces authentication mode default (password) AUX user interface authentication mode default (none)

Related commands:set authentication password.

Syntaxauthentication-mode{none | password | scheme }

undo authentication-mode View

User interface view

Default level

3: Manage level

Parametersnone: Performs no authentication.

password: Performs local password authentication.

scheme: Performs AAA authentication. For more information about AAA, see theSecurity ConfigurationGuide.


27/211

20

Examples1. Specify that no authentication is needed when users log in to the device through VTY 0. This mode

is insecure. system-view


[Sysname-ui-vty0] authentication-mode none

2. Use password authentication when users log in to the device through VTY 0, and set theauthentication password to321.

system-view


[Sysname-ui-vty0] authentication-mode password

[Sysname-ui-vty0] set authentication password cipher 321

3. Authenticate users by username and password when users log in to the device through VTY 0. Setthe username to 123 and the password to 321.

system-view


[Sysname-ui-vty0] authentication-mode scheme[Sysname-ui-vty0] quit

[Sysname] local-user 123

[Sysname-luser-123] password cipher 321

[Sysname-luser-123] service-type telnet

[Sysname-luser-123] authorization-attribute level 3

command accountingDescription

Use command accounting to enable command accounting. When command accounting is enabled and command authorization is not, every executedcommand is recorded on the HWTACACS server.

When both command accounting and command authorization are enabled, only the authorized andexecuted commands are recorded on the HWTACACS server.

Use undo command accounting to restore the default (command accounting disabled). The accountingserver does not record the commands that users have executed.

Syntaxcommand accounting

undo command accounting



ParametersNone


28/211

21

Example# Enable command accounting on VTY 0. The HWTACACS server records the commands executed byusers that have logged in through VTY 0.

system-view


[Sysname-ui-vty0] command accounting

command authorizationDescription

Use command authorization to enable command authorization. When enabled, users can only performcommands authorized by the server.

Use undo command authorization to restore the default (command authorization disabled). Logged-inusers can execute commands without authorization.

Syntaxcommand authorization

undo command authorization



ParametersNone

Example# Enable command accounting for VTY 0 so that users logging in from VTY 0 can perform only thecommands authorized by the HWTACACS server.

system-view


[Sysname-ui-vty0] command authorization

databitsDescription

This command only applies to the console port.Use databits to set data bits for each character. The data bits setting must be the same for the userinterface of the connecting port on the device and the terminal device for communication.

Use undo databits to restore the default (8 data bits per character).

Syntaxdatabits {5 | 6 | 7 | 8 }

undo databits


29/211

22


Default level

2: System level

Parameters5: Sets 5 data bits for each character.

6: Sets 6 data bits for each character.



Example# Specify 5 data bits for each character.

system-view


[Sysname-ui-aux0] databits 5

display ip httpDescription

Use display ip http to display HTTP information.

Syntaxdisplay ip http[ | {begin | exclude | include } regular-expression ]

View

Any viewDefault level

1: Monitor level






Example# Display information about HTTP.

display ip http

HTTP port: 80

Basic ACL: 2222

Current connection: 0


30/211

23

Operation status: Running

Table 1 Command output

Field Description

HTTP port Port number used by the HTTP service.

Basic ACL Basic ACL number associated with the HTTP service.Current connection Number of current connections.

Operation statusOperation status: RunningHTTP service is enabled. StoppedHTTP service is disabled.

display ip httpsDescription

Use display ip https to display information about HTTPS.

Syntaxdisplay ip https[ | {begin | exclude | include } regular-expression ]

View Any view








31/211

24

Example# Display information about HTTPS.

display ip https

HTTPS port: 443

SSL server policy: test

Certificate access-control-policy:

Basic ACL: 2222

Current connection: 0

Operation status: Running


Field Description

HTTPS port Port number used by the HTTPS service.

SSL server policy SSL server policy associated with the HTTPS service.

Certificate access-control-policyCertificate attribute access control policy associated with theHTTPS service.

Basic ACL Basic ACL number associated with the HTTPS service.

Current connection Number of current connections.

Operation statusOperation status: RunningHTTPS service is enabled. StoppedHTTPS service is disabled.

display telnet client configurationDescription

Use display telnet client configurationto display device configuration when it serves as a Telnet client.

Syntaxdisplay telnet client configuration [ | {begin | exclude | include } regular-expression ]

View Any view


Parameters| : Filters command output by specifying a regular expression. For more information about regularexpressions, see the Fundamentals Configuration Guide .





32/211

25


Example# Display the configuration of the device when it serves as a Telnet client.

display telnet client configuration

The source IP address is 1.1.1.1.

The output shows that when the device serves as a client, the source IPv4 address for sending Telnetpackets is 1.1.1.1.

display user-interfaceDescription

Use display user-interface to display information about a specific interface or all user interfaces.If thesummary parameter is included, the command displays all user interface numbers and types.If the summary parameter is not included, the command displays the type of the user interface, theabsolute or relative number, the transmission rate, the user privilege level, the authentication mode,and the access port.

Syntaxdisplay user-interface [ num1 | { aux | vty } num2 ] [ summary ] [ | { begin | exclude | include }regular-expression ]

View Any view

Default level

1: Monitor level

Parametersnum1: Absolute number of a user interface. The value range varies with devices.

aux: Specifies the AUX user interface.

vty: Specifies the VTY user interface.

num2 : Relative number of a user interface. It ranges from 0 to 9 for an AUX user interface and 0 to 15 fora VTY user interface.

summary: Displays summary about user interfaces.

| : Filters command output by specifying a regular expression. For more information about regularexpressions, see CLI configuration.

begin: Displays the first line that matches the regular expression and all lines that follow.exclude: Displays all lines that do not match the regular expression.




33/211

26

Examples1. Display information about user interface 29.

display user-interface 29

Idx Type Tx/Rx Modem Privi Auth Int

+ 29 VTY 0 - 3 N -

+ : Current user-interface is active.

F : Current user-interface is active and work in async mode.

Idx : Absolute index of user-interface.

Type : Type and relative index of user-interface.

Privi: The privilege of user-interface.

Auth : The authentication mode of user-interface.

Int : The physical location of UIs.

A : Authentication use AAA.

L : Authentication use local database.

N : Current UI need not authentication.

P : Authentication use current UI's password.


Field Description

+ The current user interface is active.

F The current user interface is active and works in asynchronous mode.

Idx Absolute number of the user interface.

Type Type and relative number of the user interface.

Tx/Rx Transmission/Receive rate of the user interface.

Modem Whether the modem is allowed to dial in (in), dial out (out), or both (inout).

By default, the hyphen (-) is displayed to indicate that this function is disabled.Privi Indicates the command level of a user under that user interface.

Auth

Authentication mode for the users: AAAA authentication. PPassword authentication. LLocal authentication. NNone authentication.

Int The physical port that corresponds to the user interface.

A AAA authentication with the authentication mode ofscheme .

L Local authentication (not supported).

N No authentication with the authentication mode ofnone .

P Password authentication with the authentication mode ofpassword .


34/211

27

2. Display summary about all user interfaces. display user-interface summary

User interface type : [TTY]

0:XXX

User interface type : [AUX]

3:XXXX XXXX XX

User interface type : [VTY]

29:UXXX XXXX XXXX XXXX

1 character mode users. (U)

28 UI never used. (X)

1 total UI in use


Field Description

User interface type Type of user interface (AUX or VTY).

0:X

0Represents the absolute number of the user interface. XThis user interface is not used. UThis user interface is in use.

Character mode users. (U) Number of users or the total number of character U.

UI never used. (X) Number of user interfaces not used or the total number ofcharacter X.

Total UI in use Total number of user interfaces in use.

display usersDescription

Use display users to display information about the interfaces that are active.

Use display users all to display information about all interfaces supported by the device.

Syntaxdisplay users [ all ] [ | {begin | exclude | include } regular-expression ]

View Any view

Default level

1: Monitor levelParameters

all: Displays information about all user interfaces that the device supports.

| : Filters command output by specifying a regular expression. For more information about regularexpressions, see CLI configuration.




35/211

28



Example# Display information about the user interfaces that are being used.

display users

The user application information of the user interface(s):Idx UI Delay Type Userlevel

+ 29 VTY 0 00:00:00 TEL 3

Following are more details.

VTY 0 :

Location: 192.168.0.5

+ : Current operation user.

F : Current operation user work in async mode.


Field Description

Idx Absolute number of the user interface.

UIRelative number of the user interface. For example, with VTY, the first columnrepresents user interface type, and the second column represents the relative numberof the user interface.

Delay Time elapsed since the user's last input, in the format of hh:mm:ss.

Type User type, such as Telnet, SSH.

Userlevel User level: 0 for visit, 1 for monitor, 2 for system, and 3 for manage.

+ Current user.

Location IP address of the user.

F The current user works in asynchronous mode.

display web usersDescription

Use display web users to display information about web users.

Syntaxdisplay web users [ | {begin | exclude | include } regular-expression]

View Any view



36/211

29

Parameter| : Filters command output by specifying a regular expression. For more information about regularexpressions, see "CLI configuration.



include: Displays all lines that match the regular expression.regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Example# Display information about the current web users.

display web users

UserID Name Language Level State LinkCount LoginTime LastTime

ab890000 admin Chinese Management Enable 0 14:13:46 14:14:18


Field DescriptionUserID ID of a web user.

Name Name of the web user.

Language Login language used by the web user.

Level Level of the web user.

State State of the web user.

LinkCount Number of tasks that the web user runs.

LoginTime Time when the web user logged in.

LastTime Last time when the web user accessed the switch.

escape-keyDescription

Use escape-key to define a shortcut key for aborting a task. The new shortcut key functions to terminate atask.If you set the character parameter in a user interface of a device to log in to the device and then Telnet toanother device, the character argument can only be used as a control character to abort a task (not forinput as a common character). This can cause problems, which you can avoid by specifyingcharacter asa key combination rather than as a single character.

For example, in a VTY 0 user interface, if you specifycharacter as e on Device A and log in to Device Aon a PC (Hyper Terminal):

The problem does not occur on Device A. Entere as a common character on the A, and also use e to terminate the task running on Device A.The problem occurs if you Telnet from Device A to Device B. On Device B, you can only usee toterminate the task running on Device B. You cannot inpute as a common character (as part ofanother command, for example) To avoid this, specify character as a key combination.

Use undo escape-key to restore the default key combination (Ctrl+C).


37/211

30

To display the shortcut key you have defined, use thedisplay current-configurationcommand.

Syntaxescape-key {default | character }

undo escape-key


Default level

3: Manage level

Parameterscharacter: Specifies the shortcut key for aborting a task, a single character (or its ASCII code value in therange 0 to 127), or a string of 1 to 3 characters. Only the first character of a string functions as theshortcut key. If you enter an ASCII code value of 113, the system uses its character q as the shortcut key. Ifyou enter the string q@c, the system uses the first characterq as the shortcut key.

default: Restores the default escape key combination ofCtrl+C.

Examples# Define keya as the shortcut key for aborting a task.

system-view


[Sysname-ui-aux0] escape-key a

# To verify the configuration, perform the following operations:1. Use the ping command to check the reachability of the device with the IP address of

192.168.1.49, and use the -c keyword to specify the number of ICMP echo packets to besent as 20.

ping -c 20 192.168.1.49PING 192.168.1.49: 56 data bytes, press a to break

Reply from 192.168.1.49: bytes=56 Sequence=1 ttl=255 time=3 ms

Reply from 192.168.1.49: bytes=56 Sequence=2 ttl=255 time=3 ms

2. Entera . The task terminates immediately and the system returns to system view.--- 192.168.1.49 ping statistics ---

2 packet(s) transmitted

2 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/3/3 ms


38/211

31

flow-controlDescription

Use flow-control to configure the flow control mode.The switch supports thenone flow control mode only.

The command only applies to the console port.Use undo flow-control to restore the default (none is the default flow control mode). No flow control isperformed.

Syntaxflow-control{hardware | none | software }


Default level

2: System level

Parametershardware : Performs hardware flow control.

none: Disables flow control.

software: Performs software flow control.

Example# Configure no flow control in the inbound and outbound directions for AUX 0.

system-view

[Sysname] user-interface aux 0[Sysname-ui-aux0] flow-control none

free user-interfaceDescription

This command cannot release the connection that you are using.

Use free user-interface to release the established connection.

Syntax

free user-interface{num1 | { aux | vty }num2 } View

User view

Default level

3: Manage level


39/211

32

Parametersnum1: Absolute number of a user interface. The value range varies with devices.



num2 : Relative number of a user interface. The value ranges from 0 to 9 for an AUX user interface and 0

to 15 for a VTY user interface.Examples

1. Display the connection established on user interface VTY 1. display users

The user application information of the user interface(s):

Idx UI Delay Type Userlevel

+ 29 VTY 0 00:00:00 TEL 3

Following are more details.

VTY 0 :

Location: 192.168.0.5

+ : Current operation user.F : Current operation user work in async mode.

2. You can display information about the users that are using the device. free user-interface vty 1

Are you sure to free user-interface vty1? [Y/N]:y

3. To make configurations without interruption from the user using VTY1, you can release theconnection established on VTY1.

free web-usersDescription

Use free web-users to disconnect a specific web user or all web users by force.

Syntaxfree web-users{all | user-id userid | user-name username }

ViewUser view


Parameteruserid : Web user ID.

username : User name of the web user. This argument can contain 1 to 80 characters.

all: Specifies all web users.


40/211

33

Example# Disconnect all web users by force.

free web-users all

history-command max-sizeDescription

Use history-command max-size to set the size of the history command buffer for the current user interface.The history command buffer saves executed history commands for each user interface.Buffers for different user interfaces do not affect each other.

To display the commands that are stored in the history buffer, usedisplay history.To view the recently executed commands, press the upper or lower arrow key. For more informationabout display history-command, see CLI configuration commands.

After you terminate the current session, the system automatically removes the commands saved in thehistory buffer.

Use undo history-command max-size to restore the default (10 commands saved).

Syntaxhistory-command max-size size-value

undo history-command max-size



Parameterssize-value : Specifies the maximum number of history commands that the buffer can store. The valueranges from 0 to 256.

Example# Set the buffer to store a maximum of 20 history commands.

system-view


[Sysname-ui-aux0] history-command max-size 20


41/211

34

idle-timeoutDescription

Use idle-timeout to set the idle-timeout timer.Setting idle-timeout to 0 disables the timer and maintains the connection until you terminate it.

If no information interaction occurs between the device and the user within the timeout time, thesystem automatically terminates the connection.

Use undo idle-timeout to restore the default timeout (10 minutes).

Syntaxidle-timeout minutes[ seconds ]

undo idle-timeout



Parametersminutes: Specifies the timeout time, in minutes, which ranges from 0 to 35791 and defaults to 10 minutes.

seconds: Specifies the timeout time, in seconds, which ranges from 0 to 59 and defaults to 0 seconds.

Example# Set the idle-timeout timer to 1 minute and 30 seconds.

system-view


[Sysname-ui-aux0] idle-timeout 1 30

ip http aclDescription

Use ip http acl to associate an ACL with the HTTP service. After the HTTP service is associated with an ACL, only the clients permitted by the ACL can access the device through HTTP.

Use undo ip http acl to remove the association and restore the default condition (HTTP service is notassociated with any ACL by default).

Related commands:display ip http; acl (see ACL and QoS Command Reference ). Syntax

ip http acl acl-number

undo ip http acl

View

System view


42/211

35


Parametersacl-number : ACL number. A basic IPv4 ACL ranges from 2000 to 2999.

Example# Associate the HTTP service with ACL 2001 to only allow the clients within the 10.10.0.0/16 network toaccess the device through HTTP.

system-view


[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255


[Sysname] ip http acl 2001

ip http enable

DescriptionUse ip http enable to enable the HTTP service. The device can act as the HTTP server when enabled.

Use undo ip http enable to disable the HTTP service.

Related commands:display ip http.

Syntaxip http enable

undo ip http enable

View

System viewDefault level

2: System level

ParametersNone

Example# Enable the HTTP service.

system-view

[Sysname] ip http enable

ip http portDescription

Verify that the port number is not used by another service. This command does not check for conflicts withconfigured port numbers.

Use ip http port to configure the port number of the HTTP service.


43/211

36

Use undo ip http port to restore the default port number (80 is the default port).

Related commands:display ip http.

Syntaxip http port port-number

undo ip http port

ViewSystem view


Parameterport-number : Port number of the HTTP service, which ranges from 1 to 65535.

Example# Configure the port number of the HTTP service as 8080.

system-view

[Sysname] ip http port 8080

ip https acl Description

Use ip https acl to associate HTTPS service with an ACL. After this association, only clients permitted bythe ACL rules can access the device.

Use undo ip https acl to remove the association and restore the default condition (no association is thedefault).

Related commands:display ip https; acl ( ACL and QoS Command Reference ).

Syntaxip https acl acl-number

undo ip https acl

ViewSystem view


Parameteracl-number : ACL number. A basic IPv4 ACL ranges from 2000 to 2999. The value range depends on thedevice model.

Example# Associate the HTTPS service with ACL 2001 to only allow the clients in the 10.10.0.0/16 networksegment to access the HTTPS server through HTTP.

system-view


44/211

37


[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255


[Sysname] ip https acl 2001

ip https certificate access-control-policyDescription

Use ip https certificate access-control-policy to associate the HTTPS service with a certificate attributeaccess control policy. Association of the HTTPS service with a certificate attribute access control policycontrols client access rights.

Use undo ip https certificate access-control-policy to remove the association and restore the defaultcondition (no association by default).

Related commands: display ip https; pki certificate access-control-policy (see Security CommandReference ).

Syntax

ip https certificate access-control-policy policy-name undo ip https certificate access-control-policy

ViewSystem view


Parameterpolicy-name : Name of the certificate attribute access control policy, a string of 1 to 16 characters.

Example# Associate the HTTPS server with certificate attribute access control policymyacl.

system-view

[Sysname] ip https certificate access-control-policy myacl


45/211

38

ip https enableDescription

Use ip https enable to enable the HTTPS service. The device can act as the HTTP server if enabled.

Enabling the HTTPS service triggers an SSL handshake negotiation process.If the local certificate of the device exists, the SSL negotiation succeeds and the HTTPS service canbe started.If no local certificate exists, the SSL negotiation triggers a certificate application process that oftenfails because it times out. If that happens, execute theip https enable command multiple times tostart the HTTPS service.

Use undo ip https enable to disable the HTTPS service (the default condition).

Related commands:display ip https.

Syntax

ip https enable

undo ip https enable

View

System view


ParametersNone

Example# Enable the HTTPS service.

system-view

[Sysname] ip https enable

ip https portDescription

Verify that the port number is not used by another service. This command does not check for conflicts withconfigured port numbers.

Use ip https port to configure the port number of the HTTPS service.Use undo ip https port to restore the default port number (443 is the default port).

Related commands:display ip https.

Syntaxip https port port-number

undo ip https port


46/211

39

ViewSystem view


Parameterport-number : Port number of the HTTPS service, which ranges from 1 to 65535.

Example# Configure the port number of the HTTPS service as 6000.

system-view

[Sysname] ip https port 6000

ip https ssl-server-policyDescription

Use ip https ssl-server-policy to associate the HTTPS service with an SSL server-end policy.Use undo ip https ssl-server-policy to remove the association and restore the default condition (noassociation).

The HTTPS service can be enabled only after this command is configured. After the HTTPS service isenabled, you cannot:

Modify the associated SSL server-end policy.Remove the association between the HTTPS service and the SSL server-end policy.

Related commands:display ip https; ssl server-policy (Security Command Reference ).

Syntax

ip https ssl-server-policy policy-nameundo ip https ssl-server-policy

ViewSystem view


Parameterpolicy-name : Name of an SSL server policy, a string of 1 to 16 characters.

Example # Associate the HTTPS service with SSL server-end policymyssl.

system-view

[Sysname] ip https ssl-server-policy myssl


47/211

40

lockDescription

Use lock to prevent unauthorized users from using the user interface. When entering the lock command:

1. Enter a password (up to 16 characters).

2. Confirm it by entering the password again.

3. To set the password, enter the same password. After locking the user interface, the next time you access it, you must pressEnter and enter thecorrect password.

Syntaxlock

View

User viewDefault level

3: Manage level

ParametersNone

Example# Lock the current user interface.

lock

Please input password to lock current user terminal interface:

Password:

Again:

locked !

Password:

parityDescription

This command only applies to the console port.

Use parity to set a parity check method. This setting must be identical for the user interface of theconnecting port on the device and the target terminal device.

Use undo parity to restore the default (no parity check performed).

Syntaxparity {even | mark | none | odd | space }

undo parity


48/211

41


Default level

2: System level

Parameterseven: Performs an even parity check.

mark: Performs a mark parity check.

none: Performs no parity check.

odd: Performs an odd parity check.

space: Performs a space parity check.

Example# Configure the console port to perform odd parity check.

system-view

[Sysname] user-interface aux 0[Sysname-ui-aux0] parity odd

protocol inboundDescription

Use protocol inbound to enable the user interface to support Telnet, SSH, or both. The configuration iseffective next time you log in.

Before configuring a user interface to support SSH, set the authentication mode toscheme for userslogging in through the user interface. Otherwise,protocol inbound sshfails. For more information,see authentication-mode.

By default: All protocols are supported.The authentication mode of the Telnet protocol ispassword.

Syntaxprotocol inbound {all | ssh | telnet }

View VTY interface view


Parametersall: Supports all three protocols: Telnet, SSH, and both.

ssh: Supports SSH only.

telnet: Supports Telnet only.


49/211

42

Example# Enable the VTYs 0 through 15 to support SSH only.

system-view

[Sysname] user-interface vty 0 15

[Sysname-ui-vty0-15] authentication-mode scheme

[Sysname-ui-vty0-15] protocol inbound ssh

screen-lengthDescription

Not all display terminals support this command setting.

Use screen-length to set the number of lines on the next screen.

Because terminal display varies, you may need to press theSpace, Page Up, or Page Down key to displayadditional lines of information. For example, if you setscreen-length to 40, but the terminal screen candisplay only 24 lines: When you press Space, the device sends 40 lines, but the next screen displays onlylines 18 through 40. To view the first 17 lines, you must press thePage Up or Page Downkey.

Use undo screen-length to restore the default next screen display (24 lines).

To disable multiple-screen output of the current user interface, use thescreen-length disable command. Formore information about thescreen-length disable command, see CLI configuration commands.

Syntaxscreen-length screen-length

undo screen-length



Parameterscreen-length: Number of lines on the next screen, which ranges from 0 to 512. Setting a value of 0disables pausing between screens of output.

Example# Set the next screen of the AUX user interface to display 30 lines.

system-view


[Sysname-ui-aux0] screen-length 30


50/211

43

sendDescription

Use send to send messages to the specified user interfaces.

To end the message input, press Ctrl+Z. To cancel the message input and return to user view, press Ctrl+C.

Syntaxsend {all | num1 | { aux | vty }num2 }

ViewUser view

Default level

1: Monitor level

Parametersall: Sends messages to all user interfaces.

num1: Absolute number of a user interface. The value range varies with devices.



num2 : Relative number of a user interface. The value ranges from 0 to 9 for an AUX user interface and 0to 15 for a VTY user interface.

Example# Send message hello abc to the AUX user interface.

send aux 0

Enter message, end with CTRL+Z or Enter; abort with CTRL+C:hello abc^Z

Send message? [Y/N]:y

***

***

***Message from aux0 to aux0

***

hello abc


51/211

44

set authentication passwordDescription

Use set authentication password to set a local authentication password. You must enter the password inplain-text during authentication. A plain-text password can be easily compromised. It is safer to use a

cipher-text password.Use undo set authentication password to restore the default (no local authentication password).

Related commands:authentication-mode.

Syntaxset authentication password{cipher | simple }password

undo set authentication password


Default level 3: Manage level

Parameterscipher : Cipher-text password.

simple: Plain-text password.

password : A case-sensitive string. If the password format issimple, the password argument must be inplain text, and the configuration file saves the password in plain text. If the format iscipher , password can be either in cipher text or in plain text, and the configuration file always saves the password in ciphertext. A plain-text password can be a string of up to 16 characters. A cipher-text password or the

encrypted version of the plain-text password comprises 24 characters, such as_(TT8F]Y\5SQ=^Q`MAF4


52/211

45

shellDescription

The command is not applicable to the console port.

Use shell to enable terminal services on the user interface. By default, terminal services are enabled on alluser interfaces.Use undo shell to disable terminal services. You cannot disable the terminal services on the user interfacethrough which you are logged in.

Syntaxshell

undo shell



ParametersNone

Examples1. Disable terminal services on the VTYs 0 through 4.

system-view


[Sysname-ui-vty0-4] undo shell

% Disable ui-vty0-4 , are you sure? [Y/N]:y

[Sysname-ui-vty0-4]

2. The following message appears when a terminal tries to Telnet to the device:The connection was closed by the remote host!

speed (user interface view)Description


Use speed to set the transmission rate on the user interface. This setting must be identical for the userinterface of the connecting port on the device and the target terminal device for communicationUse undo speed to restore the default transmission rate (9600 bps is the default rate).

Syntaxspeed speed-value

undo speed


53/211

46


Default level

2: System level

Parametersspeed-value : Transmission rate in bps.

The transmission rates available with asynchronous serial interfaces follow:300 bps600 bps1200 bps2400 bps4800 bps9600 bps

19200 bps38400 bps57600 bps115200 bps

The transmission rate varies with devices and configuration environment.

Example# Set the transmission rate on the user interface AUX 0 to 19200 bps.

system-view


[Sysname-ui-aux0] speed 19200

stopbitsDescription


Use stopbits to set the number of stop bits transmitted per byte. This setting must be identical for the userinterface of the connecting port on the device and the target device for communication.

Use undo stopbits to restore the default stop bit (1).

Syntaxstopbits {1 | 1.5 | 2 }

undo stopbits


Default level

2: System level


54/211

47

Parameters1: One stop bit.

1.5: One and a half stop bits.

2: Two stop bits.

Example# Set the stop bits on the user interface AUX 0 to 1.5.

system-view


[Sysname-ui-aux0] stopbits 1.5

telnetDescription

Use telnet to establish Telnet connection with a remote host. The source IPv4 address or source interfacespecified by this command applies to the current Telnet connection only.

To stop the current Telnet connection, pressCtrl+K or use the quit command.

Syntaxtelnet remote-host [ service-port ] [ vpn-instance vpn-instance-name] [ source { interface interface-type interface-number | ip ip-address } ]

ViewUser view


Parametersremote-host : IPv4 address or host name of a remote host, a case-insensitive string of 1 to 20 characters.

service-port : TCP port number of the Telnet service on the remote host. It ranges from 0 to 65535 anddefaults to 23.

vpn-instancevpn-instance-name : Specifies the MPLS L3VPN that the remote system belongs to, wherevpn- instance-name is a case-sensitive string of 1 to 31 characters. If the remote system is on the public network,do not specify this keyword and argument combination.

source: Specifies the source interface or source IPv4 address of Telnet packets.interface interface-type interface-number:Specifies the source interface. The source IPv4 address of the

Telnet packets that are sent is the IPv4 address of the specified source interface.interface-type interface- number represents the interface type and number, respectively.

ip ip-address: Specifies the source IPv4 address of Telnet packets.

Example# Telnet to the remote host 1.1.1.2, specifying the source IP address of Telnet packets as 1.1.1.1.

telnet 1.1.1.2 source ip 1.1.1.1


55/211

48

telnet client sourceDescription

If you use both this command and the telnet command to specify the source IPv4 address or sourceinterface, the source IPv4 address or interface specified by thetelnet command takes effect.

Use telnet client sourceto specify the source IPv4 address or source interface for sending Telnet packetswhen the device serves as a Telnet client. The source IPv4 address or source interface specified by thiscommand applies to all Telnet connections.

Use undo telnet client sourceto remove the source IPv4 address or source interface for sending Telnetpackets. By default, no source IPv4 address or source interface for sending Telnet packets is specified. Thesource IPv4 address is selected by routing.

Related commands:display telnet client configuration.

Syntaxtelnet client source{interface interface-type interface-number | ip ip-address }

undo telnet client source

ViewSystem view


Parametersinterface interface-type interface-number : Specifies the source interface. The source IPv4 address of theTelnet packets sent is the IPv4 address of a specific interface.interface-type interface-number representsthe interface type and number, respectively.

ip ip-address: Specifies the source IPv4 address of Telnet packets.Example

# Specify the source IPv4 address for sending Telnet packets when the device serves as a Telnet client as1.1.1.1.

system-view

[Sysname] telnet client source ip 1.1.1.1


56/211

49

telnet ipv6Description

Use telnet ipv6 to establish a Telnet connection to a remote host in an IPv6 network. To stop the currentTelnet connection, pressCtrl+K or use the quit command.

Syntaxtelnet ipv6 remote-host [ -i interface-type interface-number ] [ port-number ] [ vpn-instance vpn-instance- name ]

ViewUser view


Parameters

remote-host : IP address or host name of a remote host, a case-insensitive string of 1 to 46 characters.-i interface-type interface-number:Specifies the outbound interface for sending Telnet packets, whereinterface-type interface-number represents the interface type and number. You need to provide the-iinterface-type interface-number argument if the destination address is a link-local address.

port-number:TCP port number for the remote host to provide the Telnet service. It ranges from 0 to 65535and defaults to 23.

vpn-instance vpn-instance-name : Specifies the MPLS L3VPN that the remote system belongs to, wherevpn- instance-name is a case-sensitive string of 1 to 31 characters. If the remote system is on the public network,do not specify this keyword and argument combination.

Example# Telnet to the remote host with the IPv6 address 5000::1.

telnet ipv6 5000::1

telnet server enableDescription

Use telnet server enable to enable the Telnet server.

Use undo telnet server enable to disable the Telnet server (disabled is the default condition).

Syntaxtelnet server enable

undo telnet server enable

ViewSystem view



57/211

50

ParametersNone

Example# Enable the Telnet server.

system-view

[Sysname] telnet server enable

terminal typeDescription

The device supports two types of terminal display: ANSI and VT100. HP recommends you to set thedisplay type to VT100 on both the device and the client to avoid anomalies when the total number ofcharacters of the edited command line exceeds 80.

Use terminal type to configure the current user interfaces type of terminal display.

Use undo terminal type to restore the default (ANSI is the default).

Syntaxterminal type {ansi | vt100 }

undo terminal type


Default level

2: System level

Parametersansi: Specifies the terminal display type as ANSI.

vt100: Specifies the terminal display type as VT100.

Example# Set the terminal display type to VT100.

system-view


[Sysname-ui-vty0] terminal type vt100


58/211

51

user privilege levelDescription

Use user privilege level to assign users logging into the interface a privilege level.

Use undo user privilege level to restore:

AUX user interfaces default to command level 3.Other user interfaces default to command level 0.

Syntaxuser privilege level level

undo user privilege level


Default level

3: Manage level

Parameterlevel : Specifies a user privilege level, which ranges from 0 to 3. User privilege levels include visit (0),monitor (1), system (2), and manage (3). The administrator can change the user privilege level asnecessary.

Examples# Set the command level for users logging in through VTY 0 to 0.

system-view

[Sysname] user-interface vty 0[Sysname-ui-vty0] user privilege level 0

# After you Telnet to the device through VTY 0, the terminal only displays commands of level 0 in the helpinformation:

?

User view commands:

cluster Run cluster command

display Display current system information

ping Ping function

quit Exit from current command view

ssh2 Establish a secure shell client connectionsuper Set the current user priority level

telnet Establish one TELNET connection

tracert Trace route function


59/211

52

user-interfaceDescription

Use user-interface to enter a single or multiple user interface views.In single user interface view, the configuration takes effect in the user view only.

In multiple user interface view, the configuration takes effect in these user views.

Syntaxuser-interface{first-num1 [ last-num1 ] | { aux | vty }first-num2[ last-num2] }

ViewSystem view

Default level

2: System level

Parametersfirst-num1: Absolute number of the first user interface. The value range varies with devices.

last-num1: Absolute number of the last user interface. The value range varies with devices. aux: Specifies the AUX user interface. vty: Specifies the VTY user interface.

first-num2 : Relative number of the first user interface: AUX user interfaces: from 0 to 9 VTY user interfaces: from 0 to 15

last-num2 : Relative number of the last user interface: AUX user interfaces: from 0 to 9 for an AUX user interface VTY user interfaces: from 0 to 15, but cannot be smaller than first-num 2.

Examples#Enter AUX user interface view.

system-view


[Sysname-ui-aux0]

#Enter the user interface views of VTYs 0 to 4. system-view


[Sysname-ui-vty0-4]


60/211

53

FTP configuration commands

FTP server configuration commands display ftp-serverDescription

Use display ftp-server to view the FTP server configuration. Verify configured FTP server parameterwith this command.

Related commands:ftp server enable, ftp timeout, and ftp update.

Syntaxdisplay ftp-server[ | {begin | exclude | include } regular-expression ]

View Any view

Default level

3: Manage level

Parameters| : Filters command output by specifying a regular expression. For more information about regularexpressions, see the Fundamentals Configuration Guide .





Example# Display the FTP server configuration.

display ftp-server

FTP server is running

Max user number: 1

User count: 1

Timeout value(in minute): 30Put Method: fast

Table 7 Table 1 Command output

Field Description

Max user number Maximum number of login users at a time.


61/211

54

Field Description

User count Number of the current login users.

Timeout value (in minute) Allowed idle time of an FTP connection. If there is no packetexchange between the FTP server and client during the wholeperiod, the FTP connection will be disconnected.

Put Method File update method of the FTP server, including: fast: Fast update. normal: Normal update.

display ftp-userDescription

Use display ftp-user to display detailed information for current FTP users.

Syntaxdisplay ftp-user[ | {begin | exclude | include } regular-expression ]

View Any view


Parameters| : Filters command output by specifying a regular expression. For more information about regularexpressions, see the Fundamentals Configuration Guide.





Examples# Display the detailed information of FTP users.

display ftp-user

UserName HostIP Port Idle HomeDir

ftp 192.168.1.54 1190 0 flash:


62/211

55

# If the name of the logged-in user exceeds 10 characters, the exceeded characters will appear in thenext line and be right justified. For example, if the logged-in user name is administrator, this is howthe information would appear:

display ftp-user

UserName HostIP Port Idle HomeDir

administra

tor 192.168.0.152 1031 0 flash:Table 8 Command output

Field Description

UserName Name of the logged-in user.

HostIP IP address of the logged-in user.

Port Port that the logged-in user is using.

Idle Duration time of the current FTP connection, in minutes.

HomeDir Authorized path of the present logged-in user.

free ftp userDescription

Use free ftp user to manually release the FTP connection established with the specified usernameimmediately.

Syntaxfree ftp user username

ViewUser view


Parameterusername : Use the display ftp-user command to view the logged-in user name of the current FTPconnection.

Example

# Manually release the FTP connection established with usernameftpuser . free ftp user ftpuser

Are you sure to free FTP user ftpuser? [Y/N]:y


63/211

56

ftp server aclDescription

Use ftp server acl to control FTP clients access to the device using an ACL. When associated with an ACL, the FTP server denies incoming client requests and permits clientaccess allowed by the ACL rules.This configuration has no effect on already established FTP connections and operations.If you execute the command multiple times, the last specified ACL takes effect.

Use undo ftp server aclto restore the default (no ACL used is the default condition).

Syntaxftp server acl acl-number

undo ftp server acl

ViewSystem view


Parameteracl-number : Basic access control list (ACL) number, ranging from 2000 to 2999.

Example# Associate the FTP service with ACL 2001 to allow only the client 1.1.1.1 to access the device throughFTP.

system-view

[Sysname] acl number 2001[Sysname-acl-basic-2001] rule 0 permit source 1.1.1.1 0

[Sysname-acl-basic-2001] rule 1 deny source any


[Sysname] ftp server acl 2001

ftp server enableDescription

Use ftp server enable to enable the FTP server and allow FTP user login.

Use undo ftp server to disable the FTP server (disabled is the default condition).

Syntaxftp server enable

undo ftp server

ViewSystem view


64/211

57


ParametersNone

Example# Enable the FTP server.

system-view

[Sysna